RE: Need to change my forum email address

I do not see that option.

Self explanatory; I don't see a place to change it in my profile. Thanks!

So I able to make a copy of it, and it has the files but none of the configurations in the roles. I will try copying the git repository and see if that works.

I am migrating to a new server, as my old one is dying. I was able to install otter on the new server and restore the otter DB from a backup, but I am not having much luck getting my git server (On Prem Bitbucket) back up and running. Can I grab everything out of the git raft and transfer it to a new file based raft that just works?

Yes, same user. Like I said, I have taken great care to eliminate variables trying to understand what is going on.

It's a 2016 Server, so it comes preinstalled with 5.1. 5.1.14393.3471 is the specific version.

That's a good idea, but I actually started off using the $env:computername and switched to $servername thinking that maybe somehow Otter wasn't using the $env:computername variable, but it didn't make any difference.

Strange. I am running the code locally on the target server in powershell, and it is working flawlessly. The FindOne and FindAll work to limit the machine. Intellisense also auto completes these, so they are present and working.

([adsisearcher]"samaccountname=$($env:computername)$").FindOne()

works fine and returns the result on the sql machine I am targeting the psensure configuration on. I am not changing the code or machine I am testing on; changing anything or introducing variables would not constitute a very scientific observation. Same code, same machine. When run locally, works fine. When run in Otter, it does not work. I am guessing it is how Otter formats things sometimes; that would be my guess. But Otter is not handling this line of code. and it would help to understand why.

Looking at your example, I am not sure how it could work. Your TargetOU is not in distinguished name format. Should be something like "'CN='Users',DN='Domain',DN='Test'". Did you move the computer object from one OU to another? I am curious about the results there.

Here is the code for the PSEnsure:

##AH:UseTextMode

#Assembled Jonathan Engstrom 20200219

PSEnsure
(
Key: $KeyName,
Value: True,
Collect: >>

$ErrorActionPreference = 'SilentlyContinue'
$Value = (Get-ADComputer -Identity $env:COMPUTERNAME).DistinguishedName -match $TargetOU
$CurrentValue = (Get-ADComputer -Identity $env:COMPUTERNAME).DistinguishedName
((($Value -eq $true) -and (($env:COMPUTERNAME) -match 'sql')) -or ($env:COMPUTERNAME -notmatch 'sql'))

,
Configure: >>

$samAccountName = $ServerName
$newOU =  [adsi]"LDAP://$TargetOU"
$comp= ([adsisearcher]"samaccountname=$($ServerName)$").FindOne()
$comp.GetDirectoryEntry().MoveTo($newOU)

);

KeyName and TargetOU variables are set. I am not running an agent, I am doing everything agentless.

I am not having a problem running the code locally, I am having a problem running it in Otter. The code I have works fine when run in PowerShell by itself; hence why I am wondering what is going on here.

That code does not work in Otter for me btw, I did not test outside of Otter.

@rhessinger said in $PSCredential- round two:

$samAccountName = $ServerName
$newOU = [adsi]"LDAP://$TargetOU"
$test = ([adsisearcher]"samaccountname=$($samAccountName)$").FindOne()

Good morning, I made this this change, and there was no change. I had the same error.

I have a variable that specifies the TargetOU, it's just the path of the OU of where I want to move the computer account to. This is what is in the configure block of my PSEnsure:

$newOU =  [adsi]"LDAP://$TargetOU"
$test = ([adsisearcher]"samaccountname=$($ServerName)$").FindOne
$comp.GetDirectoryEntry.MoveTo($newOU)

There is no errors in the Diagnostic Center pertaining to this error.

Here is the output. I also tested trying to use the method Findall instead of FindOne, it didn't make a difference.

Configuration job is targeting 1 servers by name.
Building configuration plan for server server.domain.test to target 1 roles.
Finished processing role configuration plans.
server.domain.test does not have a configuration plan in raft Default.
Finished processing 2 scripts.
Beginning collection run...
Collecting configuration...
Importing Name...
Importing ModuleName...
Invoke-DscResource -Name $Name -Method Get -Property $Property -ModuleName $ModuleName
Importing Name...
Importing Property...
Importing ModuleName...
Invoke-DscResource -Name $Name -Method Test -Property $Property -ModuleName $ModuleName
Importing Name...
Importing Property...
Importing ModuleName...
Comparing configuration...
Configuration matches template.
Collecting configuration...
Importing TargetOU...
Comparing configuration...
Difference: Value
=Template=> True
= Actual => , False
Configuration drift detected.
Adding to execution plan.
Collection run complete.
Collection run succeeded.
Beginning execution run...
Importing TargetOU...
Importing ServerName...
Exception calling "FindAll" with "0" argument(s): "An operations error occurred.
"
You cannot call a method on a null-valued expression.
Storing configuration template...
Execution run failed.
Recording configuration for server (ID=#2050)...
Configuration for server (ID=#2050) recorded.
Cleaning up temporary files on PowerShell...

Alright, fair enough. As I use Otter almost exclusively for checking for compliance, I will look forward to this. Nontrivial asks are always the best ones, right? :D

These are some of them I found:

https://forums.inedo.com/topic/2661/can-two-otter-servers-share-a-raft-or-what-would-be-an-easy-way-to-copy-all-my-code-between-each-otter-instance

https://forums.inedo.com/topic/2633/otter-feature-request-set-up-a-collector-of-sorts-to-use-in-a-multi-tenant-datacenter

https://forums.inedo.com/topic/2568/bug-execution-dispatcher-timer-shows-for-each-machine-at-30-second-increments-it-jumps-to-the-next-minute

https://forums.inedo.com/topic/2567/service-won-t-start-after-2-1-1-upgrade

https://forums.inedo.com/topic/2531/update-either-server-or-role-variables

OK, thank you for the example, that makes much more sense with context around it. However, I am still not able to get this to work. I am not able to get the Move-ADObject cmdlet to work in Otter regardless even though I can get them to work every time outside of Otter. OK, so tried to do something different just in case. Same issue again, I can't get this line of code to work in an PSEnsure either:

([adsisearcher]"samaccountname=$($env:computername)$").FindOne()

This should return some simple AD attributes for the computer and runs fine outside of Otter. This does not work either when put inside of Otter. Wondering if there is something that is not allowing this code to work?

Has there been any update to this?

Why does this have me listed as a guest who posted it instead of me? Was this something strange with the migration of the forums last year?

Well, my question is not being answered I feel. That example lacks any context of use, so I can't really articulate what I can do with that. It's like if I called you and said some random thing like "rock" and hung up. OK, what is a person supposed to do with that information? I want to be able to do something like this in my configure portion of a psensure:

Move-ADObject -Identity (Get-ADComputer -Identity $env:COMPUTERNAME).ObjectGuid -Server $pdc -TargetPath $TargetOU -Credential "$PSCredential"

Is that all I need to do? If so, this is not working. The line of code works fine without the credential line in PowerShell, but does not work in Otter. I am having authentication issues, and need to be able to pass stored credentials I would like these questions answered:

1. Is the $PSCredential being populated from the resource credentials stored in Otter for each server?
2. Are the Username and Password sections populated from a plain text entry or manual intervention to populate the $PSCredential?
3. If 1 and 2 have the answer of no, where are they coming from?

A Get-Asset operation always changes configuration

I am suprised that a "Get-Asset" " always changes configuration in stark contrast to powershell where the verb "get" is a read-only or gathering action only. This action, imho, is very poorly named.

So with that said, even if a collect is read only, I still don't understand why I can't load a script asset and gather/report data? Can a script asset be loaded to be made available for both collect and configure stages? That would be fantastic.

So, I am still struggling to pass the windows credentials stored in the resource credentials stored in the DB. I don't want to enter credentials manually or via in plain text, so unless I can get that stored password value, I fail to see the value in this for Windows Domain authentication. I found the documentation here:

https://docs.inedo.com/docs/otter/reference/functions/powershell/pscredential

But that does nothing to explain it. Does this have the username and password stored from the resource credentials so they can be used like a get-credential variable for domain authentication? I really need to pass the credentials stored in the DB to authenticate, thanks!

To add to this, I need the script assets to work in both the collect and configure passes, and I have not been able to get the module to work in both passes. I am not sure why they are so different, or would be designed in such a manner to disallow this to work. I have a great need to be able to call scripts and or modules to simplify my code and processes. Mostly as I need to keep extensive logging, I need to be able to during both collect and configure stages, I need to gather the existing settings in PowerShell for logging/ retention reasons. I then write that data to the computer's event log to be captured by logging systems.

I am not sure what you mean with the "call PSExecWithMods" example.

Also, I have one module I can run, Test-Module,ps1, but I have another script asset called TestOtter.ps1, and it won't load that PowerShell Asset. The actual content is the same; which makes it strange.

Hello, Just wanted to ask if there has been anyone who has migrated their Otter instance to a new server? Is it just as simple as detaching the DB and reattach to a SQL instance on the new server? Any ideas for my Git based raft? I am using Bitbucket on prem server.

Thanks!

I have been struggling calling PowerShell Script assets when running PSEnsure Configurations. I have used an example that someone sent to me with some success. I am not able to call multiple script assets, and they refuse to load as PowerShell Modules sometimes for no apparent reasons. I would like to ask for a feature to be added that when you call a PowerShell script asset, to allow it to import for you. I also want to verify I can load multiple Script Assets, as I have tried and not succeeded. I have a great need to reuse code across multiple roles as I have nearly ~100 roles currently.

Example:

##AH:UseTextMode

set $ModuleName = Test-Function;
Get-Asset $ModuleName.ps1
(
    Type: Script    
);
set $ModuleNamePath = $PathCombine($WorkingDirectory, $ModuleName.ps1);

PSEnsure
(
    Key: Test-Function,
    Value: True,
    Collect: "$false",
    Configure: >>
    Import-Module -Name "$ModuleNamePath" -Verbose
    
    &$ModuleName

    >>
);

I would like to see as an option for calling the script asset to load the module automatically. I also want to be able to import Powershell modules in the Collect Phase as well.

So, now that I have time to work on this again, to recap, I can create my PSEnsure as I usually do. I can create all of my shared functions as a PowerShell module, and store them as a PowerShell script asset be able to call them as needed in my various roles as needed, and more than just one? I will also not need to copy and manage each PowerShell Module/ Function as a traditional PowerShell module and copy them over to the file system of each server and manage that? If I can create a separate module for each function, store them as a PowerShell Script asset, and call them as needed, then I believe this will work for my PSEnsure roles, and I will be able to standardize the function by calling them from a separate location instead of including them each time with each PSEnsure, which is very cumbersome and costing me a great deal of time.

Is this something that is possible to do? It would help greatly with nailing down witch servers need work and which ones don't.

So I looked over OT-331, and while close, I am looking for each role to report the status of each server that has that role assigned to it, and whether it has drifted or is current. Thanks!

Please add in the roles which servers have Drifted and which ones are Current. One needs to be able to see this information broke down. Possible add something in the API as well for each role to have drifted, current, and the other statuses?

Product: Otter
Version: 2.2.2

Is it possible to have the Inedo Hub roll back to previous versions for you? Thanks!

Product: Otter
Version: 2.2.3

Hello, I am wondering if it would be possible to add support for BITS to be used to distribute Universal Packages instead of using Inedo agent? Every supported version of Windows has BITS, and is allowed through most firewalls, especially since System Center Configuration Manager (SCCM) uses BITS as well.

Product: ProGet
Version: 5.1.23

I have seen this added in the past few beta builds, and this works nice. As a cherry on top, can we get a filter to be added similar to the status filters, etc? Great work and thanks; your work is appreciated!

Alright, I have my one token agent I had to update. Thanks!

Hello, I would like to be able to have provided in a role or list of nested roles, the servers that have drifted or not drifted from each specific role. I want to do this for change control so I have a list of server I can include that need xyz done to them. I don't want to have to click on each server or role to determine this. A PowerShell module would greatly aid in this.

Product: Otter
Version: 2.2.0-beta.15

Hello, my servers are located behind a firewall that blocks access from the internet with a few sites as exceptions. Is there a way to have the agent updates from the Otter server instead of looking at a public cloud? Public clouds will not be granted access to the servers per our security policy. I can update from my Otter server as I have a specific need. Thanks!

Product: Otter
Version: 2.2.0-beta.15

Is this doable at all? I am trying to get the rest of my infrastructure added to Otter. Thanks!

I would post the script as to allow everyone see what you are attempting to do.

Hello, I would like to ask that the server import be modified to do a few different things. One, I would like an option to ignore duplicate servers. If I am importing 100 servers at a time, I want the option to ignore those system and import the rest so each server I don't have to stop. Every. Time. There. Is. An. Error. Quite annoying, and an inherent problem working with web interfaces. Another option is to overwrite existing servers with an option to merge the existing server object with updated settings in your json import, as to do new bulk settings. Like if I want to add a new variable to 100 servers that are already in Otter.

Of course, this task would be way easier with a PowerShell Otter Module :D ....

Product: Otter
Version: 2.2.0-beta.10

Update: so for whatever reason, after I left for lunch and came back, this particular gremlin decided to leave. I can call a single script, however, this does not meet my requirement of using separate multiple scripts for different functions, and I cannot run this with a configure block as well; it's one or the other.

So back to square one. Can this functionality be added in to run a script asset in a psensure?

So looking at your example, I tried the "ConfigureScript: test". I have a powershell script asset called test with this in it:

function TestFunction (){
Write-Warning 'TestFunction was successful'
}
TestFunction

And this simple psensure:

##AH:UseTextMode

PSEnsure
(
Key: Test,
Value: True,
Collect: >>
$false

>>,
Configure: >>


>>,
ConfigureScript: Test

);

Won't run the asset as it says it can't find it, even though I see it fine under assets and when I look where my raft exists in bitbucket, it is there as well.

Even if it did run it, I can only run one script as it does not appear to be an array? That does not meet my requirement of being able to run multiple scripts/functions/assets/ whatever they are called.

So am I probably not explaining this very well. In my PSensure, I have pieces of code that I have to include many different times that I want to keep as a script asset/function, whatever. My intent is instead of duplicating this code 1000 times, I can change it in one place and just call the script from one location while doing my psensure. Make sense?

Hello, I have a simple test function as a script asset:
function TestFunction (){
Write-Warning 'TestFunction was successful'
}

And I have the psensure. I have tried to make this is simple as possible for clarity:

##AH:UseTextMode

PSEnsure
(
Key: Test,
Value: True,
Collect: >>
$false
>>,
Configure: >>
pscall test;
>>
);

This does not work. I have not been able to call any assets in a PSensure. I have made this example as simple as possible. As far as I can tell, assets don't work in PSEnsure configurations. How can I store PowerShell functions

https://docs.microsoft.com/en-s/powershell/module/microsoft.powershell.core/about/about_functions?view=powershell-6

equivalent in Otter so I can call them in a PSEnsure? Am I doing something wrong?

Adding for ideas:

Will need cmdlets to create, edit, delete, start and stop configuration and orchestration work. Allow to accept pipeline input. That way I can schedule at that time, to run an orchestration job, pick the servers based on the results of the orchestration, and run a job at that time for those servers, environments, or roles that fit the criteria.

<crickets>

Anyone? Am I not doing this right, or does it not work that way?

So I am thinking I may have spn issues, and am not able to attempt some of the fixes, so I am stuck with adding a separate setspn to deal with just deal with this. Agent installs are not an option. My question is can Otter utilize session options in WinRM? Example I sound on technet:

As I have seen in this link:

https://www.reddit.com/r/PowerShell/comments/3ze9pp/cannot_use_powershell_remoting_when_a_http_spn/

You can create a port specific spn:

SetSPN.exe -s HTTP/$($env:COMPUTERNAME):5985 $env:COMPUTERNAME 
SetSPN.exe -s HTTP/$($env:COMPUTERNAME).$($env:USERDNSDOMAIN):5985 $env:COMPUTERNAME 

and then create a session using an option:

# Create and use session
$sessionOptions = New-PSSessionOption -IncludePortInSPN
Enter-PSSession -Computername <computername> -SessionOption $sessionOptions

Product: Otter
Version: 2.2.0-beta.4

I have had issues in the not too distant past, maybe 3-6 months ago upgrading one of my installs of Otter to the latest version, 2.0.9 if memory servers. I would concur that the installs/upgrades could use some love. There definitely should be a 'cleanup' tool to remove all traces of Inedo installs.

Ron, I wouldn't give up on using the products. Maybe you can spin up a vm to try this out on as well?

So I think to start off with querying information about the servers:

“Get-OtterServer” by default should return all servers, with their drift status, communication status, environments, roles, variables, configuration plans, packages, executions, and details. So with this, I should be able to run something like this:

$server1 = Get-OtterServer –Server server1.acme.domain
And save all of the information as a variable. The server parameter should of course take multiple values as well as pipeline input that matches parameter name. I can then run things like $server1.ConfigurationDrift to show if it is report only or automatically remediate. Or do $server1 | where-object {$_.variables –like “CPU”} to show the value of any variables that have CPU in the name. Virtually anything. This way the variables can be used for each server like a cmdb system.
The Add-OtterServer, Remove-OtterServer and Modify-OtterServer would serve roughly the same functions. This would be powerful to add, remove, or modify servers based on criteria. The ability to add servers into otter based if they are active in active directory would be very powerful itself, and clean up after x amount of days as well.
If you are coding it in PowerShell 6.1, the “Test-JSON” cmdlet can be used to validate bulk json adds like variables and such.

Roles and Environments would share the same pattern.
Should also add a few commands for the Otter server itself, like to restart service, web server service, and maybe some extension updates and such. Eventually add all of the things that are in Advanced menu, and go from there.

Alana, I was wondering, when you set up a server in Otter with Agentless Powershell, does it create a PSSession at all? If you can get the credentials from the database into a $cred variable, then with that use that to create a possession, and do a copy-item -tosession from there? Would that be possible? If this can work, it should be easy to set up, and it's awesome as it uses winrm witch already has to be open to use that for communication. Maybe this could be a stop-gap measure for now while something better is made?

It would be nice to have a column in the server status that reports the status of agent or agentless communication. Say if a server cannot be reached, change status to closed, and when it is good, change it to open. This should be not be co-mingled with drifted/compliant status. I think it is that way now, but does not appear to be accurate either.

I have many servers, and it would be nice if one could check winrm at a glance. Thanks!

Product: Otter
Version: 2.1.3

So just to update, I have been testing some powershell scripts out. I test them by scheduling a job, and have it write the output and I can see it in the logging. they seem to work when using an Orchestration / Execution plan or job. But I am not able to get it working with a configuration / PSEnsure job. I am not sure if I am missing something or it has a limitation? I would hope one would be able to use reusable code in a Configuration /PSEnsure plan. Ideas?

Hello, I want to start creating small functions of reusable code so I don't have to keep adding them to my plans. I use PSEnsure almost exclusively to maintain consistency across my roles. One of the things I would like to set up is a machine domain check, since we take care of machines in multiples domains and forests. I would basically like to call this function during my PSEnsure and have it output a variable called $DomainMembership for me to be able to utilize as need. For example:

    $GetDomain = (Get-CimInstance Win32_ComputerSystem).Domain
    
    if ($GetDomain -eq 'abc.local'){
        $DomainMembership  = 'abc.local'
    }
    elseif ($GetDomain -eq 'def.local'){
        $DomainMembership = 'def.local'
    }

I am not sure if this should be a module or script, as it is not clear to me the difference between the two, or documentation on how to get it working.

Product: Otter
Version: 2.1.3