This section is about simply over 3 basic functions of DSC, how to parameterize a profile, encrypt an account, and how to set up the order of installation for multiple services.
The configuration file is essentially a function, the function can call another function, you can parameterize many values for reuse, and the configuration file is the same.
The configuration file itself has 3 parameters by default:
OutputPath, the output path of the MOF file
Configurationdata, this is the parameter configuration file, the structure is a hash table
InstanceName, instance name, general default
We can also define by Param keywords, such as
[Dsclocalconfigurationmanager ()] configuration lcm_httppull { param ( [parameter (Mandatory= $true)] [string[]] $ComputerName, [parameter (mandatory= $true)] [string] $guid ) Node $ComputerName {settings{allowmoduleoverwrite = $ true configurationmode = ' Applyandautocorrect ' refreshmode = ' pull ' configurationid = $guid } configurationrepositoryweb pullserver { Name = ' Pullserver ' serverurl = ' Http://dc.company.pri:8080/PSDSCPullServer.svc ' AllowUnsecureConnection = $true }}}# Computer list $ComputerName = ' s1 ', ' s2 ' # create guid For the computers$guid=[guid]::newguid () # create the computer.meta.mof in folderlcm_httppull -computername $ComputerName -Guid $guid -outputpath c:\dsc\ http# explorer c:\dsc\http# send to computers lcmset-dsclocalconfigurationmanager -computername $computername -path c:\dsc\http – Verbose
In the previous section, the bean creates a new user, configures a password for the user, because the certificate is not used, and it is not safe to force permission to send in plaintext.
For example unsafe practices:
configuration dirtest { param ( [parameter (mandatory= $true)] [string[] "$ComputerName, [pscredential] $credential ) Node $computerName { File DirTest1 { destinationpath = ' C:\DirTest ' Type = ' Directory ' ensure = ' Present ' credential = $Credential } }}dirtest -computername sydittest -Credential (get-credential)  -CONFIGURATIONDATA C:\SCRIPTS\DSC1\MOD6\2A.CONFIG_DATA.PSD1 -outputpath c:\dscsecure# send to computers lcmstart-dscconfiguration - Computername sydittest -path c:\dscsecure –verbose
@{allnodes = @ (@{nodename= ' sydittest ' psdscallowplaintextpassword= $True})}
You can see it's clear, it's not safe.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/EA/wKiom1YKDoWSQX1fAAHH0krViR0965.jpg "style=" float: none; "title=" 1.PNG "alt=" Wkiom1ykdowsqx1faahh0krvir0965.jpg "/>
Here's the safe way
First generate a certificate, beans have been installed PKI, so open from the MMC is easy to create a new client certificate, and then exported to
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/EA/wKiom1YKDoexO8qFAAEiw8GAiOQ932.jpg "style=" float: none; "title=" 3.PNG "alt=" Wkiom1ykdoexo8qfaaeiw8gaioq932.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/E7/wKioL1YKDpHRpNcLAAEbAv0RJT4908.jpg "style=" float: none; "title=" 4.PNG "alt=" Wkiol1ykdphrpnclaaebav0rjt4908.jpg "/>
Configuration file, note that this hash table is different from the front.
configuration dirtest { param ( [parameter (mandatory= $true)] [string[] "$ComputerName, [pscredential] $credential ) Node $computername { File DirTest1 { destinationpath = ' C:\DirTest ' Type = ' Directory ' ensure = ' Present ' credential = $Credential } }}dirtest -computername sydittest -Credential (get-credential)  -CONFIGURATIONDATA C:\SCRIPTS\DSC1\MOD6\2B.CONFIG_DATA.PSD1 -outputpath c:\dscsecure# send to computers lcmstart-dscconfiguration - Computername sydittest -path c:\dscsecure –verbose
@{allnodes = @ (@{nodename= ' sydittest ' certificatefile = ' c:\temp\sydittest.cer ' } )}
You can see that the password is encrypted.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/E7/wKioL1YKDpDBIxp-AAF9QvfEMKU458.jpg "title=" 2.PNG " Style= "Float:none;" alt= "wkiol1ykdpdbixp-aaf9qvfemku458.jpg"/>
Finally, simply look at the Dependon keyword. When we install multiple services, there are sometimes dependencies. For example, I want to install a cluster, but before I install it, I want to make sure that the domain service is installed. This dependency can be defined by Dependon. Note that the default rule for DSC is to install randomly because he does not want to have excessive dependencies so that once the environment changes, the entire configuration may fail.
For example, I need to install IIS and then install the IIS Admin interface and configure a folder
configuration installiis { node sydittest { windowsfeature iis {ensure = ' Present ' name = ' web-server '} WindowsFeature IISMgmt {Ensure = ' Present ' Name = ' Web-mgmt-service ' DependsOn = "[Windowsfeature]iis"} windowsfeature iisconsole {ensure = ' Present ' name = ' Web-mgmt-console '} File DefaultWebSite { ensure = "Present" type = "Directory" # default is "File" force = $ true recurse = $True SourcePath = "C:\sites\inetpub\ Wwwroot\ " DestinationPath = " C:\inetpub\wwwroot\ " dependson = "[Windowsfeature]iis" }}}installiis -outputpath c:\dsc\mod6start-dscconfiguration -computername sydittest -path c:\ Dsc\mod6 -wait -verbose -force
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/E7/wKioL1YKELGxhwt1AAZ2FxdnV1E544.jpg "title=" 5.PNG " alt= "Wkiol1ykelgxhwt1aaz2fxdnv1e544.jpg"/>
This article is from the "Mapo Tofu" blog, please be sure to keep this source http://beanxyz.blog.51cto.com/5570417/1699083
Powershell DSC 5.0-parameters, certificate encryption account, and installation order