$configdata and parameters

This topic contains 6 replies, has 3 voices, and was last updated by Profile photo of Prz Prz 3 months ago.

  • Author
    Posts
  • #64369
    Profile photo of Prz
    Prz
    Participant

    Hello,

    Is there any option to pass values to $configdata block (use for '-ConfigurationData') as a parameters/variables?

    Something like:

    Configuration Config1
    {
    ...
    ...
    ...
    }

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = servername
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }

  • #64392
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Do you mean for $path and $CertThumb to be resolved when the Configuration is run? Yes – that you can do. Sort of. It's a bit awkward. You could parameterize the script itself. I'm not sure I've seen anyone want to do this, though, because typically you want the configuration data separated from the Configuration itself. Can you maybe help me understand what you're trying to do?

  • #64420
    Profile photo of Prz
    Prz
    Participant

    Hi Don,

    Let me try to explain it more precisely...

    I want run such script on server1:
    ————————————————————————–
    Configuration Config1
    {
    ...
    ...
    ...
    }

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = server1name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    @{
    NodeName = server2name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    @{
    NodeName = server3name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }

    Create and export self signed certificate .....
    Next copy and import the exported cert to server2 and server3
    Finaly run...
    Config1 -ConfigurationData $configdata
    ————————————————————————-
    By this script I want to create selfsigned cert, copy it and import to all servers (1,2,3). Then run dsc configuration, that contains resources for each of the servers. The MOF files must be encrypted. I assume to complete this I need to put, in the script...

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = server1name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    @{
    NodeName = server2name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    @{
    NodeName = server3name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $CertThumb
    }
    Because the cert is being created by this script I need to get the Thumbprint "live" and put there as a variable, am I right? Is it a bit more clear now?

  • #64441
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You could technically do that within the configuration. The configuration is a script, after all. Variables and stuff will resolve when you run it, with the results going into the MOF. The ConfigurationData block is just a hash table; variables in it should resolve normally when they're used.

  • #64518
    Profile photo of Prz
    Prz
    Participant

    Hi Don,

    I did some tries but with no full success. "Thumbprint" seems to work ok but now I have a problem with "CertificateFile". When I set this as CertificateFile = "$path\CertFile.cer" I'm getting this error message:

    ConvertTo-MOFInstance : System.ArgumentException error processing property 'Password' OF TYPE 'MSFT_Credential': Cannot load encryption certificate. The certificate setting '\CertFile.cer' does not represent a valid base-64 encoded certificate, nor does it represent a valid certificate by file, directory, thumbprint, or subject name.

    Looks like $path variable is empty, but this is really strange because it is defined in the same place as $cert ("Thumbprint" seems to work if it is set as Thumbprint = $cert.Thumbprint)

    Can I ask you to show me how to exactly pass $path value to the $configdata block (or achieve all I need without $configdata block)? Please use below script structure if this possible (treat content between "————" as one ps1 file).

    ————————————————–
    Configuration Config1
    {
    ...
    ...
    ...
    }

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = server1name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $cert.Thumbprint
    }
    @{
    NodeName = server2name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $cert.Thumbprint
    }
    @{
    NodeName = server3name
    CertificateFile = "$path\CertFile.cer"
    Thumbprint = $cert.Thumbprint
    }

    Create and export self signed certificate .....
    Next copy and import the exported cert to server2 and server3

    $path = "C:\Certs" # in my case this is calculated value
    $cert = Get-ChildItem -Path cert:\LocalMachine\My | ? {($_.FriendlyName -eq "xxxxx") #now I have the $cert.Thumbprint

    Finaly run...
    Config1 -ConfigurationData $configdata
    ————————————————–

    • #64521
      Profile photo of Ebru Cucen
      Ebru Cucen
      Participant

      Hi Prz,
      I don't know how you configdata files are structured, whether there is a pipeline feeding/generating configdata files, but I am hoping you can do regex replacement on configdata file? I would a unique format around the parameters, i.e.

      Thumbprint ="#{Thumbprint}

      And do content replacement on the file

      (Get-Content $configdatafile).replace ("#{variable}", $variablevalue) | Set-Content $configdatafile
  • #64698
    Profile photo of Prz
    Prz
    Participant

    Tahnk you Ebru Cucen this is helpful hint!

    I have another problem... Can you tell me what is the difference between running script by Powershell ISE vs standard console? When I run my script by PS ISE everything works fine, DSC applies to 2 servers incl. encryption. But when I run exactly the same script by "Run with Powershell" I'm getting error message like "line 1021 at , : line 1" and System.Management.Automation.RuntimeException: You cannot call a method on a null-valued expression.
    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception
    exception)
    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
    . This points to the below line in bold:

    $configdata = @{
    AllNodes = @(
    @{
    NodeName = "Server1"
    PSDscAllowDomainUser = $true
    CertificateFile = "$((Get-ChildItem "E:\" | ? {$_.Name -like "MyFolderName"}).fullname)\Server1.cer"
    Thumbprint = ($Thumbs | ? {$_ -like "Server1*"}).Split("=")[1]
    }

    @{
    NodeName = "Server2"
    PSDscAllowDomainUser = $true
    CertificateFile = "$((Get-ChildItem "E:\" | ? {$_.Name -like "MyFolderName"}).fullname)\Server2.cer"
    Thumbprint = ($Thumbs | ? {$_ -like "Server2*"}).Split("=")[1]
    }
    )
    }

    The problem is with the Server2 (I'm running script on Server1). All paths are correct, the problem is with the standard powershell console, does anybody know why PS ISE does not return any errors?

You must be logged in to reply to this topic.