DSC
DSC copied to clipboard
PowerShell
PowerShell DSC resources install when cache refreshed
Summary of the new feature / enhancement
Hi I like to add to cache refreshed auto install of PowerShell DSC resources, I think this will help us to move more to automation and integrate with bicep
@SteveL-MSFT , @Gijsreyn what do you think ?
Proposed technical implementation details (optional)
Json example file
{
"$schema": "https://raw.githubusercontent.com/PowerShell/DSC/main/schemas/v3.0.0/config/document.json",
"resources": [
{
"name": "web_crl_publish_iis",
"type": "Microsoft.Windows/WindowsPowerShell",
"properties": {
"resources": [
{
"name": "PkiFolder",
"type": "PSDesiredStateConfiguration/File",
"properties": {
"Type": "Directory",
"DestinationPath": "C:\\PKI",
"Ensure": "Present"
}
},
{
"name": "IIS",
"type": "PSDesiredStateConfiguration/WindowsFeature",
"properties": {
"Name": "Web-Server",
"Ensure": "Present"
}
},
{
"name": "IIS",
"type": "PSDesiredStateConfiguration/WindowsFeature",
"properties": {
"Name": "Web-Mgmt-Console",
"Ensure": "Present"
}
}
]
}
},
{
"name": "web_crl_folder_operations",
"type": "Microsoft.Windows/WindowsPowerShell",
"properties": {
"resources": [
{
"name": "Change Default Web Site folder",
"type": "WebAdministrationDsc/WebSite",
"properties": {
"Ensure": "Present",
"State": "Started",
"Name": "Default Web Site",
"PhysicalPath": "C:\\PKI"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Windows/WindowsPowerShell', 'web_crl_publish_iis')]"
]
},
{
"name": "web_crl_folder_share",
"type": "Microsoft.Windows/WindowsPowerShell",
"properties": {
"resources": [
{
"name": "Change Default Web Site folder permissins",
"type": "ComputerManagementDsc/SmbShare",
"properties": {
"Ensure": "Present"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Windows/WindowsPowerShell', 'web_crl_folder_operations')]"
]
}
]
}
PowerShell implementation in code
$script:CurrentCacheSchemaVersion = 1
function Write-DscTrace {
param(
[Parameter(Mandatory = $false)]
[ValidateSet('Error', 'Warn', 'Info', 'Debug', 'Trace')]
[string]$Operation = 'Debug',
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[string]$Message
)
$trace = @{$Operation.ToLower() = $Message } | ConvertTo-Json -Compress
$host.ui.WriteErrorLine($trace)
}
#Install NugetPackedProvider for DSC resources
"Install PackageProvider: NuGet" | Write-DscTrace
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -force
$jsonInput = Get-Content -Raw -Path .\dsc-web-v1.json | ConvertFrom-Json
# Filter top-level resources by type
"Get DSC resources used by: Microsoft.Windows/WindowsPowerShell adapter " | Write-DscTrace
$windowsPowerShellResources = $jsonInput.resources | Where-Object {
$_.type -eq "Microsoft.Windows/WindowsPowerShell"
}
# Check DSC resources
foreach ($rsources in $windowsPowerShellResources) {
$rsources.properties | ForEach-Object {
# Check if the resource is alredy installed
$_.resources.type -split '/' | Select-Object -First 1 | ForEach-Object {
if ($_ -ne "PSDesiredStateConfiguration") {
$moduleName = $_
if (-not (Get-Module -ListAvailable -Name $moduleName)) {
"$moduleName is not installed. Installing..." | Write-DscTrace
Find-Module -Name $moduleName | Install-Module -Force -Confirm:$false -AllowClobber
"$moduleName installed." | Write-DscTrace
} else {
"$moduleName is already installed." | Write-DscTrace
}
}
}
}
}
I was thinking when we build cache for example running test / set / list base on DSC resources declareted in document, so this will install only DSC resources thta are required for this document.
Perhaps I'm blunt here, but does it make sense at all to build up cache and skip the cache and only do a discovery if the actual resource you attempt to execute exists?
Bootstrapping DSC v3 is a pain point and I understand the intention of this proposal.
That said, there are a few concerns that should be carefully considered:
Install-Modulehas to be run elevated.- This should be opt-in, otherwise it is implicitly modifying the environment.
- The enhancement will reach out to
PSGallery, which a user may find undesirable. - Lack of module version control.
- You can already bootstrap modules via
PowerShellGet/PSModuleresource.
At the moment everyone needs to reinvent the wheel by writing their own bootstrapping script. There is room for a lightweight best practices example.
Bootstrapping DSC v3 is a pain point and I understand the intention of this proposal.
That said, there are a few concerns that should be carefully considered:
Install-Modulehas to be run elevated.- This should be opt-in, otherwise it is implicitly modifying the environment.
- The enhancement will reach out to
PSGallery, which a user may find undesirable.- Lack of module version control.
- You can already bootstrap modules via
PowerShellGet/PSModuleresource.At the moment everyone needs to reinvent the wheel by writing their own bootstrapping script. There is room for a lightweight best practices example.
You can already bootstrap modules via PowerShellGet/PSModule resource. - do you mean implement or is alredy implemented?
You can already bootstrap modules via PowerShellGet/PSModule resource. - do you mean implement or is alredy implemented?
DSC resource PSModule can be used to install modules for DSC v3 to discover.
Note that we are in process of producing a DSCv3 compatible resource for PSResourceGet, so you could have a config that installs the necessary resources and then another that uses them. Currently, I don't think you could have a single config that installs and then use, unless you do as it as an Include due to how DSC first validates the resources being used exist first.
However, I think the user experience we want is more runtime discover and download.
You can already bootstrap modules via PowerShellGet/PSModule resource. - do you mean implement or is alredy implemented?
DSC resource
PSModulecan be used to install modules for DSC v3 to discover.
Hi I try few config and looks like is not working
$schema: https://raw.githubusercontent.com/PowerShell/DSC/main/schemas/v3.0.0/config/document.json
resources:
- name: Install DSC resources
type: Microsoft.Windows/WindowsPowerShell
properties:
resources:
- name: CertificateDsc
type: PSDesiredStateConfiguration/Package
properties:
Name: CertificateDsc
InstallationPolicy: Trusted
Ensure: Present
Force: $True
AllowClobber: $True
Error
2025-05-22T06:45:20.119685Z ERROR PID 6896: Exception: Undefined property AllowClobber
At line:12, char:2
Buffer:
e = "CertificateDsc";
};^
insta
2025-05-22T06:45:20.173689Z ERROR Command: Resource 'powershell' [exit code 1] manifest description: Error
$schema: https://raw.githubusercontent.com/PowerShell/DSC/main/schemas/v3.0.0/config/document.json
resources:
- name: Install DSC resources
type: Microsoft.Windows/WindowsPowerShell
properties:
resources:
- name: CertificateDsc
type: PowerShellGet/PSModule
properties:
Name: CertificateDsc
InstallationPolicy: Trusted
Ensure: Present
Force: $True
Repository: PSGallery
AllowClobber: $True
2025-05-22T06:48:16.393547Z ERROR PID 9176: DSC resource 'PowerShellGet/PSModule' module not found.
2025-05-22T06:48:16.445789Z ERROR Command: Resource 'powershell' [exit code 1] manifest description: Error
@haodeon do you have any wrokign examples or is in preview ?
I wrote a working example here https://github.com/PowerShell/DSC/discussions/756#discussioncomment-13069938