Conditional execution of DSC resources

sameer-kumar · May 20, 2016, 6:38pm

Hello,

I have been trying to figure out a nice way to conditionally execute my DSC resources based on Configuration parameters.

Node ('localhost')
{
        # Create a Web Application Pool
        
        xWebAppPool NewWebAppPool
        {
            Name = $siteName
            Ensure = "Present"
            #identityType = 'ApplicationPoolIdentity'
            identityType = 'SpecificUser'
            Credential = $appPoolID
        }
}

Here in the above configuration, I want to add a new app pool either with ApplicationPoolIdentity or CustomIdentity depending upon parameters in my Configuration section.

Any help ideas or pointers are appreciated.

Thanks

system · May 20, 2016, 7:42pm

In this case, you’d probably just have a parameter for your configuration (or something in your ConfigurationData table) containing the identity type, and pass that variable on to the resource:

Configuration Demo
{
    param (
        [ValidateSet('ApplicationPoolIdentity', 'LocalService', 'LocalSystem', 'NetworkService', 'SpecificUser')]
        [string] $IdentityType = 'ApplicationPoolIdentity'
    )

    Import-DscResource -ModuleName xWebAdministration

    node localhost
    {
        xWebAppPool NewWebAppPool
        {
            Name         = $siteName
            Ensure       = 'Present'
            IdentityType = $IdentityType
            Credential   = $appPoolID
        }
    }
}

silent-steel · May 21, 2016, 1:42am

Or separate the configuration data outside of the configuration script.

https://msdn.microsoft.com/en-us/powershell/dsc/configdata

eddie-douse · May 21, 2016, 3:07am

Just be careful using that guide for Config PSD1’s if you’re also going to use Import-PowerShellDataFile.

Having the commas splitting each hashtable in AllNodes, ends up putting them into an array, within the first element of the AllNodes array, which isn’t ideal.

I found it when starting to use the import function as the behaviour was strange.

Just a heads up

sameer-kumar · May 21, 2016, 5:40am

Thanks for your response.

In that case, how can I conditionally define webpool properties? For instance, if parameter value equals SpecificUser then ONLY define Credential property. And this type of conditions are more than 1 in number.

Appreciate your help.

system · May 21, 2016, 7:36am

That’s awkward for the moment. If you were calling a cmdlet, I would just tell you to use splatting, but unfortunately, the parser doesn’t allow for splatting to DSC resources. So you’ll need some duplication in your code, and an IF statement:

Configuration Demo
{
    param (
        [ValidateSet('ApplicationPoolIdentity', 'LocalService', 'LocalSystem', 'NetworkService', 'SpecificUser')]
        [string] $IdentityType = 'ApplicationPoolIdentity',

        [pscredential] $AppPoolID
    )

    Import-DscResource -ModuleName xWebAdministration

    node localhost
    {
        if ($IdentityType -eq 'SpecificUser')
        {
            xWebAppPool NewWebAppPool
            {
                Name         = $siteName
                Ensure       = 'Present'
                IdentityType = $IdentityType
                Credential   = $appPoolID
            }
        }
        else
        {
            xWebAppPool NewWebAppPool
            {
                Name         = $siteName
                Ensure       = 'Present'
                IdentityType = $IdentityType
            }
        }
    }
}

system · May 21, 2016, 7:37am

Incidentally, this can be a good place to use a composite resource to hide that duplication / complexity. The same code will exist, but you can hide it in another psm1 file.

sameer-kumar · May 21, 2016, 3:00pm

This sounds a cleaner approach. Let me read about composite resources and see how can I use them in this scenario.
Thanks for the pointer. Will share my output and thoughts soon.

sameer-kumar · May 23, 2016, 11:47am

Bummer, this poops out on target machine due to unavailability of ‘xWebAdministration’ module. Can I automate the installation of this module (somehow wrap in my configuration)? Meaning if the module is installed on target machine then great else install it from PS gallery.
Thanks for your help!

system · May 23, 2016, 12:24pm

Easiest way to handle that is to use a DSC pull server. In PSv5, you can use a pull server to distribute resource modules even if you’re using Start-DscConfiguration to push out the configs themselves.

If you don’t want to use a pull server, then you’ll have to get the modules onto the target system yourself in some other way.

silent-steel · May 24, 2016, 6:02pm

“Easiest” is a relative term

I just changed the $env:PSMoudlePath on that node to also point to a network share where I placed all the modules in advance.

Yes its easier but has its downsize in terms of security and increased cmdlets scan time.

You can automate the distribution of the module but not from the same configuration scripts that needs it, so in a two step method.

Topic		Replies	Views
Conditional parameters in a DSC resource DSC	1	168	August 28, 2017
DSC conditionally execute a resource based on another resource DSC	2	161	February 16, 2016
DSC Dynamic Resource Parameters DSC	1	160	March 10, 2017
Error when applying DSC config with app pool custom user account to a server DSC	3	280	December 18, 2023
Variables in the DSC resource? DSC	2	214	August 24, 2016

Conditional execution of DSC resources

Related Topics