Customizing DSC Compliance server svc to report additional information

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of Pratik Sharma Pratik Sharma 1 year, 3 months ago.

  • Author
    Posts
  • #32763
    Profile photo of Pratik Sharma
    Pratik Sharma
    Participant

    Hi everybody,
    We have configured a HTTPS pull server. We want to know the deployment status for our VMs. As our machines are not in a single domain, we cannot use Get-DscConfigurationStatus cmdlet.Therefore we rely on the complianceserver.svc web service available with pull server. We would like to include some additional information in the PSDSCComplianceServer.svc/Status. Is there any way so that we can customize this code or write custom code from scratch for this reporting service. Looking for some guidance in this direction. As of now we have no idea how to proceed into writing web service for pull server. If the source code can become available then we can look into modifying it for including additional information.

    Thanks & Regards
    Pratik

  • #32905
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Actually, you don't need to be in a single domain to run Get-DscConfigurationStatus. You just need to be able to authenticate a different way, such as adding the remote machine to your local TrustedHosts list and authenticating using the Basic protocol (which must be enabled on the server's WinRM config). "Secrets of PowerShell Remoting" has all the fun details about communicating across domains and workgroups.

    To do what you're directly asking, however, would involve (A) rewriting the LCM to report this information and (B) writing an all-new reporting server based on the protocol specification. That's probably a lot more work than you're looking for. It isn't just writing the web server; you'd also have to rewrite the LCM to actually send additional information TO the web server. Right now, the LCM only sends a single status bit.

    FWIW, the pull server / LCM communications is the "MS-PSDSC" protocol. It's allegedly documented someplace.

    Frankly... I'd suggest a different approach. Set up a SQL Server database (or whatever). Set up a table to contain the information you want. Then, create a DSC Resource that can write to that database. Call the DSC Resource as part of the machines' configuration. That way, DSC is writing to YOUR database with whatever you want. Rather than trying to highjack the reporting server for a purpose it wasn't made for.

  • #32910
    Profile photo of Pratik Sharma
    Pratik Sharma
    Participant

    [Post removed at the request of the submitter.] – Webmaster

  • #32920
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You're probably not going to get additional information from the compliance server. The LCM only reports a single status bit – so unless you're basically going to re-engineer all of DSC, the compliance server is what it is.

    You can't modify the existing compliance server. You could theoretically write a new one, but the LCM still isn't going to be reporting anything other than a single status bit, so you'd have to rewrite the LCM also. I think standing up a separate server to report YOUR information to is a much better approach. If that's a separate web service, cool.

  • #32922
    Profile photo of Pratik Sharma
    Pratik Sharma
    Participant

    Ok, thanks, will go ahead with writing a separate web service...:)

  • #32952
    Profile photo of Pratik Sharma
    Pratik Sharma
    Participant

    [Post removed at the request of the submitter.] – Webmaster

You must be logged in to reply to this topic.