Author Posts

March 21, 2018 at 5:51 pm


I need some help to Register Windows Hosts to our Monitoring Solution (CheckMK) with PS DSC.

The official command (from the CheckMK Website) to add hosts over the web-api would be like this:

curl "http://myserver/mysite/check_mk/" -d 'request={"hostname":"myserver123","folder":"","attributes":{"ipaddress":"","site":"mysite","tag_agent":"cmk-agent"}}'

My current command in Powershell with the Script Resource is as follows: (which does not work)

SetScript = {
Invoke-WebRequest "https://CHECKMKSERVER/SITENAME/check_mk/" -Method Post -Body 'request={"hostname":"$env:computername","folder":"","attributes":{"alias":"$env:computername","ipaddress":"IPADDRESSDestinationNode","site":"SITENAME","tag_agent":"cmk-agent","tag_os":"OSSYSTEM"}}'

The problems are
$env:computername – will not be interpreted as a Variable in the String Request, how can i achieve this? (I tried some solutions from the internet, but nothing worked so far)
IPADDRESS – how could I pass the IP address here?

And is there a simple solution for encrypting the secret in the powershell script?

Thanks in advance!

March 22, 2018 at 10:13 am

Hi CR,

$env:computername is not interpreted as a variable because the whole expression (Body parameter) is 'simple quoted'.

You'll get better results with something like that :

SetScript = {
    $hostName = $env:computername
    $ipAddress = Get-NetIPAddress | Where-Object { $_.InterfaceAlias -notlike '*loop*' } | Select-Object -First 1 | ForEach-Object { $_.IPAddress }
    $requestBody = 'request={"hostname":"' + $hostName + '","folder":"","attributes":{"alias":"' + $hostName + '","ipaddress":"' + $ipAddress + '","site":"SITENAME","tag_agent":"cmk-agent","tag_os":"OSSYSTEM"}}'
    Invoke-WebRequest "https://CHECKMKSERVER/SITENAME/check_mk/" -Method Post -Body $requestBody

Note that the ipAddress resolution method is quite weak ...

And for the 'simple solution for encrypting the secret' part: AFAIK, there isn't any easy way in DSC. You may have a look to

March 22, 2018 at 5:56 pm

Thanks for your help!
I've taken most of your suggestions and adjusted them slightly.

$hostName = "$env:COMPUTERNAME.$env:USERDNSDOMAIN".ToLower()
$ipAddress = (get-netadapter | get-netipaddress | Where-Object addressfamily -eq 'IPv4'| Where-Object interfacealias -eq 'Ethernet0' ).ipaddress
$requestBody = 'request={"hostname":"' + $hostName + '","folder":"","attributes":{"alias":"' + $hostName + '","ipaddress":"' + $ipAddress + '","site":"SITENAME","tag_agent":"cmk-agent","tag_os":"windows"}}'
Invoke-WebRequest "https://CHECKMKSERVER/SITENAME/check_mk/" -Method Post -Body $requestBody

Regarding the encryption, i have implemented the necessary commands. What I do not quite understand yet, how I pass over the encrypted secret correctly.

My destination nodes have a suitable CertificateFile, the Nodes Configuration data contains the path to the certificate and the thumbprint. Then i add the matching thumbprint for each node to the meta.mof with the following command.

             CertificateId = $node.Thumbprint

Then I have added this at the beginning of my config and if i execute the script it asks me for user and password – but why user ? I just want to encrypt the password?

Param (

And how do I have to integrate the $credential variable into the Invoke web request?
Like this?


March 23, 2018 at 3:44 pm

If you provided your secret as the password of the $Credential, you may get the cleartext secret with:

$secret = $Credential.GetNetworkCredential().Password