Local Configuration Manager – LCM

The LCM is the agent of consistency that drives it all. It is the engine that enforces consistency and checks the system status periodically. With WMF 4.0, the LCM was triggered with a scheduled task, which allowed little control over it. Starting with WMF 5.0, the LCM is hosted in the WmiPrvSE process.

Until DSC Core arrives, DSC on Linux hosts the LCM in the daemon OMI server. You can use CIM and WinRM remoting to interact with the LCM and push or pull configurations.
For more information, see: https://github.com/Microsoft/PowerShell-DSC-for-Linux.

The LCM properties can be seen by executing Get-DscLocalConfigurationManager. The most important properties are as follows:

  • ConfigurationMode: The behavior of the agent.
    • ApplyAndMonitor: Apply a configuration once only  and monitor changes.
    • ApplyOnly: Apply a configuration once.
    • ApplyAndAutoCorrect: Continuously apply a configuration.
    • MonitorOnly: Do not apply a configuration; only monitor configuration drift.
  • RefreshMode: Push, pull, or disabled. The default is push. 
  • RebootNodeIfNeeded: Default is false; can be used, for example, in Dev environments to automatically reboot nodes whenever a reboot is requested in a configuration.

Setting these settings is only possible with DSC and a special configuration called meta configuration, which is decorated with the DscLocalConfigurationManager attribute. The meta configuration is unique to the LCM and describes its settings:

# Setting the LCM
[DscLocalConfigurationManager()]
configuration LcmMetaConfiguration
{
    node localhost
    {
        Settings # No name here, settings is unique to a node
        {
            ConfigurationMode = 'ApplyAndAutoCorrect'
            ConfigurationModeFrequencyMins = 30
            DebugMode = 'None'
            RebootNodeIfNeeded = $true
            ActionAfterReboot = 'ContinueConfiguration'
        }
    }
}
LcmMetaConfiguration
Set-DscLocalConfigurationManager -Path .LcmMetaConfiguration

All configurations, once enacted, are stored in the $env:WINDIRSystem32configuration folder. The following files relate to the configurations you push to a node:

  • Current.mof: The current configuration that is applied
  • Pending.mof: The pending configuration that is going to be applied and has not yet fully converged
  • Previous.mof: The previous configuration that can be restored in push mode
  • MetaConfig.mof: The LCM configuration

If you try opening one of those files in WMF 5 or greater, you will notice that they are encrypted. While the MOF files are in plain text on your build system, you can rest assured that the LCM will encrypt them using the data protection API while at rest on the node.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.200.197