$configdata and parameters

Hello,

Is there any option to pass values to $configdata block (use for ‘-ConfigurationData’) as a parameters/variables?

Something like:

Configuration Config1
{



}

$configdata = @{
AllNodes = @(
@{
NodeName = servername
CertificateFile = $path\CertFile.cer”
Thumbprint = $CertThumb
}

Do you mean for $path and $CertThumb to be resolved when the Configuration is run? Yes - that you can do. Sort of. It’s a bit awkward. You could parameterize the script itself. I’m not sure I’ve seen anyone want to do this, though, because typically you want the configuration data separated from the Configuration itself. Can you maybe help me understand what you’re trying to do?

Hi Don,

Let me try to explain it more precisely…

I want run such script on server1:

Configuration Config1
{



}

$configdata = @{
AllNodes = @(
@{
NodeName = server1name
CertificateFile = “$path\CertFile.cer”
Thumbprint = $CertThumb
}
@{
NodeName = server2name
CertificateFile = “$path\CertFile.cer”
Thumbprint = $CertThumb
}
@{
NodeName = server3name
CertificateFile = “$path\CertFile.cer”
Thumbprint = $CertThumb
}

Create and export self signed certificate …
Next copy and import the exported cert to server2 and server3
Finaly run…
Config1 -ConfigurationData $configdata

By this script I want to create selfsigned cert, copy it and import to all servers (1,2,3). Then run dsc configuration, that contains resources for each of the servers. The MOF files must be encrypted. I assume to complete this I need to put, in the script…

$configdata = @{
AllNodes = @(
@{
NodeName = server1name
CertificateFile = “$path\CertFile.cer”
Thumbprint = $CertThumb
}
@{
NodeName = server2name
CertificateFile = “$path\CertFile.cer”
Thumbprint = $CertThumb
}
@{
NodeName = server3name
CertificateFile = “$path\CertFile.cer”
Thumbprint = $CertThumb
}
Because the cert is being created by this script I need to get the Thumbprint “live” and put there as a variable, am I right? Is it a bit more clear now?

You could technically do that within the configuration. The configuration is a script, after all. Variables and stuff will resolve when you run it, with the results going into the MOF. The ConfigurationData block is just a hash table; variables in it should resolve normally when they’re used.

Hi Don,

I did some tries but with no full success. “Thumbprint” seems to work ok but now I have a problem with “CertificateFile”. When I set this as CertificateFile = “$path\CertFile.cer” I’m getting this error message:

ConvertTo-MOFInstance : System.ArgumentException error processing property ‘Password’ OF TYPE ‘MSFT_Credential’: Cannot load encryption certificate. The certificate setting ‘\CertFile.cer’ does not represent a valid base-64 encoded certificate, nor does it represent a valid certificate by file, directory, thumbprint, or subject name.

Looks like $path variable is empty, but this is really strange because it is defined in the same place as $cert (“Thumbprint” seems to work if it is set as Thumbprint = $cert.Thumbprint)

Can I ask you to show me how to exactly pass $path value to the $configdata block (or achieve all I need without $configdata block)? Please use below script structure if this possible (treat content between “------------” as one ps1 file).


Configuration Config1
{



}

$configdata = @{
AllNodes = @(
@{
NodeName = server1name
CertificateFile = “$path\CertFile.cer”
Thumbprint = $cert.Thumbprint
}
@{
NodeName = server2name
CertificateFile = “$path\CertFile.cer”
Thumbprint = $cert.Thumbprint
}
@{
NodeName = server3name
CertificateFile = “$path\CertFile.cer”
Thumbprint = $cert.Thumbprint
}

Create and export self signed certificate …
Next copy and import the exported cert to server2 and server3

$path = “C:\Certs” # in my case this is calculated value
$cert = Get-ChildItem -Path cert:\LocalMachine\My | ? {($_.FriendlyName -eq “xxxxx”) #now I have the $cert.Thumbprint

Finaly run…
Config1 -ConfigurationData $configdata

Hi Prz,
I don’t know how you configdata files are structured, whether there is a pipeline feeding/generating configdata files, but I am hoping you can do regex replacement on configdata file? I would a unique format around the parameters, i.e.

Thumbprint ="#{Thumbprint}

And do content replacement on the file

(Get-Content $configdatafile).replace ("#{variable}", $variablevalue) | Set-Content $configdatafile

Tahnk you Ebru Cucen this is helpful hint!

I have another problem… Can you tell me what is the difference between running script by Powershell ISE vs standard console? When I run my script by PS ISE everything works fine, DSC applies to 2 servers incl. encryption. But when I run exactly the same script by “Run with Powershell” I’m getting error message like “line 1021 at , : line 1” and System.Management.Automation.RuntimeException: You cannot call a method on a null-valued expression.
at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception
exception)
at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
. This points to the below line in bold:

$configdata = @{
AllNodes = @(
@{
NodeName = “Server1”
PSDscAllowDomainUser = $true
CertificateFile = “$((Get-ChildItem “E:” | ? {$.Name -like “MyFolderName”}).fullname)\Server1.cer"
Thumbprint = ($Thumbs | ? {$
-like “Server1*”}).Split(”=")[1]
}

@{
NodeName = “Server2”
PSDscAllowDomainUser = $true
CertificateFile = “$((Get-ChildItem “E:” | ? {$.Name -like “MyFolderName”}).fullname)\Server2.cer"
Thumbprint = ($Thumbs | ? {$
-like “Server2*”}).Split(”=")[1]
}
)
}

The problem is with the Server2 (I’m running script on Server1). All paths are correct, the problem is with the standard powershell console, does anybody know why PS ISE does not return any errors?