Author Posts

April 5, 2017 at 7:34 pm

I'm wondering about the best way to "layer" or apply multiple config scripts on a PULL node. For instance: I want to apply a number of windows features, set up an IIS website, and do an msi install. Ideally, I'd like to separate these into 3 separate scripts and apply them. I'm know I can put every endpoint setting in one single dsc configuration script/mof without partial configurations, or one script/mof using partial configurations. Are those my only 2 options?

April 5, 2017 at 7:45 pm

This is an excellent question. I would like to be able to have separate configurations that can be used to update one MOF file per host. Up until now I am still using one huge configuration file for all the hosts. I am not using partial configurations as they are not recommended ( and I do agree with the arguments against using them). Better pull server would probably provide what I am looking for.
Let's see what other forum users have to say.

April 5, 2017 at 7:57 pm

After posting this question, I started searching through the new leanpub book "The DSC Book". In the Designing DSC section, I see information about "includes" and composite configurations, in addition to partial configurations. I'll start researching there.

April 7, 2017 at 2:44 pm

Both includes and composites are good for modularizing the configs but I don't see how they would help to 'layer' the configurations.

April 7, 2017 at 6:07 pm

Being a newcomer to DSC, I didn't use the term "modularize", I used "layering". Now, I know there can only be one .mof applied to a node at a time. What I'm looking for is a way to create more than one "configuration" and then combine or include them in the .mof applied. I'm trying includes and partial configs to do that. So far, not having much success with partial configs, so I'm testing each one stand-alone first. If I keep having issues with partials, I'll move on to includes, which might be a much simpler solution.

April 7, 2017 at 9:01 pm

Jim, if I were you I'd take a good look at Composite Resources. They will give you the flexibility to break things into reusable chunks and combine them into Configurations, which I believe is what you are after.

April 10, 2017 at 11:49 pm

I changed the .edb to a .mdb due to various errors I was experiencing. I also finally got partial configurations working, but discovered that it requires switching to configurationids instead of configurationnames. Now, I'm looking for examples of the "simple includes" (stripped down .ps1 files) that Don Jones mentions in his new book, but I can't find any information about on the net. Anyone using

  
configuration DatabaseServer { 
param(  
[string[]]$ComputerName 
) 
node $ComputerName { 
. ./standard-config.ps1 
. ./security-config.ps1 
. ./sql-server-2012-config.ps1  
} 
} 

April 13, 2017 at 2:04 pm

Here is an example – it contains three includes, one for registry config, another for configuring secure MOF, and one for SCOM agent config.
Each include refers to a separate file in the same directory.

1. Configuration.ps1

$configurationName = "mainConfiguration"

param(
    [Parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [PSCredential]$credential,
    )
	
configuration $configurationName{

Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
Import-DscResource -ModuleName cMMagent

#region Includes

Node $AllNodes.Where({$_.roles -contains 'DSCTest'}).NodeName
    {
        . ./Configuration-Registry.ps1
    }

Node $AllNodes.Where({$_.nodeName -eq 'TESTSERVER'}).NodeName
    {
        . ./Configuration-EncryptionDemo.ps1
    }    

Node $AllNodes.Where({$_.roles -contains 'SCOMClient'}).NodeName
    {
        . ./Configuration-SCOMAgentConfiguration.ps1
    }

#endregion

}

# filepaths definition
$configurationFolder = "C:\DSC\Configuration"
$dscConfigPath = "$env:programfiles\WindowsPowerShell\DscService\Configuration"
$confDataFileName = "ConfigData.psd1"

$nodeConfigFolder = Join-Path $configurationFolder $configurationName
$configData = (Import-PowerShellDataFile -Path (Join-path $configurationFolder $confDataFileName) )

# clean up old MOF files
Remove-Item $nodeConfigFolder\* -Force

# run the configuration
&$configurationName -ConfigurationData $configData  -OutputPath $nodeConfigFolder

# Update production mof files
Write-Verbose "Update MOF files in DSC PullServer [$dscConfigPath ] and create Checksums"
            $result = ("Yes","No") | Out-GridView -PassThru -Title "Confirm overwriting MOF files and checksum creation"
            if ($result -eq "Yes") {
                Write-Verbose "Copying MOF files from [$nodeConfigFolder] to [$configDataFile]"
                copy-item $nodeConfigFolder\*  $dscConfigPath -Force -Verbose
                New-DscChecksum -Path $dscConfigPath -Force -Verbose
            }

2. Configuration-Registry

Registry RegistryTest{
    Ensure    = "Present"
    Force     = $True
    Key       = "HKLM:\SOFTWARE\RegistryTest\ComputerID"        
    ValueName = "ID"
    ValueData = $Node.ID
    ValueType = 'String'
}

3. Configuration-EncryptionDemo


Group TestGroup {
     GroupName = 'TestGroup'
     Members = 'Administrator'
     Ensure = 'Present'
     Credential = $credential
 }
 

4. Configuration-SCOMAgentConfiguration


cMMAgentManagementGroups ManagementGroups {
    managementGroupName  = "group1"
    managementServerName = "servrer1"
    Ensure               = 'Present'
}
      

April 13, 2017 at 3:06 pm

Thanks very much. I can't wait to try this due to the simplicity and elimination of steps. I also got partial configurations working with both configurationids and configurationnames. I wrote some code to automate the process of creating the configid and file renaming during script execution, making using configids trivial.