Powershell DSC 自带了一些常见的资源。如果需要新的,可以下载安装 DSC Resource Kit 10或者从Powershell Gallery下载。
比如说查看当前已经安装了的资源
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
PS C:\Windows\system32>
Get-DscResource
ImplementedAs Name ModuleName Version Properties
------------- ---- ---------- ------- ----------
Binary File {DestinationPath, Attributes, Checksum, Content...
PowerShell Archive PSDesiredStateConfiguration 1.1 {Destination, Path, Checksum, Credential...}
PowerShell Environment PSDesiredStateConfiguration 1.1 {Name, DependsOn, Ensure, Path...}
PowerShell Group PSDesiredStateConfiguration 1.1 {GroupName, Credential, DependsOn, Description...}
Binary Log PSDesiredStateConfiguration 1.1 {Message, DependsOn, PsDscRunAsCredential}
PowerShell Package PSDesiredStateConfiguration 1.1 {Name, Path, ProductId, Arguments...}
PowerShell Registry PSDesiredStateConfiguration 1.1 {Key, ValueName, DependsOn, Ensure...}
PowerShell Script PSDesiredStateConfiguration 1.1 {GetScript, SetScript, TestScript, Credential...}
PowerShell Service PSDesiredStateConfiguration 1.1 {Name, BuiltInAccount, Credential, Dependencies...
PowerShell User PSDesiredStateConfiguration 1.1 {UserName, DependsOn, Description, Disabled...}
PowerShell WaitForAll PSDesiredStateConfiguration 1.1 {NodeName, ResourceName, DependsOn, PsDscRunAsC...
PowerShell WaitForAny PSDesiredStateConfiguration 1.1 {NodeName, ResourceName, DependsOn, PsDscRunAsC...
PowerShell WaitForSome PSDesiredStateConfiguration 1.1 {NodeCount, NodeName, ResourceName, DependsOn...}
PowerShell WindowsFeature PSDesiredStateConfiguration 1.1 {Name, Credential, DependsOn, Ensure...}
PowerShell WindowsOptionalFeature PSDesiredStateConfiguration 1.1 {Name, DependsOn, Ensure, LogLevel...}
PowerShell WindowsProcess PSDesiredStateConfiguration 1.1 {Arguments, Path, Credential, DependsOn...}
PowerShell xArchive xPSDesiredStateConfiguration 3.5.0.0 {Destination, Path, CompressionLevel, DependsOn...
PowerShell xDSCWebService xPSDesiredStateConfiguration 3.5.0.0 {CertificateThumbPrint, EndpointName, AcceptSel...
PowerShell xGroup xPSDesiredStateConfiguration 3.5.0.0 {GroupName, Credential, DependsOn, Description...}
PowerShell xPackage xPSDesiredStateConfiguration 3.5.0.0 {Name, Path, ProductId, Arguments...}
PowerShell xPSEndpoint xPSDesiredStateConfiguration 3.5.0.0 {Name, AccessMode, DependsOn, Ensure...}
PowerShell xRemoteFile xPSDesiredStateConfiguration 3.5.0.0 {DestinationPath, Uri, Credential, DependsOn...}
PowerShell xService xPSDesiredStateConfiguration 3.5.0.0 {Name, BuiltInAccount, Credential, Dependencies...
PowerShell xWindowsOptionalFeature xPSDesiredStateConfiguration 3.5.0.0 {Name, DependsOn, Ensure, LogLevel...}
PowerShell xWindowsProcess xPSDesiredStateConfiguration 3.5.0.0 {Arguments, Path, Credential, DependsOn...}
|
下面是一些常见的例子:
拷贝文件 资源叫做 File
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
configuration TestFile {
Node sydittest {
File ZipFile {
Ensure =
"Present"
Type = "Directory“
# Default is “File”
Force =
$True
Recurse =
$True
SourcePath =
'\\sydit01\test'
DestinationPath =
'C:\Downloads'
# On Sydittest
}
}
}
TestFile -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration
-computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
|
查看该zip文件已经拷贝了
2.解压zip文件,资源叫做 Archive
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
configuration TestArchive {
Node sydittest {
Archive Unzip{
Destination =
'C:\unzip'
Path =
'c:\downloads\temp.zip'
Checksum =
'SHA-256'
Validate =
$true
Force =
$true
Ensure =
'Present'
}
}
}
TestArchive -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration
-computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -Force
|
该文件已经解压到指定目录
3. 创建环境变量 资源叫做Environment
|
1
2
3
4
5
6
7
8
9
10
|
configuration TestEnvVar {
Node sydittest {
Environment NewVar{
Name =
'MYNEWVAR'
Value =
'Value to store'
Ensure =
'Present'
}
}
}
TestEnvVar -OutputPath c:\DSC\Mod5Config
|
确认该环境变量已经创建
4.创建本地用户 资源是User
这个是几个资源里面相对麻烦的一个,因为默认传递的是明文,他不会允许你推送的,我需要明确告诉他允许明文。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
configuration TestUser
{
param
(
[PSCredential]
$Credential
)
node sydittest
{
User TestUser
{
UserName =
$Credential
.UserName
Ensure =
'Present'
Password =
$Credential
Description =
'User created by DSC'
PasswordNeverExpires =
$true
PasswordChangeNotAllowed =
$true
}
}
}
$ConfigData
= @{
AllNodes = @(
@{
NodeName =
'sydittest'
PSDscAllowPlainTextPassword=
$true
}
)
}
TestUser -ConfigurationData
$ConfigData
-Credential (
Get-Credential
) -OutputPath c:\DSC\Mod5Config
|
可以看见是明文发送的,如果是生产环境,需要用证书加密的才行。
推送出去
|
1
|
Start-DscConfiguration
-computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
|
可以看见用户已经创建了
5.创建本地组 资源 Group
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
configuration TestGroup {
Node sydittest {
Group CreateGroup {
Ensure =
'Present'
GroupName =
'TestGroup'
Description =
'This is a DSC test group'
Members =
'administrator'
}
}
}
TestGroup -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration
-computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
|
6.创建注册表键 资源 Registry
|
1
2
3
4
5
6
7
8
9
10
11
12
|
configuration TestRegistry {
Node sydittest {
Registry CreateReg {
Key =
'HKEY_Local_Machine\Software\DSCTest'
ValueName =
'DSCTestGood'
ValueType =
'string'
ValueData =
'True'
}
}
}
Testregistry -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration
-computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
|
确认成功创建
7. 创建进程(运行某个程序) 资源是 Windowsprocess
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
configuration TestProcess {
Node sydittest {
WindowsProcess CreateNotepad {
Path =
'notepad.exe'
Arguments =
''
}
WindowsProcess CreatePaint {
Path =
'mspaint.exe'
Arguments =
''
}
}
}
TestProcess -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration
-computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
|
8. 更改服务的状态
|
1
2
3
4
5
6
7
8
9
10
11
|
configuration TestService {
Node sydittest {
Service StartAudio {
Name =
'Audiosrv'
State =
'Running'
StartupType =
'Automatic'
}
}
}
TestService -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration
-computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
|
更改前
更改
更改后
9. 脚本资源
这个是当现有的资源都无法满足需求的时候,可以进行自定义资源。里面有3个子模块,test,set,get
首先通过 test 判断状态,返回一个boolean值,如果是true,忽略;如果是false,那么在set里面进行处理;相当于于一个if else的判断语句。get可以通过getdsc的命令获取当前状态
下面的例子是判断如果bits服务开启,那么关闭
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
configuration TestScript {
Node sydittest {
Script TestScript {
GetScript = {
@{
GetScript =
$GetScript
SetScript =
$setScript
TestScript =
$TestScript
Result = (
Get-Service
-name bits).status
}
}
SetScript = {
stop-Service
-name bits
}
TestScript = {
$Status
=(
Get-service
-name bits).status
$Status
-eq
'stopped'
}
}
}
}
Testscript -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration
-computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
|
本文转自 beanxyz 51CTO博客,原文链接:http://blog.51cto.com/beanxyz/1698158,如需转载请自行联系原作者
