13. 09. 2022 Alessandro Romboli NetEye

Installing and Configuring Monitoring Agents in a Windows Domain – Part 2

Scenario

In this blog I’ll describe some advanced features of the DSC platform in order to automate the configuration of the monitoring agents.

I’ve already described the basic topics in the first part of this blog:

Installing and Configuring Monitoring Agents in a Windows Domain – Part 1

But just as a quick reminder, DSC (Desired State Configuration) is a management platform within PowerShell that enables you to manage your IT and development infrastructure with configuration as code.

DSC is a declarative platform used for configuration, deployment, and management of systems.

  • Configurations are declarative PowerShell scripts which define and configure instances of resources. Upon running the configuration, DSC (and the resources being called by the configuration) will simply “make it so”, ensuring that the system exists in the state laid out by the configuration. DSC configurations are also idempotent: the Local Configuration Manager (LCM) will continue to ensure that machines are in whatever state the configuration declares.

DSC advanced configurations

In this first example, I’ll show you how to modify the Telegraf agent installation on remote Windows servers in order to set the service AutoStart as Delayed.

The DSC Service function has no parameters to set a service as delayed, so a second different function is required.

The easiest way is to use the generic Script function: it’s a powerful function which lets you write generic customized PowerShell code. It has three internal blocks: SetScript, TestScript and GetScript.

TestScript is used to verify if the system is already configured as expected, and must return True or False.

If the result is False, the DSC engine will call SetScript in order to change the machine configuration.

The GetScript block must be defined, but it’s meaningless for our examples.

The resulting DSC code is:

#set telegraf service as delayed
Script FIXTelegraf {
    SetScript = {
        &"sc.exe" config telegraf start= delayed-auto
    }
    TestScript = {
        $stato = &"sc.exe" qc telegraf
        if ($stato -match 'DELAYED') {return $true} else {return $false}
        }
    GetScript = {
        $fileContent = $null
        return @{
            Result = $fileContent
        }
    }
}

The external sc.exe command is used both to check if the Telegraf service is already Delayed and to force its configuration if required.

The Telegraf agent installation will be done in two steps, concatenating both functions:

Service CreateService {
    Name   = "telegraf"
    Ensure = "Present"
    Path   = "c:\Program Files\telegraf\telegraf.exe"
    Description = "Telegraf monitoring"
    BuiltInAccount = "LocalSystem"
    StartupType = "Automatic"
    State = "Running"
}
#set telegraf service as delayed
Script FIXTelegraf {
    SetScript = {
        &"sc.exe" config telegraf start= delayed-auto
    }
    TestScript = {
        $stato = &"sc.exe" qc telegraf
        if ($stato -match 'DELAYED') {return $true} else {return $false}
        }
    GetScript = {
        $fileContent = $null
        return @{
            Result = $fileContent
        }
    }
}

In the previous example, we were assuming that the Telegraf executable and configuration files were already at the destination path.

The right approach would be to copy the Telegraf executable and configuration files before installing the service.

The DSC File function would be the best approach: it could be used to copy an entire directory or just a single file, but only if the data is missing or changed.

So, we can add two installation blocks to the previous example in order to copy data from a network share:

File TelDirCopy {
    Ensure = "Present"
    Type = "Directory"
    Recurse = $true
    SourcePath = "\\MYDSC\SW\telegraf"
    DestinationPath = "c:\Program Files\telegraf"
    MatchSource = $true
    Checksum = "modifiedDate"
}
File TelCfgCopy {
    Ensure = "Present"
    Type = "File"
    SourcePath = "\\MYDSC\SW\telegraf_cfg\telegraf-base.conf"
    DestinationPath = "c:\Program Files\telegraf\telegraf.conf"
    MatchSource = $true
    Checksum = "modifiedDate"
}
Service CreateService {
    Name   = "telegraf"
    Ensure = "Present"
    Path   = "c:\Program Files\telegraf\telegraf.exe"
    Description = "Telegraf monitoring"
    BuiltInAccount = "LocalSystem"
    StartupType = "Automatic"
    State = "Running"
}
#set telegraf service as delayed
Script FIXTelegraf {
    SetScript = {
        &"sc.exe" config telegraf start= delayed-auto
    }
    TestScript = {
        $stato = &"sc.exe" qc telegraf
        if ($stato -match 'DELAYED') {return $true} else {return $false}
        }
    GetScript = {
        $fileContent = $null
        return @{
            Result = $fileContent
        }
    }
}

In the following DSC example, we will use the Package function to install an MSI package. According to the DSC logic, the package will be installed only if it’s not already present.

This is the DSC code to install the SQLDMVMonitor agent, which will collect some internal Microsoft SQL Server performance data.

Package 'Installsqldmvmonitor'
{
    Name      = 'sqldmvmonitor'
    ProductId = '{CFFC1BC5-8CD6-4599-82C9-0AE5AC893794}'
    Path      = 'C:\temp\sqldmvmonitor-v0.5.1-x64.msi'
    Arguments = '/qn /L*V C:\Temp\sqldmvm.log SQLDMVTRCCONFDIR="C:\AXcollector" LICENSEACCEPTED="1" SQLDMVTRCSERVICEACCOUNT="DOM\svcusr" SQLDMVTRCSERVICEACCOUNTPWD="xxxxxxx" SQLDMVTRCASSIGNADMIN=0'
    Ensure    = 'Present'
}

This MSI package installation will generate a log file in the C:\temp folder. Arguments can be customized according to the MSI package needs.

I advise you to take a look at the Microsoft documentation to discover all the built-in DSC functions and their related parameters:

https://docs.microsoft.com/it-it/powershell/dsc/reference/resources/windows/fileresource?view=dsc-1.1

These Solutions are Engineered by Humans

Did you find this article interesting? Does it match your skill set? Our customers often present us with problems that need customized solutions. In fact, we’re currently hiring for roles just like this and others here at Würth Phoenix.

Alessandro Romboli

Alessandro Romboli

Site Reliability Engineer at Würth Phoenix
My name is Alessandro and I joined Würth-Phoenix early in 2013. I have over 20 years of experience in the IT sector: For a long time I've worked for a big Italian bank in a very complex environment, managing the software provisioning for all the branch offices. Then I've worked as a system administrator for an international IT provider supporting several big companies in their infrastructures, providing high availability solutions and disaster recovery implementations. I've joined the VMware virtual infrastructure in early stage, since version 2: it was one of the first productive Server Farms in Italy. I always like to study and compare different technologies: I work with Linux, MAC OSX, Windows and VMWare. Since I joined Würth Phoenix, I could also expand my experience on Firewalls, Storage Area Networks, Local Area Networks, designing and implementing complete solutions for our customers. Primarily, I'm a system administrator and solution designer, certified as VMware VCP6 DCV, Microsoft MCP for Windows Server, Hyper-V and System Center Virtual Machine Manager, SQL Server, SharePoint. Besides computers, I also like photography, sport and trekking in the mountains.

Author

Alessandro Romboli

My name is Alessandro and I joined Würth-Phoenix early in 2013. I have over 20 years of experience in the IT sector: For a long time I've worked for a big Italian bank in a very complex environment, managing the software provisioning for all the branch offices. Then I've worked as a system administrator for an international IT provider supporting several big companies in their infrastructures, providing high availability solutions and disaster recovery implementations. I've joined the VMware virtual infrastructure in early stage, since version 2: it was one of the first productive Server Farms in Italy. I always like to study and compare different technologies: I work with Linux, MAC OSX, Windows and VMWare. Since I joined Würth Phoenix, I could also expand my experience on Firewalls, Storage Area Networks, Local Area Networks, designing and implementing complete solutions for our customers. Primarily, I'm a system administrator and solution designer, certified as VMware VCP6 DCV, Microsoft MCP for Windows Server, Hyper-V and System Center Virtual Machine Manager, SQL Server, SharePoint. Besides computers, I also like photography, sport and trekking in the mountains.

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive