Chef Client 11.16.0 gets into PowerShell DSC

Ohai Chefs. Today’s release of Chef Client 11.16.0 marks the inclusion of PowerShell Desired State Configuration (DSC) support into Chef Client for Windows. DSC is a powerful configuration management platform built into PowerShell 4.0, and now you can use it with Chef!

To try it out, just configure a system with Chef Client 11.16.0 or later and target it with a recipe that uses the new `dsc_script` resource, which you can learn about on our documentation site.

Like Chef, DSC exposes *resources* to configure systems. The rest of this post gives details on how to use Chef’s new `dsc_script` resource to gain access to all of DSC’s resources from your recipes, and also discusses where we’re headed with DSC in the future.

The dsc\_script resource

The `dsc_script` resource allows cookbook authors to include DSC configurations in the form of PowerShell code in their Chef
recipes. This is not unlike the use of script code through Chef’s `powershell_script` or
`bash` resources. With DSC and `dsc_script`, however, you get a lot
more than just access to a scripting language. Here’s a simple example that uses
`dsc_script` in a Chef recipe to unzip (i.e. decompress) a file using DSC’s
`Archive` resource:

dsc\_script 'unzip\_powershell\_modules' do
  code <<-EOH
  Archive PSModules
    Path = "$home/downloads/"
    Destination = "$env:programfiles/WindowsPowerShell/Modules"

The string supplied to the `code` attribute above is DSC (and therefore
PowerShell) code, which you can learn about at the DSC site. That PowerShell code specifies a “configuration” with DSC’s
`Archive` resource. Running this Chef recipe code will invoke
the DSC code and unzip the file located at `Path` to the directory location at

Unlike, say, the use of a `bash` or `powershell_script` resource in Chef that
executes a decompression command like
`tar`, there is no need to write guard expressions (i.e. `not_if` / `only_if`)
in the recipe when using `dsc_script` in order to ensure idempotence — DSC
resources, like Chef resources, are intrinsically idempotent.

## DSC: A new universe of resources for Chef

PowerShell 4.0 ships with 12 built-in resources including `Archive`, most of
which are direct analogs of resources that already exist in Chef. But if you
install the recently released DSC Wave 6 resource kit from Microsoft, you suddenly have access to 80+ additional resources!

`xSQLHAGroup`, `xWebSite`, `xADUser`, `xDNSServer`, and `xVMHyperV` are some of
the suggestive resource names you’ll find if you install the resource kit and execute
`Get-DSCResource` in your PowerShell terminal. They do what their names imply
— configure web sites, high-availability database configurations, create
users in Active Directory, etc., all with Chef-like convergence. With
`dsc_script`, Chef users can build powerful cookbooks on top of DSC automation provided
by Microsoft and the PowerShell community.

## Re-using DSC configurations

While DSC itself is relatively new, ambitious users have already invested in their own libraries of DSC
scripts; these are consumed very much like Chef recipes. One could
integrate such a *”DSC recipe”* into a Chef recipe using `dsc_script` as follows:

dsc\_script 'CompanyWiki' do
  command '//infra01/configurations/wiki.ps1'
  flags AuthType: 'Windows', LogArchive: '//serverlogs/wiki'

This will run the DSC configuration named `CompanyWiki` found in the
`wiki.ps1` script (“recipe”) given by the `command` attribute, and pass the parameters `AuthType` and `LogArchive` to the
configuration using `flags`.

## What’s next for DSC + Chef

Chef is not yet finished with DSC:

  • We’ve already demonstrated even tighter
    integration between Chef and DSC
    beyond `dsc_script` that exposes DSC **purely through the Chef DSL**.
  • You can test out the above approach in our
    preview DSC community cookbook
    while we guide it toward its destination alongside `dsc_script` in core Chef Client.
  • With DSC in Chef, Chefs have myriad possibilities for new and
    updated cookbooks — let’s get cooking!

DSC accelerates our collective Chef efforts to automate *all the Windows things*. Now it’s up to us to start building.

Adam Edwards

Former Chef Employee