Powershell DSC 自带了一些常见的资源。如果需要新的,可以下载安装 DSC Resource Kit 10或者从Powershell Gallery下载。


比如说查看当前已经安装了的资源

PS C:\Windows\system32> Get-DscResource
ImplementedAs   Name                      ModuleName                     Version    Properties                                        
-------------   ----                      ----------                     -------    ----------                                        
Binary          File                                                                {DestinationPath, Attributes, Checksum, Content...
PowerShell      Archive                   PSDesiredStateConfiguration    1.1        {Destination, Path, Checksum, Credential...}      
PowerShell      Environment               PSDesiredStateConfiguration    1.1        {Name, DependsOn, Ensure, Path...}                
PowerShell      Group                     PSDesiredStateConfiguration    1.1        {GroupName, Credential, DependsOn, Description...}
Binary          Log                       PSDesiredStateConfiguration    1.1        {Message, DependsOn, PsDscRunAsCredential}        
PowerShell      Package                   PSDesiredStateConfiguration    1.1        {Name, Path, ProductId, Arguments...}             
PowerShell      Registry                  PSDesiredStateConfiguration    1.1        {Key, ValueName, DependsOn, Ensure...}            
PowerShell      Script                    PSDesiredStateConfiguration    1.1        {GetScript, SetScript, TestScript, Credential...} 
PowerShell      Service                   PSDesiredStateConfiguration    1.1        {Name, BuiltInAccount, Credential, Dependencies...
PowerShell      User                      PSDesiredStateConfiguration    1.1        {UserName, DependsOn, Description, Disabled...}   
PowerShell      WaitForAll                PSDesiredStateConfiguration    1.1        {NodeName, ResourceName, DependsOn, PsDscRunAsC...
PowerShell      WaitForAny                PSDesiredStateConfiguration    1.1        {NodeName, ResourceName, DependsOn, PsDscRunAsC...
PowerShell      WaitForSome               PSDesiredStateConfiguration    1.1        {NodeCount, NodeName, ResourceName, DependsOn...} 
PowerShell      WindowsFeature            PSDesiredStateConfiguration    1.1        {Name, Credential, DependsOn, Ensure...}          
PowerShell      WindowsOptionalFeature    PSDesiredStateConfiguration    1.1        {Name, DependsOn, Ensure, LogLevel...}            
PowerShell      WindowsProcess            PSDesiredStateConfiguration    1.1        {Arguments, Path, Credential, DependsOn...}       
PowerShell      xArchive                  xPSDesiredStateConfiguration   3.5.0.0    {Destination, Path, CompressionLevel, DependsOn...
PowerShell      xDSCWebService            xPSDesiredStateConfiguration   3.5.0.0    {CertificateThumbPrint, EndpointName, AcceptSel...
PowerShell      xGroup                    xPSDesiredStateConfiguration   3.5.0.0    {GroupName, Credential, DependsOn, Description...}
PowerShell      xPackage                  xPSDesiredStateConfiguration   3.5.0.0    {Name, Path, ProductId, Arguments...}             
PowerShell      xPSEndpoint               xPSDesiredStateConfiguration   3.5.0.0    {Name, AccessMode, DependsOn, Ensure...}          
PowerShell      xRemoteFile               xPSDesiredStateConfiguration   3.5.0.0    {DestinationPath, Uri, Credential, DependsOn...}  
PowerShell      xService                  xPSDesiredStateConfiguration   3.5.0.0    {Name, BuiltInAccount, Credential, Dependencies...
PowerShell      xWindowsOptionalFeature   xPSDesiredStateConfiguration   3.5.0.0    {Name, DependsOn, Ensure, LogLevel...}            
PowerShell      xWindowsProcess           xPSDesiredStateConfiguration   3.5.0.0    {Arguments, Path, Credential, DependsOn...}


下面是一些常见的例子:


  1. 拷贝文件 资源叫做 File


configuration TestFile {
    Node sydittest {
        File ZipFile {
            Ensure = "Present" 
            Type = "Directory“ # Default is “File”
            Force = $True
            Recurse = $True
            SourcePath = '\\sydit01\test'
            DestinationPath = 'C:\Downloads'  # On Sydittest
        }
    }
}
TestFile -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force


wKiom1YEwVugUCWkAAU4kF_qMaU164.jpg

查看该zip文件已经拷贝了

wKiom1YEwVzA-UjjAADe-KBDutw222.jpg


2.解压zip文件,资源叫做 Archive


configuration TestArchive {
    Node sydittest {
        Archive Unzip{
            Destination = 'C:\unzip'
            Path = 'c:\downloads\temp.zip'
            Checksum = 'SHA-256'
            Validate = $true
            Force = $true
            Ensure = 'Present'
        }
    }
}
TestArchive -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -Force


wKioL1YEwWHRDSUVAAaZPq18p4U036.jpg


该文件已经解压到指定目录

wKioL1YEwWLDwGwWAAEgckiAjds849.jpg


3. 创建环境变量 资源叫做Environment


configuration TestEnvVar {
    Node sydittest {
        Environment NewVar{
            Name = 'MYNEWVAR'
            Value = 'Value to store'
            Ensure = 'Present'
        }
    }
}
TestEnvVar -OutputPath c:\DSC\Mod5Config


wKiom1YEwV_TQzhfAASLq1Tt0v4829.jpg


确认该环境变量已经创建

wKiom1YEwWDDvsZ-AAFW7jSx0Q8102.jpg


4.创建本地用户 资源是User

这个是几个资源里面相对麻烦的一个,因为默认传递的是明文,他不会允许你推送的,我需要明确告诉他允许明文。


configuration TestUser
{
    param
    ( 
        [PSCredential]$Credential
    )
    node sydittest
    {    
        User TestUser
        {
            UserName = $Credential.UserName
            Ensure = 'Present'
            Password = $Credential
            Description = 'User created by DSC'
            PasswordNeverExpires = $true
            PasswordChangeNotAllowed = $true
        }
    }
}
$ConfigData = @{   
    AllNodes = @(        
        @{     
            NodeName = 'sydittest'
            PSDscAllowPlainTextPassword=$true
        } 
    )  
} 
TestUser -ConfigurationData $ConfigData -Credential (Get-Credential) -OutputPath c:\DSC\Mod5Config


可以看见是明文发送的,如果是生产环境,需要用证书加密的才行。


wKioL1YEyUCBNcanAAEcYlhfnwE913.jpg


推送出去

Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force

wKiom1YEwW-w1E34AAR2dCkByxc670.jpg


可以看见用户已经创建了

wKioL1YEwXSBPno9AAD7EE09yQE825.jpg


5.创建本地组 资源 Group


configuration TestGroup {
    Node sydittest {
        Group CreateGroup {
            Ensure = 'Present'
            GroupName = 'TestGroup'
            Description = 'This is a DSC test group'
            Members = 'administrator'
        } 
        
    }
}
TestGroup -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force

wKioL1YEwWaCzhr8AATXDQsO6qI418.jpg


6.创建注册表键 资源 Registry


configuration TestRegistry {
    Node sydittest {
        Registry CreateReg {
            Key = 'HKEY_Local_Machine\Software\DSCTest'
            ValueName = 'DSCTestGood'
            ValueType = 'string'
            ValueData = 'True'
        } 
    }
}
Testregistry -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force


wKioL1YEwWii0gJNAAOX-p9OTFk632.jpg


确认成功创建

wKiom1YEwWaDfC3VAAHHSve_5ac780.jpg


7. 创建进程(运行某个程序) 资源是 Windowsprocess

configuration TestProcess {
    Node sydittest {
        WindowsProcess CreateNotepad {
            Path = 'notepad.exe'
            Arguments = ''
        } 
        WindowsProcess CreatePaint {
            Path = 'mspaint.exe'
            Arguments = ''
        }
    }
}
TestProcess -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force


确认

wKiom1YEwWfBLXGXAAOLZriLRuc207.jpg


8. 更改服务的状态

configuration TestService {
    Node sydittest {
        Service StartAudio {
            Name = 'Audiosrv'
            State = 'Running'
            StartupType = 'Automatic'
        } 
    }
}
TestService -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force


更改前

wKioL1YEwWvDYdpiAACyuvwnn6M371.jpg


更改

wKiom1YEwWmhPW6lAAPmKKrUZUA167.jpg

更改后

wKioL1YEwW6i7dRHAADDjpn3BUI020.jpg


9. 脚本资源


这个是当现有的资源都无法满足需求的时候,可以进行自定义资源。里面有3个子模块,test,set,get


首先通过 test 判断状态,返回一个boolean值,如果是true,忽略;如果是false,那么在set里面进行处理;相当于于一个if else的判断语句。get可以通过getdsc的命令获取当前状态


下面的例子是判断如果bits服务开启,那么关闭

configuration TestScript {
    Node sydittest {
        Script TestScript {
            GetScript = {
                @{
                    GetScript = $GetScript
                    SetScript = $setScript
                    TestScript = $TestScript
                    Result = (Get-Service -name bits).status
                }           
            }
            SetScript = {
                stop-Service -name bits
            }
            TestScript = {
            
                $Status=(Get-service -name bits).status
                $Status -eq 'stopped'
            }
        }
        
    }
}
Testscript -OutputPath c:\DSC\Mod5Config
Start-DscConfiguration -computername sydittest -Path c:\dsc\Mod5Config -Wait -Verbose -force

wKiom1YEwWuANp5LAADpEgqjp-c956.jpg

wKioL1YEwXGxB2XwAAQb_LkUyU8397.jpg