编程开源技术交流,分享技术与知识

网站首页 > 开源技术 正文

桌面运维小妙招-“巧克力”私有源

wxchong 2024-06-28 10:51:38 开源技术 13 ℃ 0 评论

桌面运维痛苦二

A工程师:上次说的“巧克力”工具真的不错,可以安装软件、补丁等等,但是软件还是不够多。

B工程师:很多国产软件都不支持,软件源还是国外的,感觉“巧克力”有点鸡肋。

我:我这有个妙招,您不妨试试?


工具介绍

考虑到软件的简单、安全管理,“巧克力”工具贴心考虑到私有化部署场景,同时也在官网详细描述了部署软件源的过程。

这样一来,组织上就可以实现离线管理软件源,保证了组织管理灵活性和软件来源的安全性了。

使用步骤-教你如何使用Choco

如何安装

安装要求:

  • NET Framework 4.6+.
  • Windows 2008 R2 或以上
  • Windows服务端需要有50G空闲空间以上.
  • 我们建议提供8G的运行内存
  • Windows服务端需要使用IIS服务以及开放web端口


安装server


我选用的是windows2012 R2版本,在安装chocolatey server之前,需要安装补丁:

choco install KB2919355 -y


重启系统;

安装下一个补丁:

choco install KB2919442 -y


再安装.net 4.6.1

choco install dotnet4.6.1 -y


然后通过官方提供的powershell脚本安装chocolatey server

$siteName = 'ChocolateyServer'
$appPoolName = 'ChocolateyServerAppPool'
$sitePath = 'c:\tools\chocolatey.server'
function Add-Acl {
    [CmdletBinding()]
    Param (
        [string]$Path,
        [System.Security.AccessControl.FileSystemAccessRule]$AceObject
    )
    Write-Verbose "Retrieving existing ACL from $Path"
    $objACL = Get-ACL -Path $Path
    $objACL.AddAccessRule($AceObject)
    Write-Verbose "Setting ACL on $Path"
    Set-ACL -Path $Path -AclObject $objACL
}
function New-AclObject {
    [CmdletBinding()]
    Param (
        [string]$SamAccountName,
        [System.Security.AccessControl.FileSystemRights]$Permission,
        [System.Security.AccessControl.AccessControlType]$AccessControl = 'Allow',
        [System.Security.AccessControl.InheritanceFlags]$Inheritance = 'None',
        [System.Security.AccessControl.PropagationFlags]$Propagation = 'None'
    )
    New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule($SamAccountName, $Permission, $Inheritance, $Propagation, $AccessControl)
}
if ($null -eq (Get-Command -Name 'choco.exe' -ErrorAction SilentlyContinue)) {
    Write-Warning "Chocolatey not installed. Cannot install standard packages."
    Exit 1
}
# Install Chocolatey.Server prereqs
choco install IIS-WebServer --source windowsfeatures
choco install IIS-ASPNET45 --source windowsfeatures
# Install Chocolatey.Server
choco upgrade chocolatey.server -y
# Step by step instructions here https://docs.chocolatey.org/en-us/guides/organizations/set-up-chocolatey-server#setup-normally
# Import the right modules
Import-Module WebAdministration
# Disable or remove the Default website
Get-Website -Name 'Default Web Site' | Stop-Website
Set-ItemProperty "IIS:\Sites\Default Web Site" serverAutoStart False    # disables website
# Set up an app pool for Chocolatey.Server. Ensure 32-bit is enabled and the managed runtime version is v4.0 (or some version of 4). Ensure it is "Integrated" and not "Classic".
New-WebAppPool -Name $appPoolName -Force
Set-ItemProperty IIS:\AppPools\$appPoolName enable32BitAppOnWin64 True       # Ensure 32-bit is enabled
Set-ItemProperty IIS:\AppPools\$appPoolName managedRuntimeVersion v4.0       # managed runtime version is v4.0
Set-ItemProperty IIS:\AppPools\$appPoolName managedPipelineMode Integrated   # Ensure it is "Integrated" and not "Classic"
Restart-WebAppPool -Name $appPoolName   # likely not needed ... but just in case
# Set up an IIS website pointed to the install location and set it to use the app pool.
New-Website -Name $siteName -ApplicationPool $appPoolName -PhysicalPath $sitePath
# Add permissions to c:\tools\chocolatey.server:
'IIS_IUSRS', 'IUSR', "IIS APPPOOL\$appPoolName" | ForEach-Object {
    $obj = New-AclObject -SamAccountName $_ -Permission 'ReadAndExecute' -Inheritance 'ContainerInherit','ObjectInherit'
    Add-Acl -Path $sitePath -AceObject $obj
}
# Add the permissions to the App_Data subfolder:
$appdataPath = Join-Path -Path $sitePath -ChildPath 'App_Data'
'IIS_IUSRS', "IIS APPPOOL\$appPoolName" | ForEach-Object {
    $obj = New-AclObject -SamAccountName $_ -Permission 'Modify' -Inheritance 'ContainerInherit', 'ObjectInherit'
    Add-Acl -Path $appdataPath -AceObject $obj
}


安装结果


IIS服务也跑起来了


添加一下新的私有源

PS C:\Windows\system32> choco source add -n=eflypro -s="http://192.168.154.138/chocolatey" -u=choco -p=rocks
Chocolatey v0.10.15
Added eflypro - http://192.168.154.138/chocolatey (Priority 0)


接下来我们要上传一个包

安装包可以从官网下载,然后上传到我们的私有源

PS D:\Download\packages> choco push --source "'http://192.168.154.138/chocolatey'" -k="chocolateyrocks" --force
Chocolatey v0.10.15
Attempting to push 7zip.19.0.nupkg to http://192.168.154.138/chocolatey
7zip 19.0 was pushed successfully to http://192.168.154.138/chocolatey


我们检查一下包是否能上传成功

PS D:\Download\packages> choco search -r=eflypro
7zip|19.0


最后尝试安装一下软件

PS D:\Download\packages> choco install 7zip -y

总结

继“巧克力”介绍入门篇后,本篇技术分享了“巧克力”私有软件源的部署以及包上传操作。简单的操作保证了运维人员解放双手,创建更多价值。是不是觉得意犹未尽呢,本系列后面会持续更新。敬请期待哈~

Tags:

本文暂时没有评论,来添加一个吧(●'◡'●)

欢迎 发表评论:

最近发表
标签列表