Day 2: How to install DSC Providers for Linux on CentOS 6.2

There is already plenty of documentation online provided by Microsoft and other sources demonstrating how to install the DSC Providers for Linux on CentOS. How this article may help you out is that the following tutorial is streamlined by combining multiple commands together where applicable. Additionally, it is possible to configure a script to completely automate this entire walkthrough if one were so inclined.

If you read the first installment in the series “Day 1: Intro to PowerShell DSC and Configuring Your First Pull Server”, I should mention that the “pull mode” is not available for Linux and UNIX systems today. Only push mode is available.

 

Before you begin

First off, these instructions are for a CentOS 6.2 install with the following criteria

— Minimal Server Install (wget, vim and redhat-lsb need to be installed using these commands)

— SELinux is Disabled

— iptables (Firewall) Service is Disabled

— Server correctly registered in DNS

— Static IP Address

— Hosts File contains the Hostname and FQDN of the Server and its associated IP Address

— all Commands through this guide are run as root

 

 

Installing and Configuring the Linux DSC Components

Create a new Directory to store the OMI and DSC Binaries

mkdir /Downloads

cd /Downloads

 

Next, install the following Perquisites

yum groupinstall ‘Development Tools’

yum install python python-devel redhat-lsb pam-devel openssl-devel

 

Next, download the OMI 1.0.8

wget https://collaboration.opengroup.org/omi/documents/30532/omi-1.0.8.tar.gz

 

Next, extract the OMI Tarball and configure and install OMI 1.0.8

tar -xvf omi-1.0.8.tar.gz ; cd omi-1.0.8/ ; ./configure ; make ; make install

 

Next, change back over to the /Downloads directory and download the DSC Binaries for Linux.

cd /Downloads

wget -O PSDSCLinux.tar.gz https://github.com/MSFTOSSMgmt/WPSDSCLinux/releases/download/v1.0.0-CTP/PSDSCLinux.tar.gz

 

If necessary, you can use curl to download the DSC Binaries as well

curl -O https://github.com/MSFTOSSMgmt/WPSDSCLinux/releases/download/v1.0.0-CTP/PSDSCLinux.tar.gz

 

Next, extract the DSC Binaries and install the DSC Providers

tar -xzvf PSDSCLinux.tar.gz ; mv ./dsc/* ./ ; make ; make reg

 

Next, we need to create and configure a startup script for theOMI Server

vim /etc/init.d/omiserver

 

Before adding the code below to the omiserver script, paste it into notepad to ensure that no additional formatting has been added to the Script.

 

#############################################################################
#! /bin/sh
### BEGIN INIT INFO
# Provides: omiserver
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: omiserver initscript
# Description: omiserver
### END INIT INFO
# Do NOT “set -e”
export OMI_HOME=/opt/omi-1.0.8/
DESC=”omiserver”
NAME=omiserver
PIDFILE=/opt/omi-1.0.8/var/run/omiserver.pid
SCRIPTNAME=/etc/init.d/$NAME
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
# Function that starts the daemon/service
#
do_start()
{
     /opt/omi-1.0.8/bin/omiserver -d
}
# Function that stops the daemon/service
#
do_stop()
{
     pid=cat $PIDFILE
     kill -9 $pid
}
case “$1” in
     start)
          do_start
          ;;
     stop)
          do_stop
          ;;
     restart|force-reload)
          do_stop
          do_start
          ;;
     *)
          echo “Usage: $SCRIPTNAME {start|stop|restart}” >&2
          exit 3
          ;;
esac
:

#############################################################################

 

Next, change the permissions on the omiserver script so that it can be run, configure the OMI Server to run on startup and start the OMI Server Service.

chmod 755 /etc/init.d/omiserver ; chkconfig omiserver on ; service omiserver start

 

Verify that ports 5985 and 5986 are opening and listening

netstat -noat

 

 

Sample Script to Test DSC for Linux on CentOS

After you have verified your configuration on your CentOS Host, you can use the following Script below to create a new Configuration that ensures that the SSHD Service is running.

First, create the following directory on your DSC Scripting Host: C:\LinuxConfigs

Next, replace the value <COMPUTERNAME> in the $LinuxServer variable next to the -ComputerName: switch, with the name of your CentOS Host.

################################################################################################
Clear-Host

$Cred = Get-Credential -Username:”root” -Message:”Enter root user password for Linux Host(s).”
$Opt = New-CimSessionOption -UseSSL:$True -SkipCACheck:$True -SkipCNCheck:$True -SkipRevocationCheck:$True
$LinuxServer = New-CimSession -Credential:$Cred –ComputerName: <COMPUTERNAME> -Port:5986 -Authentication:Basic -SessionOption:$Opt
Configuration CentOS_SSHD_Service
{
     Import-DSCResource -Module nx
     Node $LinuxServer.ComputerName
          {
               nxService sshd
                    {
                         Name = “sshd”
                         Controller = “init”
                         Enabled = “True”
                         State = “Running”
                    }
         }
}
Write-Host “Configuration Loaded”
CentOS_SSHD_Service -OutputPath C:\LinuxConfigs\ | Out-Null
Start-DscConfiguration -CimSession:$LinuxServer -Path:”C:\LinuxConfigs” -Verbose –Wait
################################################################################################

 

 

Additional Notes

While the documentation on TechNet is fairly good at demonstrating how to configure DSC for Linux on CentOS 6.2, there are quite a couple of issues that can come up if you are testing this on a brand new installation of CentOS 6.2:

 

Redhat-lsb is not installed

The redhat-lsb (Linux Standards Base) package is not installed by default on a Minimal Server install of CentOS 6.2 and is a requirement of the omiserver init script that is used to manage the omiserver service on the Linux Host. The package can be installed by running the following command

sudo yum install redhat-lsb

 

wget and vim are not installed

You can install these packages by running the following command

sudo yum install vim wget

 

The CentOS Firewall Service is on and SELinux is enable by default

Creating exceptions using iptables is not very difficult; however, when you want to get something up and running for testing purposes, having it disabled is definitely a faster solution. You can turn off iptables by running the following command:

sudo service iptables stop

 

Next, you can disable iptables on startup by running the following command:

sudo chkconfig iptables off

 

You can verify that the changes you made took effect by running the following command:

sudo iptables –list

 

You should get back the following:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

 

 

Configuring iptables to allow WSMAN Ports in CentOS

In many circumstances, you will be working with a CentOS Host that will require the iptables service to remain in place; the configuration below will open up the required ports (5985 and 5986) for DSC to work correctly.

The following configuration below must be run with elevated privileges or as root. The configuration only enables traffic to flow through Ethernet port eth0 for these ports; if you have a CentOS Host with multiple Ethernet ports, adjust the command below accordingly!

iptables -I INPUT -i eth0 -p tcp –dport 5985 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT -i eth0 -p tcp –dport 5986 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -I OUTPUT -o eth0 -p tcp –dport 5985 -m state –state ESTABLISHED -j ACCEPT
iptables -I OUTPUT -o eth0 -p tcp –dport 5986 -m state –state ESTABLISHED -j ACCEPT
service iptables save ; service iptables restart

 

 

Conclusion

I hope this article clarifies the process of deploying PowerShell DSC components to your Linux and UNIX systems. With the foundation in place, in future articles we will explore how you can leverage DSC for cross-platform to deliver highly standardized configurations in support of your DevOps initiatives. Please leave questions and feedback in the comment section below.

 

Previous Installments

Below are previous installments in the “100 Days of DevOps with PowerShell” series.

Announcing the “100 Days of DevOps with PowerShell” Series

Day 1: Intro to PowerShell DSC and Configuring Your First Pull Server

3 thoughts on “Day 2: How to install DSC Providers for Linux on CentOS 6.2

  1. Profile photo of TomTom

    Hello, nice tutorial. But i have a problem starting the omiserver. Error message ‘WSMAN-New_Listener() failed’. Any Idea what went wrong? Thanks, Tom

  2. Profile photo of Ryan IrujoRyan Irujo Post author

    Tom,

    It sounds like you are attempting to run the omiserver with a user that either doesn’t have sudo rights or isn’t root.

    I would make sure that you are logged in either as root or are running the command to configure and start the omiserver with sudo rights:

    sudo chmod 755 /etc/init.d/omiserver ; chkconfig omiserver on ; service omiserver start

    Hope that helps!

  3. Profile photo of TomTom

    Hi Ryan, i’m starting omiserver as root. First of all the setting.I have to manage a Linux server by a Windows Server 2012R2. On the Windows side the DNS is configured, Winrm service is running, the TrustedHosts entry pointed to the Linux server. The Linux server has a firewall exception for port 5986 and port 5985, omiserver is now running, omicheck says “all ok”, LCM, and DSC ressource are installed. But by starting an ‘New-Cimsession’ i got the return ‘internal server error http 500’ . So it seems that omiserver itsself does not work well.

    Thanks for your help

    Tom

Leave a Reply