前面的5个章节做了很多的铺垫,包括Powershell DSC是什么? 能干什么? 其包含了推模式(push)和拉模式(Pull)。 而且笔者也描述了PowerShell DSC的配置文件(Configuration)如何编写,其遵循什么样的格式规范,紧接着,有普及了一下如何安装最新的扩展的DSC的resource,并以xChrome为例子,紧接着,有分享了如何使用Powershell DSC提供的一些常规的命令,并在第5节分享了如何把一个后缀为ps1的Powershell的配置文件,生成一个和平台无关中立的MOF文件,就此,对Pull模式的所有的基本理论知识都已经涉及了,因此在本章,笔者分享一下,如何安装最新的PowerShell DSC 5.1 Pull Server?
(1) 配置Hosts文件
192.168.0.8 pserver51w2k12 pserver51w2k12.example.com
假设Pull Server的IP地址为192.168.0.8,操作系统为Window Server 2012 R2 64 bit,计算机名为pserver51w2k12,所属的域名为example.com,具体如何配置,请见下图。
(2) 安装最新的Window Management Framework 5.1
https://msdn.microsoft.com/en-us/powershell/wmf/5.1/release-notes
可以到下面的地址去下载最新的版本Name Value
---- -----
PSVersion 5.1.14409.1005
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14409.1005
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
(3) 安装.NET 4.6 framework
(4) 生成本机的自签名证书
Directory: Microsoft.PowerShell.Security\Certificate
Thumbprint Subject
---------- -------
22BDBE547E25ACF84DA3B4F74726EBB0095B1499 CN=localhost
PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my
Thumbprint Subject
---------- -------
22BDBE547E25ACF84DA3B4F74726EBB0095B1499 CN=localhost
D43DE7B84129AC77362F58A7A71C903476B7F321 CN=pserver51w2k12.example.com
具体配置步骤,请参考这篇文章。
请记住上面的Thumbprint,在第5步将会用到。
下面这篇文章是介绍如何用Powershell操作SSL证书的好文章,推荐一下!!!
https://blogs.technet.microsoft.com/scotts-it-blog/2014/12/30/working-with-certificates-in-powershell/
(5)安装最新的xPSDesiredStateConfiguration 模块(Module)
Install-Module -Name xPSDesiredStateConfiguration
(6) 编写安装Pull Server的DSC Configuration并生成MOF文件
[guid]::newGuid()
' 或者'
New-Guid
' 命令,生成一个UUID的字符串,笔者机器上生成的为:
{
param
(
[string[]]$NodeName = 'localhost',
[ValidateNotNullOrEmpty()]
[string] $certificateThumbPrint,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string] $RegistrationKey
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DSCResource –ModuleName PSDesiredStateConfiguration
Node $NodeName
{
WindowsFeature DSCServiceFeature
{
Ensure = 'Present'
Name = 'DSC-Service'
}
xDscWebService PSDSCPullServer
{
Ensure = 'Present'
EndpointName = 'PSDSCPullServer'
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
CertificateThumbPrint = $certificateThumbPrint
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = 'Started'
DependsOn = '[WindowsFeature]DSCServiceFeature'
UseSecurityBestPractices = $false
}
File RegistrationKeyFile
{
Ensure = 'Present'
Type = 'File'
DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
Contents = $RegistrationKey
}
}
}
InstallxDsc5PullServer -certificateThumbprint ' D43DE7B84129AC77362F58A7A71C903476B7F321' -RegistrationKey ' 589303f2-482e-478e-97cb-b1a278f07458' -OutputPath c:\DSC\PullServer
Directory: C:\DSC\PullServer
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/23/2017 3:47 PM 4624 localhost.mof
(7) 使用Push模式在本机执行上面的MOF文件
PS C:\DSC> Start-DscConfiguration -Force -Path c:\DSC\PullServer -Wait -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSC
LocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer PULLSERVERWMF51 with user sid S-1-5-21-1131894122-898430752-3737586035-1002.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Test ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started:
DSC-Service
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeede
d: DSC-Service
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Test ] [[WindowsFeature]DSCServiceFeature] in 1.2030 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Installation started...
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Continue with installation?
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Prerequisite processing started...
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Prerequisite processing succeeded.
WARNING: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Windows automatic updating is not enabled.
To ensure that your newly-installed role or feature is automatically updated, turn on Windows Update.
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Installation succeeded.
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Successfully installed the feature DSC-Serv
ice.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] [[WindowsFeature]DSCServiceFeature] in 89.8280 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Resource ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Test ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Check Ensure
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] The Website PSDSCPullServer is not present
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Test ] [[xDSCWebService]PSDSCPullServer] in 1.5620 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Create the IIS endpoint
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Setting up endpoint at - https://PULLSERVERWM
F51:8080/PSDSCPullServer.svc
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Verify that the certificate with the provided
thumbprint exists in CERT:\LocalMachine\MY\
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Checking IIS requirements
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Delete the App Pool if it exists
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Remove the site if it already exists
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Create the bin folder for deploying custom de
pendent binaries required by the endpoint
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Adding App Pool
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Set App Pool Properties
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Add and Set Site Properties
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] p11
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Enabling firewall exception for port 8080
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Disable Inbound Firewall Notification
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Add Firewall Rule for port 8080
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Set values into the web.config that define th
e repository for BLUE OS
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Pull Server: Set values into the web.config t
hat indicate the location of repository, configuration, modules
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] [[xDSCWebService]PSDSCPullServer] in 3.3910 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Resource ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Resource ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Test ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The system cannot find the file specified.
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The related file/directory is: C:\Program Files\Win
dowsPowerShell\DscService\RegistrationKeys.txt.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Test ] [[File]RegistrationKeyFile] in 0.0310 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The system cannot find the file specified.
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The related file/directory is: C:\Program Files\Win
dowsPowerShell\DscService\RegistrationKeys.txt.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] [[File]RegistrationKeyFile] in 0.0160 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Resource ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ]
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] in 97.2500 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 97.684 seconds