ARM Template DSC: configuration does not 'see' protectedSettings.configurationArguments

0
votes

I need to protect a DSC configuration parameter ([pscredential]RegistrationKey), so I have put it under "settings.protectedSettings.configurationData" thus:

"protectedSettings": {
                "configurationArguments": {
                  "RegistrationKey": {
                    "UserName": "PLACEHOLDER_DONOTUSE",
                    "Password": "[parameters('dscAutomationRegistrationKey')]"
                  }
                },
                "configurationUrlSasToken": "[parameters('artifactsLocationSasToken')]"
              }

I get the error:

"VM has reported a failure when processing extension 'Microsoft.Powershell.DSC'. Error message: \"The DSC Extension failed to execute: Mandatory 
parameter RegistrationKey is missing.

If I move RegistrationKey out of "settings.protectedSettings.configurationArguments", into "settings.configurationArguments", it works, therefore, I assume there is nothing wrong with the syntax, so I believe it is to do with PsDscAllowPlainTextPassword = $true that wasn't included in the DSC configuration.

(I tried to include the configuration block in the PS1 file, but this threw an error, suggesting this can't be done)

I have now written a configurationdata .psd1 file, containing the following: 

$ConfigData = @{
   AllNodes = @(
      @{
        NodeName = "*"
        PsDscAllowPlainTextPassword = $true 
       }
   )
}

and referenced it in settings.configurationdata.url.

This now results in the same error as before: VM has reported a failure...

The ARM template is called from PowerShell:

$oAutomationAccount = Get-AzureRmAutomationAccount -ResourceGroupName $AAresourceGroupName -Name $AutomationAccountName
$RegistrationInfo = $oAutomationAccount | Get-AzureRmAutomationRegistrationInfo

$DscRegKeyString = $RegistrationInfo.PrimaryKey
$ssDscAutomationRegistrationKey = (ConvertTo-SecureString -string $DscRegKeyString -AsPlainText -Force)

#Automation Account EndPoint Uri
$DscRegistrationUrl = $RegistrationInfo.Endpoint
$params = @{
    artifactsLocationSasToken = $TemplateSas
    vmName = "XYZ"
    dscAutomationRegistrationKey = $ssDscAutomationRegistrationKey
    dscAutomationRegistrationUrl = $DscRegistrationUrl
    dscNodeConfigurationName = "CreateAFolder.localhost"
    dscTimeStamp = (Get-Date -f "MM/dd/yyyy H:mm:ss tt") #"MM/dd/yyyy H:mm:ss tt"
    dscResourceUrl = $DscResourceUrl
    dscConfigurationUrl = $DscConfigurationUrl
    dscResourceScript = $DscResourceScriptName
    dscResourceFunction = "ConfigureLCMforAAPull"
    #sequenceId = $sequenceId
}

New-AzureRmResourceGroupDeployment @params `
                                  -Name "$TemplateInstance-$branch" `
                                  -ResourceGroupName $DeploymentResourceGroup.ResourceGroupName `
                                  -Mode Incremental `
                                  -DeploymentDebugLogLevel All `
                                  -TemplateUri $TemplateUri `
                                  -Verbose

Where I believe the parameters are being passed as the correct types.

What am I doing wrong?

Reference template: https://github.com/Azure/azure-quickstart-templates/blob/master/dsc-extension-azure-automation-pullserver/azuredeploy.json

Updated to use a newer DSC schema:https://blogs.msdn.microsoft.com/powershell/2016/02/26/arm-dsc-extension-settings/

1
jsonpowershellazuredsc

1 Answers

0
votes

this is the template I've been using for node onboarding:

{
    "name": "xxx",
    "type": "Microsoft.Compute/virtualMachines/extensions",
    "location": "[parameters('location')]",
    "apiVersion": "2015-06-15",
    "dependsOn": [
        "xxx"
    ],
    "properties": {
        "publisher": "Microsoft.Powershell",
        "type": "DSC",
        "typeHandlerVersion": "2.22",
        "autoUpgradeMinorVersion": false,
        "protectedSettings": {
            "Items": {
                "registrationKeyPrivate": "[parameters('registrationData')]"
            }
        },
        "settings": {
            "ModulesUrl": "https://github.com/Azure/azure-quickstart-templates/raw/master/dsc-extension-azure-automation-pullserver/UpdateLCMforAAPull.zip",
            "SasToken": "",
            "ConfigurationFunction": "UpdateLCMforAAPull.ps1\\ConfigureLCMforAAPull",
            "Properties": [
                {
                    "Name": "RegistrationKey",
                    "Value": {
                        "UserName": "PLACEHOLDER_DONOTUSE",
                        "Password": "PrivateSettingsRef:registrationKeyPrivate"
                    },
                    "TypeName": "System.Management.Automation.PSCredential"
                },
                {
                    "Name": "RegistrationUrl",
                    "Value": "xxx",
                    "TypeName": "System.String"
                },
                {
                    "Name": "NodeConfigurationName",
                    "Value": "xxx",
                    "TypeName": "System.String"
                },
                {
                    "Name": "ConfigurationMode",
                    "Value": "ApplyAndMonitor",
                    "TypeName": "System.String"
                },
                {
                    "Name": "ConfigurationModeFrequencyMins",
                    "Value": 15,
                    "TypeName": "System.Int32"
                },
                {
                    "Name": "RefreshFrequencyMins",
                    "Value": 30,
                    "TypeName": "System.Int32"
                },
                {
                    "Name": "RebootNodeIfNeeded",
                    "Value": true,
                    "TypeName": "System.Boolean"
                },
                {
                    "Name": "ActionAfterReboot",
                    "Value": "ContinueConfiguration",
                    "TypeName": "System.String"
                },
                {
                    "Name": "AllowModuleOverwrite",
                    "Value": true,
                    "TypeName": "System.Boolean"
                },
                {
                    "Name": "Timestamp",
                    "Value": "MM/dd/yyyy H:mm:ss tt",
                    "TypeName": "System.String"
                }
            ]
        }
    }
}

I know its using an old format, but that works so, meh.