Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Windows Deployment with PowerShell
guitarrapc
April 12, 2014
Programming
9
5.5k
Windows Deployment with PowerShell
guitarrapc
April 12, 2014
Tweet
Share
More Decks by guitarrapc
See All by guitarrapc
黒騎士と白の魔王で見るFastly によるキャッシングの活用と実践
guitarrapc
6
4.6k
Simple Windows Architecture on AWS
guitarrapc
2
3.4k
Nice to meet you Aurora!!
guitarrapc
18
8.1k
PowerShell in C# Development
guitarrapc
3
1.6k
PowerShell - When
guitarrapc
1
1.2k
Dive into PowerShell DSC PULL
guitarrapc
4
670
Introduction of Windows PowerShell
guitarrapc
1
2.3k
Sideloading Windows Store apps with PowerShell
guitarrapc
0
560
PowerShell Automation Windows Servers on AWS
guitarrapc
3
1.5k
Other Decks in Programming
See All in Programming
クラウド KMS の活用 / TOKYO BLOCKCHAIN TECH MEETUP 2022
odanado
PRO
0
190
FargateとAthenaで作る、機械学習システム
nayuts
0
180
パスワードに関する最近の動向
kenchan0130
1
330
Pluggable Storage in PostgreSQL
sira
1
190
Rに管理されてみる
kazutan
0
260
2022 - COSCUP - 打造高速 Ruby 專案開發流程
elct9620
0
100
WindowsコンテナDojo: 第4回 Red Hat OpenShift Localを使ってみよう
oniak3ibm
PRO
0
190
Amazon Lookout for Visionで 筆跡鑑定してみた
cmnakamurashogo
0
170
Computer Vision Seminar 1/コンピュータビジョンセミナーvol.1 OpenCV活用
fixstars
0
170
設計の考え方とやり方
masuda220
PRO
54
30k
Introduction to Property-Based Testing @ COSCUP 2022
cybai
1
150
Now in Android Overview
aosa4054
0
400
Featured
See All Featured
The Web Native Designer (August 2011)
paulrobertlloyd
75
2k
Navigating Team Friction
lara
175
11k
Keith and Marios Guide to Fast Websites
keithpitt
404
21k
The Brand Is Dead. Long Live the Brand.
mthomps
46
2.7k
Become a Pro
speakerdeck
PRO
3
910
GitHub's CSS Performance
jonrohan
1020
420k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
100
6k
Bootstrapping a Software Product
garrettdimon
296
110k
A better future with KSS
kneath
226
16k
Atom: Resistance is Futile
akmur
255
20k
Making the Leap to Tech Lead
cromwellryan
113
7.4k
Unsuck your backbone
ammeep
659
55k
Transcript
None
@Job PowerShell @Private http://tech.guitarrapc.com @guitarrapc_tech https://github.com/guitarrapc/valentia
2012/09/16 株式会社グラニ設立 2013/01/25 「神獄のヴァルハラゲート」リリース(PHP) 2013/07/15 PHPからC#にリニューアル(見た目一緒だけど中身完全別物) 2014/02/19 「モンスタハンターロアオブカード」リリース
AWS で動いています
None
None
突然ですが、
Deployment
って何ですか?
Configuration Orchestration Cluster Management 今回は Bootstrap (OS自動展開など) にはほぼ触れない (なんだと)
Configuration インフラの 静的な部分の自動化 プログラマブルなインフラが可能になり、自動化も可能に OS ~ ミドルウェアレベルでのプロビジョニング
Orchestration インフラの 動的な部分の自動化 画一的な設定適用ではなく、サーバーの機能に合わせた設定適用とか アプリケーションデプロイ アプリケーションデプロイされた全ノードで1つのサービスを提供する
Cluster Management 同じ役割の各ノードが他ノードと連携して動作 Orchestration 的だが、協調/自律的に動作するので重複しつつ分離しておく ノードと他サービスが協調的に動作 インスタンスの停止状態になるときに、ロードバランサに通知して ロー ドバランサから自動的にはずれるなど。
Deploy って細かい
Linux :)
None
Windows :(
None
AWS 上の Windowsでどうやるのか
None
None
None
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
None
None
None
None
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
None
None
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
None
None
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
None
Deployment x Automation
@
None
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances EC2 Instances
目的 自動化と任意トリガー 非同期実行
ようは 面倒だから()
None
Orchestration
None
None
Orchestration Tool by PowerShell PowerShell Remoting のラッパー 認証や初期設定を簡略化
Orchestration, Orchestration, Orchestration!! MSDeploy との連携 サーバーの状態を変更、展開
Cmdlet/Function/Snap-in Remoting/Module/Job/ISE Intellisense/Workflow DSC/MethodSyntax 2006 PS 1.0 2008 PS 2.0
2012 PS 3.0 2013 PS 4.0 Monad Automation Model Monad Shell Monad Remote Scripting Monad Management Console Monad Management Model OneGet/Network 2014 PS 5.0 Preview
None
Demo
valentia は Orchestration (Deploy) ツール Infrastructure As Code とはいかない 直観的じゃない
(Configurationにはこれじゃダメ) Configuration はしたくない
Configurationまだですか
で、
None
Configuration
None
None
DSC = Chef ライクな環境 をWindowsで!
Configuration Management by CIM 宣言型(Declare)の記述 目的
Cmdlet/Function/Snap-in Remoting/Module/Job/ISE Intellisense/Workflow DSC/MethodSyntax 2006 PS 1.0 2008 PS 2.0
2012 PS 3.0 2013 PS 4.0 Monad Automation Model Monad Shell Monad Remote Scripting Monad Management Console Monad Management Model OneGet/Network 2014 PS 5.0 Preview
None
PUSH PULL
今日はPUSH
リソース リソースの確認Cmdlet Get-DscResource
None
Windows Feature File
Demo : PUSH
$status = Get-WindowsFeature -Name DSC-Service if ($status.InstallStatus -ne "Installed") {
Install-WindowsFeature -Name DSC-Service }
configuration InstallDSCService { node localhost { WindowsFeature DSCService { Name
= "DSC-Service" Ensure = "Present" } } }
$dsc = InstallDSCService -output "." $path = ($dsc.Directory.FullName | select
-First 1)
instance of MSFT_RoleResource as $MSFT_RoleResource1ref { ResourceID = "[WindowsFeature]DSCService"; Ensure
= "Present"; SourceInfo = "C:¥¥DSC¥¥Push¥¥WindowsFeature- DSCService¥¥InstallDSCService.ps1::5::9::WindowsFeature"; Name = "DSC-Service"; ModuleName = "PSDesiredStateConfiguration"; ModuleVersion = "1.0"; }; instance of OMI_ConfigurationDocument { Version="1.0.0"; Author="Administrator"; GenerationDate="04/12/2014 18:47:15"; GenerationHost="WIN-P45DJOFHDO4"; };
Start-DscConfiguration -Wait -Force -Verbose -Path $path
PowerShell DSC は CIM 実行 Domain 参加サーバー同士の認証では容易 WorkGroupのみ / Domain参加の併用
は CIMを使う
$cimSession = New-CimSession -Authentication CredSSP -Credential $credential ` -ComputerName $ComputerName
$dsc = CopyFileCred –SourcePath $sourcePath –Credential (Get-ValentiaCredential) ` -ConfigurationData $ConfigurationData $path = $dsc.Directory.FullName | select –First 1 Set-DscLocalConfigurationManager –Path $path –Verbose –CimSession $cimsession Start-DscConfiguration –Wait –Force –Verbose –Path $path -CimSession $cimSession Remove-CimSession -CimSession $cimSession
Start-DSCConfiguration に渡して便利に利用
$nodeName = $ComputerName | %{@{NodeName = $_}} $ConfigurationData = @{
AllNodes = @( @{ NodeName = "*" PSDscAllowPlainTextPassword = $true } $nodeName ) }
同一ホスト内での処理はSystemアカウントを利用 別ホストの参照はコンピュータ認証を利用
認証生パスワードが.mofに記述されている PSDscAllowPlainTextPassword = $true #明示しないとパスワード使えない 証明書を使うことで、パスワードが暗号化される (解読用) (暗号用) (解読参照用)
configuration InstallDSCServiceCredential { param ( [PSCredential] $credential ) node $AllNodes.NodeName
{ WindowsFeature DSCService { Name = "DSC-Service" Ensure = "Present" Credential = $credential } } }
function Start-DSCPushSample { [CmdletBinding()] param ( [string[]] $computerName, [pscredential] $Credential
) $nodeName = $ComputerName | %{@{NodeName = $_}} $ConfigurationData = @{ AllNodes = @( @{ NodeName = "*" PSDscAllowPlainTextPassword = $true #明示が必須 } $nodeName ) } #Domain参加ノード->WorkGroupノードでもCimセッションで認証可能 $cimSession = New-CimSession -Authentication Negotiate -Credential $credential -ComputerName $ComputerName # ConfigurationDataを渡してAPSDscAllowPlainTextPassword で認証パスワードを生テキストに! $dsc = InstallDSCServiceCredential -output "." -ConfigurationData $ConfigurationData -credential $credential Start-DscConfiguration -Wait -Force -Verbose -Path ($dsc.Directory.FullName | select -First 1) -CimSession $cimSession }
生パスワードがかかれてる! KUSOすぎる
各ノード Local Machine¥My に配置する サーバー Local Machine¥My に配置しておくと、ThumPrintを動的に読めるので便利
対象ノードで使用する証明書ThumbPrintを指定 対象ノードのパスワード暗号化に使用する公開鍵ファイルパス を指定
ThumPrint が一致する証明書を証明書ストアから探す 見つけた秘密鍵で公開鍵暗号がかけられたパスワードを解除
configuration InstallDSCServiceCredentialCert { param ( [PSCredential] $credential ) node $AllNodes.NodeName
{ WindowsFeature DSCService { Name = "DSC-Service" Ensure = "Present" } LocalConfigurationManager { CertificateId = $node.Thumbprint } } }
function Start-CredentialEncryptionExample { [CmdletBinding()] param ($computerName, $credential) $thumbprint = "6CBD916822BBDA1BEBEDBF4819071C86C461C082"
Write-Verbose "using cert: $thumbprint" $certificatePath = "c:¥dsc¥dsc.cer" $nodeName = $computerName | %{@{NodeName = $_}} $ConfigurationData = @{ AllNodes = @( @{ # The name of the node we are describing NodeName = "*" # The path to the .cer file containing the public key of the Encryption Certificate CertificateFile = "$certificatePath" # The thumbprint of the Encryption Certificate used to decrypt the credentials Thumbprint = $thumbprint } $nodeName ) } $cimSession = New-CimSession -Authentication CredSsp -Credential $credential -ComputerName $computerName $dsc = InstallDSCServiceCredentialCert -output "." -ConfigurationData $ConfigurationData -credential $credential Set-DscLocalConfigurationManager -Path ($dsc.Directory.FullName | select -First 1) -Verbose Start-DscConfiguration -Wait -Verbose -Path ($dsc.Directory.FullName | select -First 1) }
やっと安心して使えるけど、秘密鍵の配置がだるい
新たに生成された .meta.mof にクライアントに渡す thumbprint が
PSRemoting との使い分け
PSRemoting => Orchestration DSC PUSH => Configuration PSRemotingよりコードでインフラ状態を管理しやすい
処理速度 https://gist.github.com/guitarrapc/9748680 DSC PUSH は、並列度少な目/CIMオーバーヘッドにみえる? (PS 5.0のDSC Refreshに期待)
None
Cluster Management
http://www.slideshare.net/sonots/serf-iiconf-20140325
Windowsでやってる人知らないです (Serf は Windowsも対応してるらしい)
Immutable Infrastructure
https://speakerdeck.com/naoya/immutable-infrastructuregakai-fa-purosesuniyu-eruying-xiang-jia-number-immutableinfra
Windowsでやってる人いませんかー (今更 CHEF/Puppet と同等の DSC って……)
キーとなるのは : Docker
超軽量なVM(Box)の高速展開が可能に! (Microsoft はVagrant に Win2012 R2をpreview提供してて期待)
Deployment は Linux が断然先行
Windowsの圧倒的事例のなさ!!
None
Orchestration : valentia Cluster Management : valentia + AWSPowerShell +
Serf? State-less なWebサーバーは他ノードと協調した復帰など Configuration : DSC
なるべく Immutableにできるところはする
何から何までDSCでやるのはちがうしNAI
シンプルな自動化を実例に
None
Orchestration は 各自が PSRemotingで実装 http://guitarrapc.github.io/valentia/ https://github.com/AppVeyor/AppRolla Configuration は DSC が提供
Clustering Management は Serf が使えるか謎 apt-get なリポジトリ共通基盤として OneGet PowerShell は
Azureを初めとして Cloud Automationに注力
Windows Automation with PowerShell
None
大規模なモジュール http://visualstudiogallery.msdn.microsoft.com/c9eb3ba8-0c59-4944-9a62-6eee37294597 単体ファイル http://www.powertheshell.com/isesteroids/
await
None