$configdata and parameters

Welcome Forums DSC (Desired State Configuration) $configdata and parameters

This topic contains 6 replies, has 3 voices, and was last updated by

Prz
 
Participant
1 year, 8 months ago.

  • Author
    Posts
  • #64369
    Prz

    Participant
    Points: 0
    Rank: Member

    Hello,

    Is there any option to pass values to $configdata block (use for '-ConfigurationData') as a parameters/variables?

    Something like:

    Configuration Config1
    {
    ...
    ...
    ...
    }

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = servername
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }

  • #64392

    Keymaster
    Points: 1,524
    Helping HandTeam Member
    Rank: Community Hero

    Do you mean for $path and $CertThumb to be resolved when the Configuration is run? Yes – that you can do. Sort of. It's a bit awkward. You could parameterize the script itself. I'm not sure I've seen anyone want to do this, though, because typically you want the configuration data separated from the Configuration itself. Can you maybe help me understand what you're trying to do?

  • #64420
    Prz

    Participant
    Points: 0
    Rank: Member

    Hi Don,

    Let me try to explain it more precisely...

    I want run such script on server1:
    ————————————————————————–
    Configuration Config1
    {
    ...
    ...
    ...
    }

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = server1name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    @{
    NodeName = server2name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    @{
    NodeName = server3name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }

    Create and export self signed certificate .....
    Next copy and import the exported cert to server2 and server3
    Finaly run...
    Config1 -ConfigurationData $configdata
    ————————————————————————-
    By this script I want to create selfsigned cert, copy it and import to all servers (1,2,3). Then run dsc configuration, that contains resources for each of the servers. The MOF files must be encrypted. I assume to complete this I need to put, in the script...

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = server1name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    @{
    NodeName = server2name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    @{
    NodeName = server3name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    Because the cert is being created by this script I need to get the Thumbprint "live" and put there as a variable, am I right? Is it a bit more clear now?

  • #64441

    Keymaster
    Points: 1,524
    Helping HandTeam Member
    Rank: Community Hero

    You could technically do that within the configuration. The configuration is a script, after all. Variables and stuff will resolve when you run it, with the results going into the MOF. The ConfigurationData block is just a hash table; variables in it should resolve normally when they're used.

  • #64518
    Prz

    Participant
    Points: 0
    Rank: Member

    Hi Don,

    I did some tries but with no full success. "Thumbprint" seems to work ok but now I have a problem with "CertificateFile". When I set this as CertificateFile = "$path\CertFile.cer" I'm getting this error message:

    ConvertTo-MOFInstance : System.ArgumentException error processing property 'Password' OF TYPE 'MSFT_Credential': Cannot load encryption certificate. The certificate setting '\CertFile.cer' does not represent a valid base-64 encoded certificate, nor does it represent a valid certificate by file, directory, thumbprint, or subject name.

    Looks like $path variable is empty, but this is really strange because it is defined in the same place as $cert ("Thumbprint" seems to work if it is set as Thumbprint = $cert.Thumbprint)

    Can I ask you to show me how to exactly pass $path value to the $configdata block (or achieve all I need without $configdata block)? Please use below script structure if this possible (treat content between "————" as one ps1 file).

    ————————————————–
    Configuration Config1
    {
    ...
    ...
    ...
    }

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = server1name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $cert.Thumbprint
    }
    @{
    NodeName = server2name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $cert.Thumbprint
    }
    @{
    NodeName = server3name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $cert.Thumbprint
    }

    Create and export self signed certificate .....
    Next copy and import the exported cert to server2 and server3

    $path = "C:\Certs" # in my case this is calculated value
    $cert = Get-ChildItem -Path cert:\LocalMachine\My | ? {($_.FriendlyName -eq "xxxxx") #now I have the $cert.Thumbprint

    Finaly run...
    Config1 -ConfigurationData $configdata
    ————————————————–

    • #64521

      Participant
      Points: 0
      Rank: Member

      Hi Prz,
      I don't know how you configdata files are structured, whether there is a pipeline feeding/generating configdata files, but I am hoping you can do regex replacement on configdata file? I would a unique format around the parameters, i.e.

      Thumbprint ="#{Thumbprint}

      And do content replacement on the file

      (Get-Content $configdatafile).replace ("#{variable}", $variablevalue) | Set-Content $configdatafile
  • #64698
    Prz

    Participant
    Points: 0
    Rank: Member

    Tahnk you Ebru Cucen this is helpful hint!

    I have another problem... Can you tell me what is the difference between running script by Powershell ISE vs standard console? When I run my script by PS ISE everything works fine, DSC applies to 2 servers incl. encryption. But when I run exactly the same script by "Run with Powershell" I'm getting error message like "line 1021 at , : line 1" and System.Management.Automation.RuntimeException: You cannot call a method on a null-valued expression.
    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception
    exception)
    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
    . This points to the below line in bold:

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = "Server1"
    PSDscAllowDomainUser = $true
    CertificateFile = "$((Get-ChildItem "E:\" | ? {$_.Name -like "MyFolderName"}).fullname)\Server1.cer"
    Thumbprint = ($Thumbs | ? {$_ -like "Server1*"}).Split("=")[1]
    }

    @{
    NodeName = "Server2"
    PSDscAllowDomainUser = $true
    CertificateFile = "$((Get-ChildItem "E:\" | ? {$_.Name -like "MyFolderName"}).fullname)\Server2.cer"
    Thumbprint = ($Thumbs | ? {$_ -like "Server2*"}).Split("=")[1]
    }
    )
    }

    The problem is with the Server2 (I'm running script on Server1). All paths are correct, the problem is with the standard powershell console, does anybody know why PS ISE does not return any errors?

The topic ‘$configdata and parameters’ is closed to new replies.