Day 7 – How To Install DSC Providers for Linux on Ubuntu 12.04

 

For those of you that read last weeks article, Day 2: How to install DSC Providers for Linux on CentOS 6.2, this post may seem a bit redundant as it details the exact same steps demonstrated last week, except this time for Ubuntu. The reason for this article is that most companies run either some form of Debian based OS (such as Ubuntu) or a Red Hat based OS (such as CentOS); by including both Operating Systems in this Series, just about anyone should be able to set this up in their Environment. Starting next week, I will begin demonstrating how to manage resources in your Linux Environment using PowerShell DSC and examples for both CentOS and Ubuntu will be given throughout the rest of the series.

Now, moving on to today’s entry…

 

While there is already plenty of documentation online provided by Microsoft and other sources demonstrating how to install the DSC Providers for Linux on CentOS, there aren’t nearly as many available for Ubuntu. Like the previous article on CentOS, the installation process is streamlined by combining multiple commands together where applicable. Additionally, it is completely possible to configure a script to completely automate this entire walkthrough if one were so inclined.

If you read the first installment in the series “Day 1: Intro to PowerShell DSC and Configuring Your First Pull Server”, I should mention that the “pull mode” is not available for Linux and UNIX systems today. Only push mode is available.

 

Before you begin

First off, these instructions are for a Ubuntu 12.04 Server install with the following criteria

— Basic Server Installation with only SSH Server enabled

— iptables (Firewall) is configured to all Inbound and Outbound Traffic (this is by default)

— Server correctly registered in DNS

— Static IP Address

— Hosts File contains the Hostname and FQDN of the Server and its associated IP Address

— root password has been set (By default, a root password is NOT set in Ubuntu during Install.)

— all Commands through this guide are run as root

Installing and Configuring the Linux DSC Components

Create a new Directory to store the OMI and DSC Binaries

mkdir /Downloads

cd /Downloads

Next, install the following Perquisites

apt-get –y install build-essential pkg-config python python-dev libpam-dev libssl-dev

Next, download the OMI 1.0.8

wget https://collaboration.opengroup.org/omi/documents/30532/omi-1.0.8.tar.gz

Next, extract the OMI Tarball and configure and install OMI 1.0.8

tar -xvf omi-1.0.8.tar.gz ; cd omi-1.0.8/ ; ./configure ; make ; make install

Next, change back over to the /Downloads directory and download the DSC Binaries for Linux.

cd /Downloads

wget -O PSDSCLinux.tar.gz https://github.com/MSFTOSSMgmt/WPSDSCLinux/releases/download/v1.0.0-CTP/PSDSCLinux.tar.gz

If necessary, you can use curl to download the DSC Binaries as well

curl -O https://github.com/MSFTOSSMgmt/WPSDSCLinux/releases/download/v1.0.0-CTP/PSDSCLinux.tar.gz

Next, extract the DSC Binaries and install the DSC Providers

tar -xzvf PSDSCLinux.tar.gz ; mv ./dsc/* ./ ; make ; make reg

Next, we need to create and configure a startup script for the OMI Server

vim /etc/init.d/omiserver

Before adding the code below to the omiserver script, paste it into notepad to ensure that no additional formatting has been added to the Script.

#############################################################################
#! /bin/sh
### BEGIN INIT INFO
# Provides: omiserver
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: omiserver initscript
# Description: omiserver
### END INIT INFO

# Do NOT “set -e”

export OMI_HOME=/opt/omi-1.0.8/
DESC=”omiserver”
NAME=omiserver
PIDFILE=/opt/omi-1.0.8/var/run/omiserver.pid
SCRIPTNAME=/etc/init.d/$NAME

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
# Function that starts the daemon/service
#
do_start()
     {
          /opt/omi-1.0.8/bin/omiserver -d
     }

# Function that stops the daemon/service
#
do_stop()
     {
          pid=cat $PIDFILE
          kill -9 $pid
     }
case “$1” in
     start)
          do_start
          ;;
     stop)
          do_stop
          ;;
     restart|force-reload)
          do_stop
          do_start
          ;;
     *)
          echo “Usage: $SCRIPTNAME {start|stop|restart}” >&2
          exit 3
          ;;
esac
:
#############################################################################

Next, change the permissions on the omiserver script so that it can be run, configure the OMI Server to run on startup and start the OMI Server Service.

chmod 775 /etc/init.d/omiserver ; update-rc.d –f omiserver defaults ; service omiserver start

Verify that ports 5985 and 5986 are opening and listening

netstat -noat

 

Sample Script to Test DSC for Linux on Ubuntu

After you have verified your configuration on your Ubuntu Host, you can use the following Script below to create a new Configuration that ensures that the SSH Service is running.

First, create the following directory on your DSC Scripting Host: C:\LinuxConfigs

Next, replace the value <COMPUTERNAME> in the $LinuxServer variable next to the -ComputerName: switch, with the name of your Ubuntu Host.

################################################################################################
Clear-Host

$Cred = Get-Credential -Username:”root” -Message:”Enter root user password for Linux Host(s).”
$Opt = New-CimSessionOption -UseSSL:$True -SkipCACheck:$True -SkipCNCheck:$True -SkipRevocationCheck:$True
$LinuxServer = New-CimSession -Credential:$Cred –ComputerName: <COMPUTERNAME> -Port:5986 -Authentication:Basic -SessionOption:$Opt
Configuration Ubuntu_SSH_Service
{
     Import-DSCResource -Module nx
     Node $LinuxServer.ComputerName
          {
               nxService ssh
                    {
                         Name = “ssh”
                         Controller = “init”
                         Enabled = “True”
                         State = “Running”
                    }
         }
}
Write-Host “Configuration Loaded”
Ubuntu_SSH_Service -OutputPath C:\LinuxConfigs\ | Out-Null
Start-DscConfiguration -CimSession:$LinuxServer -Path:”C:\LinuxConfigs” -Verbose –Wait
################################################################################################

 

Additional Notes

While the documentation on TechNet is fairly good at demonstrating how to configure DSC for Linux on Ubuntu 12.04, there are quite a couple of issues that can come up if you are testing this on a brand new installation of Ubuntu 12.04.

Configuring iptables to allow WSMAN Ports in Ubuntu

In many circumstances, you will be working with an Ubuntu Host that will iptables to be configured. The configuration below will open up the required ports (5985 and 5986) for DSC to work correctly.

The following configuration below must be run with elevated privileges or as root and requires that the iptables-persistent package is installed. The configuration only enables traffic to flow through Ethernet port eth0 for these ports; if you have an Ubuntu Host with multiple Ethernet ports, adjust the command below accordingly!

iptables -I INPUT -i eth0 -p tcp –dport 5985 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT -i eth0 -p tcp –dport 5986 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -I OUTPUT -o eth0 -p tcp –dport 5985 -m state –state ESTABLISHED -j ACCEPT
iptables -I OUTPUT -o eth0 -p tcp –dport 5986 -m state –state ESTABLISHED -j ACCEPT
iptables-save > /etc/iptables/rules.v4

 

 

Conclusion

I hope this article clarifies the process of deploying PowerShell DSC components to your Ubuntu OS.

In next weeks blog post, I will be starting to go over the five main resources that you can manage in your Linux Environment using PowerShell DSC:

Linux Files & Directories
Linux Scripts
Linux Users
Linux Groups
Linux Services

 

Examples will be given for managing these resources in both Ubuntu and CentOS throughout the rest of the Series.

Please leave questions and feedback in the comment section below.

 

Previous Installments

Below are previous installments in the 100 Days of DevOps with PowerShell series.

Announcing the “100 Days of DevOps with PowerShell” Series

Day 1: Intro to PowerShell DSC and Configuring Your First Pull Server

Day 2: How to install DSC Providers for Linux on CentOS 6.2

Day 3: PowerShell and Team Foundation Server 2013 – Getting Started

Day 4: Automating Application Installation Using PowerShell without DSC or OneGet

Day 5: Managing your PowerShell DSC GUIDs in SC 2012 Server Manager

Day 6: Configuring an HTTPS DSC Pull Server

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.