[14] DevOps 自动化运维工具Chef----如何用Chef调用PowerShell DSC的Resource

最新推荐文章于 2018-07-02 14:12:46 发布

置顶大象无形，大音希声

最新推荐文章于 2018-07-02 14:12:46 发布

阅读量2.6k

点赞数 1

分类专栏： # 1.2 大话Chef 文章标签： Chef DSC Ruby PowerShell 集成

本文链接：https://blog.csdn.net/chancein007/article/details/73264931

版权

1.2 大话Chef 专栏收录该内容

16 篇文章 6 订阅

订阅专栏

上一个章节讲述了如何用Chef-apply运行本地的一个chef的菜谱，这节笔者主要与大家分享如何把Chef和PowerShell DSC集成起来；我们知道，PowerShell在管理WIndow的机器有着得天独厚的优势，比如，

执行速度快，
能够方便的把Window操作系统中的cmdlet，WMI,.NET,COM,EXE等无缝集成起来
PowerShell天生就是用来把Window各种API粘合起来的

所以在一个大型企业系统里，既有Window也有Linux的时候，特别是不少Window的机器的时候，Chef集成PowerShell DSC就是一个不错的折中方案。或者企业想把以前用PowerShell DSC管理的机器，也能被Chef管理的时候，那么这个时候Chef集成PowerShell DSC的功能就显得弥足珍贵了。关于PowerShell DSC的应用和介绍，请大家参考我这个专栏。那么该如何用Chef把PowerShell DSC集成起来呢？方案有很多，现在咱们就一一过一下吧。

利用dsc_resource来调用DSC的资源(Resource)

现在咱们就说一个最简单的，那就是利用Chef提供的dsc_resource来支持对PowerShell DSC的调用。

@ 首先来看一个简单的例子，用一个PowerShell DSC生成一个文件，DSC的Resource配置如下：

 File chefInvokeDSCToGenerateFile{
    Ensure="Present";
    Contents="I like chef and PowerShell DSC";
    DestinationPath="$SqlScriptsFolder\Get-RunSQLScript.sql"
}

@ 那么如何把上面的DSC Resource转换成一个Chef可以识别的Chef 配方（Receipt）呢？很简单，假设我们在c:\chef文件夹下，新建一个名字为

chefInvokeDSCToGenerateFile.rb的ruby文件，在里面输入下面的内容。

dsc_resource 'chefInvokeDSCToGenerateFile' do
 resource :File
 property :Ensure,"Present"
 property :Contents,"I like chef and PowerShell DSC"
 property :DestinationPath,"c:/chef/1.txt"
end

@ 上面的chefInvokeDSCToGenerateFile.rb生成后，在window的cmd窗口调用下面的命令。

C:\chef>chef-client --local-mode .\chefInvokeDSCToGenerateFile.rb

恭喜你，运行成功了。请看下面的执行结果。

C:\chef>chef-client --local-mode .\chefInvokeDSCToGenerateFile.rb
[2017-06-15T00:01:15+08:00] WARN: No config file found or specified on command l
ine, using command line options.
Starting Chef Client, version 12.13.37
resolving cookbooks for run list: []
Synchronizing Cookbooks:
Installing Cookbook Gems:
Compiling Cookbooks...
[2017-06-15T00:01:28+08:00] WARN: Node dsc-chef has
 an empty run list.
Converging 1 resources
Recipe: @recipe_files::C:/chef/chefInvokeDSCToGenerateFile.rb
  * dsc_resource[generateGet-RunSQLScript] action run
    - Perform operation 'Invoke CimMethod' with following parameters, ''methodNa
me'
    = Resourcetest,'className' = MSFT_DSCLocalConfigurationManager,'namespaceNam
e'
    = root/Microsoft/Windows/DesiredStateConfiguration'.
    An LCM method call arrived from computer dsc-chef with user sid
    S-1-5-21-1801674531-602162358-2146502713-16690.
    [dsc-chef]: LCM:  [ Start  Test     ]  [[File]DirectResourceAccess]
    [dsc-chef]:                            [[File]DirectResourceAccess] The

    system cannot find the file specified.
    [dsc-chef]:                            [[File]DirectResourceAccess] The

    related file/directory is: c:/chef/1.txt.
    [dsc-chef]: LCM:  [ End    Test     ]  [[File]DirectResourceAccess] Fal
se
    in 0.0200 seconds.
    [dsc-chef]: LCM:  [ End    Set      ]    in  0.0300 seconds.
    Operation 'Invoke CimMethod' complete.
    Time taken for configuration job to complete is 0.298 seconds

    Perform operation 'Invoke CimMethod' with following parameters, ''methodName
'
    = Resourceset,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName
'
    = root/Microsoft/Windows/DesiredStateConfiguration'.
    An LCM method call arrived from computer dsc-chef with user sid
    S-1-5-21-1801674531-602162358-2146502713-16690.
    [dsc-chef]: LCM:  [ Start  Set      ]  [[File]DirectResourceAccess]
    [dsc-chef]:                            [[File]DirectResourceAccess] The

    system cannot find the file specified.
    [dsc-chef]:                            [[File]DirectResourceAccess] The

    related file/directory is: c:/chef/1.txt.
    [dsc-chef]: LCM:  [ End    Set      ]  [[File]DirectResourceAccess]  in

    0.0000 seconds.
    [dsc-chef]: LCM:  [ End    Set      ]    in  0.0100 seconds.
    Operation 'Invoke CimMethod' complete.
    Time taken for configuration job to complete is 0.145 seconds


Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 17 seconds

C:\chef>

从上面的执行结果看，其实其本质上调用的还是PowerShell的DSC。

利用Chef的dsc_script来调用PowerShell DSC的资源

Chef除了提供dsc_resource这个配方（receipt）来调用PowerShell DSC的DSC资源之外，还提供了更为方便的方法，那就是用户可以使用dsc_script 直接在Chef的配方里面直接什么PowerShell DSC的需要达到的预期的状态。下面以用PowerShell DSC创建一个用户为例子。其Chef的配方的代码如下：

dsc_script 'BackupUser' do
  code <<-EOH
    $user = 'backup3'
    $password = ConvertTo-SecureString -String "YourPass$(random)" -AsPlainText -Force
    $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user, $password

   User $user
     {
       UserName = $user
       Password = $cred
       Description = 'Backup operator'
       Ensure = "Present"
       Disabled = $false
       PasswordNeverExpires = $true
       PasswordChangeRequired = $false
     }
   EOH

  configuration_data <<-EOH
    @{
      AllNodes = @(
          @{
          NodeName = "localhost";
          PSDscAllowPlainTextPassword = $true
          })
      }
    EOH
end

运行的结果如下：

C:\chef>chef-client --local-mode chefInvokeDSCScript.rb
[2017-06-19T11:18:58+08:00] WARN: No config file found or specified on command l
ine, using command line options.
Starting Chef Client, version 12.13.37
resolving cookbooks for run list: []
Synchronizing Cookbooks:
Installing Cookbook Gems:
Compiling Cookbooks...
[2017-06-19T11:20:08+08:00] WARN: Node has
 an empty run list.
Converging 1 resources
Recipe: @recipe_files::C:/chef/chefInvokeDSCScript.rb
  * dsc_script[BackupUser] action run[2017-06-19T11:20:10+08:00] WARN: Could not parse LCM output: Could not parse:
WARNING: Whatif is deprecated in this cmdlet. Please remove Whatif and try
again.

    - converge DSC configuration 'BackupUser'
    - converge DSC resource Unknown DSC Resources by

Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 01 minutes 21 seconds

C:\chef>

使用PowerShell的get-localUser命令查看，可以看到backup3用户已经创建成功。