Hi,
From your description you’re not using the DependsOn or WaitFor, which is what gives you the uncertainty that the action before was actually completed.
If you’re using a timeout and that Invoke command does time out then your compliance server isn’t exactly accurate to the state the node is in, kinda counter the reason of having it
“Use the Log Resource, Luke !”
Remember that DependsOn is an array, so even if you use the Invoke command a couple of times during the script or just one time at the end, you can have it depend of all the actions before that, so basically it will not act before all the resources before it, have ended successfuly.
You can always track the status of a node via Get-DscConfigurationStatus or directly on the node LCM by looking at LCMState and LCMStateDetails.
Read my post on the ComplianceServer, at the end there will be links on how to query. The only thing it requires as an input is the AgentID\ConfigurationID, which is something you can collect from each node and store in a db. The AgentID is a unique, per node GUID that is created once during the first ever registration of the node to the pull server.
Even if you’re not using Pull as a method, you can still create a pull server just for the reporting part and set your nodes to use that for the reporting part.
Last but not least, when you tie yourself like this in a production environment, you become a potential point of failure in the process so safeguards should always be applied, the most dominant one is updating your services on test environments on each version change of powershell, especially when it involves changing to DSC and LCM engine and doing it fast to not be the one preventing say powershell upgrades to the server for say security reasons, just because you haven’t yet fully tested the Compliance Server’
I agree that its extremely important that you’re happy with the results and you get what you expected, just reminding that what System and IT usually look for is stability and the least amount of intrusiveness to keep the uptime up.
As a DBA, among other things, i endlessly try to teach devs to avoid opening ‘back doors’ for apps to query data not in their own db. I’d they need the info, there should be an interface written and not a direct table manipulation for example, kinda why I’m also a DevOos entusiast.
If its a must, try keeping it to small amounts of data and not constantly.
Put the code on a GitHib repo, share with the community, you might get a nice input back on ways to extend and grow
Now back to my my plan to conquer the world with DSC