Execution Policy Problem with Start-DSCore


#1

Hi, I’m currently trying to package a ASP.NET application that relies on IIS configurations, for which I’ve tried following the guide, however I seem to encounter a execution policy error when trying to run the package:

2018-09-21 11:00:21,370 - hab-sup(AG): The sirajrauff/net_project service was successfully loaded
2018-09-21 11:00:24,371 - hab-sup(MR): Starting sirajrauff/net_project
2018-09-21 11:00:24,433 - net_project.default(HK): init, compiled to C:\hab\svc\net_project\hooks\
init
2018-09-21 11:00:24,434 - net_project.default(HK): Hooks compiled
2018-09-21 11:00:24,436 - net_project.default(SR): Hooks recompiled
2018-09-21 11:00:24,437 - default(CF): Updated website.ps1 6e78b5c31c17f0b9d0a1bf0d437df9177a191b998
83f22864daceac4ca69bd3b
2018-09-21 11:00:24,443 - net_project.default(SR): Configuration recompiled
2018-09-21 11:00:24,444 - net_project.default(SR): Initializing
2018-09-21 11:00:25,201 - net_project.default(SV): Starting service as user=5456d3dcb403$, group=<a
nonymous>
2018-09-21 11:00:25,987 - net_project.default(O): Setting Execution Policy to Unrestricted...
2018-09-21 11:00:26,042 - net_project.default(O): Checking if WinRM is Running...
2018-09-21 11:00:27,139 - net_project.default(O): Checking for nuget package provider...
2018-09-21 11:00:31,465 - net_project.default(O): Checking for xWebAdministration PS module...
2018-09-21 11:00:31,513 - net_project.default(O): Compiling DSC mof for net_project ...
2018-09-21 11:00:34,981 - net_project.default(O): Waiting for _hab_dsc_core lock...
2018-09-21 11:00:34,986 - net_project.default(O): Obtained lock for _hab_dsc_core
2018-09-21 11:00:37,360 - net_project.default(O): Applying DSC configuration for C:\hab\svc\eG_Prer
ender\config\website.ps1 ...
2018-09-21 11:00:40,645 - net_project.default(O): Released lock for _hab_dsc_core
2018-09-21 11:00:40,790 - net_project.default(E): Invoke-CimMethod : Importing module MSFT_xWebAppP
ool failed with error - File C:\Program Files\WindowsPowerShell\Modules\xWebAdministration\2.2.0.0\D
scResources\MSFT_xWebAppPool\MSFT_xWebAppPool.psm1 cannot be loaded because running scripts is disab
led on this system. For more information, see about_Execution_Policies at https:/go.microsoft.com/fw
link/?LinkID=135170.
2018-09-21 11:00:40,791 - net_project.default(E): At C:\hab\pkgs\core\dsc-core\0.2.1\20180919112142
\Modules\DscCore\DSCCore.psm1:48 char:17
2018-09-21 11:00:40,791 - net_project.default(E): +                 Invoke-CimMethod    -ComputerNa
me localhost `
2018-09-21 11:00:40,791 - net_project.default(E): +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~
2018-09-21 11:00:40,791 - net_project.default(E): + CategoryInfo          : InvalidOperation: (root
/Microsoft/...gurationManager:String) [Invoke-CimMethod], CimException
2018-09-21 11:00:40,791 - net_project.default(E): + FullyQualifiedErrorId : ImportModuleFailed,Micr
osoft.Management.Infrastructure.CimCmdlets.InvokeCimMethodCommand
2018-09-21 11:00:40,791 - net_project.default(E): + PSComputerName        : localhost
2018-09-21 11:00:40,791 - net_project.default(E):
2018-09-21 11:00:40,829 - hab-launch(SV): Child for service 'net_project.default' with PID 5484 exi
ted with code exit code: 1

I have attempted to set the execution policy for all possible Scopes to all possible values, including Unrestricted with no luck. I’m not very familiar with how the Invoke-CimMethod determines the execution policy, but I have been following the guide almost exactly.

website.ps1:

Configuration net_project
{
    Import-DscResource -Module xWebAdministration
    Node 'localhost' {
        WindowsFeature ASP
        {
            Ensure = "Present"
            Name   = "Web-Asp-Net45"
        }

        xWebAppPool {{cfg.pool_name}}
        {
            Name   = "{{cfg.pool_name}}"
            Ensure = "Present"
            State  = "Started"
        }
 
        xWebsite {{cfg.site_name}}
        {
            Ensure          = "Present"
            Name            = "{{cfg.site_name}}"
            State           = "Started"
            PhysicalPath    = Resolve-Path "{{pkg.svc_path}}"
            ApplicationPool = "{{cfg.app_pool}}"
            BindingInfo = @(
                {{#each cfg.sites as |site| ~}}
                MSFT_xWebBindingInformation
                {
                    Protocol  = "http"
                    Port      = {{site.port}}
                    Hostname  = "{{site.host}}"
                    IPAddress = "*"
                }
                {{/each ~}}
            )
        }
 
        xWebApplication {{cfg.app_name}}
        {
            Name = "{{cfg.app_name}}"
            Website = "{{cfg.site_name}}"
            WebAppPool =  "{{cfg.pool_name}}"
            PhysicalPath = Resolve-Path "{{pkg.svc_var_path}}"
            Ensure = "Present"
        }
    }
}

Note: I have tried this process with only a single MSFT_xWebBindingInformation and it makes no difference.

Run hook:

# The Powershell Progress stream can sometimes interfere
# with the Supervisor output. Its non critical so turn it off
$ProgressPreference="SilentlyContinue"

Write-Host "Checking if WinRM is Running..."
if ((Get-Service winrm).Status -ne "Running") {
    Write-Host "Starting WinRM..."
    Enable-PSRemoting
}
 
# We need to install the xWebAdministration DSC resource.
# Habitat runs its hooks inside of Powershell Core but DSC
# configurations are applied in a hosted WMI process by
# Windows Powershell. In order for Windows Powershell to locate
# the installed resource, it must be installed using Windows
# Powershell instead of Powershell Core. We can use Invoke-Command
# and point to localhost to "remote" from Powershell Core to
# Windows Powershell.
Invoke-Command -ComputerName 'localhost' -EnableNetworkAccess {
    $ProgressPreference="SilentlyContinue"
    Write-Host "Checking for nuget package provider..."
    if(!(Get-PackageProvider -Name nuget -ErrorAction SilentlyContinue -ListAvailable)) {
        Write-Host "Installing Nuget provider..."
        Install-PackageProvider -Name NuGet -Force | Out-Null
    }
    Write-Host "Checking for xWebAdministration PS module..."
    if(!(Get-Module xWebAdministration -ListAvailable)) {
        Write-Host "Installing xWebAdministration PS Module..."
        Install-Module xWebAdministration -Force | Out-Null
    }
}
 
# Leverage the Powershell Module in the dsc-core package
# that makes applying DSC configurations in Powershell
# Core simple.
Import-Module "{{pkgPathFor "core/dsc-core"}}/Modules/DscCore"
Start-DscCore (Join-Path {{pkg.svc_config_path}} website.ps1) net_project
 
# The run hook must run indefinitely or else the Supervisor
# will think the service has terminated and will loop
# trying to restart it. The above DSC apply starts our
# application in IIS. We will continuously poll our app
# and cleanly shut down only if the application stops
# responding or if the Habitat service is stopped or
# unloaded.
try {
    Write-Host "{{pkg.name}} is running"
    $running = $true
    while($running) {
        Start-Sleep -Seconds 1
        $resp = Invoke-WebRequest "http://localhost:{{cfg.port}}/{{cfg.app_name}}" -Method Head
        if($resp.StatusCode -ne 200) { $running = $false }
    }
}
catch {
    Write-Host "{{pkg.name}} HEAD check failed"
}
finally {
    # Add any cleanup here which will run after supervisor stops the service
    Write-Host "{{pkg.name}} is stopping..."
    ."$env:SystemRoot\System32\inetsrv\AppCmd.exe" stop apppool "{{cfg.app_pool}}"
    ."$env:SystemRoot\System32\inetsrv\AppCmd.exe" stop site "{{cfg.site_name}}"
    Write-Host "{{pkg.name}} has stopped"
}

I’m running this using hab version 0.63.0 on Windows Server Insider Preview 17744 with a studio built using the instructions in habitat\components\studio to make use of the corresponding windowsservercore image.

Any help would be appreciated.


#2

Are you entering a local or dockerized studio? I am assuming if you are trying to take advantage of the windowsservercore image, you want a docker studio and you are simply running hab studio enter. However, I would be very surprised if you are seeing this on the container image. So if you are entering a local studio, I would expect running Set-ExecutionPolicy RemoteSigned -Scope LocalMachine –Force outside of the studio would resolve this.


#3

Unfortunately, I am in fact entering the docker studio and have checked the execution policy in the study, which is set to Bypass, and I’ve also logged it during the run hook which returns RemoteSigned.


#4

I’d be curious if you have any issue running hab svc load mwrock/hab-sln which also uses that module. If that runs ok (as it does in my docker host, it may be a package issue and then we can look at your hooks for some clues.


#5

So running mwrock/hab-sln threw a massive amount of errors for me. As a sanity check however, I instantiated a new 1803 instance and it ran just fine.

Running my original application on the 1803 server now gives me a different error (related to my website.ps1 config). It looks like this is not a bug with dsc-core, rather this may be related to a change in the new Windows build or even possibly a configuration issue on this particular instance.

I’m going to look deeper into this but for now I wanted to reply so if anybody else has the same problem they know to stick to the semi-annual channel.


#6

Thanks for reporting back!