Powershell DSC 5.0 - 资源的使用

Powershell DSC 自带了一些常见的资源。如果需要新的，可以下载安装 DSC Resource Kit 10或者从Powershell Gallery下载。

比如说查看当前已经安装了的资源

PS C:\Windows\system32> Get-DscResourceImplementedAs   Name                      ModuleName                     Version    Properties                                        -------------   ----                      ----------                     -------    ----------                                        Binary          File                                                                {DestinationPath, Attributes, Checksum, Content...PowerShell      Archive                   PSDesiredStateConfiguration    1.1        {Destination, Path, Checksum, Credential...}      PowerShell      Environment               PSDesiredStateConfiguration    1.1        {Name, DependsOn, Ensure, Path...}                PowerShell      Group                     PSDesiredStateConfiguration    1.1        {GroupName, Credential, DependsOn, Description...}Binary          Log                       PSDesiredStateConfiguration    1.1        {Message, DependsOn, PsDscRunAsCredential}        PowerShell      Package                   PSDesiredStateConfiguration    1.1        {Name, Path, ProductId, Arguments...}             PowerShell      Registry                  PSDesiredStateConfiguration    1.1        {Key, ValueName, DependsOn, Ensure...}            PowerShell      Script                    PSDesiredStateConfiguration    1.1        {GetScript, SetScript, TestScript, Credential...} PowerShell      Service                   PSDesiredStateConfiguration    1.1        {Name, BuiltInAccount, Credential, Dependencies...PowerShell      User                      PSDesiredStateConfiguration    1.1        {UserName, DependsOn, Description, Disabled...}   PowerShell      WaitForAll                PSDesiredStateConfiguration    1.1        {NodeName, ResourceName, DependsOn, PsDscRunAsC...PowerShell      WaitForAny                PSDesiredStateConfiguration    1.1        {NodeName, ResourceName, DependsOn, PsDscRunAsC...PowerShell      WaitForSome               PSDesiredStateConfiguration    1.1        {NodeCount, NodeName, ResourceName, DependsOn...} PowerShell      WindowsFeature            PSDesiredStateConfiguration    1.1        {Name, Credential, DependsOn, Ensure...}          PowerShell      WindowsOptionalFeature    PSDesiredStateConfiguration    1.1        {Name, DependsOn, Ensure, LogLevel...}            PowerShell      WindowsProcess            PSDesiredStateConfiguration    1.1        {Arguments, Path, Credential, DependsOn...}       PowerShell      xArchive                  xPSDesiredStateConfiguration   3.5.0.0    {Destination, Path, CompressionLevel, DependsOn...PowerShell      xDSCWebService            xPSDesiredStateConfiguration   3.5.0.0    {CertificateThumbPrint, EndpointName, AcceptSel...PowerShell      xGroup                    xPSDesiredStateConfiguration   3.5.0.0    {GroupName, Credential, DependsOn, Description...}PowerShell      xPackage                  xPSDesiredStateConfiguration   3.5.0.0    {Name, Path, ProductId, Arguments...}             PowerShell      xPSEndpoint               xPSDesiredStateConfiguration   3.5.0.0    {Name, AccessMode, DependsOn, Ensure...}          PowerShell      xRemoteFile               xPSDesiredStateConfiguration   3.5.0.0    {DestinationPath, Uri, Credential, DependsOn...}  PowerShell      xService                  xPSDesiredStateConfiguration   3.5.0.0    {Name, BuiltInAccount, Credential, Dependencies...PowerShell      xWindowsOptionalFeature   xPSDesiredStateConfiguration   3.5.0.0    {Name, DependsOn, Ensure, LogLevel...}            PowerShell      xWindowsProcess           xPSDesiredStateConfiguration   3.5.0.0    {Arguments, Path, Credential, DependsOn...}

下面是一些常见的例子：

1. 拷贝文件 资源叫做 File

   
   

configuration TestFile {    Node sydittest {        File ZipFile {            Ensure = "Present"             Type = "Directory" # Default is "File"            Force = $True            Recurse = $True            SourcePath = '\\sydit01\test'            DestinationPath = 'C:\Downloads'  # On Sydittest        }    }}TestFile -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force

查看该zip文件已经拷贝了

2.解压zip文件，资源叫做 Archive

configuration TestArchive {    Node sydittest {        Archive Unzip{            Destination = 'C:\unzip'            Path = 'c:\downloads\temp.zip'            Checksum = 'SHA-256'            Validate = $true            Force = $true            Ensure = 'Present'        }    }}TestArchive -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -Force

该文件已经解压到指定目录

3. 创建环境变量 资源叫做Environment

configuration TestEnvVar {    Node sydittest {        Environment NewVar{            Name = 'MYNEWVAR'            Value = 'Value to store'            Ensure = 'Present'        }    }}TestEnvVar -OutputPath c:\DSC\Mod5Config

确认该环境变量已经创建

4.创建本地用户 资源是User

这个是几个资源里面相对麻烦的一个，因为默认传递的是明文，他不会允许你推送的，我需要明确告诉他允许明文。

configuration TestUser{    param    (         [PSCredential]$Credential    )    node sydittest    {            User TestUser        {            UserName = $Credential.UserName            Ensure = 'Present'            Password = $Credential            Description = 'User created by DSC'            PasswordNeverExpires = $true            PasswordChangeNotAllowed = $true        }    }}$ConfigData = @{       AllNodes = @(                @{                 NodeName = 'sydittest'            PSDscAllowPlainTextPassword=$true        }     )  } TestUser -ConfigurationData $ConfigData -Credential (Get-Credential) -OutputPath c:\DSC\Mod5Config

可以看见是明文发送的，如果是生产环境，需要用证书加密的才行。

推送出去

Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force

可以看见用户已经创建了

5.创建本地组 资源 Group

configuration TestGroup {    Node sydittest {        Group CreateGroup {            Ensure = 'Present'            GroupName = 'TestGroup'            Description = 'This is a DSC test group'            Members = 'administrator'        }             }}TestGroup -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force

6.创建注册表键 资源 Registry

configuration TestRegistry {    Node sydittest {        Registry CreateReg {            Key = 'HKEY_Local_Machine\Software\DSCTest'            ValueName = 'DSCTestGood'            ValueType = 'string'            ValueData = 'True'        }     }}Testregistry -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force

确认成功创建

7. 创建进程（运行某个程序） 资源是 Windowsprocess

configuration TestProcess {    Node sydittest {        WindowsProcess CreateNotepad {            Path = 'notepad.exe'            Arguments = ''        }         WindowsProcess CreatePaint {            Path = 'mspaint.exe'            Arguments = ''        }    }}TestProcess -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force

确认

8. 更改服务的状态

configuration TestService {    Node sydittest {        Service StartAudio {            Name = 'Audiosrv'            State = 'Running'            StartupType = 'Automatic'        }     }}TestService -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force

更改前

更改

更改后

9. 脚本资源

这个是当现有的资源都无法满足需求的时候，可以进行自定义资源。里面有3个子模块，test，set，get

首先通过 test 判断状态，返回一个boolean值，如果是true，忽略；如果是false，那么在set里面进行处理；相当于于一个if else的判断语句。get可以通过getdsc的命令获取当前状态

下面的例子是判断如果bits服务开启，那么关闭

configuration TestScript {    Node sydittest {        Script TestScript {            GetScript = {                @{                    GetScript = $GetScript                    SetScript = $setScript                    TestScript = $TestScript                    Result = (Get-Service -name bits).status                }                       }            SetScript = {                stop-Service -name bits            }            TestScript = {                            $Status=(Get-service -name bits).status                $Status -eq 'stopped'            }        }            }}Testscript -OutputPath c:\DSC\Mod5ConfigStart-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force