Uqwalaselo lweState olufunwayo lwe-PowerShell kunye nefayile: icandelo 1. Ukuqwalasela i-DSC Tsala iseva ukuze isebenze nesiseko sedatha se-SQL

I-PowerShell enqwenelekayo ye-State Configuration (DSC) iwenza lula kakhulu umsebenzi wokuhambisa kunye nokuqwalasela inkqubo yokusebenza, iindima zeseva, kunye nezicelo xa unamakhulu amaseva.

Kodwa xa usebenzisa i-DSC kwizakhiwo, okt. hayi kwi-MS Azure, kukho iinuances ezimbalwa. Ziphawuleka ngakumbi ukuba umbutho mkhulu (ukusuka kwiindawo zokusebenza ezingama-300 kunye neeseva) kwaye awukawufumani umhlaba wezikhongozeli:

• Akukho ngxelo zipheleleyo malunga nobume beenkqubo. Ukuba uqwalaselo olufunekayo aluzange lusetyenziswe kwezinye iiseva, ngoko ngaphandle kwezi ngxelo asiyi kuyazi malunga nayo. Kunzima kakhulu ukufumana ulwazi kwiseva yengxelo eyakhelwe-ngaphakathi, kwaye kwinani elikhulu lenginginya inokuthatha ixesha elide.
• Ukunqongophala kwe-scalability kunye nokunyamezela iimpazamo. Akunakwenzeka ukuba kwakhiwe ifama ye-DSC yokutsala iiseva zewebhu eziza kuba nesiseko sedatha esisodwa sokunyamezela impazamo kunye nokugcinwa okuqhelekileyo kweefayile ze-mof zokucwangciswa, iimodyuli kunye nezitshixo zokubhalisa.

Namhlanje ndiza kukuxelela indlela onokuyicombulula ngayo ingxaki yokuqala kwaye ufumane idatha yokunika ingxelo. Yonke into iya kuba lula ukuba iSQL ingasetyenziswa njengendawo yogcino-lwazi. NKSK izithembiso Inkxaso eyakhelwe-ngaphakathi kuphela kwiWindows Server 2019 okanye ekwakheni iWindows server 1803. Landela idatha usebenzisa umboneleli we-OleDB naye iyasilelakuba iseva yeDSC isebenzisa iparamitha enegama elingaxhaswanga ngokupheleleyo yiOleDbCommand.

Ndifumene le ndlela: kwabo basebenzisa iWindows Server 2012 kunye ne-2016, unako ingoma usebenzisa i-database ye-SQL njenge-backend ye-DSC yombuzo weseva. Ukwenza oku, siya kudala "ummeleli" ngendlela yefayile ye-.mdb kunye neetafile ezihambelanayo, eziza kuqondisa kwakhona idatha efunyenwe kwiingxelo zabaxhasi kwi-database yeseva ye-SQL.

Qaphela: KwiWindows Server 2016 kufuneka usebenzise AccessDatabaseEngine2016x86kuba iMicrosoft.Jet.OLEDB.4.0 ayisaxhaswa.

Andiyi kungena kwiinkcukacha malunga nenkqubo yokuthumela iseva ye-DSC yokutsala, ichazwe kakuhle kakhulu apha. Ndiza kuqaphela amanqaku ambalwa. Ukuba sihambisa i-DSC idonsa kwiseva yewebhu efanayo kunye ne-WSUS okanye iZiko loKhuseleko leKaspersky, ngoko kwiscript sokudala uqwalaselo kufuneka sitshintshe ezi parameters zilandelayo:

1. UseSecurityBestPractices     = $false

   Ngaphandle koko, i-TLS 1.0 iya kukhutshazwa kwaye awuyi kukwazi ukuqhagamshela kwi-database ye-SQL. IZiko loKhuseleko laseKaspersky nalo aliyi kusebenza (ingxaki kufuneka isonjululwe kwiZiko loKhuseleko laseKaspersky v11).

2. Enable32BitAppOnWin64   = $true

   Ukuba awenzi olu tshintsho, awuyi kukwazi ukuqhuba i-AppPool DSC server kwi-IIS nge-WSUS.

3. Xa uhlohla iseva ye-DSC nge-WSUS, khubaza i-caching emileyo neguqukayo yesiza se-DSC.

Masiqhubele phambili ukuseta iseva ye-DSC ukuze isebenzise isiseko sedatha ye-SQL.

Ukudala iDatabase yeSQL

1. Masenze i-database ye-SQL engenanto ebizwa ngokuba yi-DSC.

   
   
   

2. Masenze iakhawunti ukuze siqhagamshele kule database. Okokuqala, khangela ukuba iseva ye-SQL ivumela ukuqinisekiswa kwee-akhawunti zombini ze-Windows kunye ne-SQL.

   
   
   

3. Yiya kwicandelo le-User Mapping. Khetha isiseko sedatha, kule meko DSC. Sinika amalungelo omnini wesiseko sedatha.

   

4. Yenziwe.

   

Ukudala iSchema seDatha yeDSC

Kukho iindlela ezimbini zokwenza ischema sesiseko sedatha seDSC:

• ngokuzimeleyo, nge TSQL script

  SET ANSI_NULLS ON
  GO
  SET QUOTED_IDENTIFIER ON
  GO
  CREATE TABLE [dbo].[Devices](
  [TargetName] [nvarchar](255) NOT NULL,
  [ConfigurationID] [nvarchar](255) NOT NULL,
  [ServerCheckSum] [nvarchar](255) NOT NULL,
  [TargetCheckSum] [nvarchar](255) NOT NULL,
  [NodeCompliant] [bit] NOT NULL,
  [LastComplianceTime] [datetime] NULL,
  [LastHeartbeatTime] [datetime] NULL,
  [Dirty] [bit] NOT NULL,
  [StatusCode] [int] NULL
  ) ON [PRIMARY]
  GO
   
  CREATE TABLE [dbo].[RegistrationData](
  [AgentId] [nvarchar](255) NOT NULL,
  [LCMVersion] [nvarchar](255) NULL,
  [NodeName] [nvarchar](255) NULL,
  [IPAddress] [nvarchar](255) NULL,
  [ConfigurationNames] [nvarchar](max) NULL
  ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
  GO
   
  CREATE TABLE [dbo].[StatusReport](
  [JobId] [nvarchar](50) NOT NULL,
  [Id] [nvarchar](50) NOT NULL,
  [OperationType] [nvarchar](255) NULL,
  [RefreshMode] [nvarchar](255) NULL,
  [Status] [nvarchar](255) NULL,
  [LCMVersion] [nvarchar](50) NULL,
  [ReportFormatVersion] [nvarchar](255) NULL,
  [ConfigurationVersion] [nvarchar](255) NULL,
  [NodeName] [nvarchar](255) NULL,
  [IPAddress] [nvarchar](255) NULL,
  [StartTime] [datetime] NULL,
  [EndTime] [datetime] NULL,
  [Errors] [nvarchar](max) NULL,
  [StatusData] [nvarchar](max) NULL,
  [RebootRequested] [nvarchar](255) NULL
  ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
  GO

• rhweba ngaphandle idatha esuka kwizixhobo ezingenanto.mdb njengenxalenye yemodyuli yePS yePSDesiredStateConfiguration ngokusebenzisa iWizard yeDatha yeSQL yokuThutha.

  I-Devices.mdb esiza kusebenza nayo iku-C:WindowsSysWOW64WindowsPowerShellv1.0ModulesPSDesiredStateConfigurationPullServer.

1. Ukungenisa idatha, sebenzisa i-SQL Server Import and Export Wizard.

   

2. Sikhetha apho siya kufumana khona idatha - kwimeko yethu yi-Microsoft Access database. Cofa Okulandelayo.

   

3. Khetha ifayile esingenisa kuyo umzobo.

   

4. Sibonisa indawo yokungenisa - kuthi yi-SQL database.

   

5. Khetha iseva ye-SQL (Igama leseva) kunye nedathabheyisi apho siya kungenisa idatha (DataBase).

   

6. Khetha ukhetho Khuphela idatha kwitafile enye okanye ngaphezulu okanye iimboniselo (ukukopa idatha kwiitafile okanye iimboniselo).

   

7. Sikhetha iitafile apho siya kungenisa i-schema yedatha.

   

8. Khangela i Qhuba Ngokukhawuleza khangela ibhokisi kwaye ucofe Gqiba.

   

9. Yenziwe.

   

10. Ngenxa yoko, iitheyibhile kufuneka zivele kwiziko ledatha le-DSC.

    

Ukumisela ifayile ye-.mdb "proxy".

Ukwenza uqhagamshelo lwe-ODBC kwiseva ye-SQL. Kucingelwa ukuba i-MS Access ayifakelwanga kwiseva eqhuba i-DSC, ngoko ke ukusetwa kwe-database.mdb kwenziwa kwinginginya ephakathi nge-MS Access efakiweyo.

Masenze inkqubo ye-ODBC yoqhagamshelo kumncedisi we-SQL (ubuncinci boqhagamshelwano kufuneka buhambelane nobuncinci be-MS Access - 64 okanye 32). Ingenziwa ngokusebenzisa:
-Powershell cmdlet:

Add-OdbcDsn –Name DSC –DriverName 'SQL Server' –Platform '<64-bit or 32-bit>' –DsnType System –SetPropertyValue @('Description=DSC Pull Server',"Server=<Name of your SQL Server>",'Trusted_Connection=yes','Database=DSC') –PassThru

— okanye ngesandla, usebenzisa iwizadi yoqhagamshelwano:

1. Vula izixhobo zoLawulo. Sikhetha imithombo yedatha ye-ODBC ngokuxhomekeke kuguqulelo lwe-MS Access efakiweyo. Yiya kwiNkqubo ye-DSN ithebhu kwaye wenze uxhulumaniso lwesistim (Yongeza).

   

2. Sibonisa ukuba siya kudibanisa kwiseva ye-SQL. Cofa Gqiba.

   

3. Chaza igama kunye neseva oza kuqhagamshelwa kuyo. Emva koko udibaniso oluneeparamitha ezifanayo luya kufuneka lwenziwe kwiseva ye-DSC.

   

4. Sibonisa ukuba ukudibanisa kwiseva ye-SQL, sisebenzisa igama lokungena elenziwe ngaphambili elinegama elithi DSC.

   

5. Sicacisa i-database kwiisethingi zoqhagamshelwano lwe-DSC.

   

6. Cofa Gqiba.

   

7. Ngaphambi kokugqiba ukuseta, sijonga ukuba uxhulumaniso lusebenza (uMthombo weDatha yoVavanyo).

   

8. Yenziwe.

   

Ukwenza i-database ye-devices.mdb kwi-MS Access. Qalisa Ufikelelo lwe-MS kwaye wenze isiseko sedatha esingenanto ebizwa ngokuba yi-devices.mdb.

1. Yiya kwithebhu yeDatha yangaphandle kwaye ucofe kwi-ODBC Database. Kwifestile evelayo, khetha Yenza itheyibhile eqhagamshelweyo ukuze uqhagamshele kumthombo wedatha.

   

2. Kwifestile entsha, khetha isithuba soMthombo weDatha yoMatshini kwaye ucofe u-Kulungile. Kwifestile entsha, ngenisa iziqinisekiso zokuqhagamshela kwiseva yeSQL.

   

3. Khetha iitheyibhile ezifuna ukuqhagamshelwa. Khangela ibhokisi Gcina igama eligqithisiweyo kwaye ucofe uKulungile. Gcina igama lokugqitha ixesha ngalinye kuzo zontathu iitheyibhile.

   

4. Kwizalathisi kufuneka ukhethe oku kulandelayo:
   -Igama ekujoliswe kulo kwitheyibhile ye-dbo_Devices;

   
   
   — NodeName okanye IPAddress ye-dbo_RegistrationData;

   
   
   — NodeName okanye IPAddress ye dbo_StatusReport.

   

5. Masizinike ngokutsha iitafile kwi-MS Access, ezizezi: susa i-dbo_ prefix ukuze i-DSC izisebenzise.

   

6. Yenziwe.

   

7. Gcina ifayile kwaye uvale i-MS Access. Ngoku sikhuphela iziphumo zezixhobo.mdb kwiseva ye-DSC (ngokungagqibekanga kwi-C: Iifayile zeNkqubo yeWindowsPowershellDCSService) kwaye sibuyisele esele ikhona (ukuba ikhona).

Ukuqwalasela iseva yeDSC ukuze iSebenzise iSQL

1. Sibuyela kwiseva ye-DSC. Ukuqhagamshela kwiseva ye-SQL kunye nefayile yethu yommeli, masenze uqhagamshelwano olutsha lwe-ODBC kwiseva ye-DSC. Igama, ubunzulu bebit, kunye nezicwangciso zoqhagamshelo kufuneka zifane naxa kuyilwa ifayile ye-MDB. Ungakopa izixhobo ezingenanto esele ziqwalaselwe.mdb ukusuka apha.
2. Ukusebenzisa i-devices.mdb, kufuneka wenze utshintsho kwi-web.config ye-DSC pull server (ehlala ikho yi C:inetpubPSDSCPullServerweb.config):

-yeWindows Server 2012

<add key="dbprovider" value="System.Data.OleDb">
<add key="dbconnectionstr" value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:Program FilesWindowsPowerShellDscServiceDevices.mdb;">

-yeWindows Server 2016

<add key="dbprovider" value="System.Data.OleDb">
<add key="dbconnectionstr" value="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:Program FilesWindowsPowerShellDscServiceDevices.mdb;">

Oku kugqiba ukuseta iseva ye-DSC.

Ijonga umsebenzi womncedisi we DSC

1. Masijonge ukuba iseva ye-DSC iyafikeleleka ngesikhangeli sewebhu.

   

2. Ngoku makhe sijonge ukuba iseva yokutsala ye-DSC isebenza kakuhle na. Ukwenza oku, imodyuli yoqwalaselo ye-xPSDesiredStateConfiguration iquka i-script ye-pullserversetuptests.ps1. Ngaphambi kokuba usebenzise esi script, kufuneka ufake imodyuli yePowershell ebizwa ngokuba yiPester. Yifake Faka-Imodyuli -Igama Pester.
3. Vula C: IiFayile zeNkqubo yeWindowsPowerShellModulesxPSDesiredStateConfiguration<modyuli yenguqulelo>DSCPullServerSetupPullServerDeploymentVerificationTest (kumzekelo wenguqulo 8.0.0.0.0).

   

4. Vula i-PullServerSetupTests.ps1 kwaye ukhangele indlela eya kwi-web.config yeseva ye-DSC. Indlela eya kwi-web.config, eya kukhangela iscript, igxininiswe ngobomvu. Ukuba kuyimfuneko, sitshintsha le ndlela.

   

5. Qhuba i-pullserversetuptests.ps1
   Invoke-Pester.PullServerSetupTests.ps1
   Все работает.

   

6. KwiSitudiyo soLawulo lweSQL sibona ukuba iinginginya ezilawulwayo zithumela iingxelo kwiseva yengxelo ye-DSC kwaye idatha iphelela kwisiseko sedatha seDSC kwiseva yeSQL.

   

Kuko konke. Kumanqaku alandelayo ndiceba ukukuxelela indlela yokwakha iingxelo kwidatha efunyenweyo, kwaye ndiya kuchukumisa kwimiba malunga nokunyamezela iimpazamo kunye nokulinganisa.

umthombo: www.habr.com