PuppetConf 2016: Building Nano Server Images with Puppet and DSC – Michael Smith, Puppet

Nano Server
Puppet + DSC
Michael Smith, Developer @ Puppet

Nano Server: Puppet + DSC 2
What is Nano Server?

Why would we use it?

Limitations

How to start

How does Puppet fit in

What is Nano Server?

A lightweight Windows Server
Source: http://windowsitpro.com/windows-server-2016/install-options-windows-server-2016

A much faster virtual server
Source: http://www.techradar.com/news/software/operating-systems/why-nano-server-is-the-most-vital-change-to-windows-server-since-windows-nt-3-5-1295803

Why Do I Care?

Limitations

Nano Server: Puppet + DSC
No GUI, just PowerShell/cmd

64-bit only

No MSI, new Windows Server Apps (WSA)

Minimal configuration (no ADSI, no Group Policy)

.Net CoreCLR

Deprecated functions removed - https://goo.gl/48IZV6

Limited PowerShell support
10

Getting Nano Server

Hyper-V: Command-Line https://goo.gl/RDOUwA
$password = ConvertTo-SecureString -AsPlaintext -Force 'vagrant'
New-NanoServerImage
-MediaPath 'E:'
-Edition 'Datacenter'
-DeploymentType Guest
-AdministratorPassword 'vagrant'
-TargetPath 'C:NanoVM.vhd'
-MaxSize 8589934592
-SetupUI ('NanoServer.Containers', 'NanoServer.DSC')
-SetupCompleteCommand ('tzutil.exe /s "Pacific Standard Time"')
-LogPath 'C:TempNanoServerImageBuilderLogs2016-10-16 12-29'

Nano Server Image Builder https://goo.gl/IEFU9d

Server Feature Packages

Configuration SimpleVM {
param (
[string[]]$NodeName = 'localhost',
[string]$VhdPath
)
Import-DscResource -ModuleName xHyper-V
Node $NodeName {
xVMSwitch internal {
Ensure = 'Present'
Name = 'internal'
Type = 'Internal'
}
xVMHyperV SimpleVM {
Ensure = 'Present'
Name = 'SimpleVM'
VhdPath = $VhdPath
SwitchName = 'internal'
State = 'Running'
Generation = 1
StartupMemory = 512MB
ProcessorCount = 1
DependsOn = '[xVMSwitch]internal'
}
}
}
SimpleVM -VhdPath 'C:/VM/NanoServerDataCenter.vhd'
Desired State Configuration (DSC)

puppetlabs-dsc
dsc_xVMHyperV { 'SimpleVM':
dsc_ensure => present,
dsc_name => 'SimpleVM',
dsc_vhdpath => 'C:/VM/
NanoServerDataCenter.vhd',
dsc_switchname => 'internal',
dsc_state => 'running',
dsc_generation => 1,
dsc_startupmemory => 536870912,
dsc_processorcount => 1,
require => Dsc_XVMSwitch['internal'],
}
dsc_xVMSwitch { 'internal':
dsc_ensure => 'present',
dsc_name => 'internal',
dsc_type => 'Internal',
}

Demos
GitHub:MikaelSmith/puppetconf2016

Hyper-V Demo
https://github.com/MikaelSmith/puppetconf2016#hyper-v-demo

Hacks upon Hacks
https://github.com/PowerShell/xStorage/pull/60

https://tickets.puppetlabs.com/browse/MODULES-3690

https://tickets.puppetlabs.com/browse/MODULES-3831

Everything’s broken

… but getting fixed.

Vagrant/Virtualbox
Enable-PSRemoting -Force
Set-Item wsman:localhostclienttrustedhosts -Value localhost -Force
$pw = ConvertTo-SecureString -asPlainText -Force "vagrant"
$c = New-Object System.Management.Automation.PSCredential("vagrant", $pw)
Enter-PSSession -ComputerName localhost -Port 55985 -Credential $c
Vagrant Boxes: https://goo.gl/RSGdHN

PowerShell Remoting
rwinrm vagrant@127.0.0.1:55985
https://github.com/WinRb/WinRM
Demo: https://github.com/MikaelSmith/puppetconf2016#build-vagrant-box

Vagrant Demo

Docker https://goo.gl/Vp5CQB
Source: http://windowsitpro.com/windows-server-2016/differences-between-windows-containers-and-hyper-v-containers-windows-server-201

FROM microsoft/nanoserver
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"]
ENV NPM_CONFIG_LOGLEVEL info
ENV NODE_VERSION 4.6.1
ENV NODE_SHA256 f576f2dacc4262202ae21f7d64ab9a01b7e551795848dfa39ef39a2cd63fa42c
RUN Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ;
[System.IO.Compression.ZipFile]::ExtractToDirectory('C:node.zip', 'C:') ;
Rename-Item -Path $('C:node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:nodejs' ;
New-Item $($env:APPDATA + 'npm') ;
$env:PATH = 'C:nodejs;{0}npm;{1}' -f $env:APPDATA, $env:PATH ;
Set-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetControlSession ManagerEnvironment' -Name Path -Value $env:PATH ;
Remove-Item -Path node.zip
CMD [ "node.exe" ]
23
Dockerfiles https://goo.gl/kcTctx
Source: https://github.com/StefanScherer/dockerfiles-windows/blob/e7a938a9e32fe89e6d5aa232054971ad91e98ac7/node/4.6/nano/Dockerfile
Base Node Container

FROM node:4.6.1-nano 
 
RUN mkdir app  
WORKDIR /app 
 
ONBUILD COPY package.json package.json  
ONBUILD RUN npm install  
ONBUILD COPY . . 
 
CMD [ "npm.cmd", "start" ]
Dockerfiles, Cont.
Source: https://github.com/StefanScherer/dockerfiles-windows/blob/e7a938a9e32fe89e6d5aa232054971ad91e98ac7/node/4.6/nano/onbuild/Dockerfile
FROM nano:4.6.1-nano-onbuild
Node Onbuild Template
Application Builder

Docker Demo
https://github.com/MikaelSmith/puppetconf2016#docker-demo

https://github.com/MikaelSmith/puppet-agent/tree/nano-hacks

https://github.com/MikaelSmith/puppetconf2016#docker-demo

Track 5: Modern Infrastructure

Running Puppet Software in Docker Containers - Gareth Rushgrove

Kubernetes: Add Windows Containers Support

https://github.com/kubernetes/kubernetes/issues/22623
26
Containers

Adding Puppet

Things that work
Core Resources
file, host, exec

Modules
- puppetlabs-reboot

- Puppetlabs-acl

Maybe
- puppetlabs-powershell (after MODULES-3690, 3990)

- puppetlabs-dsc (after MODULES-3831)

Registry + DSC
dsc_registry { 'enable long paths':
dsc_ensure => present,
dsc_key => 'HKEY_LOCAL_MACHINESystemCurrentControlSetPolicies',
dsc_valuename => 'LongPathsEnabled',
dsc_valuedata => '1',
Dsc_valuetype => 'DWORD',
}
Source: http://winaero.com/blog/how-to-enable-ntfs-long-paths-in-windows-10/

Core Resources
- user (requires ADSI)

- group (requires ADSI)

- package (no appx support yet)

- scheduled_task (requires mstask.dll)

Modules
- puppet-iis (based on PowerShell WebAdministration)

- many others
30
Things that don’t (yet)

$username = 'vagrant'
$password = 'vagrant'
$groupname = 'puppet'
Users & Groups
exec { 'puppet group':
command => "New-LocalGroup -Name ${groupname}",
unless => "Get-LocalGroup -Name ${groupname}",
provider => powershell,
}

exec { 'vagrant user in puppet group':
command => "Add-LocalGroupMember -Group ${groupname} -Member ${username}",
unless => "Get-LocalGroupMember -Group ${groupname} -Member ${username}",
require => [Exec['puppet group'], Exec['vagrant user']],
}
Users & Groups, Cont.
exec { 'vagrant user':
command => "New-LocalUser -Name ${username} -Password
(ConvertTo-SecureString -AsPlainText "${password}" -Force)",
unless => "Get-LocalUser -Name ${username}",
}

Puppet Demo
https://github.com/MikaelSmith/puppetconf2016#puppet-demo

Packaging
https://github.com/mikaelsmith/puppetconf2016#packaging-demo

Debugging Problems
https://github.com/mikaelsmith/puppetconf2016#debugging-problems-demo

Ways to get started
Hyper-V directly, Docker, Virtualbox/Vagrant

Tools to improve
PowerShell, DSC modules, Puppet modules, Puppet core
resources, applications, Vagrant, Packer, etc.
36

http://www.hurryupandwait.io/
https://cloudbase.it/

Thanks!
Questions?

PuppetConf 2016: Building Nano Server Images with Puppet and DSC – Michael Smith, Puppet

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to PuppetConf 2016: Building Nano Server Images with Puppet and DSC – Michael Smith, Puppet

Similar to PuppetConf 2016: Building Nano Server Images with Puppet and DSC – Michael Smith, Puppet (20)

More from Puppet

More from Puppet (20)

Recently uploaded

Recently uploaded (20)

PuppetConf 2016: Building Nano Server Images with Puppet and DSC – Michael Smith, Puppet