[6] Window PowerShell DSC 學習系列----如何安裝最新的PowerShell DSC 5.1 Pull Server?
阿新 • • 發佈:2019-01-29
前面的5個章節做了很多的鋪墊,包括Powershell DSC是什麼? 能幹什麼? 其包含了推模式(push)和拉模式(Pull)。 而且筆者也描述了PowerShell DSC的配置檔案(Configuration)如何編寫,其遵循什麼樣的格式規範,緊接著,有普及了一下如何安裝最新的擴充套件的DSC的resource,並以xChrome為例子,緊接著,有分享瞭如何使用Powershell DSC提供的一些常規的命令,並在第5節分享瞭如何把一個字尾為ps1的Powershell的配置檔案,生成一個和平臺無關中立的MOF檔案,就此,對Pull模式的所有的基本理論知識都已經涉及了,因此在本章,筆者分享一下,如何安裝最新的PowerShell DSC 5.1 Pull Server?
(1) 配置Hosts檔案
192.168.0.8 pserver51w2k12 pserver51w2k12.example.com
假設Pull Server的IP地址為192.168.0.8,作業系統為Window Server 2012 R2 64 bit,計算機名為pserver51w2k12,所屬的域名為example.com,具體如何配置,請見下圖。
(2) 安裝最新的Window Management Framework 5.1
最新的Window Management Frame work 5.1 釋出於2017年1月19日。具體請見https://blogs.msdn.microsoft.com/powershell/2017/01/19/windows-management-framework-wmf-5-1-released/ 其release node如下: https://www.microsoft.com/en-us/download/details.aspx?id=54616根據讀者自己的作業系統,下載不同的安裝包。筆者下載的是用紅線畫出來的,因為筆者的作業系統是Window 2012 R2
請在Powershell 控制檯,執行$PSVersionTable,檢視最新的Window Management Framework版本。 PS C:\DSC> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.14409.1005
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14409.1005
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
如上面所示意,最新的版本是PSVersion 5.1.14409.1005,這就對了。
(3) 安裝.NET 4.6 framework
根據Window Management Framework 5.1 的release note,Window Management Framework是基於.NET 4.6 的framework。 如果電腦上沒有裝.NET 4.6,安裝Window Management Framework 5.1 不會出錯,但是執行的時候會有問題。 請到https://www.microsoft.com/en-us/download/details.aspx?id=48137 這個地址下載離線安裝版本的.NET 4.6(4) 生成本機的自簽名證書
因為筆者需要配置一個基於https協議的Pull 伺服器,開啟PowerShell DSC,執行下面的命令, dir Cert:\LocalMachine\myDirectory: Microsoft.PowerShell.Security\Certificate
Thumbprint Subject
---------- -------
22BDBE547E25ACF84DA3B4F74726EBB0095B1499 CN=localhost
從上面的輸出看出,筆者本機沒有對pserver51w2k12.example.com伺服器的自簽名的證書,因此藉助於Powershell的New-SelfSignedCertifcate 命令,自動生成一個自簽名的伺服器證書。
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname pserver51w2k12.example.com
生成之後,在執行,dir Cert:\LocalMachine\my 發現一個以pserver51w2k12.example.com為證書DN的自簽名證書已經生成。 PS C:\DSC> dir Cert:\LocalMachine\my
PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my
Thumbprint Subject
---------- -------
22BDBE547E25ACF84DA3B4F74726EBB0095B1499 CN=localhost
D43DE7B84129AC77362F58A7A71C903476B7F321 CN=pserver51w2k12.example.com
請記住上面的Thumbprint,在第5步將會用到。
下面這篇文章是介紹如何用Powershell操作SSL證書的好文章,推薦一下!!!
https://blogs.technet.microsoft.com/scotts-it-blog/2014/12/30/working-with-certificates-in-powershell/
(5)安裝最新的xPSDesiredStateConfiguration 模組(Module)
因為預設安裝完Window Management Framework 5.1 後,最新的xPSDesiredStateConfiguration 5.1.0 模組,預設情況下並沒有安裝。 需要使用下面的命令先安裝xPSDesiredStateConfigurationInstall-Module -Name xPSDesiredStateConfiguration 具體資訊,請參考筆者的前面寫的一篇文章.
(6) 編寫安裝Pull Server的DSC Configuration並生成MOF檔案
首先在Powershell控制檯使用'[guid]::newGuid()
'
或者'New-Guid
'
命令,生成一個UUID的字串,筆者機器上生成的為:
589303f2-482e-478e-97cb-b1a278f07458,這個UUID非常的重要,是一個註冊的Key,在接下來的Powershell Pull Server的安裝配置指令碼中,將作為RegistrationKey的引數使用。好了,直接把InstallxDsc5PullServer.ps1的配置指令碼貼出來。從下面的配置檔案可以看出,安裝的Pull Server,使用的是DSC 模組中的xPSDesiredStateConfiguration的xDscWebService resource去自動配置Pull 伺服器。 configuration InstallxDsc5PullServer
{
param
(
[string[]]$NodeName = 'localhost',
[ValidateNotNullOrEmpty()]
[string] $certificateThumbPrint,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string] $RegistrationKey
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DSCResource –ModuleName PSDesiredStateConfiguration
Node $NodeName
{
WindowsFeature DSCServiceFeature
{
Ensure = 'Present'
Name = 'DSC-Service'
}
xDscWebService PSDSCPullServer
{
Ensure = 'Present'
EndpointName = 'PSDSCPullServer'
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
CertificateThumbPrint = $certificateThumbPrint
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = 'Started'
DependsOn = '[WindowsFeature]DSCServiceFeature'
UseSecurityBestPractices = $false
}
File RegistrationKeyFile
{
Ensure = 'Present'
Type = 'File'
DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
Contents = $RegistrationKey
}
}
}
InstallxDsc5PullServer -certificateThumbprint 'D43DE7B84129AC77362F58A7A71C903476B7F321' -RegistrationKey '589303f2-482e-478e-97cb-b1a278f07458' -OutputPath c:\DSC\PullServer
注意上面檔案最後2行的certificateThumbprint和RegistrationKey引數值,certificateThumbprint是我們在第4步生成的自簽名的證書的指紋;而RegistrationKey的值是在本步驟開頭生成的一個任意的隨機的UUID。 假設InstallxDsc5PullServer.ps1這個檔案儲存在c:\DSC 目錄下,以管理員身份開啟Powershell的控制檯,並切換到c:\DSC 目錄下,執行下面的命令,將會生成一個MOF檔案. PS C:\DSC> .\InstallxDsc5PullServer.ps1
Directory: C:\DSC\PullServer
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/23/2017 3:47 PM 4624 localhost.mof
注意:在DSC 5.x的版本中,Pull伺服器和Report伺服器是裝在一起的,沒有單獨的DSC compliance伺服器。
(7) 使用Push模式在本機執行上面的MOF檔案
預設情況,安裝Window Management Framework 5.1 之後,其本機的推模式(Push)模式是自動開啟的。以管理員的身份在PowerShell終端執行下面的命令。Start-DscConfiguration -Path c:\DSC\PullServer -Wait -Verbose 具體輸出資訊如下:PS C:\DSC> Start-DscConfiguration -Force -Path c:\DSC\PullServer -Wait -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSC
LocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer PULLSERVERWMF51 with user sid S-1-5-21-1131894122-898430752-3737586035-1002.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Test ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started:
DSC-Service
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeede
d: DSC-Service
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Test ] [[WindowsFeature]DSCServiceFeature] in 1.2030 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Installation started...
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Continue with installation?
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Prerequisite processing started...
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Prerequisite processing succeeded.
WARNING: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Windows automatic updating is not enabled.
To ensure that your newly-installed role or feature is automatically updated, turn on Windows Update.
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Installation succeeded.
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Successfully installed the feature DSC-Serv
ice.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] [[WindowsFeature]DSCServiceFeature] in 89.8280 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Resource ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Test ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Check Ensure
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] The Website PSDSCPullServer is not present
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Test ] [[xDSCWebService]PSDSCPullServer] in 1.5620 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Create the IIS endpoint
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Setting up endpoint at - https://PULLSERVERWM
F51:8080/PSDSCPullServer.svc
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Verify that the certificate with the provided
thumbprint exists in CERT:\LocalMachine\MY\
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Checking IIS requirements
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Delete the App Pool if it exists
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Remove the site if it already exists
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Create the bin folder for deploying custom de
pendent binaries required by the endpoint
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Adding App Pool
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Set App Pool Properties
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Add and Set Site Properties
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] p11
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Enabling firewall exception for port 8080
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Disable Inbound Firewall Notification
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Add Firewall Rule for port 8080
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Set values into the web.config that define th
e repository for BLUE OS
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Pull Server: Set values into the web.config t
hat indicate the location of repository, configuration, modules
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] [[xDSCWebService]PSDSCPullServer] in 3.3910 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Resource ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Resource ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Test ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The system cannot find the file specified.
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The related file/directory is: C:\Program Files\Win
dowsPowerShell\DscService\RegistrationKeys.txt.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Test ] [[File]RegistrationKeyFile] in 0.0310 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The system cannot find the file specified.
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The related file/directory is: C:\Program Files\Win
dowsPowerShell\DscService\RegistrationKeys.txt.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] [[File]RegistrationKeyFile] in 0.0160 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Resource ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ]
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] in 97.2500 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 97.684 seconds 安裝完後,其RegistrationKeys.txt檔案就會在下面這個目錄下 C:\Program Files\WindowsPowerShell\DscService 另外,系統的資料庫(預設情況下用的是edb)也會在這個目錄下。
(8) 開啟瀏覽器,確認其是否安裝成功
開啟瀏覽,輸入https://pserver51w2k12.example.com:8080/PSDSCPullServer.svc/ 如下圖所示意,恭喜你,安裝成功!!!結論
終於安裝完了PowerShell DSC的Pull伺服器,且是基於HTTPS協議的去訪問的,下一節,筆者將會和大家一起探索如何安裝PowerShell的report 伺服器。敬請期待。。。。。。參考文獻: https://msdn.microsoft.com/en-us/powershell/dsc/pullserver
http://windowsitpro.com/blog/creating-self-signed-certificates-powershell
http://woshub.com/how-to-create-self-signed-certificate-with-powershell/