I'm working through the DSC book from powershell.org and trying to setup a pull server using the configuration code specified in the book.
configuration CreatePullServer
{
param
(
[string[]]$ComputerName = 'localhost'
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Node $ComputerName
{
WindowsFeature DSCServiceFeature
{
Ensure = "Present"
Name = "DSC-Service"
}
xDscWebService PSDSCPullServer
{
Ensure = "Present"
EndpointName = "PSDSCPullServer"
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
CertificateThumbPrint = "AllowUnencryptedTraffic"
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = "Started"
DependsOn = "[WindowsFeature]DSCServiceFeature"
}
xDscWebService PSDSCComplianceServer
{
Ensure = "Present"
EndpointName = "PSDSCComplianceServer"
Port = 9080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
CertificateThumbPrint = "AllowUnencryptedTraffic"
State = "Started"
IsComplianceServer = $true
DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}
}
}
CreatePullServer -ComputerName pull1.lab.pri
When I run the configuration script, powershell reports that it is unable to load the xPSDesiredStateConfiguration module.
Import-DSCResource -ModuleName xPSDesiredStateConfiguration Unable to
load module 'xPSDesiredStateConfiguration': module not found.
I verified that I have the DSC resource kit installed, and the module is listed when I execute the Get-DSCResource command. Can anyone give me a clue as to what I may have done wrong?
Also, I am using Windows 7 64-bit and have installed KB2819745 to bring powershell up to version 4.
Responding to a comment to my original question, I checked that the module was being listed when executing Get-Module -ListAvailable. I noticed that when I ran the command it was listing the directory containing the module twice. I then realized that while trying to solve an earlier problem I had added the $env:ProgramFiles\WindowsPowerShell\Modules directory to the PSModulePath environment variable, so the modules were being duplicated and causing problems. After removing the path from the PSModulePath environment variable, everything works!
First, you need to install the package. You can download it from here:
https://gallery.technet.microsoft.com/xPSDesiredStateConfiguratio-417dc71d
Related
I am trying to seup SQL Server with PowerShell DSC with following configuration script.
After successful installation When I am trying to login with windows authentication it doesn't work and throws error "login failed for user <domain\user>" even though I am already part of administrators group.
This is my DSC configuration script
Am I missing anything?
Configuration InstallSQLServer
{
param(
[string[]]$NodeName = 'localhost'
)
Import-DscResource -ModuleName SqlServerDsc
Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
node localhost
{
WindowsFeature 'NetFramework45'
{
Name = 'NET-Framework-45-Core'
Ensure = 'Present'
}
SqlSetup 'InstallDefaultInstance'
{
InstanceName = 'MSSQLSERVER'
Features = 'SQLENGINE'
SourcePath = 'C:\SQL2019'
SQLSysAdminAccounts = #("Administrators")
DependsOn = '[WindowsFeature]NetFramework45'
}
Registry REG_LoginMode{
DependsOn = '[SqlSetup]InstallDefaultInstance'
Key = 'HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\MSSQLServer'
ValueName = 'LoginMode'
ValueType = 'DWORD'
ValueData = $Node.LoginMode
PsDscRunAsCredential = $SQLInstallCredential
}
SqlServerNetwork EnableTcpIp {
DependsOn = '[SqlSetup]InstallDefaultInstance'
InstanceName = 'MSSQLSERVER'
ProtocolName = 'Tcp'
IsEnabled = $true
TCPPort = 1433
RestartService = $true
}
}
}
#Create the MOF
InstallSQLServer -NodeName localhost
#Apply the Configuration
Start-DscConfiguration -Path .\InstallSQLServer -Wait -Force -Verbose
I've created a domain certificate for my DSC web pull server (issued by my internal CA) and retrieved the thumbprint.
I exported the certificate from inetmgr and installed it on the pull server (both local machine and user).
I then put the thumbprint in the script in the CertificateThumbprint parameter.
However when I re-run the config script to generate the new MOF and restart the DSC configuration, I can still only get to the site via http and not https.
When I try to navigate to the pull server site with https I get TLS warnings.
(I'm on Windows Server 2016, PS version 5.1)
Cheers
EDIT:
Below is the script for generating the MOF with the thumbprint inside.
configuration CreatePullServer
{
param
(
[string[]]$ComputerName = 'localhost'
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node $ComputerName
{
WindowsFeature DSCServiceFeature
{
Ensure = "Present"
Name = "DSC-Service"
}
xDSCWebService PSDSCPullServer
{
Ensure = "Present"
EndpointName = "PSDSCPullServer"
AcceptSelfSignedCertificates = $true
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
CertificateThumbPrint = '881B26142BABAFEF7490FB1CD48EA1D572628087'
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = "Started"
UseSecurityBestPractices = $True
DependsOn = "[WindowsFeature]DSCServiceFeature"
}
xDscWebService PSDSCComplianceServer
{
Ensure = "Present"
EndpointName = "PSDSCComplianceServer"
Port = 9080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
CertificateThumbPrint = 'AllowUnencryptedTraffic'
State = "Started"
UseSecurityBestPractices = $True
DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}
}
}
CreatePullServer -ComputerName pullsrv01 -verbose
And here is an image of the TLS message when I try to navigate to the https site
I managed to resolve this issue by adding a site binding for the PS DSC Pull Server site in IIS with the certificate, FYI.
Is there any option to pass values to $configdata block (use for -ConfigurationData) as a parameter/variable?
Something like:
Configuration Config1
{
...
...
...
}
$configdata = #{
AllNodes = #(
#{
NodeName = servername
CertificateFile = "$path\CertFile.cer"
Thumbprint = $CertThumb
}
The Configuration Data is the way to pass values to the Configuration.
On the other hand, the configuration data itself is nothing more, but a Hash Table. You can edit it in any way you like.
Consider the following example.
You are in Push mode and have the following configuration:
Configuration MyFileCreator
{
Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
Node localhost
{
File sampleFile
{
Ensure = $ConfigurationData.fileEnsure
Type = 'File'
DestinationPath = 'c:\temp\file.txt'
Force = $true
}
# Configure LCM
LocalConfigurationManager
{
ConfigurationMode = 'ApplyAndAutoCorrect'
RefreshMode = 'PUSH'
RebootNodeIfNeeded = $False
}
}
}
You see that I have used $ConfigurationData.fileEnsure. This variable refers to a value I set in the ConfigurationData.
My ConfigurationData could look like this:
$myConfigurationData = #{
AllNodes = #()
fileEnsure = 'absent'
}
If I want to apply my configuration with the configuration data, I can run the following commands:
MyFileCreator -ConfigurationData $myConfigurationData
Start-DscConfiguration -ComputerName localhost .\MyFileCreator
If I want to change the configuration data, I can simply modify the Hash Table and apply my configuration again:
$myConfigurationData.fileEnsure = 'present'
MyFileCreator -ConfigurationData $myConfigurationData
Start-DscConfiguration -ComputerName localhost .\MyFileCreator -Force
You can read more about the idea behind Configuration and Environment Data in the official MSDN Documentation.
As I'm new to PowerShell and also DSC (and programming in total) i have a question to which i couldn't find an answer in the web.
I'm trying to install an msi (or an exe) with PS DSC. I sucessfully wrote a script to check and install windows-features and to install JDK and set the ressources.
But with my next step I seem to be overchallenged.
so heres my code so far:
$ConfigurationData = #{
AllNodes = #(
#{
NodeName="*"
PSDscAllowPlainTextPassword=$true
}
)
}
Configuration AppFabric
{
param (
$TargetNodes,
[Parameter(Mandatory=$false)]
[PSCredential]$Credential
)
Import-DscResource –ModuleName ’PSDesiredStateConfiguration’
Node localhost
{
Package AppFabric
{
Ensure = "Present"
Name = "AppFabric"
Path = "$PWD\src\AppFabric\package\appfabric-1.1-for-windows-server-64.msi"
ProductId = ""
LogPath = "$PWD\logs\$env:computername-AppFabric"
Arguments = "/i HostingServices,CacheClient,HostingServicesAdmin"
Credential = "$Credential"
}
}
}
AppFabric -OutputPath $PWD\mof\AppFabric\
Start-DscConfiguration -Path $PWD\mof\AppFabric\ -wait -verbose -Force
So as you see i'm trying to install AppFabric on a Windows Server 2012R2 up to date.
When i Run the script i get following error:
I have no clue, what that means and can't find anything on the web that could help.
If you need further information, let me know, as I said, I'm new to this :x
Thanks!
Edit:
If I try to do it without credentials I get the following:
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
You are treating the Credential property as a string instead of PSCredential.
Remove double quotes from Credential property to fix the issue.
Package AppFabric
{
Ensure = "Present"
Name = "AppFabric"
Path = "$PWD\src\AppFabric\package\appfabric-1.1-for-windows-server-64.msi"
ProductId = ""
LogPath = "$PWD\logs\$env:computername-AppFabric"
Arguments = "/i HostingServices,CacheClient,HostingServicesAdmin"
Credential = $Credential
}
I'm using the PowerShell 5.0 September Preview to configure a PowerShell Desired State Configuration Pull Server on a Windows Server 2012 R2 virtual machine running on VMware Workstation. To perform the configuration of the DSC Pull Server, I am using a code snippet that I pulled off of the Microsoft PowerShell MSDN blog, which leverages the xPSDesiredStateConfiguration module's xDscWebService DSC resource.
When I attempt to test the OData endpoint for the DSC Pull Server, I receive a HTTP 503: Service Unavailable message. Any ideas on how to debug and fix this?
configuration DscWebService
{
param
(
[ValidateNotNullOrEmpty()]
[string] $CertificateThumbPrint = 'AllowUnencryptedTraffic'
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration;
WindowsFeature DSCServiceFeature
{
Ensure = 'Present';
Name = 'DSC-Service';
}
WindowsFeature WinAuth
{
Ensure = 'Present';
Name = 'web-Windows-Auth';
}
xDscWebService PSDSCPullServer
{
Ensure = 'Present';
EndpointName = 'PullSvc';
Port = 10100;
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer";
CertificateThumbPrint = $CertificateThumbPrint;
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules";
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration";
State = 'Started';
DependsOn = '[WindowsFeature]DSCServiceFeature';
}
xDscWebService PSDSCConformanceService
{
Ensure = 'Present';
EndpointName = 'DscConformance';
Port = 10101;
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer";
CertificateThumbPrint = 'AllowUnencryptedTraffic';
State = 'Started';
IsComplianceServer = $true;
DependsOn = #('[WindowsFeature]DSCServiceFeature', '[WindowsFeature]WinAuth','[xDSCWebService]PSDSCPullServer') ;
}
}
DscWebService -ComputerName dsc01.t.loc -OutputPath c:\dsc\PullServer -CertificateThumbPrint 00A2F55847C5523FE6CB0C2EE132C638339EA3A8;
Start-DscConfiguration -Wait -Verbose -Path c:\dsc\PullServer -Force;
a 503 Error usually indicates an issue with the apppool associated with a site. Run the following to see the state of your apppools
Get-ChildItem IIS:\AppPools