桌面运维痛苦二
A工程师:上次说的“巧克力”工具真的不错,可以安装软件、补丁等等,但是软件还是不够多。
B工程师:很多国产软件都不支持,软件源还是国外的,感觉“巧克力”有点鸡肋。
我:我这有个妙招,您不妨试试?
工具介绍
考虑到软件的简单、安全管理,“巧克力”工具贴心考虑到私有化部署场景,同时也在官网详细描述了部署软件源的过程。
这样一来,组织上就可以实现离线管理软件源,保证了组织管理灵活性和软件来源的安全性了。
使用步骤-教你如何使用Choco
如何安装
安装要求:
- NET Framework 4.6+.
- Windows 2008 R2 或以上
- Windows服务端需要有50G空闲空间以上.
- 我们建议提供8G的运行内存
- Windows服务端需要使用IIS服务以及开放web端口
安装server
我选用的是windows2012 R2版本,在安装chocolatey server之前,需要安装补丁:
choco install KB2919355 -y
重启系统;
安装下一个补丁:
choco install KB2919442 -y
再安装.net 4.6.1
choco install dotnet4.6.1 -y
然后通过官方提供的powershell脚本安装chocolatey server
$siteName = 'ChocolateyServer'
$appPoolName = 'ChocolateyServerAppPool'
$sitePath = 'c:\tools\chocolatey.server'
function Add-Acl {
[CmdletBinding()]
Param (
[string]$Path,
[System.Security.AccessControl.FileSystemAccessRule]$AceObject
)
Write-Verbose "Retrieving existing ACL from $Path"
$objACL = Get-ACL -Path $Path
$objACL.AddAccessRule($AceObject)
Write-Verbose "Setting ACL on $Path"
Set-ACL -Path $Path -AclObject $objACL
}
function New-AclObject {
[CmdletBinding()]
Param (
[string]$SamAccountName,
[System.Security.AccessControl.FileSystemRights]$Permission,
[System.Security.AccessControl.AccessControlType]$AccessControl = 'Allow',
[System.Security.AccessControl.InheritanceFlags]$Inheritance = 'None',
[System.Security.AccessControl.PropagationFlags]$Propagation = 'None'
)
New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule($SamAccountName, $Permission, $Inheritance, $Propagation, $AccessControl)
}
if ($null -eq (Get-Command -Name 'choco.exe' -ErrorAction SilentlyContinue)) {
Write-Warning "Chocolatey not installed. Cannot install standard packages."
Exit 1
}
# Install Chocolatey.Server prereqs
choco install IIS-WebServer --source windowsfeatures
choco install IIS-ASPNET45 --source windowsfeatures
# Install Chocolatey.Server
choco upgrade chocolatey.server -y
# Step by step instructions here https://docs.chocolatey.org/en-us/guides/organizations/set-up-chocolatey-server#setup-normally
# Import the right modules
Import-Module WebAdministration
# Disable or remove the Default website
Get-Website -Name 'Default Web Site' | Stop-Website
Set-ItemProperty "IIS:\Sites\Default Web Site" serverAutoStart False # disables website
# Set up an app pool for Chocolatey.Server. Ensure 32-bit is enabled and the managed runtime version is v4.0 (or some version of 4). Ensure it is "Integrated" and not "Classic".
New-WebAppPool -Name $appPoolName -Force
Set-ItemProperty IIS:\AppPools\$appPoolName enable32BitAppOnWin64 True # Ensure 32-bit is enabled
Set-ItemProperty IIS:\AppPools\$appPoolName managedRuntimeVersion v4.0 # managed runtime version is v4.0
Set-ItemProperty IIS:\AppPools\$appPoolName managedPipelineMode Integrated # Ensure it is "Integrated" and not "Classic"
Restart-WebAppPool -Name $appPoolName # likely not needed ... but just in case
# Set up an IIS website pointed to the install location and set it to use the app pool.
New-Website -Name $siteName -ApplicationPool $appPoolName -PhysicalPath $sitePath
# Add permissions to c:\tools\chocolatey.server:
'IIS_IUSRS', 'IUSR', "IIS APPPOOL\$appPoolName" | ForEach-Object {
$obj = New-AclObject -SamAccountName $_ -Permission 'ReadAndExecute' -Inheritance 'ContainerInherit','ObjectInherit'
Add-Acl -Path $sitePath -AceObject $obj
}
# Add the permissions to the App_Data subfolder:
$appdataPath = Join-Path -Path $sitePath -ChildPath 'App_Data'
'IIS_IUSRS', "IIS APPPOOL\$appPoolName" | ForEach-Object {
$obj = New-AclObject -SamAccountName $_ -Permission 'Modify' -Inheritance 'ContainerInherit', 'ObjectInherit'
Add-Acl -Path $appdataPath -AceObject $obj
}
安装结果
IIS服务也跑起来了
添加一下新的私有源
PS C:\Windows\system32> choco source add -n=eflypro -s="http://192.168.154.138/chocolatey" -u=choco -p=rocks
Chocolatey v0.10.15
Added eflypro - http://192.168.154.138/chocolatey (Priority 0)
接下来我们要上传一个包
安装包可以从官网下载,然后上传到我们的私有源
PS D:\Download\packages> choco push --source "'http://192.168.154.138/chocolatey'" -k="chocolateyrocks" --force
Chocolatey v0.10.15
Attempting to push 7zip.19.0.nupkg to http://192.168.154.138/chocolatey
7zip 19.0 was pushed successfully to http://192.168.154.138/chocolatey
我们检查一下包是否能上传成功
PS D:\Download\packages> choco search -r=eflypro
7zip|19.0
最后尝试安装一下软件
PS D:\Download\packages> choco install 7zip -y
总结
继“巧克力”介绍入门篇后,本篇技术分享了“巧克力”私有软件源的部署以及包上传操作。简单的操作保证了运维人员解放双手,创建更多价值。是不是觉得意犹未尽呢,本系列后面会持续更新。敬请期待哈~
本文暂时没有评论,来添加一个吧(●'◡'●)