在上一节,[6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?笔者聊到了如何安装Pull Server。那么在本节,我们重点看如何被管理的设置节点注册到Pull Server?假设本机的IP地址是192.168.0.9,计算机名是dscc01-51w2k12;
(1) 配置Hosts文件
192.168.0.8 pserver51w2k12 pserver51w2k12.example.com192.168.0.9 dscc01-51w2k12 dscc01-51w2k12.example.com
(2) 安装最新的Window Management Framework 5.1
最新的Window Management Frame work 5.1 发布于2017年1月19日。具体请见https://blogs.msdn.microsoft.com/powershell/2017/01/19/windows-management-framework-wmf-5-1-released/其release node如下:https://msdn.microsoft.com/en-us/powershell/wmf/5.1/release-notes
可以到下面的地址去下载最新的版本https://www.microsoft.com/en-us/download/details.aspx?id=54616具体细节,请见[6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?这篇文章。
(3) 安装.NET 4.6
根据Window Management Framework 5.1 的release note,Window Management Framework是基于.NET 4.6 的framework。 如果电脑上没有装.NET 4.6,安装Window Management Framework 5.1 不会出错,但是运行的时候会有问题。 请到https://www.microsoft.com/en-us/download/details.aspx?id=48137 这个地址下载离线安装版本的.NET 4.6(4) 准备一个配置文件
打开PowerShell ISE 编辑下面的文件[DSCLocalConfigurationManager()]
configuration PullClientConfigNames
{
Node localhost
{
Settings
{
RefreshMode = 'Pull'
RefreshFrequencyMins = 30
RebootNodeIfNeeded = $true
ConfigurationID='6ed1afc8-d03c-4c35-b2a8-b3d712899a02'
}
ConfigurationRepositoryWeb pserver51w2k12.example.com
{
ServerURL = 'https://pserver51w2k12.example.com:8080/PSDSCPullServer.svc'
RegistrationKey = '589303f2-482e-478e-97cb-b1a278f07458'
}
ReportServerWeb pserver51w2k12.example.com
{
ServerURL = 'https://pserver51w2k12.example.com:8080/PSDSCPullServer.svc'
RegistrationKey = '589303f2-482e-478e-97cb-b1a278f07458'
}
}
}
PullClientConfigNames
其中,
@ConfigurationID='6ed1afc8-d03c-4c35-b2a8-b3d712899a02' 中的'6ed1afc8-d03c-4c35-b2a8-b3d712899a02' 是通过new-uuid 随机生成的。@RegistrationKey = '589303f2-482e-478e-97cb-b1a278f07458' 中的589303f2-482e-478e-97cb-b1a278f07458是在安装Pull Server时候指定的值,必须与其保持一致。
@ ServerURL = 'https://pserver51w2k12.example.com:8080/PSDSCPullServer.svc' 就是Pull Server的访问端点。
上面的配置了ConfigurationID,这个时候,DSC的目标节点是通过ConfigurationID这个值去Pull服务上寻找相应的MOF文件。
另外,还可以在目标节点上,通过ConfigurationNames去获取Pull服务器上存储的MOF文件。下面的配置文件,就能让客户端节点使用ConfigurationNames去获取Pull服务器上的MOF文件;需要注意的是,需要在Setting里面,把 ConfigurationID='262c2f84-38e0-4610-b771-10e3f72281b6' 这一行删除,否则生成MOF文件会报错。因为其与ConfigurationNames的方式是互斥冲突的。另外,对于ConfigurationNames的方式,默认情况必须基于HTTPS,如果为了让其可以支持HTTP,需要需要加上 AllowUnsecureConnection = $true。
下面的例子中,我已经把其注释掉了,因为其是基于HTTPS的,具体配置如下。
[DSCLocalConfigurationManager()]
configuration PullClientConfigNames
{
Node localhost
{
Settings
{
RefreshMode = 'Pull'
ConfigurationMode = "ApplyAndAutocorrect"
RebootNodeIfNeeded = $true
#DebugMode='ForceModuleImport'
}
ConfigurationRepositoryWeb pull51w2k12nssl
{
ServerURL = 'https://pserver51w2k12.example.com:8080'
RegistrationKey = '2cfefa66-8a92-4e3d-88cd-9048209fde73'
ConfigurationNames ='unzipFile'
#AllowUnsecureConnection = $true
}
ReportServerWeb pull51w2k12nssl
{
ServerURL = 'https://pserver51w2k12.example.com:8080'
RegistrationKey = '2cfefa66-8a92-4e3d-88cd-9048209fde73'
#AllowUnsecureConnection = $true
}
}
}
PullClientConfigNames
Set-DscLocalConfigurationManager -Path C:\dsc\PullClientConfigNames
细心的读者,也行发现了我在Setting块里面加了一行 DebugMode='ForceModuleImport'
这个目的是,当Pull服务器端有新的CustomResource或者Custom Resource有修改,如果DebugMode设置成ForceModuleImport,则
对DSC资源的修改能够立刻生效,而不要重启目标节点的机器,太酷了!!!
对于老的版本,还可以通过下面的方式设置:
Configuration PullClient {
param(
$ID,
$Server
)
LocalConfigurationManager
{
ConfigurationID = $ID;
RefreshMode = 'PULL';
DownloadManagerName = 'WebDownloadManager';
RebootNodeIfNeeded = $true;
RefreshFrequencyMins = 30;
ConfigurationModeFrequencyMins = 15;
ConfigurationMode = 'ApplyAndAutoCorrect';
DownloadManagerCustomData = @{ServerUrl = "http://"+$Server+":8080/PSDSCPullServer.svc"; AllowUnsecureConnection = $true}
}
}
PullClient -ID '262c2f84-38e0-4610-b771-10e3f72281b6' -Server 'pull51w2k12nssl' -Output 'C:\DSCConfig\'
Set-DscLocalConfigurationManager -ComputerName 'Localhost' -Path 'C:\DSCConfig\' -Verbose
(5) 生成META MOF文件
PS C:\dsc> .\PullClientConfigNames.ps1Directory: C:\dsc\PullClientConfigNames
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/24/2017 7:52 AM 3082 localhost.meta.mof
(6) 应用META MOF文件 使LCM(Local COnfiguration Management)生效
执行Set-DscLocalConfigurationManager localhost -Path .\PullClientConfigNames -VerbosePS C:\dsc> Set-DscLocalConfigurationManager localhost -Path .\PullClientConfigNames -Verbose
VERBOSE: Performing the operation "Start-DscConfiguration: SendMetaConfigurationApply" on target "MSFT_DSCLocalConfigu
rationManager".
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendMetaConfigurationApply,'c
lassName' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer DSCC01-51W2K12 with user sid S-1-5-21-1700225107-1023577453-60175694
7-1002.
VERBOSE: [DSCC01-51W2K12]: LCM: [ Start Set ]
VERBOSE: [DSCC01-51W2K12]: LCM: [ Start Resource ] [MSFT_DSCMetaConfiguration]
VERBOSE: [DSCC01-51W2K12]: LCM: [ Start Set ] [MSFT_DSCMetaConfiguration]
VERBOSE: [DSCC01-51W2K12]: LCM: [ End Set ] [MSFT_DSCMetaConfiguration] in 0.0160 seconds.
VERBOSE: [DSCC01-51W2K12]: LCM: [ End Resource ] [MSFT_DSCMetaConfiguration]
VERBOSE: [DSCC01-51W2K12]: LCM: [ End Set ]
VERBOSE: [DSCC01-51W2K12]: LCM: [ End Set ] in 0.0310 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Set-DscLocalConfigurationManager finished in 0.181 seconds.
(7) 查看生效的LCM配置
通过Get-DscLocalConfigurationManager 命令,查看生效的配置PS C:\dsc> Get-DscLocalConfigurationManager
ActionAfterReboot : ContinueConfiguration
AgentId : 199404F3-E202-11E6-80B8-BE117D36B7A4
AllowModuleOverWrite : False
CertificateID :
ConfigurationDownloadManagers : {[ConfigurationRepositoryWeb]pserver51w2k12.example.com}
ConfigurationID : 6ed1afc8-d03c-4c35-b2a8-b3d712899a02
ConfigurationMode : ApplyAndMonitor
ConfigurationModeFrequencyMins : 15
Credential :
DebugMode : {NONE}
DownloadManagerCustomData :
DownloadManagerName :
LCMCompatibleVersions : {1.0, 2.0}
LCMState : Idle
LCMStateDetail :
LCMVersion : 2.0
StatusRetentionTimeInDays : 10
SignatureValidationPolicy : NONE
SignatureValidations : {}
MaximumDownloadSizeMB : 500
PartialConfigurations :
RebootNodeIfNeeded : True
RefreshFrequencyMins : 30
RefreshMode : Pull
ReportManagers : {[ReportServerWeb]pserver51w2k12.example.com}
ResourceModuleManagers : {}
PSComputerName :
另外,请注意,对于HTTPS,目标节点对Pull服务的HTTPS认证通不过的话,可以通过下面的命令导入证书到客户端。 Get-ChildItem –Path c:\certs\pserver51w2k12.example.com.cer| Import-Certificate –CertStoreLocation cert:\LocalMachine\My