拉取配置导致多个组资源出现奇怪行为
Pull configuration causing odd behavior with multiple Group resources
使用 Azure Automation Pull DSC 服务我有一个生成多个 Group 资源的配置,以确保帐户是 IIS_IUSRS 组(应用程序池身份)的成员。这些组资源是通过循环编译时提供的 $ConfigurationData 内的数据生成的。这是每个网站完成的。例如:
$Node.WebSites | foreach {
$site = $_
$appPoolId = $site.AppPoolId
Group appPoolIISUsers
{
GroupName = "IIS_IUSRS"
Credential = $DomainCreds
Ensure = "Present"
MembersToInclude = $appPoolId
}
}
应用后,LCM 和 WMI 服务变得不稳定并产生多个错误 -- 特别是 DSC 引擎错误 28 和引擎错误 2147749939。
我可以应用相同的技术,如果在 PUSH 模式(相对于 Pull)下使用 Start-DSCConfiguration 在本地应用,则配置成功。我能够让 PULL 与 Azure Automation DSC 服务一起工作的唯一方法是将所有需要的成员收集到一个列表中并使用 1 Group Resource:
$iis_iusrs = ($appPoolIds | select -Unique)
Group "AppPoolIISUsers"
{
GroupName = "IIS_IUSRS"
Credential = $DomainCreds
Ensure = "Present"
MembersToInclude = $iis_iusrs
}
这是一个错误吗? Azure DSC 中的报告也很疯狂:
非常感谢任何想法或帮助。
2016 年 11 月 21 日更新:
这是我在本地生成并应用的配置,没有使用唯一的 groupname 值。机器上本地只有 1 个 IIS_IUSRS 组,我们不想要多个。所以这是在 运行 本地成功应用的配置(真正的配置从 Azure Automation 中提取信用,为简单起见在这里重用):
$cd = @{
AllNodes = @(
@{
NodeName = "*"
PSDscAllowPlainTextPassword = $True
PSDscAllowDomainUser = $True
},
@{
NodeName="localhost"
DC = (Get-Credential)
AppPoolId = (Get-Credential)
WebSites = @(
@{
Name = "app1"
WebsiteName = "app1.contoso.lcl"
AppPoolName = "app1.contoso.lcl"
DestinationFolder = "D:\Content\app1"
IsSecure = $false
HostHeaderName = "app1.contoso.lcl"
AppPoolIdentity = "App1AppPoolId"
},
@{
Name = "app2"
WebsiteName = "app2.contoso.lcl"
AppPoolName = "app2.contoso.lcl"
DestinationFolder = "D:\Content\app2"
IsSecure = $false
HostHeaderName = "app2.contoso.lcl"
AppPoolIdentity = "App2AppPoolId"
},
@{
Name = "app3"
WebsiteName = "app3.contoso.lcl"
AppPoolName = "app3.contoso.lcl"
DestinationFolder = "D:\Content\app3"
IsSecure = $false
HostHeaderName = "app3.contoso.lcl"
AppPoolIdentity = "App3AppPoolId"
}
)
}
)
}
Configuration LocalGroupTest
{
Node $AllNodes.NodeName
{
$Node.WebSites | foreach {
$currentSite = $_
Group "AppPoolIISUsers_AppPool$($currentSite.Name)"
{
GroupName = "IIS_IUSRS"
Credential = $Node.DC
Ensure = "Present"
MembersToInclude = @(($Node.AppPoolId).UserName)
}
}
}
}
Localgrouptest -ConfigurationData $cd -Verbose
Start-DscConfiguration -Path .\localgrouptest -Verbose -Wait -Force
以下是 DSC 引擎的结果:
-a---- 11/18/2016 6:26 PM 4496 localhost.mof
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer WEB01 with user sid S-1-5-21-3606597670-2021226393-1313626409-500.
VERBOSE: [WEB01]: LCM: [ Start Set ]
VERBOSE: [WEB01]: LCM: [ Start Resource ] [[Group]AppPoolIISUsers_AppPoolapp1]
VERBOSE: [WEB01]: LCM: [ Start Test ] [[Group]AppPoolIISUsers_AppPoolapp1]
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] A group with the name IIS_IUSRS exists.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] Resolving contoso\rmdeployer in the contoso domain.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] At least one member rmdeployer of the provided MembersToInclude parameter does not have a match in the existing group IIS_IUSRS.
VERBOSE: [WEB01]: LCM: [ End Test ] [[Group]AppPoolIISUsers_AppPoolapp1] in 8.1410 seconds.
VERBOSE: [WEB01]: LCM: [ Start Set ] [[Group]AppPoolIISUsers_AppPoolapp1]
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] Performing the operation "Set" on target "Group: IIS_IUSRS".
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] Resolving contoso\rmdeployer in the contoso domain.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] Group IIS_IUSRS properties updated successfully.
VERBOSE: [WEB01]: LCM: [ End Set ] [[Group]AppPoolIISUsers_AppPoolapp1] in 5.9270 seconds.
VERBOSE: [WEB01]: LCM: [ End Resource ] [[Group]AppPoolIISUsers_AppPoolapp1]
VERBOSE: [WEB01]: LCM: [ Start Resource ] [[Group]AppPoolIISUsers_AppPoolapp2]
VERBOSE: [WEB01]: LCM: [ Start Test ] [[Group]AppPoolIISUsers_AppPoolapp2]
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp2] A group with the name IIS_IUSRS exists.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp2] Resolving CONTOSO in the rmdeployer domain.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp2] Resolving contoso\rmdeployer in the contoso domain.
VERBOSE: [WEB01]: LCM: [ End Test ] [[Group]AppPoolIISUsers_AppPoolapp2] in 6.2480 seconds.
VERBOSE: [WEB01]: LCM: [ Skip Set ] [[Group]AppPoolIISUsers_AppPoolapp2]
VERBOSE: [WEB01]: LCM: [ End Resource ] [[Group]AppPoolIISUsers_AppPoolapp2]
VERBOSE: [WEB01]: LCM: [ Start Resource ] [[Group]AppPoolIISUsers_AppPoolapp3]
VERBOSE: [WEB01]: LCM: [ Start Test ] [[Group]AppPoolIISUsers_AppPoolapp3]
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp3] A group with the name IIS_IUSRS exists.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp3] Resolving CONTOSO in the rmdeployer domain.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp3] Resolving contoso\rmdeployer in the contoso domain.
VERBOSE: [WEB01]: LCM: [ End Test ] [[Group]AppPoolIISUsers_AppPoolapp3] in 6.2440 seconds.
VERBOSE: [WEB01]: LCM: [ Skip Set ] [[Group]AppPoolIISUsers_AppPoolapp3]
VERBOSE: [WEB01]: LCM: [ End Resource ] [[Group]AppPoolIISUsers_AppPoolapp3]
VERBOSE: [WEB01]: LCM: [ End Set ]
VERBOSE: [WEB01]: LCM: [ End Set ] in 26.6100 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 26.923 seconds
不管 Azure Automation DSC,这似乎都不是有效的 DSC 配置。如果 $Node.WebSites 中有多个网站对象,您最终会得到具有相同资源名称和键 (GroupName) 但不同值的多个 Group 资源。这在 DSC 中是不允许的。
运行这个:
$Node = @{
WebSites = @(@{AppPoolId="somePoolID1"}, @{AppPoolId="somePoolID2"})
}
Configuration abc {
$Node.WebSites | foreach {
$site = $_
$appPoolId = $site.AppPoolId
Group appPoolIISUsers
{
GroupName = "IIS_IUSRS"
Credential = $DomainCreds
Ensure = "Present"
MembersToInclude = $appPoolId
}
}
}
abc
产生这些错误:
PsDesiredStateConfiguration\Group : A duplicate resource identifier '[Group]appPoolIISUsers' was found while processing the
specification for node ''. Change the name of this resource so that it is unique within the node specification.
At line:9 char:8
+ Group appPoolIISUsers
+ ~~~~~
+ CategoryInfo : InvalidOperation: (:) [Write-Error], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : DuplicateResourceIdInNodeStatement,PsDesiredStateConfiguration\Group
Test-ConflictingResources : A conflict was detected between resources '[Group]appPoolIISUsers (::9::8::Group)' and
'[Group]appPoolIISUsers (::9::8::Group)' in node 'localhost'. Resources have identical key properties but there are differences
in the following non-key properties: 'MembersToInclude'. Values 'somePoolID1' don't match values 'somePoolID2'. Please update
these property values so that they are identical in both cases.
At line:246 char:9
+ Test-ConflictingResources $keywordName $canonicalizedValue $k ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Write-Error], InvalidOperationException
+ FullyQualifiedErrorId : ConflictingDuplicateResource,Test-ConflictingResources
Errors occurred while processing configuration 'abc'.
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:3588 char:5
+ throw $ErrorRecord
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (abc:String) [], InvalidOperationException
+ FullyQualifiedErrorId : FailToProcessConfiguration
你能试试看是否有效吗?它使每个组资源的名称和键唯一:
$Node.WebSites | foreach {
$site = $_
$appPoolId = $site.AppPoolId
Group ("appPoolIISUsers" + $appPoolId)
{
GroupName = ("IIS_IUSRS" + $appPoolId)
Credential = $DomainCreds
Ensure = "Present"
MembersToInclude = $appPoolId
}
}
根据更新的问题更新:
您在不使用唯一组名值的情况下在本地生成和应用的配置起作用的唯一原因是,即使您在资源实例之间重复使用相同的资源键 (GroupName=IIS_IUSRS),您想要的状态声明每个组应该完全相同——所有 3 个资源都将同一组设置为完全相同的状态。您的配置与执行此操作相同:
Configuration LocalGroupTest
{
Node $AllNodes.NodeName
{
Group "AppPoolIISUsers_AppPoolapp1"
{
GroupName = "IIS_IUSRS"
Credential = $Node.DC
Ensure = "Present"
MembersToInclude = @(($Node.AppPoolId).UserName)
}
Group "AppPoolIISUsers_AppPoolapp2"
{
GroupName = "IIS_IUSRS"
Credential = $Node.DC
Ensure = "Present"
MembersToInclude = @(($Node.AppPoolId).UserName)
}
Group "AppPoolIISUsers_AppPoolapp3"
{
GroupName = "IIS_IUSRS"
Credential = $Node.DC
Ensure = "Present"
MembersToInclude = @(($Node.AppPoolId).UserName)
}
}
}
如您所见,根本不需要 AppPoolIISUsers_AppPoolapp2 或 AppPoolIISUsers_AppPoolapp3 资源实例,因为它们在同一组上设置与 AppPoolIISUsers_AppPoolapp1 完全相同的状态 -- IIS_IUSRS.
您确定此样本声明的是您尝试声明的最终状态吗?我仍然认为您遇到问题的原因是因为您试图在配置中重用相同的资源实例名称 and/or 资源实例键 (GroupName),但其他资源实例字段具有不同的值(例如,MembersToInclude)。这是 DSC 设计不允许的,因为同一个资源实例(在本例中为 Group)不能处于多种状态,它只能处于一种状态。
使用 Azure Automation Pull DSC 服务我有一个生成多个 Group 资源的配置,以确保帐户是 IIS_IUSRS 组(应用程序池身份)的成员。这些组资源是通过循环编译时提供的 $ConfigurationData 内的数据生成的。这是每个网站完成的。例如:
$Node.WebSites | foreach {
$site = $_
$appPoolId = $site.AppPoolId
Group appPoolIISUsers
{
GroupName = "IIS_IUSRS"
Credential = $DomainCreds
Ensure = "Present"
MembersToInclude = $appPoolId
}
}
应用后,LCM 和 WMI 服务变得不稳定并产生多个错误 -- 特别是 DSC 引擎错误 28 和引擎错误 2147749939。
我可以应用相同的技术,如果在 PUSH 模式(相对于 Pull)下使用 Start-DSCConfiguration 在本地应用,则配置成功。我能够让 PULL 与 Azure Automation DSC 服务一起工作的唯一方法是将所有需要的成员收集到一个列表中并使用 1 Group Resource:
$iis_iusrs = ($appPoolIds | select -Unique)
Group "AppPoolIISUsers"
{
GroupName = "IIS_IUSRS"
Credential = $DomainCreds
Ensure = "Present"
MembersToInclude = $iis_iusrs
}
这是一个错误吗? Azure DSC 中的报告也很疯狂:
非常感谢任何想法或帮助。
2016 年 11 月 21 日更新:
这是我在本地生成并应用的配置,没有使用唯一的 groupname 值。机器上本地只有 1 个 IIS_IUSRS 组,我们不想要多个。所以这是在 运行 本地成功应用的配置(真正的配置从 Azure Automation 中提取信用,为简单起见在这里重用):
$cd = @{
AllNodes = @(
@{
NodeName = "*"
PSDscAllowPlainTextPassword = $True
PSDscAllowDomainUser = $True
},
@{
NodeName="localhost"
DC = (Get-Credential)
AppPoolId = (Get-Credential)
WebSites = @(
@{
Name = "app1"
WebsiteName = "app1.contoso.lcl"
AppPoolName = "app1.contoso.lcl"
DestinationFolder = "D:\Content\app1"
IsSecure = $false
HostHeaderName = "app1.contoso.lcl"
AppPoolIdentity = "App1AppPoolId"
},
@{
Name = "app2"
WebsiteName = "app2.contoso.lcl"
AppPoolName = "app2.contoso.lcl"
DestinationFolder = "D:\Content\app2"
IsSecure = $false
HostHeaderName = "app2.contoso.lcl"
AppPoolIdentity = "App2AppPoolId"
},
@{
Name = "app3"
WebsiteName = "app3.contoso.lcl"
AppPoolName = "app3.contoso.lcl"
DestinationFolder = "D:\Content\app3"
IsSecure = $false
HostHeaderName = "app3.contoso.lcl"
AppPoolIdentity = "App3AppPoolId"
}
)
}
)
}
Configuration LocalGroupTest
{
Node $AllNodes.NodeName
{
$Node.WebSites | foreach {
$currentSite = $_
Group "AppPoolIISUsers_AppPool$($currentSite.Name)"
{
GroupName = "IIS_IUSRS"
Credential = $Node.DC
Ensure = "Present"
MembersToInclude = @(($Node.AppPoolId).UserName)
}
}
}
}
Localgrouptest -ConfigurationData $cd -Verbose
Start-DscConfiguration -Path .\localgrouptest -Verbose -Wait -Force
以下是 DSC 引擎的结果:
-a---- 11/18/2016 6:26 PM 4496 localhost.mof
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer WEB01 with user sid S-1-5-21-3606597670-2021226393-1313626409-500.
VERBOSE: [WEB01]: LCM: [ Start Set ]
VERBOSE: [WEB01]: LCM: [ Start Resource ] [[Group]AppPoolIISUsers_AppPoolapp1]
VERBOSE: [WEB01]: LCM: [ Start Test ] [[Group]AppPoolIISUsers_AppPoolapp1]
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] A group with the name IIS_IUSRS exists.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] Resolving contoso\rmdeployer in the contoso domain.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] At least one member rmdeployer of the provided MembersToInclude parameter does not have a match in the existing group IIS_IUSRS.
VERBOSE: [WEB01]: LCM: [ End Test ] [[Group]AppPoolIISUsers_AppPoolapp1] in 8.1410 seconds.
VERBOSE: [WEB01]: LCM: [ Start Set ] [[Group]AppPoolIISUsers_AppPoolapp1]
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] Performing the operation "Set" on target "Group: IIS_IUSRS".
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] Resolving contoso\rmdeployer in the contoso domain.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp1] Group IIS_IUSRS properties updated successfully.
VERBOSE: [WEB01]: LCM: [ End Set ] [[Group]AppPoolIISUsers_AppPoolapp1] in 5.9270 seconds.
VERBOSE: [WEB01]: LCM: [ End Resource ] [[Group]AppPoolIISUsers_AppPoolapp1]
VERBOSE: [WEB01]: LCM: [ Start Resource ] [[Group]AppPoolIISUsers_AppPoolapp2]
VERBOSE: [WEB01]: LCM: [ Start Test ] [[Group]AppPoolIISUsers_AppPoolapp2]
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp2] A group with the name IIS_IUSRS exists.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp2] Resolving CONTOSO in the rmdeployer domain.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp2] Resolving contoso\rmdeployer in the contoso domain.
VERBOSE: [WEB01]: LCM: [ End Test ] [[Group]AppPoolIISUsers_AppPoolapp2] in 6.2480 seconds.
VERBOSE: [WEB01]: LCM: [ Skip Set ] [[Group]AppPoolIISUsers_AppPoolapp2]
VERBOSE: [WEB01]: LCM: [ End Resource ] [[Group]AppPoolIISUsers_AppPoolapp2]
VERBOSE: [WEB01]: LCM: [ Start Resource ] [[Group]AppPoolIISUsers_AppPoolapp3]
VERBOSE: [WEB01]: LCM: [ Start Test ] [[Group]AppPoolIISUsers_AppPoolapp3]
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp3] A group with the name IIS_IUSRS exists.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp3] Resolving CONTOSO in the rmdeployer domain.
VERBOSE: [WEB01]: [[Group]AppPoolIISUsers_AppPoolapp3] Resolving contoso\rmdeployer in the contoso domain.
VERBOSE: [WEB01]: LCM: [ End Test ] [[Group]AppPoolIISUsers_AppPoolapp3] in 6.2440 seconds.
VERBOSE: [WEB01]: LCM: [ Skip Set ] [[Group]AppPoolIISUsers_AppPoolapp3]
VERBOSE: [WEB01]: LCM: [ End Resource ] [[Group]AppPoolIISUsers_AppPoolapp3]
VERBOSE: [WEB01]: LCM: [ End Set ]
VERBOSE: [WEB01]: LCM: [ End Set ] in 26.6100 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 26.923 seconds
不管 Azure Automation DSC,这似乎都不是有效的 DSC 配置。如果 $Node.WebSites 中有多个网站对象,您最终会得到具有相同资源名称和键 (GroupName) 但不同值的多个 Group 资源。这在 DSC 中是不允许的。
运行这个:
$Node = @{
WebSites = @(@{AppPoolId="somePoolID1"}, @{AppPoolId="somePoolID2"})
}
Configuration abc {
$Node.WebSites | foreach {
$site = $_
$appPoolId = $site.AppPoolId
Group appPoolIISUsers
{
GroupName = "IIS_IUSRS"
Credential = $DomainCreds
Ensure = "Present"
MembersToInclude = $appPoolId
}
}
}
abc
产生这些错误:
PsDesiredStateConfiguration\Group : A duplicate resource identifier '[Group]appPoolIISUsers' was found while processing the
specification for node ''. Change the name of this resource so that it is unique within the node specification.
At line:9 char:8
+ Group appPoolIISUsers
+ ~~~~~
+ CategoryInfo : InvalidOperation: (:) [Write-Error], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : DuplicateResourceIdInNodeStatement,PsDesiredStateConfiguration\Group
Test-ConflictingResources : A conflict was detected between resources '[Group]appPoolIISUsers (::9::8::Group)' and
'[Group]appPoolIISUsers (::9::8::Group)' in node 'localhost'. Resources have identical key properties but there are differences
in the following non-key properties: 'MembersToInclude'. Values 'somePoolID1' don't match values 'somePoolID2'. Please update
these property values so that they are identical in both cases.
At line:246 char:9
+ Test-ConflictingResources $keywordName $canonicalizedValue $k ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Write-Error], InvalidOperationException
+ FullyQualifiedErrorId : ConflictingDuplicateResource,Test-ConflictingResources
Errors occurred while processing configuration 'abc'.
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:3588 char:5
+ throw $ErrorRecord
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (abc:String) [], InvalidOperationException
+ FullyQualifiedErrorId : FailToProcessConfiguration
你能试试看是否有效吗?它使每个组资源的名称和键唯一:
$Node.WebSites | foreach {
$site = $_
$appPoolId = $site.AppPoolId
Group ("appPoolIISUsers" + $appPoolId)
{
GroupName = ("IIS_IUSRS" + $appPoolId)
Credential = $DomainCreds
Ensure = "Present"
MembersToInclude = $appPoolId
}
}
根据更新的问题更新:
您在不使用唯一组名值的情况下在本地生成和应用的配置起作用的唯一原因是,即使您在资源实例之间重复使用相同的资源键 (GroupName=IIS_IUSRS),您想要的状态声明每个组应该完全相同——所有 3 个资源都将同一组设置为完全相同的状态。您的配置与执行此操作相同:
Configuration LocalGroupTest
{
Node $AllNodes.NodeName
{
Group "AppPoolIISUsers_AppPoolapp1"
{
GroupName = "IIS_IUSRS"
Credential = $Node.DC
Ensure = "Present"
MembersToInclude = @(($Node.AppPoolId).UserName)
}
Group "AppPoolIISUsers_AppPoolapp2"
{
GroupName = "IIS_IUSRS"
Credential = $Node.DC
Ensure = "Present"
MembersToInclude = @(($Node.AppPoolId).UserName)
}
Group "AppPoolIISUsers_AppPoolapp3"
{
GroupName = "IIS_IUSRS"
Credential = $Node.DC
Ensure = "Present"
MembersToInclude = @(($Node.AppPoolId).UserName)
}
}
}
如您所见,根本不需要 AppPoolIISUsers_AppPoolapp2 或 AppPoolIISUsers_AppPoolapp3 资源实例,因为它们在同一组上设置与 AppPoolIISUsers_AppPoolapp1 完全相同的状态 -- IIS_IUSRS.
您确定此样本声明的是您尝试声明的最终状态吗?我仍然认为您遇到问题的原因是因为您试图在配置中重用相同的资源实例名称 and/or 资源实例键 (GroupName),但其他资源实例字段具有不同的值(例如,MembersToInclude)。这是 DSC 设计不允许的,因为同一个资源实例(在本例中为 Group)不能处于多种状态,它只能处于一种状态。