标签: dsc

我正在尝试对远程计算机运行DSC配置,最终出现以下错误

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' =
SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client
computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the
TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts
list might not be authenticated. You can get more …

升级到 Windows Management Framework 5.0 后，我在获取 DSC 配置时开始收到以下异常。

ConvertTo-MOFInstance : System.ArgumentException error processing property 'Password' OF TYPE 'MSFT_Credential': Certificate
'---HIDDEN-CERTIFICATE-THUMPRINT-VALUE---' cannot be used for encryption. Encryption certificates must contain the Data Encipherment or Key
Encipherment key usage, and include the Document Encryption Enhanced Key Usage (1.3.6.1.4.1.311.80.1).
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:303 char:13
+             ConvertTo-MOFInstance MSFT_Credential $newValue
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [Write-Error], InvalidOperationException

每个节点上使用的证书是使用以下证书请求生成的自签名证书。

[NewRequest]
Subject = CN=[computer-name-here].dsc
KeyLength = 2048
MachineKeySet = true
RequestType = Cert
KeySpec = AT_KEYEXCHANGE

然后将此请求文件馈送到 …

我有以下所需的状态配置 (DSC)

Configuration Cert
{
    param (
        [Parameter(Mandatory=$true)] 
        [ValidateNotNullorEmpty()] 
        [System.String] $machineName,

        [Parameter(Mandatory = $true)]
        [ValidateNotNullorEmpty()]
        [PSCredential]
        $certCredential
    )

    Import-DscResource -ModuleName xPSDesiredStateConfiguration, xCertificate

    Node $machineName 
    {
        xPfxImport cert
        {
            Ensure = 'Present'
            Path = 'C:\certificate.pfx'
            Thumbprint = 'abcdefg'
            Location = 'LocalMachine'
            Store = 'My'
            Exportable = $true
            Credential = $certCredential
        }
    } 
}  
$cd = @{
    AllNodes = @(
    @{
        NodeName = 'localhost'
        PSDscAllowPlainTextPassword = $true
    }
)

}

$secpasswd = ConvertTo-SecureString 'password' -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ('x', $secpasswd) …

我按照Powershell.org的DSC Book中的说明设置了一个用于DSC的http Pull服务器(Windows 2012服务器).我设置了http Pull Server,然后设计了一个要拉的配置,然后设置我的节点的LCM以拉动并运行配置.

我可以在任务计划程序/ Microsoft/Windows /所需状态配置下的节点上看到计划任务,所以我知道至少有些工作.但是,我的配置没有运行.当我查看Apps&Svcs/Microsoft/Windows/Desired State Configuration/Operational Log下的Event Logs时,我看到以下事件:

Job {E0B6977A-E34F-4EDD-8455-E555063CD3DD} : 
This event indicates that failure happens when LCM is trying to get the configuration from pull server using download manager WebDownloadManager. ErrorId is 0x1. ErrorDetail is The attempt to get the action from server http://pullserver.local:8080/PSDSCPullServer/Action(ConfigurationId='adaba4f6-b2b6-420d-a1dd-3714106451d6')/GetAction returned unexpected response code InternalServerError.

当我手动点击该URL时,启用CustomErrors后,出现以下错误:

Exception Details: System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.Isam.Esent.Interop, Version=6.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' …

我们一直在研究所需的状态配置，我被要求使用 powershell DSC 设置原型来配置 IIS 应用程序池。我知道创建配置的所有步骤，我只是不确定我的配置中可能有什么。我计划使用 xWebAdministration 资源，因为它有 xWebAppPool 和 xWedbAdministration 之类的东西。关于我可以用什么来设置它，有什么建议吗？

I have my LocalConfigurationManager set up as follows:

[DSCLocalConfigurationManager()]
Configuration LCMConfig
{
    Node localhost
    {
        Settings
        {
            RebootNodeIfNeeded = $true
            ActionAfterReboot = 'ContinueConfiguration'
            AllowModuleOverwrite = $true
            DebugMode = 'All'
        }
    }
}
LCMConfig
Set-DscLocalConfigurationManager -Path .\LCMConfig -Verbose -Force

Then I kick off a DSC Configuration via

Start-DscConfiguration -Path .\RDS -Verbose -Wait

This configuration sets up an RemoteApp server which involves a whole bunch of steps and several reboots. One of those reboots is happening in a loop over and over …

在DSC中,我如何创建自定义模块(PowerShell 5 DSC类或MOF +脚本)并表示它需要/依赖于另一个DSC资源(如PowerShell Gallery中的xBlah).

在chef中,我可以将这些依赖项放在metadata.rb文件中以表达inter-cookbook依赖项.有没有办法在DSC中表达资源间的依赖关系？

下面的DSC声明而不是HKEY_CURRENT_USER \ Console写入注册表项HKEY_USERS.DEFAULT \ Console。为什么？

Registry ConsoleFaceName
{
  Key         = 'HKEY_CURRENT_USER\Console'
  ValueName   = "FaceName"
  ValueData   = "Lucida Console"
  Ensure      = "Present"
}

我正在尝试使用Powershell DSC安装URL重写器并且它一直在失败.当我删除安装重写器的步骤时,脚本会成功.

我的设置是使用Visual Studio Team Services(VSTS)构建和发布管道我执行ARM模板来创建一个缩放集,指向powershell dsc脚本.

"extensionProfile": {
    "extensions": [
    {
        "name": "Microsoft.Powershell.DSC",
        "properties": {
            "publisher": "Microsoft.Powershell",
            "type": "DSC",
            "typeHandlerVersion": "2.72",
            "autoUpgradeMinorVersion": true,
            "forceUpdateTag": "[parameters('dscVmssUpdateTagVersion')]",
            "settings": {
                "configuration": {
                    "url": "https://myblobname.blob.core.windows.net/dsc/scalesetSetup.zip",
                    "script": "prepareServer.ps1",
                    "function": "PrepareServer"
                },
                "configurationArguments": {
                        "nodeName": "localhost",
                        "envName": "[parameters('envName')]"
                    }
                }
            }
        }
    ]
}

在这个脚本中,我正在启用Windows功能,安装Web部署和URL重写器.当没有安装重写器时一切正常,但是当我以下列任何一种方式添加它时失败.

DSC脚本实际上看起来像:

Configuration PrepareServer
{

Param ( [string] $nodeName, [string] $envName )

Import-DscResource -ModuleName PSDesiredStateConfiguration

Node $nodeName
  {
    # Web Server
    WindowsFeature WebServerRole
    {
      Name = "Web-Server"
      Ensure = "Present"
    } …

我安装了xWebAdministration模块.出于某种原因,我仍然收到此错误消息

术语"xWebsite"未被识别为cmdlet的名称"

image url:http://i.stack.imgur.com/tTwUe.jpg

这是我的代码.

Configuration MvcWebTest {

    Param(
        [String[]]$ComputerName = "tvw-irwebsvc",
        $AppName = "MvcWebTest",
        $User = "PAOMSvc",
        $Password = "Welcome1",
        $CodePath = "C:\websites\MvcWebTest"

    )

    Import-DscResource -Module xWebAdministration

    Node $ComputerName {

        #Install ASP.NET 4.5
        WindowsFeature ASP {
            Ensure = “Present”
            Name = “Web-Asp-Net45”
        }

        File WebContent {
            Ensure ="Present";
            SourcePath ="\\DVW-MORBAM01\Build\Publish\MvcWebTest\Dev";
            DestinationPath=$CodePath;
            Type = "Directory";
            Recurse = $True
        }

        # Create a new website 
        xWebsite Website { 
            Ensure          = "Present";
            Name            = $AppName;
            State           = …

我正在尝试使用Register-AzureRmAutomationDSCNodecmdlet 将VM加载到Azure Automation DSC ,这是非经典vm的推荐.DSC节点配置已在Azure自动化中导入和编译.

这是我的代码:

$AutomationAccountName = "PersistentAutomationAccount"
$VMName = "VM1" 
$AutomationResourceGroup = "PersistantResources" 
$VMResourceGroup = "AutomatingAutomation2"
$NodeConfigurationName = "HelloWorldDSC.localhost"
Register-AzureRmAutomationDscNode -AutomationAccountName $AutomationAccountName -AzureVMName $VMName -ResourceGroupName $AutomationResourceGroup -AzureVMResourceGroup $VMResourceGroup -NodeConfigurationName $NodeConfigurationName

但我收到以下错误,我无法找到解释:

New-AzureRmResourceGroupDeployment : 10:56:57 AM - Resource 

Microsoft.Compute/virtualMachines/extensions 'VM1/Microsoft.Powershell.DSC' failed with message '{
  "error": {
    "code": "NotFound",
    "target": "vmName",
    "message": "The entity was not found."
  }
}'

VM名称是正确的,它存在,资源组名称是正确的,所以没有找到什么？我想也许虚拟机需要预先安装扩展,但根据Azure代表,自动化的工作是在节点启用后安装dsc代理/扩展.

我已经使用 1.1 和 xScript 5.1.0.0 中的内置 Script 资源对此进行了测试，并得到了相同的结果。我的设置和测试块工作正常。我正在使用其他几个非常相似的脚本资源，它们对 get 块也能正常工作。

我在语法上尝试了很多变体，但结果总是一样。我知道该块正在运行，因为我注释掉了创建的文件被删除的行并且我看到了该文件。我还在 powershell 中将此作为函数运行，并将输出通过管道传输到 Get-Member，可以看到它确实是一个返回的 hastable。

附带说明一下，我真的不喜欢我在这里使用的通过 DSC 管理此设置的方法。只要它仍在 DSC 中，我对其他想法持开放态度。

Script StorePasswordsUsingReversibleEncyption
{
    SetScript   = {
        secedit /export /cfg c:\temp\secpol.cfg
        (gc C:\temp\secpol.cfg).replace("ClearTextPassword = 1", "ClearTextPassword = 0") | Out-File C:\temp\secpol.cfg
        secedit /configure /db c:\windows\security\local.sdb /cfg c:\temp\secpol.cfg /areas SECURITYPOLICY /quiet
        rm -force c:\temp\secpol.cfg -confirm:$false
    } 

    TestScript = {
        secedit /export /cfg c:\temp\secpol.cfg
        $str = (Get-Content 'c:\temp\secpol.cfg' | select-String 'ClearTextPassword' -SimpleMatch).ToString()
        rm -force c:\temp\secpol.cfg -confirm:$false
        if ($str -eq 'ClearTextPassword = 0') {return …