Powershell DSC 自带了一些常见的资源。如果需要新的,可以下载安装 DSC Resource Kit 10或者从Powershell Gallery下载。
比如说查看当前已经安装了的资源
PS C:\Windows\system32> Get-DscResourceImplementedAs Name ModuleName Version Properties ------------- ---- ---------- ------- ---------- Binary File {DestinationPath, Attributes, Checksum, Content...PowerShell Archive PSDesiredStateConfiguration 1.1 {Destination, Path, Checksum, Credential...} PowerShell Environment PSDesiredStateConfiguration 1.1 {Name, DependsOn, Ensure, Path...} PowerShell Group PSDesiredStateConfiguration 1.1 {GroupName, Credential, DependsOn, Description...}Binary Log PSDesiredStateConfiguration 1.1 {Message, DependsOn, PsDscRunAsCredential} PowerShell Package PSDesiredStateConfiguration 1.1 {Name, Path, ProductId, Arguments...} PowerShell Registry PSDesiredStateConfiguration 1.1 {Key, ValueName, DependsOn, Ensure...} PowerShell Script PSDesiredStateConfiguration 1.1 {GetScript, SetScript, TestScript, Credential...} PowerShell Service PSDesiredStateConfiguration 1.1 {Name, BuiltInAccount, Credential, Dependencies...PowerShell User PSDesiredStateConfiguration 1.1 {UserName, DependsOn, Description, Disabled...} PowerShell WaitForAll PSDesiredStateConfiguration 1.1 {NodeName, ResourceName, DependsOn, PsDscRunAsC...PowerShell WaitForAny PSDesiredStateConfiguration 1.1 {NodeName, ResourceName, DependsOn, PsDscRunAsC...PowerShell WaitForSome PSDesiredStateConfiguration 1.1 {NodeCount, NodeName, ResourceName, DependsOn...} PowerShell WindowsFeature PSDesiredStateConfiguration 1.1 {Name, Credential, DependsOn, Ensure...} PowerShell WindowsOptionalFeature PSDesiredStateConfiguration 1.1 {Name, DependsOn, Ensure, LogLevel...} PowerShell WindowsProcess PSDesiredStateConfiguration 1.1 {Arguments, Path, Credential, DependsOn...} PowerShell xArchive xPSDesiredStateConfiguration 3.5.0.0 {Destination, Path, CompressionLevel, DependsOn...PowerShell xDSCWebService xPSDesiredStateConfiguration 3.5.0.0 {CertificateThumbPrint, EndpointName, AcceptSel...PowerShell xGroup xPSDesiredStateConfiguration 3.5.0.0 {GroupName, Credential, DependsOn, Description...}PowerShell xPackage xPSDesiredStateConfiguration 3.5.0.0 {Name, Path, ProductId, Arguments...} PowerShell xPSEndpoint xPSDesiredStateConfiguration 3.5.0.0 {Name, AccessMode, DependsOn, Ensure...} PowerShell xRemoteFile xPSDesiredStateConfiguration 3.5.0.0 {DestinationPath, Uri, Credential, DependsOn...} PowerShell xService xPSDesiredStateConfiguration 3.5.0.0 {Name, BuiltInAccount, Credential, Dependencies...PowerShell xWindowsOptionalFeature xPSDesiredStateConfiguration 3.5.0.0 {Name, DependsOn, Ensure, LogLevel...} PowerShell xWindowsProcess xPSDesiredStateConfiguration 3.5.0.0 {Arguments, Path, Credential, DependsOn...}
下面是一些常见的例子:
拷贝文件 资源叫做 File
configuration TestFile { Node sydittest { File ZipFile { Ensure = "Present" Type = "Directory“ # Default is “File” Force = $True Recurse = $True SourcePath = '\\sydit01\test' DestinationPath = 'C:\Downloads' # On Sydittest } }}TestFile -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
查看该zip文件已经拷贝了
2.解压zip文件,资源叫做 Archive
configuration TestArchive { Node sydittest { Archive Unzip{ Destination = 'C:\unzip' Path = 'c:\downloads\temp.zip' Checksum = 'SHA-256' Validate = $true Force = $true Ensure = 'Present' } }}TestArchive -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -Force
该文件已经解压到指定目录
3. 创建环境变量 资源叫做Environment
configuration TestEnvVar { Node sydittest { Environment NewVar{ Name = 'MYNEWVAR' Value = 'Value to store' Ensure = 'Present' } }}TestEnvVar -OutputPath c:\DSC\Mod5Config
确认该环境变量已经创建
4.创建本地用户 资源是User
这个是几个资源里面相对麻烦的一个,因为默认传递的是明文,他不会允许你推送的,我需要明确告诉他允许明文。
configuration TestUser{ param ( [PSCredential]$Credential ) node sydittest { User TestUser { UserName = $Credential.UserName Ensure = 'Present' Password = $Credential Description = 'User created by DSC' PasswordNeverExpires = $true PasswordChangeNotAllowed = $true } }}$ConfigData = @{ AllNodes = @( @{ NodeName = 'sydittest' PSDscAllowPlainTextPassword=$true } ) } TestUser -ConfigurationData $ConfigData -Credential (Get-Credential) -OutputPath c:\DSC\Mod5Config
可以看见是明文发送的,如果是生产环境,需要用证书加密的才行。
推送出去
Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
可以看见用户已经创建了
5.创建本地组 资源 Group
configuration TestGroup { Node sydittest { Group CreateGroup { Ensure = 'Present' GroupName = 'TestGroup' Description = 'This is a DSC test group' Members = 'administrator' } }}TestGroup -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
6.创建注册表键 资源 Registry
configuration TestRegistry { Node sydittest { Registry CreateReg { Key = 'HKEY_Local_Machine\Software\DSCTest' ValueName = 'DSCTestGood' ValueType = 'string' ValueData = 'True' } }}Testregistry -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
确认成功创建
7. 创建进程(运行某个程序) 资源是 Windowsprocess
configuration TestProcess { Node sydittest { WindowsProcess CreateNotepad { Path = 'notepad.exe' Arguments = '' } WindowsProcess CreatePaint { Path = 'mspaint.exe' Arguments = '' } }}TestProcess -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
确认
8. 更改服务的状态
configuration TestService { Node sydittest { Service StartAudio { Name = 'Audiosrv' State = 'Running' StartupType = 'Automatic' } }}TestService -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force
更改前
更改
更改后
9. 脚本资源
这个是当现有的资源都无法满足需求的时候,可以进行自定义资源。里面有3个子模块,test,set,get
首先通过 test 判断状态,返回一个boolean值,如果是true,忽略;如果是false,那么在set里面进行处理;相当于于一个if else的判断语句。get可以通过getdsc的命令获取当前状态
下面的例子是判断如果bits服务开启,那么关闭
configuration TestScript { Node sydittest { Script TestScript { GetScript = { @{ GetScript = $GetScript SetScript = $setScript TestScript = $TestScript Result = (Get-Service -name bits).status } } SetScript = { stop-Service -name bits } TestScript = { $Status=(Get-service -name bits).status $Status -eq 'stopped' } } }}Testscript -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force