Unable to use credential objects within DSC

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Mike Fal Mike Fal 1 year, 6 months ago.

  • Author
    Posts
  • #33321
    Profile photo of Mike Fal
    Mike Fal
    Participant

    I've been basing my head against this for a bit and can't seem to find out what I'm missing. I'm trying to use the xSqlServerSetup resource to install SQL Server to two nodes. I've got this DSC config file that I create. Here's my script call:

    $sqlnodes = @('PICARD','RIKER')
    . C:\Temp\SQLDSC.ps1 -SqlNodes $sqlnodes -SetupCredential $DomainCred -SqlSvcAccount $sqlsvccred -AgtSvcAccount $sqlsvccred -SqlAdmins 'STARFLEET\Domain Admins'

    All the "cred" objects are PSCredential objects. When I run it, I get the following errors:

    System.InvalidOperationException error processing property 'SetupCredential' OF TYPE 'xSQLServerSetup': Converting and storing encrypted passwords as plain text is not recommended. For more information on securing credentials in 
    MOF file, please refer to MSDN blog: http://go.microsoft.com/fwlink/?LinkId=393729
    At C:\Temp\SQLDSC.ps1:74 char:9
    +   xSQLServerSetup
        + CategoryInfo          : InvalidOperation: (:) [Write-Error], InvalidOperationException
        + FullyQualifiedErrorId : FailToProcessProperty,ConvertTo-MOFInstance
        + PSComputerName        : PIKE
    WARNING: It is not recommended to use domain credential for node 'PICARD'. In order to suppress the warning, you can add a property named 'PSDscAllowDomainUser' with a value of $true to your DSC configuration data for node 'PICARD'.
    System.InvalidOperationException error processing property 'SetupCredential' OF TYPE 'xSQLServerSetup': Converting and storing encrypted passwords as plain text is not recommended. For more information on securing credentials in 
    MOF file, please refer to MSDN blog: http://go.microsoft.com/fwlink/?LinkId=393729
    At C:\Temp\SQLDSC.ps1:74 char:9
    +   xSQLServerSetup
        + CategoryInfo          : InvalidOperation: (:) [Write-Error], InvalidOperationException
        + FullyQualifiedErrorId : FailToProcessProperty,ConvertTo-MOFInstance
        + PSComputerName        : PIKE
    WARNING: It is not recommended to use domain credential for node 'RIKER'. In order to suppress the warning, you can add a property named 'PSDscAllowDomainUser' with a value of $true to your DSC configuration data for node 'RIKER'.
    Errors occurred while processing configuration 'SQLServer'.
        + CategoryInfo          : InvalidOperation: (SQLServer:String) [], InvalidOperationException
        + FullyQualifiedErrorId : FailToProcessConfiguration
        + PSComputerName        : PIKE

    What is driving me crazy with this is I've declared this as part of a ConfigurationData hash table, but it doesn't seem to recognize it. What am I missing here?

    Full DSC script:

  • #33322
    Profile photo of Mike Fal
    Mike Fal
    Participant

    Additional: When I specify the Node name in the config data, it works just fine, so:

    $config = @{AllNodes = @(@{
                            NodeName = 'PICARD';
                            PSDscAllowPlainTextPassword = $true;
                            PSDscAllowDomainUser = $true;
                            })}

    So I guess the question is how do I get the config data to apply to all my nodes without specifying each node name?

  • #33339
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    You've already got your list of node names in the $SqlNodes array, so you can just use a loop to make sure they're all in the ConfigurationData hashtable:

    $config = @{
        AllNodes = @(
            @{
                NodeName = '*'
                PsDscAllowPlainTextPassword = $true
            }
    
            foreach ($sqlNode in $SqlNodes)
            {
                @{ NodeName = $sqlNode }
            }
        )
    }
    
  • #33351
    Profile photo of Mike Fal
    Mike Fal
    Participant

    Thanks Dave, that handles it. Wish I knew why the '*' didn't work.

You must be logged in to reply to this topic.