NanoServer Container Base Image – It does Exist…Somewhere!

A really interesting video from Microsoft was just released with Mark Russinovich (CTO of Azure if you don’t already know) demonstrating Windows Server Containers. What is really interesting about this demo is that he is demonstrating containers using a Windows NanoServer Base Image:

Nano Server Containers Base Image - it does exist.

Nano Server Containers Base Image – it does exist.

If you’ve read any of my previous posts here and here you’ll know I spent quite some time looking at this and trying to get it going with TP3. I deduced it was not possible yet without the Windows NanoServer Base Image for containers – which had not been provided by Microsoft.

Other eagle eyed viewers will also note that he appears to be running a Nano Server container on a Full Server container host which I didn’t actually think was possible. From what I originally understood about containers is that you could only instantiate a container using a base container image matching the version of the OS the container host used. E.g. You can not instantiate a Server Core container on a NanoServer container host – I confirmed this was the case in TP3. But perhaps I misunderstood, or perhaps containers can be instantiated on “up” version container hosts but not “down” version.

Edit: Actually on further examination he is remoting into a different server that is acting as a Container Host (10.205.158.127). So I can’t assume that this remote host is a Full Server – it could well be a NanoServer. So the above paragraph isn’t relevant.

I also notice that he demos Hyper-V Containers, which as far as I am aware aren’t working on TP3. So this would indicate a more recent build than TP3.

So perhaps we’ll see this image being made available in the Windows Server 2016 TP4 release?

Advertisements

File Server Resource Manager (FSRM) File Screen DSC Resource

Introduction

Continuing on with implementing File Server Resource Manager (FSRM) DSC Modules, I’ve added a new module for configuring File Screens, File Screen Templates and File Screen Exceptions. If you missed it the previous module for configuring quotas can be found here.

Resources

This module contains the following resources:

cFSRMFileScreen – configures FSRM File Screen.
cFSRMFileScreenAction – configures FSRM File Screen Actions for File Screens.
cFSRMFileScreenTemplate – configures FSRM File Screen Templates.
cFSRMFileScreenTemplateAction – configures FSRM File Screen Template Actions for File Screen Templates.
cFSRMFileScreenExclusion – configures FSRM File Screen Exclusions.

The purpose of the resources should be fairly self explanatory, as long as you have a basic understanding of how FSRM File Screens are used.

Installing the Resource

If you have installed WMF 5.0 you can just download this directly from the PowerShell Gallery by running this command:

Install-Module -Name cFSRMFileScreens

Otherwise you’ll need to download this from the Microsoft Script Center here and unzip it into your PowerShell modules path.

Using the Resource

As per the last post on these resources, rather than go into detail on using this resource, I thought I’d try and keep it short and just provide a link to the documentation. This covers the parameters available in the resources as well as some usage examples.

If you need some additional guidance or other specific examples, please feel free to let me know and I’ll do my best to help you out.

Hopefully this resource finds some use out there, but either way it has been extremely helpful to me really imprint the underlying FSRM features and usage into my own mind.

Feedback

If you’re interested in contributing to this resource, providing feedback or raising issues or requesting features, please feel free (anything is appreciated). You’ll find the resource GitHub repository here where you can fork, issue pull requests and raise issues/feature requests.

DSC Resource Kit Updates are Available

The Microsoft DSC Resource Kit has been updated with a bunch of new stuff. You can check this out here.

If you’re using DSC, you’re no doubt familiar with the Microsoft DSC Resource Kit as it provides some of the most useful resources available outside of the base DSC Resources. You should really go and check it out to see what sort of thing you can be configuring with DSC straight out of the box.

I’m especially proud of this release as it contains some stuff I’ve be contributing to outside of my own resources. I’ve been helping out with adding some code to the xNetworking resource.

File Server Resource Manager (FSRM) Quotas DSC Resource

Introduction

After implementing (but not yet completing) the my DFS Replication Groups resource last week, I had an epiphany about another resource that I had begun writing some time ago but had run into problems with. The epiphany allowed me to resolve the issues holding up completion of this resource as well as dig more deeply into the FSRM for my studies.

Resources

Initially I was going to create all of the FSRM Resources (File Groups, File Classifications etc) in a single module, but I quickly realized that this wasn’t ideal as the number of modules to support this was actually quite large. Therefore I’ve decided to break this down into more manageable chunks. This is the first chunk. It contains the following resources:

  • cFSRMFileQuota – configures FSRM Quotas.
  • cFSRMFileQuotaAction – configures FSRM Quota Actions for Quotas.
  • cFSRMFileQuotaTemplate – configures FSRM Quota Templates.
  • cFSRMFileQuotaTemplateAction – configures FSRM Quota Template Actions for Quota Templates.
  • cFSRMAutoQuota – configures FSRM Auto Quotas.

The purpose of the resources should be fairly self explanatory, as long as you have a basic understanding of how FSRM Quotas are used. If you aren’t familiar with FSRM Quotas, this is a good place to start – although why you’d be reading this if you’re not familiar with FSRM Quotas already is beyond me.

There are some other Quota management DSC Resources available online and they look very easy to use, but they don’t provide the complete set of functionality that these resources do because I tried to ensure that every Quota is available and as complete as possible. Which resources to use depends on your needs.

Installing the Resource

If you have installed WMF 5.0 you can just download this directly from the PowerShell Gallery by running this command:

Install-Module -Name cFSRMQuotas

Otherwise you’ll need to download this from the Microsoft Script Center here and unzip it into your PowerShell modules path.

Using the Resource

Rather than go into detail on using this resource in this post, I thought I’d try and keep it short and just provide a link to the documentation. This covers the parameters available in the resources as well as some usage examples.

If you need some additional guidance or other specific examples, please feel free to let me know and I’ll do my best to help you out.

Summary

Well, there is not much more to say about this. Hopefully someone finds it useful. I intend to add complete the other chunks of the FSRM Resources over the coming weeks when I have time.

Feedback

If you’re interested in contributing to this resource, providing feedback or raising issues or requesting features, please feel free (anything is appreciated). You’ll find the resource GitHub repository here where you can fork, issue pull requests and raise issues/feature requests.

IPv6, DHCP and Get-NetIPInterface – DHCP State can be WRONG!

Recently I’ve been attempting to help out with the awesome Microsoft Community DSC Resources by throwing in a bit of code here and there – especially into the xNetworking resource. I started contributing to them because I had a need for some specific features in these resources for some other projects I was working on.

Anyway, long story short I found myself investigating an odd little bug with the xIPAddress resource (it configures an IPv4 or IPv6 address on a Network adapter). The problem was that even though I had a network adapter with a statically assigned IPv6 address, the Get-NetIPInterface cmdlet always seemed to say that DHCP was enabled:

The IPv6 address is clearly statically assigned but it says DHCP is enabled!

The IPv6 address is clearly statically assigned but it says DHCP is enabled!

I am not sure if this is a bug in Get-NetIPInterface that causes the DHCP property to be misreported for IPv6 interfaces or if using this property to determine DHCP status on an IPv6 address is not recommended.

Either way, I’m a bit stumped. I need an alternate and reliable way that can be used to detect the DHCP state of an IPv6 interface. I’ve looked at using the PrefixOrigin and/or SuffixOrigin properties of objects returned by Get-NetIPAddress but this feels a little bit untrustworthy to me.

Well, if anyone reads this and has any ideas I’d be very grateful to hear about it!

Edit: After a bit more investigation on this, it seems you can quite happily set the DHCP property on an IPv6 Interface using the Set-NetIPInterface cmdlet to whatever you like, regardless of whether or not a static IP address is assigned. So it seems that the DHCP property returned by the Get-NetIPInterface cmdlet for IPv6 addresses is meaningless. But I’d still love to know for sure.

Distributed File System DSC Resource Update

After releasing the DFS DSC Resource Module yesterday, I had an idea of how to simplify it if you’re deploying a DFS folder that contains the same path content path for all members. I added a ContentPaths parameter (an array of strings) to the cDFSRepGroup resource so that if the folder exists in the same location on every member, you won’t need to use the cDFSRepGroupMembership resource to individually set the Content Path for each member.

For example:

configuration Sample_cDFSRepGroup_Simple
{
    Import-DscResource -Module cDFS

    Node $NodeName
    {
        [PSCredential]$Credential = New-Object System.Management.Automation.PSCredential ("CONTOSO.COM\Administrator", (ConvertTo-SecureString $"MyP@ssw0rd!1" -AsPlainText -Force))

        # Install the Prerequisite features first
        # Requires Windows Server 2012 R2 Full install
        WindowsFeature RSATDFSMgmtConInstall 
        { 
            Ensure = "Present" 
            Name = "RSAT-DFS-Mgmt-Con" 
        }

        # Configure the Replication Group
        cDFSRepGroup RGPublic
        {
            GroupName = 'Public'
            Description = 'Public files for use by all departments'
            Ensure = 'Present'
            Members = 'FileServer1','FileServer2'
            Folders = 'Software','Misc'
            Topology = 'Fullmesh'
            ContentPaths = 'd:\public\software','d:\public\misc'
            PSDSCRunAsCredential = $Credential
            DependsOn = "[WindowsFeature]RSATDFSMgmtConInstall"
        } # End of RGPublic Resource
    } # End of Node
} # End of Configuration

The above example creates a DFS Replication Group called Public containing two folders, Software and Misc. The DFS Replication Group replicates to two members, FileServer1 and FileServer2. It is maintaining a Fullmesh connection topology.

The thing to note is that the ContentPaths array should have the elements in a matching order to the Folders parameter. So this:

            Folders = 'Misc','Software'
            ContentPaths = 'd:\public\software','d:\public\misc'

Would result in the Misc folder being set with the Content Path d:\public\software’ and the Public folder being set with the Content Path  d:\public\misc‘ – which is probably not ideal.

The Primary Member

Every Resource Group Folder needs a Primary Member set for initial replication to take place. If you use this automatic assigning of content paths the Primary Member will automatically be set to the computer listed first in the Members parameter. If you want to change this you’ll need to use the manual cDFSRepGroupMembership resource instead.

Partially Setting Content Paths

It is actually possible to only automatically configure some of the content paths in a DFS Replication Group by leaving the appropriate ContentPaths array entry blank. This would allow you to automatically configure some folders but leave other folders to be manually configured.

For example:

        cDFSRepGroup RGPublic
        {
            GroupName = 'Public'
            Description = 'Public files for use by all departments'
            Ensure = 'Present'
            Members = 'FileServer1','FileServer2'
            Folders = 'Software','Misc','Video'
            Topology = 'Fullmesh'
            ContentPaths = 'd:\public\software','','e:\video'
            PSDSCRunAsCredential = $Credential
            DependsOn = "[WindowsFeature]RSATDFSMgmtConInstall"
        } # End of RGPublic Resource

This would create a Replication Group called Public, with three folders Software, Misc and Video. The Software and Video folders will be automatically configured with Content Paths but the Misc folder will be left unconfigured so that it can be configured manually.

Optional Use

Using the ContentPaths or Topology parameters is optional. You can still define the folder Content Paths manually using the cDFSRepGroupMembership resource and/or configure the connection topology manually using the cDFSRepGroupConnection resource if you want to.

Important: It is not recommended that you define a ContentPath for a folder in the cDFSRepGroup ContentPaths parameter if you are also setting it in a cDFSRepGroupMembership resource. The same applies to defining and automatic Topology and using the cDFSRepGroupConnection resource.

And again, in case you missed it, the post covering the original resource is here.

Windows Distributed File System DSC Resource

Introduction

While studying for my MS 70.411 exam, I found that one way of getting a good understanding of a feature is to perform as many feature tasks as possible using PowerShell. One especially useful way of doing this for me was to implement a DSC resource for the feature. So, this week the feature was Distributed File System Replication Groups. I’ll refer to Distributed File Systems as DFS in future to save typing.

Note: I am going to implement DFS Namespaces as well, but that will be left to next week.

Update: After releasing this version I had an idea for some improvements to simplify this resource. See the details here.

Node vs. Active Directory

The first thing to note with implementing a DSC resource for Windows Distributed File System is that the resource is actually setting the Desired State of Active Directory elements rather than that of a Node. What that means is that when you use the PowerShell (or Management Console) to manage Windows DFS Replication Groups or DFS Namespaces you’re actually configuring items in the Active Directory database – you’re not changing anything on the actual node/computer you’re running the commands on.

This means that a DSC Resource for configuring Windows DFS could be run on any computer within the AD Domain. This is actually very handy as it turns out. At first though, I wasn’t sure DSC should be used for configuring elements that aren’t actually on a Node/Computer, but I couldn’t see why not, and then I remembered that there are other resources that do this (xActiveDirectory for example).

Server Core Not Supported

The first problem I ran into when implementing this DSC Resource is that you can’t install the DFS Replication (DFSR) PowerShell module onto a Windows Server Core installation. This is because the PowerShell DFSR module is only installed with the DFS Management Tools feature, which requires a Full Server install (or at least the Graphical Management Tools and Infrastructure feature).

This feature is required to enable the DFSR PowerShell Module.

This feature is required to enable the DFSR PowerShell Module.

This isn’t the end of the world, but it is annoying because all my file servers are Server Core. Therefore I’d need to run this resource on a node with a Full Server install that is also part of the AD Domain. So it is great that this resource can be run on any Full Server install (or even a Desktop with RSAT).

Setting AD Credentials

Because this resource calls PowerShell CmdLets that interact with the AD Database, AD credentials need to be supplied that can have the appropriate permissions. This means that the PSDSCRunAsCredential property must be set for each resource entry, which in turn means this Resource can only be used on nodes with Windows Management Framework 5.0 (WMF 5.0) or greater installed. If you’re not familiar with this property, see this link.

Installing the Resource

Because this resource requires WMF 5.0 you can just download this directly from the PowerShell Gallery by running this command:

Install-Module -Name cDFS

Using the Resource

The following example creates a DFS Replication Group called Public containing two members, FileServer1 and FileServer2. The Replication Group contains a single folder called Software. A description will be set on the Software folder and it will be set to exclude the directory Temp from replication.

configuration Sample_cDFSRepGroup
{
    Import-DscResource -Module cDFS

    Node $NodeName
    {
        [PSCredential]$Credential = New-Object System.Management.Automation.PSCredential ("CONTOSO.COM\Administrator", (ConvertTo-SecureString $"MyP@ssw0rd!1" -AsPlainText -Force))

        # Install the Prerequisite features first
        # Requires Windows Server 2012 R2 Full install
        WindowsFeature RSATDFSMgmtConInstall 
        { 
            Ensure = "Present" 
            Name = "RSAT-DFS-Mgmt-Con" 
        }

        # Configure the Replication Group
        cDFSRepGroup RGPublic
        {
            GroupName = 'Public'
            Description = 'Public files for use by all departments'
            Ensure = 'Present'
            Members = 'FileServer1','FileServer2'
            Folders = 'Software'
            PSDSCRunAsCredential = $Credential
            DependsOn = "[WindowsFeature]RSATDFSMgmtConInstall"
        } # End of RGPublic Resource

        cDFSRepGroupConnection RGPublicC1
        {
            GroupName = 'Public'
            Ensure = 'Present'
            SourceComputerName = 'FileServer1'
            DestinationComputerName = 'FileServer2'
            PSDSCRunAsCredential = $Credential
        } # End of cDFSRepGroupConnection Resource

        cDFSRepGroupConnection RGPublicC2
        {
            GroupName = 'Public'
            Ensure = 'Present'
            SourceComputerName = 'FileServer2'
            DestinationComputerName = 'FileServer1'
            PSDSCRunAsCredential = $Credential
        } # End of cDFSRepGroupConnection Resource

        cDFSRepGroupFolder RGSoftwareFolder
        {
            GroupName = 'Public'
            FolderName = 'Software'
            Description = 'DFS Share for storing software installers'
            DirectoryNameToExclude = 'Temp'
            PSDSCRunAsCredential = $Credential
            DependsOn = '[cDFSRepGroup]RGPublic'
        } # End of RGSoftwareFolder Resource

        cDFSRepGroupMembership RGPublicSoftwareFS1
        {
            GroupName = 'Public'
            FolderName = 'Software'
            ComputerName = 'FileServer1'
            ContentPath = 'd:\Public\Software'
            PrimaryMember = $true
            PSDSCRunAsCredential = $Credential
            DependsOn = '[cDFSRepGroupFolder]RGSoftwareFolder'
        } # End of RGPublicSoftwareFS1 Resource

        cDFSRepGroupMembership RGPublicSoftwareFS2
        {
            GroupName = 'Public'
            FolderName = 'Software'
            ComputerName = 'FileServer2'
            ContentPath = 'e:\Data\Public\Software'
            PSDSCRunAsCredential = $Credential
            DependsOn = '[cDFSRepGroupFolder]RGPublicSoftwareFS1'
        } # End of RGPublicSoftwareFS2 Resource

    } # End of Node
} # End of Configuration

Example Breakdown

The resource usage hopefully is fairly straight forward and the Module itself contains documentation in the Readme.md (you can also see it here). But I’ll provide a quick breakdown of the resources just in case.

WindowsFeature RSATDFSMgmtConInstall

Install the Windows Feature that is required to use this DSC Resource. It installs the Windows DFSR/DFSN PowerShell Modules.

cDFSRepGroup

This resource creates, configures or removes a DFS Replication Group. You should specify both the Members and the Folders that are in this Replication Group. Both of these properties take an array of strings so you can specify more than one member (not much of a Distributed File System without that right?) and more than one folder. You of course also need to specify a DFS Replication Group Name.

This resource also contains an optional Topology parameter that defaults to Manual. If this parameter is set to Fullmesh then a Full Mesh connection topology will be configured automatically for this Replication Group, based on the members specified in the resource.

cDFSRepGroupConnection

This is an optional resource that allows the Replication Group Connections to be defined manually. I used the above example, so that it was obvious how they should be used. It allows a Replication Group Connection to be defined for a Replication Group between two members. A description can also be set on each connection. The connections can be disabled and also have RDC (Remote Differential Compression) disabled.

Note: this resource should only be used if the Topology parameter of the cDFSRepGroup resource is set to Manual (which is the default). If you set the Topology parameter to Fullmesh, a set of Replication Group Connections will automatically be created in a Full Mesh structure. The Hub and Spoke structure is not currently supported but may be in the future.

cDFSRepGroupFolder

This is an optional resource that can be used to configure specific properties of any of the folders in a DFS Replication Group. It is not used to create a folder within the Replication Group, that is the job of the cDFSRepGroup resource. This job of this resource is to configure the following properties of a Replication Group Folder:

  • Description
  • FilenameToExclude – if this is not specified the default value that DFS assigns is automatically used.
  • DirectoryNameToExclude – if this is not specified the default value that DFS assigns is automatically used.

cDFSRepGroupMembership

This resource is used to configure the actual content folders on each member of the Replication Group Folder. An instance of this resource should be used for each combination of member and folder in a Replication Group to set the Content Folder. It can also be used to set the following optional properties:

  • StagingPath – this can be used to override the default staging path. Usually this should be left to the default.
  • ReadOnly – this property can be used to make this content folder read only.
  • PrimaryMember – this property allows a Primary Member of the replication group to be set. At least one member of each Replication Group folder must set as the Primary Member otherwise initial replication will never take place.

Common Parameters

There are a couple of parameters that are common to each resource:

  •  GroupName – this is the name of the Replication Group.
  • Domain – this is the name of the AD Domain this Replication Group is part of. If not specified then the AD Domain that the computer that is running the config is part of is used. Usually it should not be specified.

Summary

Well, there is not much more to say about this. Hopefully someone finds it useful. I intend to add DFS Namespace support over the next week or so, so if you’re needing that, keep an eye out.

Feedback

If you’re interested in contributing to this resource, providing feedback or raising issues or requesting features, please feel free (anything is appreciated). You’ll find the resource GitHub repository here where you can fork, issue pull requests and raise issues/feature requests.