Implicit remoting with DscResource modules

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Michael Jacobsen Michael Jacobsen 8 months ago.

  • Author
    Posts
  • #37283
    Profile photo of Michael Jacobsen
    Michael Jacobsen
    Participant

    Hi,

    I have tried to use Implicit remoting to import a DscResource module from another computer. I tried with this code below, but it didn't work 🙁

    $s = New-PSSession -ComputerName H47092
    Import-PSSession -Session $s -module @{ModuleName="xWebAdministration"; RequiredVersion="1.10.0.0"}

    Is Implicit remoting possible with dsc-resoucre modules ?

  • #37304
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Even if implicit remoting did work, you wouldn't be able to do what you're describing. The resource modules have to exist on the system before the LCM will start processing the configuration, and before the DSC module will start to compile a configuration as well.

    That said, I think the only thing you'd need to be aware of is that DSC resources, by default, run as LocalSystem. This means they'd be authenticating using the machine's computer account, in an Active Directory environment. In PowerShell v5, there is a common DSC property called PsDscRunAsCredential , which you can use to get a particular resource to run as something else. I haven't tested whether that allows for direct connections to other machines without using a -Credential parameter, but it might work.

  • #37310
    Profile photo of Michael Jacobsen
    Michael Jacobsen
    Participant

    Ah yep that's right I forgot that you can't even run the mof on the LCM without the correct modules being installed. However I don't really understand Microsoft's Strategy here, if DSC is supposed to be this huge configuration management platform that enables us to distribute configurations to 100's or 1000's of machines in a cloud environment, but you have to copy or install all of these modules to every single box before configuration can be done. Think of a custom recourse that has been rolled out to 1000 machines and every time this custom recourse is updated you would have to role it out to the 1000 machines again. There ought to be a simpler way to maintain this.

  • #37311
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    That's what a pull server is for. 🙂 Starting with WMF 5, you can even continue to push configurations, but still use a pull server to distribute resource modules. (In WMF4, it was all or nothing: if you wanted to use a pull server for resources, you also needed to be distributing your configurations that way.)

  • #37319
    Profile photo of Michael Jacobsen
    Michael Jacobsen
    Participant

    Thanks for the answer Dave Wyatt 🙂 I didn't know that you could use the pull feature to pull a module, I thought it only worked for configurations. I will have a look at the pull server setup again. Thanks 🙂

You must be logged in to reply to this topic.