Working with SharePoint and DSC - Configuring your nodes
**UPDATE: I have modified the script and provided better how to steps, follow these links How to... and Script download please keep reading on to understand how the script DSC_Client_Config.ps1 works
Hello All,
Moving along with my dive into DSC it is now time to configure our nodes, and first as a recap this is what we have done
Now we will configure our nodes to check in with the DSC server and pull MOF's or modules as they need. The script I wrote runs remotely from a central server and then it performs the following:
- Creates the Instructions to setup node for Pull (Creates a MOF)
- Pushes out pfx to all nodes for DSCService if using self-signed cert(Insure we don't have a Root Trust issue)
- Then runs Set-DSCLocalConfigurationManager against all nodes using those MOF files
And how do we do this....well let's look at the script
In the first section we are creating the instructions for the nodes, there are several settings that are important to how this works like ConfigurationMode and RefreshMode. While I recommend you just go with the values I have provided you can read more about them here
[DSCLocalConfigurationManager()]
configuration PullClientConfigID
{
param([string] $Server,[string]$url,[string]$path,[string]$RegistrationKey)
Node $Server
{
Settings
{
ConfigurationMode = ‘ApplyAndAutocorrect’
RefreshMode = 'Pull'
RefreshFrequencyMins = 30 # How often we look for new config on pull server
RebootNodeIfNeeded = $true
ActionAfterReboot = 'ContinueConfiguration'
AllowModuleOverwrite = $true
ConfigurationModeFrequencyMins = 15 #How often we check that server config is correct
}
ConfigurationRepositoryWeb PSDSCPullServer
{
ServerURL = $url
RegistrationKey = $RegistrationKey
ConfigurationNames = @($server)
AllowUnsecureConnection = $true
}
ReportServerWeb PSDSCPullServer # https://msdn.microsoft.com/en-us/powershell/dsc/reportserver
{
ServerURL = $url
RegistrationKey = $RegistrationKey
AllowUnsecureConnection = $true
}
}
}
The last part to this is where we iterate thru each node out of the DSCConfig.ps1 file, and then push the pfx to each node (If using a self-signed cert) so that we don't have trust issues connecting to the service. Finally we will create the MOF file (Instructions) for that node and use it with the command Set-DscLocalConfigurationManager at this point the node will run the instructions and configure DSC then register with the service on the pull server.
$data.AllNodes | ?{$_.MinRole} | ForEach-Object {
$node = $_.NodeNameif($data.NonNodeData.DSCConfig.DSCAcceptSelfSignedCertificates)
{
Enable-WSManCredSSP -DelegateComputer $node -Role Client -Force
Connect-WSMan $node
Set-Item "WSMan:\$node\Service\Auth\CredSSP" -Value $True
$Command = {Import-PfxCertificate -FilePath $Pfx -CertStoreLocation Cert:\LocalMachine\AuthRoot -Password $Pwd}
Invoke-Command -ComputerName $node -ScriptBlock {Import-PfxCertificate -FilePath $args[0] -CertStoreLocation Cert:\LocalMachine\AuthRoot -Password $args[1]} -ArgumentList $Pfx,$Pwd -Authentication Credssp -Credential $SetupAccount
}Write-host "Creating MOF File for Node: $node"
PullClientConfigID -server $_.NodeName -Url $Data.NonNodeData.DSCConfig.DSCConfigServiceEndPoint -Path $Data.NonNodeData.DSCConfig.DSCConfigModuleShare -RegistrationKey $Data.NonNodeData.DSCConfig.DSCConfigRegistryKey -OutputPath $OutputDir
Write-Host "Pushing configuration to server: $node"
Set-DscLocalConfigurationManager -ComputerName $_.NodeName -path $OutputDir -Verbose
}
Once the script has completed running without error all your nodes (Read SharePoint Servers) will be configured to pull the MOF from the DSC service and build out your farm. And that will be our next step creating those MOF Files.
You can find a copy of my script here
Pax