Powershell DSC what is the execution context for current configuration?
-
21-12-2019 - |
Question
I'm trying to deploy a powershell profile through DSC. The configuration should copy a .ps1 file from a network share to a local path.
Running the script fails with the following error SourcePath must be accessible for current configuration. yet this path is accessible from the console, so what user/context is used during dsc configuration ?
Here is the script
Edit after @ravikanth's reply
$ConfigurationData = @{
AllNodes = @(
@{
NodeName="*"
PSDscAllowPlainTextPassword=$true
}
)
}
Configuration MyProfile
{
param ([string[]]$MachineName,
[PSCredential]$Credential)
Node $MachineName
{
Log startconfig
{
# The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log
Message = "starting the file resource with ID MyProfile with $($myinvocation.mycommand) user : $env:username"
}
File profile
{
Credential=$credential
Ensure = 'Present'
SourcePath = "\\web-mridf\powershell\profil_1.ps1"
DestinationPath = "c:\temp\test.txt"
Type = "File" # Default is "File".
DependsOn = "[Log]startconfig"
}
Log AfterDirectoryCopy
{
# The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log
Message = "Finished running the file resource with ID MyProfile"
DependsOn = "[File]profile" # This means run "MyProfile" first.
}
}
}
MyProfile -MachineName web-mridf -OutputPath c:\temp\dsc
Start-DscConfiguration -Path c:\temp\dsc -credential (get-credential("DOMAIN\user")) -force -verbose -Wait
And the error received ( invalid argument)
PS C:\temp> .\dsc.ps1
Répertoire : C:\temp\dsc
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 04/06/2014 10:54 2834 web-mridf.mof
COMMENTAIRES : Effectuez l'opération « Invoquer une méthode CIM » avec les
paramètres suivants : « 'methodName' = SendConfigurationApply,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration ».
COMMENTAIRES : [WEB-MRIDF] : [[File]profile]
SourcePath must be accessible for current configuration.
COMMENTAIRES : [WEB-MRIDF] : [[File]profile] The
related file/directory is: \\web-mridf\powershell\profil_1.ps1.
SourcePath must be accessible for current configuration. The related
file/directory is: \\web-mridf\powershell\profil_smac.ps1. . L'ID de ressource
associé est [File]profile.
+ CategoryInfo : InvalidArgument : (:) [], CimException
+ FullyQualifiedErrorId : MI RESULT 4
+ PSComputerName : web-mridf
COMMENTAIRES : [WEB-MRIDF] : Gestionnaire de configuration local : [ Fin
Définir ]
La fonction SendConfigurationApply n'a pas réussi.
+ CategoryInfo : InvalidArgument : (root/Microsoft/...gurationMan
ager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 4
+ PSComputerName : web-mridf
COMMENTAIRES : L'opération « Invoquer une méthode CIM » est terminée.
COMMENTAIRES : Le temps nécessaire à l'exécution du travail de configuration
est de 0.881 secondes
Solution
DSC Local configuration manager runs as SYSTEM. So, it will not have access to the share. You need to pass the credentials to access the share. For the credentials, you need to either use certificates to encrypt the password or use plain-text password.
For the plain text password, check the article I posted at PowerShell Magazine. http://www.powershellmagazine.com/2013/09/26/using-the-credential-attribute-of-dsc-file-resource/
If you want to use certificates for the password encryption, check the PS Team blog post at http://blogs.msdn.com/b/powershell/archive/2014/01/31/want-to-secure-credentials-in-windows-powershell-desired-state-configuration.aspx
Update based on the comments below:
The $AllNodes.Nodename is the key when using Configuration Data. Do not replace that with a static nodename.
$ConfigurationData = @{
AllNodes = @(
@{
NodeName="*"
PSDscAllowPlainTextPassword=$true
}
@{
NodeName="ServerName"
}
)
}
Configuration MyProfile
{
param (
[PSCredential]$Credential
)
Node $AllNodes.NodeName
{
Log startconfig
{
# The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log
Message = "starting the file resource with ID MyProfile with $($myinvocation.mycommand) user : $env:username"
}
File profile
{
Credential=$credential
Ensure = 'Present'
SourcePath = "e:\powershell\profil_smac.ps1"
DestinationPath = "c:\temp\test2.txt2"
Type = "File" # Default is "File".
DependsOn = "[Log]startconfig"
}
Log AfterDirectoryCopy
{
# The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log
Message = "Finished running the file resource with ID MyProfile"
DependsOn = "[File]profile" # This means run "MyProfile" first.
}
}
}
MyProfile -configurationdata $configurationdata -machinename "web-mridf.groupe.sa.colas.com" -credential (get-credential("groupe\sys-mac-smacsr")) -OutputPath c:\temp\dsc
Start-DscConfiguration -Path c:\temp\dsc -force -verbose -Wait