Problem with ConfiguratinData and Composite Resources

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of Simon Broad Simon Broad 11 months ago.

  • Author
    Posts
  • #33753
    Profile photo of Simon Broad
    Simon Broad
    Participant

    I keep getting an error telling me that PSDscAllowPlainTextPassword needs to be set to true (even though it is)
    In this ps1 file I set configuration data, have my DSC configuration, then compile the mof and run it.
    You will see that I execute the mof with specific credentials, which are OK, and I also pass in different credentials to be used by the resource, which


    $ConfigurationData = @{
    AllNodes = @(
    @{
    NodeName = "*";
    PSDscAllowPlainTextPassword = $true
    }
    )
    }

    Configuration my_configuration
    {
    param(
    [string] $ComputerName,
    [PSCredential] $NonAdminCredentials
    )

    Import-DscResource -ModuleName my_CompositeResources

    Node $ComputerName
    {

    my_CompositeResource_dostuff DoSomeStuff {
    NameOfHost = "$ComputerName"
    NonAdminCreds = $NonAdminCredentials
    }
    }
    }

    $adminpwd = ConvertTo-SecureString "VerySecretPassword" -AsPlainText -Force
    $AdminCreds = New-Object System.Management.Automation.PSCredential ("Administrator", $adminpwd)

    $nonadminpwd = ConvertTo-SecureString "NotSoSecretPassword" -AsPlainText -Force
    $NonAdminCreds = New-Object System.Management.Automation.PSCredential ("Bob", $nonadminpwd)

    my_configuration -ConfigurationData $ConfigurationData -ComputerName "bozo" -NonAdminCredentials $NonAdminCreds
    Start-DscConfiguration .\my_configuration -Wait -Verbose -Credential $AdminCreds -Force -ErrorAction Stop

    .

    In my composite resource I am simply setting a service to run under a specific user id (bob).


    Configuration my_CompositeResource_dostuff
    {
    param(
    [string] $NameOfHost,
    [PSCredential] $NonAdminCreds
    )

    Service SetupJenkins
    {
    Name = "jenkins"
    State = "Stopped"
    StartupType = 'Automatic'
    Credential = $NonAdminCreds
    }

    }

    However, I still get the error ...

    ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Credential' OF TYPE 'Service': Converting and storing an encrypted password as plaintext is allowed only if PSDscAllowPlainTextPassword is set to true.

    and it points to the line in the composite resource where the Service resource is called from.

    Is there something faulty in my logic?

  • #33767
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    I'm not sure if this is considered a bug or not, but the node names need to actually be in the ConfigurationData for that to work. You can't just have NodeName='*' for some reason.

  • #33779
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Incidentally, after seeing this same question brought up over and over again on the web, I fired off an email to the MVP mailing list (which is monitored by PowerShell team members as well) suggesting a fix. Hopefully we'll see this behavior improve in a future version of the DSC module.

  • #33795
    Profile photo of Simon Broad
    Simon Broad
    Participant

    Wow. That was amazingly simple, and amazingly effective. It worked, thank you very much Dave.

    Of course, I never do 'simple' – can I complicate it a little?

    This is probably a question about the scope of variables. But what if, in my ps1 script above, the computer name was $args instead of 'bozo', as shown? If I ran the script with a computer name as an argument, could I get that argument into the configuration data somehow?

    The script will be used for building and configuring nodes on the fly, so the node name won't be known until the script is run.

  • #33802
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    You can write a function that accepts an array of computer names as arguments, uses that array to create a ConfigurationData hashtable, and then passes that table to the actual configuration.

  • #33805
    Profile photo of Simon Broad
    Simon Broad
    Participant

    Oh yeah, that makes sense (gees, that scares me, powershell making sense to me) I'll give that a try next up.
    Thanks again Dave.

You must be logged in to reply to this topic.