Benutzer:MovGP0/Powershell/DSC/SMB Pull Server
aus Wikipedia, der freien Enzyklopädie
< Benutzer:MovGP0 | Powershell | DSC
MovGP0 | Über mich | Hilfen | Artikel | Weblinks | Literatur | Zitate | Notizen | Programmierung | MSCert | Physik |
SMB Pull Server
Server Setup
Deployment of required Resources
Deployment of ConfigurationsConfiguration MyConfiguration {
Node "Server01" {
LocalConfigurationManager {
ConfigurationMode = "ApplyAutoCorrect"
ConfigurationID = $guid
RefreshMode = "Pull"
RefreshFrequencyMins = 30
DownloadManagerName = "DscFileDownloadManager"
DownloadManagerCustomData = @{
SourcePath = "\\FileServer02\DscConfigurations"
}
}
}
}
Configure LCM on Client
Configuration MyConfiguration {
Node "Server01" {
LocalConfigurationManager {
AllowModuleOverwrite = $true
ConfigurationMode = "ApplyAndMonitor"
ConfigurationID = $guid
RefreshMode = "Pull"
RefreshFrequencyMins = 30
DownloadManagerName = "DscFileDownloadManager"
DownloadManagerCustomData = @{
SourcePath = "\\FileServer02\DscConfigurations"
}
}
}
}
Force Client to Pull$args = @{
Computername = "Server01"
Namespace = "root/Microsoft/Windows/DesiredStateConfiguration"
ClassName = "MSFT_DSCLocalConfigurationManager"
MethodName = "PerformRequiredConfigurationChecks"
Arguments = @{
Flags = [uint32] 1
}
}
Invoke-CimMethod -Arguments $args
Imperatively$computer = "chi-fp03"
Invoke-Command { mkdir C:\DSCConfigurations } -Computername $computer
$paramHash = @{
Name = "DSCConfig";
Path = "C:\DSCConfigurations";
CimSession = $computer;
FullAccess = "lan\Domain Admins";
ReadAccess = "Everyone";
}
New-SmbShare @paramHash
Get-SmbShare DSCConfig -CimSession $computer
Add-WindowsFeature DSC-Service -Computername $computer -Verbose
DeclarativelyConfiguration SetupSMBPull {
param {
[System.Management.Automation.Credential()]$Credential
}
Import-DscResource -ModuleName cFileShare
Node $AllNodes.NodeName {
File DSCFolder {
DestinationPath = $node.Path;
Ensure = 'Present';
Credential = $Credential;
SourcePath = $node.SourcePath;
Recurse = $true;
Force = $true;
Type = 'Directory'
}
}
cCreateFileShare $node.Sharename {
Path = $node.Path;
ShareName = $node.shareName;
DependsOn = '[File]DSCFolder';
Ensure = 'Present';
}
cSetSharePermission $node.Sharename {
ShareName = $node.ShareName;
ChangeAccessUsers = @($node.ChangeAccess);
DependsOn = "[cCreateFileShare]$($node.Sharename)";
Ensure = 'Present';
FullAccessUsers = @($node.FullAccess);
ReadAccessUsers = @($node.ReadAccess);
}
WindowsFeature DSCService {
Name = 'DSC-Service';
Ensure = 'Present';
}
LocalConfigurationManager {
CertificateID = $node.Thumbprint;
}
}
. .\Export-MachineCert.ps1
$cert = Export-MachineCert -Computername "Server01" -Path C:\Certs
$ConfigData = @{
AllNodes = @{
NodeName = "Server01";
CertificateFile = $cert.path;
Thumbprint = $cert.thumbprint;
Path = C:\dscconfiguration;
ShareName = 'DSCConfig';
SourcePath = '\\server03\DscResourceZip';
ChangeAccess = 'lan\Administrator';
ReadAccess = "Everyone";
FullAccess = 'lan\Domain Admins';
}
}
$paramHash = @{
Credential = "lan\myuser";
ConfigurationData = $ConfigData;
OutputPath = 'C:\DSC\NewPullSMB';
Verbose = $true;
}
SetUpSMBPull @ParamHash
$path = 'C:\Program Files\WindowsPowerShell\Modules\cFileShare'
$destination = '\\server03\c$\Program Files\WindowsPowerShell\Modules'
Copy-Item -Path $path -Destination $destination -Container -Force -Recurse -PassThru
Set-DscLocalConfigurationManager -Path 'C:\DSC\PullSMB' -Verbose
Start-DscConfiguration -ComputerName $computer -Path 'C:\DSC\PullSMB'
Get-SmbShare -CimSession $computer
Get-SmbShareAccess :Name dscconfig -CimSession $computer | Format-List
Copy zipped custom resourcesHint: Use Get-DscResource |
Where path -match "^c:\\Program Files\\WindowsPowerShell\\Modules" |
Select -expandProperty Module -Unique |
ForEach {
$out = "{0}_{1}.zip" -f $_.Name, $_.Version
$zip = Join-Path -Path "\\$computer\DSCConfig" -ChildPath $out
New-ZipArchive -Path $_.ModuleBase -OutputPath $zip -Passthru
Start-Sleep -Seconds 1
if(Test-Path $zip) {
try{
New-DscChecksum -ConfigurationPath $zip -ErrorAction Stop
}
catch{
Write-Warning "Failed to create checksum for $zip"
}
}
else{
Write-Warning "Failed to find $zip"
}
}
Create and copy configurationsConfiguration Demo{
param(
[string]$guid,
[System.Management.Automation.Credential()]$Credential = [System.Management.]
)
Import-DscResource -ModuleName 'xNetworking','xTimeZone'
Node $Allnodes.nodename {
xTimeZone Eastern {
TimeZone = "Eastern Standard Time"
}
}
File Work{
DestinationPath = 'C:\MyWork';
Ensure = "Present";
Force = $true;
Type = 'Directory'
}
xDnsServerAddress Google {
Address = '8.8.8.8','4.4.4.4','8.8.4.4';
InterfaceAlias = 'Ethernet 2';
AddressFamily = 'IPv4';
}
Group Demo {
GroupName = 'Demo';
Description = 'My Demo Group';
Ensure = 'Present';
Credential = $Credential;
MembersToInclude = 'lan\myuser'
}
LocalConfigurationManager{
AllowModuleOverwrite = $true;
ConfigurationID = $guid;
ConfigurationMode = 'ApplyAndMonitor';
RefreshMode = 'Pull';
DownloadManagerName = 'DscFileDownloadManager';
DownloadManagerCustomData = @{
SourcePath = '\\Server01\DSCConfig';
};
CertificateID = $node.Thumbprint;
}
}
$ConfigData = @{
AllNodes = @{
NodeName = "Server01";
CertificateFile = 'C:\Certs\server01.cer';
Thumbprint = "..."
}
}
Export-MachineCert -Computername "Server01" -Path 'C:\Certs'
$guid = [guid]::NewGuid().guid
$paramHash = @{
guid = $guid;
Credential = 'lan\Administrator';
OutputPath = 'c:\DSC\DemoPull';
ConfigurationData = $ConfigData;
Verbose = $true
}
DemoPull @paramHash
Configure LCMGet-DscLocalConfigurationManager -CimSession "Server01"
Set-DscLocalConfigurationManager -ComputerName "Server01" 'C:\DSC\DemoPull'
copy MOF with GUID to Pull Server$src = 'C:\DSC\PullDemo\server01.mof'
$dst = Join-Path -Path "\\$computer\DscConfig" -CildPath "$guid.mof"
Copy-Item -Path $scr -Destination $des -PassThru
New-DscChecksum $dst
dir \\$Computer\DSCConfig | Group Extension
force the configuration. .\Invoke-Pull.ps1
Invoke-Pull -Computername 'Server01' -Verbose
Get-DscConfiguration -CimSession "Server01" -Verbose
Test-DscConfiguration -CimSession "Server01" -Verbose
|