my interpretation of a policy-document defining a state#8
my interpretation of a policy-document defining a state#8gaelcolas wants to merge 3 commits intoPowerShell:mainfrom
Conversation
| $schema: https://json-schema.org/draft/2020-12/schema | ||
| $id: https://aka.ms/schemas/dsc/manifest.schema.yaml #manifest is too generic, that's configuration policy | ||
|
|
||
| AgentContext: # Reserved for the "managing context or config before converging to the desired state". Could be a different file! |
There was a problem hiding this comment.
maybe include a timeOut property? or maxRunTime?
There was a problem hiding this comment.
As I understand it, @SteveL-MSFT was focusing on the "config" utility that only enacts resource per resource...
So in this approach of having a separate "layer" of configuration for the agent/orchestrator, the AgentContext key is there mostly for illustration, as we don't need to agree on that part yet.
I agree with you it would be nice, but I don't think that's necessarily the config utility's job.
| # postchecks: | ||
| assertBeforeRun: | ||
| # assertions: # every assertion should pass before any config is applied and calls `test` method, multiple resources can be here and if any fail, the entire config fails | ||
| - resource: assert-osversion # naming convention for assert resources |
There was a problem hiding this comment.
are these resources special in some way or just a typicaly DSC resource, and only Test is run?
| assertBeforeRun: | ||
| # assertions: # every assertion should pass before any config is applied and calls `test` method, multiple resources can be here and if any fail, the entire config fails | ||
| - resource: assert-osversion # naming convention for assert resources | ||
| settings: |
There was a problem hiding this comment.
If typical DSC resources, these Settings could be just DSC properties
|
|
||
|
|
||
| ResourceGraph: # this is the Directed Acyclic Graph of the resources drawing the path of states (nodes) or changes (edges) a system need to go through to converge towards the desired state | ||
| - resource_instance_id: '[Microsoft.PowerShell.OSResourcesDsc\osversion]MyInstanceOfOsversion' # unique identifier of the instance, composed at "compile" time. |
There was a problem hiding this comment.
what would Set look like for an OSVersion resource?
| resource_parameters: | ||
| id: Microsoft.VisualStudioCode | ||
| version: "[1.27.2-*)" | ||
| runas: Admin # this will require to be more complex objects, which means the interface for this object has to be defined... |
There was a problem hiding this comment.
Possibly links to a session configuration?
|
there are a lot of great ideas represented throughout the file. is there any prior art from 3rd parties we will need to consider? |
I did not go through previous art as the approach is already opinionated from the outset, and I don't have the time. It's still good to have in mind how the task oriented Ansible playbook are expressed. Then draw the line what comes prior the configuration document, and what is runtime parameter. |
|
Closing as we're currently aligning with ARM template syntax |
3 participants
Example of what a configuration doc may look like authored by end user or through a tool (compilation) to be used by an utility.
I don't like to call the utility "orchestrator" because you can orchestrate at many levels (i.e. orchestrating the change from a desired state to another desired state).
I refer to the Utility for a simple tool that tries to apply a resource at a time, or agent (sometimes interchangeably) although an agent would have some more cleverness to refresh the desired state policy document, and how/when to converge to the desired state.
This approach (in contrast with the other proposal), tries to minimise the features/complexity needed when converging to the DesiredState, and push them back to a higher level (called
AgentContexthere).We're enabling Parameters to be defined in the configuration and re-used as needed.
We uniquely identify each resource instances with an instance ID that has to be unique.
We're using this string to identify the resource to use (namespace\resource), but if we want it to be free text, each resource instance will have to refer to detailed resource defintion (as listed in dependencies).