Partial Configurations - naming conventions

Welcome Forums DSC (Desired State Configuration) Partial Configurations - naming conventions

This topic contains 3 replies, has 2 voices, and was last updated by

 
Participant
5 days, 19 hours ago.

  • Author
    Posts
  • #112289

    Participant
    Points: 0
    Rank: Member

    Hello,

    I'm dealing with partial configurations. I'm using only one pull server and multiple configurations. I'm using configuration names and two kind of configurations:

    1. Configurations for a role, in this case W10 client workstations
      • Documents follow the naming convention [ConfigurationName].mof
    2. Configurations for a especific node
      • Documents follow the naming convention [ConfigurationName].[NodeName].mof
      • As documentations states, I'm allowed to do this since I have WMF 5.1 in the server

    My problem is that nodes cannot find in the server mof documents following the 2nd naming convention.

    Let me paste my configurations and LCM:

    #Configura el servicio de extracción http (modo pull) para un grupo de nodos
    
    [DSCLocalConfigurationManager()]
    
    Configuration LCM_W10Node
    {
    param(
    [ValidateNotNullOrEmpty()]
    [string] $NodeName = 'localhost',
    [ValidateNotNullOrEmpty()]
    [string] $RegistrationKey #same as the one used to setup pull server in previous configuration
    )
    
    Node $NodeName {
    
    Settings {
    RefreshMode = 'Pull'
    RefreshFrequencyMins = 30
    ConfigurationMode = 'ApplyAndAutoCorrect'
    ConfigurationModeFrequencyMins = 60
    AllowModuleOverwrite = $true
    RebootNodeIfNeeded = $true
    CertificateID = "XXXXXXXXXXXXXXXX" #certificate for credential encryption
    
    }
    
    ConfigurationRepositoryWeb DSCHTTP {
    
    ServerURL = 'http://vmdt01.dggh.es:8080/PSDSCPullServer.svc'
    RegistrationKey = $RegistrationKey
    ConfigurationNames = @("w10client", "DevexpressDeployment", "MakeAdministrator")
    AllowUnsecureConnection = $true
    }
    
    ReportServerWeb ReportServer {
    ServerURL = 'http://vmdt01.dggh.es:8080/PSDSCPullServer.svc'
    AllowUnsecureConnection = $true
    
    }
    
    PartialConfiguration w10client {
    Description = "w10client"
    ConfigurationSource = @("[ConfigurationRepositoryWeb]DSCHTTP")
    RefreshMode = "Pull"
    }
    
    PartialConfiguration MakeAdministrator{
    
    Description = "MakeAdministrator"
    ConfigurationSource = @("[ConfigurationRepositoryWeb]DSCHTTP")
    RefreshMode = "Pull"
    DependsOn = '[PartialConfiguration]w10client'
    }
    
    PartialConfiguration DevexpressDeployment{
    Description = "DevexpressDeployment"
    ConfigurationSource = @("[ConfigurationRepositoryWeb]DSCHTTP")
    RefreshMode = "Pull"
    }
    }
    }
    
    $TestData= @{
    
    AllNodes = @(
    @{
    NodeName = "vdeploytest-w10"
    };
    );
    }
    
    Configuration MakeAdministrator {
        param(
            [Parameter(Mandatory=$true)]
            [ValidateNotNullorEmpty()]
            [PsCredential] $credential
            )
        Import-DscResource -ModuleName xPSDesiredStateConfiguration
    
        Node $AllNodes.NodeName {
            
            $Members = @('Administrador', "$($Node.User)", 'DGGH\Informatica', 'DGGH\Administrador')
    
            xGroup AdministradorLocal {
                GroupName = "Administradores"
                MembersToInclude = $Members
                Credential = $credential
            }
        }
    }
    

    The MakeAdministration document is the one annoying me. On update-dscconfiguration I get a warning saying:

    Error executing Get-Action in the partial configuration 'MakeAdministrator'. Check the partial configuration and the checksum both exist in the server

    This is my insfraestructure:

    • Server: Windows Server 2012 + WFM 5.1
    • Powershell version 5.1.1449.1012
    • Node OS: Windows 10 1709

    Can any one help?

  • #112378

    Keymaster
    Points: 7
    Rank: Member

    I think I'm probably not following along, so let me know where I'm not getting it, please ;).

    I would expect the node to attempt to pull MakeAdministrator.mof and MakeAdministrator.mof.checksum from http://vmdt01.dggh.es:8080/PSDSCPullServer.svc.

    Is that how you've set it up? And obviously permissions on the MOF and CHECKSUM files would need to be appropriate. And we'll gloss over the dangers of using HTTP :).

    • #112454

      Participant
      Points: 0
      Rank: Member

      I think I wrote the post too quickly, sorry about that.

      MakeAdministrator document is named MakeAdministrator.[NodeName].mof and is located at the default path

      $env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration

      where I have other partial documents which are being extracted succesfully (so I guess permission issues should be ruled out). I have also the correspondent MakeAdministrator.[NodeName].mof.checksum in the right place.

      I don't have problems extracting/executing documents named [ConfigurationName].mof. It seems that problems arise when using the [ConfigurationName].[Node].mof naming convention.

      Am I doing wrong with the mof's naming?

      Regarding https, yes, I know ..., I've been  trying to set it up unsuccesfully 🙁 I have a post related to this in the forum.

    • #114345

      Participant
      Points: 0
      Rank: Member

      I finally achieved what I wanted to, although not in the way I thought it should be at first. I'll try to explain.

      I followed a mixed (pull and push) partial configuration approach. One of the configurations (MakeAdministrator) had to be in 'PUSH' RefreshMode because it includes node-specific data, as a matter of fact, user-specific data which I get from a configuration data variable.

      At first, I tried to use 'PULL' RefreshMode with the naming convention that includes the name of the node on it ([ConfigurationName].[NodeName].mof) but the document wasn't never found, even though the documentations allow this naming convention. (See https://docs.microsoft.com/en-us/powershell/dsc/partialconfigs#naming-configuration-documents-on-the-pull-server-in-powershell-51)

      Finally, I could make it work with this LCM

      #Configura el servicio de extracción http (modo pull) para un grupo de nodos
      [DSCLocalConfigurationManager()]
      Configuration LCM_W10Node 
      {
         param
          (
              [ValidateNotNullOrEmpty()]
              [string] $NodeName = 'localhost',
      
              [ValidateNotNullOrEmpty()]
              [string] $RegistrationKey #same as the one used to setup pull server in previous configuration
          )
      	Node $NodeName {
      		Settings {
      		    RefreshMode = 'Pull'
      		    RefreshFrequencyMins = 30
                          ConfigurationMode = 'ApplyAndAutoCorrect'
                          ConfigurationModeFrequencyMins = 60
                          AllowModuleOverwrite = $true
                          RebootNodeIfNeeded = $true
                          CertificateID = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX" #certificate for credential encryption
      
              }
      
              ConfigurationRepositoryWeb DSCHTTP {
                  ServerURL = 'http://vmdt01.dggh.es:8080/PSDSCPullServer.svc'
                  RegistrationKey = $RegistrationKey
                  ConfigurationNames = @('w10client') 
                  AllowUnsecureConnection = $true
              }
      
              ReportServerWeb ReportServer {
                  ServerURL = 'http://vmdt01.dggh.es:8080/PSDSCPullServer.svc'
                  AllowUnsecureConnection = $true
              }
              
              PartialConfiguration MakeAdministrator {
                  Description = "Makes some default user and a custom user administrator of the node"
                  RefreshMode = "Push"
                  DependsOn = '[PartialConfiguration]w10client'
              }
      
              PartialConfiguration w10client {
                  Description = "w10client"
                  ConfigurationSource = @("[ConfigurationRepositoryWeb]DSCHTTP")
                  RefreshMode = "Pull"
              }
      	}
      }

      One thing that amazes me is that if I include 'MakeAdministrator' in the ConfigurationrepositoryWeb.ConfigurationNames this way

      Settings {
      ConfigurationNames = @('w10client', 'MakeAdministrator')
      }

      I get an error saying I lack one of the partial configuration names in the LCM for the node.

      I can't understand this, but anyway.

You must be logged in to reply to this topic.