Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Sample_RegistrationKeys
######################################################################################
# Assumes the following
# - Firewall on all servers is disabled
# - All servers are part of the same domain
# - xPSDesiredStateConfiguration (v3.7.0.0) exists in C:\Program Files\WindowsPowerShell\Modules\ on the Pull Server
# - Powershell v5.0.10586.117 is installed on all servers
# - OS on all servers is Windows 2012 R2
#region References
# https://github.com/PowerShell/PowerShell-Docs/blob/live/dsc/pullClientConfigNames.md
# https://msdn.microsoft.com/en-us/powershell/dsc/pullserver
# https://msdn.microsoft.com/en-us/powershell/dsc/reportserver
#endregion
#region Variables to modify
$PullServer = 'LABSERVER01'
$NodeServer = 'LABSERVER02'
$PullServerConfigPath = 'c:\Configs\PullServer'
$NodeServerConfigPath = 'c:\Configs\TargetNodes'
$RegKey = '140a952b-b9d6-406b-b416-e0f759c9c0e4'
#endregion
#Get-WindowsFeature Web-Mgmt-Console | Install-WindowsFeature
#region Pull Server Config
configuration Sample_xDscWebService
{
param
(
[string[]]$NodeName = 'localhost',
[ValidateNotNullOrEmpty()]
[string] $certificateThumbPrint,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string] $RegistrationKey
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Node $NodeName
{
WindowsFeature DSCServiceFeature
{
Ensure = "Present"
Name = "DSC-Service"
}
xDscWebService PSDSCPullServer
{
Ensure = "Present"
EndpointName = "PSDSCPullServer"
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
CertificateThumbPrint = $certificateThumbPrint
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = "Started"
DependsOn = "[WindowsFeature]DSCServiceFeature"
}
File RegistrationKeyFile
{
Ensure ='Present'
Type = 'File'
DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
Contents = $RegistrationKey
}
}
}
New-SelfSignedCertificate -CertStoreLocation 'CERT:\LocalMachine\MY' -DnsName "PSDSCPullServerCert"
$myCert = (Get-ChildItem CERT:\LocalMachine\My | Where-Object {$_.Subject -eq 'CN=PSDSCPullServerCert'} | Select-Object -First 1).Thumbprint
New-Item -Path $PullServerConfigPath -ItemType Directory -Force
Sample_xDscWebService -certificateThumbprint $myCert -OutputPath $PullServerConfigPath -RegistrationKey $RegKey
Start-DscConfiguration -Path $PullServerConfigPath -Wait -Verbose
#endregion
#region Node LCM Config
[DSCLocalConfigurationManager()]
configuration PullClientConfigID
{
Node $NodeServer
{
Settings
{
RefreshMode = 'Pull'
RefreshFrequencyMins = 30
RebootNodeIfNeeded = $true
}
ConfigurationRepositoryWeb CONTOSO-PullSrv
{
ServerURL = "https://$($PullServer):8080/PSDSCPullServer.svc"
RegistrationKey = $RegKey
}
ReportServerWeb CONTOSO-PullSrv
{
ServerURL = "https://$($PullServer):8080/PSDSCPullServer.svc"
}
}
}
New-Item -Path $NodeServerConfigPath -ItemType Directory -Force
PullClientConfigID -OutputPath $NodeServerConfigPath
Set-DSCLocalConfigurationManager $NodeServer –Path $NodeServerConfigPath –Verbose
#endregion
#region TrustAllCertsPolicy
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
#endregion
#region Generate report
function GetReport
{
param($AgentId = "$((glcm).AgentId)", $serviceURL = "https://$($PullServer):8080/PSDSCPullServer.svc")
$requestUri = "$serviceURL/Nodes(AgentId= '$AgentId')/Reports"
$request = Invoke-WebRequest -Uri $requestUri -ContentType "application/json;odata=minimalmetadata;streaming=true;charset=utf-8" `
-UseBasicParsing -Headers @{Accept = "application/json";ProtocolVersion = "2.0"} `
-ErrorAction SilentlyContinue -ErrorVariable ev
$object = ConvertFrom-Json $request.content
return $object.value
}
$reports = GetReport -AgentId (Invoke-Command -ComputerName $NodeServer -ScriptBlock {(glcm).AgentId})
$reports[0].StatusData | ConvertFrom-Json
($reports[0].StatusData | ConvertFrom-Json).MetaConfiguration
#endregion
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.