前面的5个章节做了很多的铺垫,包括Powershell DSC是什么? 能干什么? 其包含了推模式(push)和拉模式(Pull)。 而且笔者也描述了PowerShell DSC的配置文件(Configuration)如何编写,其遵循什么样的格式规范,紧接着,有普及了一下如何安装最新的扩展的DSC的resource,并以xChrome为例子,紧接着,有分享了如何使用Powershell DSC提供的一些常规的命令,并在第5节分享了如何把一个后缀为ps1的Powershell的配置文件,生成一个和平台无关中立的MOF文件,就此,对Pull模式的所有的基本理论知识都已经涉及了,因此在本章,笔者分享一下,如何安装最新的PowerShell DSC 5.1 Pull Server?
(1) 配置Hosts文件
192.168.0.8 pserver51w2k12 pserver51w2k12.example.com
假设Pull Server的IP地址为192.168.0.8,操作系统为Window Server 2012 R2 64 bit,计算机名为pserver51w2k12,所属的域名为example.com,具体如何配置,请见下图。
![[置顶] [6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9nby9hSFIwY0RvdkwybHRaeTVpYkc5bkxtTnpaRzR1Ym1WMEx6SXdNVGN3TVRJME1EQXdOelExTlRNd1AzZGhkR1Z5YldGeWF5OHlMM1JsZUhRdllVaFNNR05FYjNaTU1rcHpZakpqZFZrelRtdGlhVFYxV2xoUmRsa3lhR2hpYlU1c1lWYzBkMDFFWXowdlptOXVkQzgxWVRaTU5Vd3lWQzltYjI1MGMybDZaUzgwTURBdlptbHNiQzlKTUVwQ1VXdEdRMDFCUFQwdlpHbHpjMjlzZG1Vdk56QXZaM0poZG1sMGVTOURaVzUwWlhJPQ%3D%3D.jpg?w=700 "[置顶] [6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?")
(2) 安装最新的Window Management Framework 5.1
最新的Window Management Frame work 5.1 发布于2017年1月19日。具体请见https://blogs.msdn.microsoft.com/powershell/2017/01/19/windows-management-framework-wmf-5-1-released/ 其release node如下:https://msdn.microsoft.com/en-us/powershell/wmf/5.1/release-notes
可以到下面的地址去下载最新的版本 https://www.microsoft.com/en-us/download/details.aspx?id=54616根据读者自己的操作系统,下载不同的安装包。笔者下载的是用红线画出来的,因为笔者的操作系统是Window 2012 R2
![[置顶] [6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9nby9hSFIwY0RvdkwybHRaeTVpYkc5bkxtTnpaRzR1Ym1WMEx6SXdNVGN3TVRJME1EQXhNakl4TVRNd1AzZGhkR1Z5YldGeWF5OHlMM1JsZUhRdllVaFNNR05FYjNaTU1rcHpZakpqZFZrelRtdGlhVFYxV2xoUmRsa3lhR2hpYlU1c1lWYzBkMDFFWXowdlptOXVkQzgxWVRaTU5Vd3lWQzltYjI1MGMybDZaUzgwTURBdlptbHNiQzlKTUVwQ1VXdEdRMDFCUFQwdlpHbHpjMjlzZG1Vdk56QXZaM0poZG1sMGVTOURaVzUwWlhJPQ%3D%3D.jpg?w=700 "[置顶] [6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?")
请在Powershell 控制台,运行$PSVersionTable,查看最新的Window Management Framework版本。
PS C:\DSC> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.14409.1005
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14409.1005
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
如上面所示意,最新的版本是PSVersion 5.1.14409.1005,这就对了。
(3) 安装.NET 4.6 framework
根据Window Management Framework 5.1 的release note,Window Management Framework是基于.NET 4.6 的framework。如果电脑上没有装.NET 4.6,安装Window Management Framework 5.1 不会出错,但是运行的时候会有问题。请到https://www.microsoft.com/en-us/download/details.aspx?id=48137 这个地址下载离线安装版本的.NET 4.6(4) 生成本机的自签名证书
因为笔者需要配置一个基于https协议的Pull 服务器,打开PowerShell DSC,运行下面的命令,dir Cert:\LocalMachine\myDirectory: Microsoft.PowerShell.Security\Certificate
Thumbprint Subject
---------- -------
22BDBE547E25ACF84DA3B4F74726EBB0095B1499 CN=localhost
从上面的输出看出,笔者本机没有对pserver51w2k12.example.com服务器的自签名的证书,因此借助于Powershell的New-SelfSignedCertifcate 命令,自动生成一个自签名的服务器证书。
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname pserver51w2k12.example.com
生成之后,在运行,dir Cert:\LocalMachine\my 发现一个以pserver51w2k12.example.com为证书DN的自签名证书已经生成。
PS C:\DSC> dir Cert:\LocalMachine\my
PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my
Thumbprint Subject
---------- -------
22BDBE547E25ACF84DA3B4F74726EBB0095B1499 CN=localhost
D43DE7B84129AC77362F58A7A71C903476B7F321 CN=pserver51w2k12.example.com
具体配置步骤,请参考这篇文章。
请记住上面的Thumbprint,在第5步将会用到。
下面这篇文章是介绍如何用Powershell操作SSL证书的好文章,推荐一下!!!
https://blogs.technet.microsoft.com/scotts-it-blog/2014/12/30/working-with-certificates-in-powershell/
(5)安装最新的xPSDesiredStateConfiguration 模块(Module)
因为默认安装完Window Management Framework 5.1 后,最新的xPSDesiredStateConfiguration 5.1.0 模块,默认情况下并没有安装。 需要使用下面的命令先安装xPSDesiredStateConfigurationInstall-Module -Name xPSDesiredStateConfiguration
具体信息,请参考笔者的前面写的一篇文章.
(6) 编写安装Pull Server的DSC Configuration并生成MOF文件
首先在Powershell控制台使用'[guid]::newGuid()' 或者'New-Guid' 命令,生成一个UUID的字符串,笔者机器上生成的为:
589303f2-482e-478e-97cb-b1a278f07458,这个UUID非常的重要,是一个注册的Key,在接下来的Powershell Pull Server的安装配置脚本中,将作为RegistrationKey的参数使用。好了,直接把InstallxDsc5PullServer.ps1的配置脚本贴出来。从下面的配置文件可以看出,安装的Pull Server,使用的是DSC 模块中的xPSDesiredStateConfiguration的xDscWebService resource去自动配置Pull 服务器。
configuration InstallxDsc5PullServer
{
param
(
[string[]]$NodeName = 'localhost',
[ValidateNotNullOrEmpty()]
[string] $certificateThumbPrint,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string] $RegistrationKey
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DSCResource –ModuleName PSDesiredStateConfiguration
Node $NodeName
{
WindowsFeature DSCServiceFeature
{
Ensure = 'Present'
Name = 'DSC-Service'
}
xDscWebService PSDSCPullServer
{
Ensure = 'Present'
EndpointName = 'PSDSCPullServer'
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
CertificateThumbPrint = $certificateThumbPrint
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = 'Started'
DependsOn = '[WindowsFeature]DSCServiceFeature'
UseSecurityBestPractices = $false
}
File RegistrationKeyFile
{
Ensure = 'Present'
Type = 'File'
DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
Contents = $RegistrationKey
}
}
}
InstallxDsc5PullServer -certificateThumbprint ' D43DE7B84129AC77362F58A7A71C903476B7F321' -RegistrationKey ' 589303f2-482e-478e-97cb-b1a278f07458' -OutputPath c:\DSC\PullServer
Directory: C:\DSC\PullServer
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/23/2017 3:47 PM 4624 localhost.mof
注意:在DSC 5.x的版本中,Pull服务器和Report服务器是装在一起的,没有单独的DSC compliance服务器。
(7) 使用Push模式在本机执行上面的MOF文件
默认情况,安装Window Management Framework 5.1 之后,其本机的推模式(Push)模式是自动开启的。以管理员的身份在PowerShell终端运行下面的命令。Start-DscConfiguration -Path c:\DSC\PullServer -Wait -Verbose具体输出信息如下:PS C:\DSC> Start-DscConfiguration -Force -Path c:\DSC\PullServer -Wait -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSC
LocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer PULLSERVERWMF51 with user sid S-1-5-21-1131894122-898430752-3737586035-1002.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Test ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started:
DSC-Service
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeede
d: DSC-Service
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Test ] [[WindowsFeature]DSCServiceFeature] in 1.2030 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Installation started...
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Continue with installation?
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Prerequisite processing started...
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Prerequisite processing succeeded.
WARNING: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Windows automatic updating is not enabled.
To ensure that your newly-installed role or feature is automatically updated, turn on Windows Update.
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Installation succeeded.
VERBOSE: [PULLSERVERWMF51]: [[WindowsFeature]DSCServiceFeature] Successfully installed the feature DSC-Serv
ice.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] [[WindowsFeature]DSCServiceFeature] in 89.8280 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Resource ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Test ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Check Ensure
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] The Website PSDSCPullServer is not present
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Test ] [[xDSCWebService]PSDSCPullServer] in 1.5620 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Create the IIS endpoint
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Setting up endpoint at - https://PULLSERVERWM
F51:8080/PSDSCPullServer.svc
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Verify that the certificate with the provided
thumbprint exists in CERT:\LocalMachine\MY\
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Checking IIS requirements
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Delete the App Pool if it exists
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Remove the site if it already exists
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Create the bin folder for deploying custom de
pendent binaries required by the endpoint
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Adding App Pool
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Set App Pool Properties
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Add and Set Site Properties
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] p11
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Enabling firewall exception for port 8080
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Disable Inbound Firewall Notification
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Add Firewall Rule for port 8080
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Set values into the web.config that define th
e repository for BLUE OS
VERBOSE: [PULLSERVERWMF51]: [[xDSCWebService]PSDSCPullServer] Pull Server: Set values into the web.config t
hat indicate the location of repository, configuration, modules
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] [[xDSCWebService]PSDSCPullServer] in 3.3910 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Resource ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Resource ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Test ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The system cannot find the file specified.
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The related file/directory is: C:\Program Files\Win
dowsPowerShell\DscService\RegistrationKeys.txt.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Test ] [[File]RegistrationKeyFile] in 0.0310 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ Start Set ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The system cannot find the file specified.
VERBOSE: [PULLSERVERWMF51]: [[File]RegistrationKeyFile] The related file/directory is: C:\Program Files\Win
dowsPowerShell\DscService\RegistrationKeys.txt.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] [[File]RegistrationKeyFile] in 0.0160 seconds.
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Resource ] [[File]RegistrationKeyFile]
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ]
VERBOSE: [PULLSERVERWMF51]: LCM: [ End Set ] in 97.2500 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 97.684 seconds
安装完后,其RegistrationKeys.txt文件就会在下面这个目录下C:\Program Files\WindowsPowerShell\DscService
另外,系统的数据库(默认情况下用的是edb)也会在这个目录下。
![[置顶] [6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9nby9hSFIwY0RvdkwybHRaeTVpYkc5bkxtTnpaRzR1Ym1WMEx6SXdNVGN3TVRJME1UQTBOVFF4TWpBMVAzZGhkR1Z5YldGeWF5OHlMM1JsZUhRdllVaFNNR05FYjNaTU1rcHpZakpqZFZrelRtdGlhVFYxV2xoUmRsa3lhR2hpYlU1c1lWYzBkMDFFWXowdlptOXVkQzgxWVRaTU5Vd3lWQzltYjI1MGMybDZaUzgwTURBdlptbHNiQzlKTUVwQ1VXdEdRMDFCUFQwdlpHbHpjMjlzZG1Vdk56QXZaM0poZG1sMGVTOURaVzUwWlhJPQ%3D%3D.jpg?w=700 "[置顶] [6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?")
(8) 打开浏览器,确认其是否安装成功
打开浏览,输入https://pserver51w2k12.example.com:8080/PSDSCPullServer.svc/如下图所示意,恭喜你,安装成功!!!![[置顶] [6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9nby9hSFIwY0RvdkwybHRaeTVpYkc5bkxtTnpaRzR1Ym1WMEx6SXdNVGN3TVRJME1EQTFNRFUyTURjeFAzZGhkR1Z5YldGeWF5OHlMM1JsZUhRdllVaFNNR05FYjNaTU1rcHpZakpqZFZrelRtdGlhVFYxV2xoUmRsa3lhR2hpYlU1c1lWYzBkMDFFWXowdlptOXVkQzgxWVRaTU5Vd3lWQzltYjI1MGMybDZaUzgwTURBdlptbHNiQzlKTUVwQ1VXdEdRMDFCUFQwdlpHbHpjMjlzZG1Vdk56QXZaM0poZG1sMGVTOURaVzUwWlhJPQ%3D%3D.jpg?w=700 "[置顶] [6] Window PowerShell DSC 学习系列----如何安装最新的PowerShell DSC 5.1 Pull Server?")
结论
终于安装完了PowerShell DSC的Pull服务器,且是基于HTTPS协议的去访问的,下一节,笔者将会和大家一起探索如何安装PowerShell的report 服务器。敬请期待。。。。。。参考文献: https://msdn.microsoft.com/en-us/powershell/dsc/pullserver
http://windowsitpro.com/blog/creating-self-signed-certificates-powershell
http://woshub.com/how-to-create-self-signed-certificate-with-powershell/