TL;DR How do i start-dscconfiguration over SSL with multiple nodes?
DSC supports the ability to provide multiple nodes in a configuration. A common example
$configData = #{
AllNodes = #(
#{
NodeName = "COMPUTER1";
Parameter1 = "Foo";
},
#{
NodeName = "COMPUTER2";
Parameter1 = "Bar";
}
)
}
configuration InstallIIS {
Node $AllNodes.NodeName {
WindowsFeature IIS
{
Ensure = "Present"
Name = "Web-Server"
}
}
}
$mofs = InstallIIS -ConfigurationData $configData
Start-DscConfiguration -Path $mofs -Verbose -Wait
As you're probably aware, this configuration (that installs IIS) will be applied to both COMPUTER1 and COMPUTER2 (2 mof files will be generated).
By default this example will use WinRM over HTTP. As all good programmers know, you should really consider the HTTPS option; so i am.
Here is the Start-DscConfiguration example again, using HTTPS (WinRM) with the -UseSsl flag:
$creds = New-Object System.Management.Automation.PSCredential ("mydomain\mike", (ConvertTo-SecureString "ILikeCatsAlot" -AsPlainText -Force))
$sessionOptions = New-CimSessionOption -UseSsl #note the -UseSsl
$computerName = "COMPUTER1" #Oh dear i have to pass the computer name
$session = New-CimSession -Credential $creds -SessionOption $sessionOptions -ComputerName $computerName
Start-DscConfiguration -Path $mofs -CimSession $session
As you see, i need to supply the -ComputerName parameter to the CimSession which is no good because i want to apply this configuration to all the nodes. It seems like i've lost the ability to provide multiple nodes in the $configdata
With DSC, how do i start a configuration overWinRM (transport:https) without needing to supply a specific computer for the session?
Based on the clarification in the comments, this is not currently a feature supported in Start-DSCConfiguration. If you would like to suggest the feature to the product team, please file an issue in the PowerShell User Voice
Update: Thanks for filing this issue on user voice.
Did you try to build a DSC Pull server (https or SMB)? SMB is encrypted (SMBv3 uses AES 256) and very simple (some syntax and renaming is involved). HTTPS Pull allows for a report server to manage your machines centrally and uses TLS like you have mentioned.
Related
I have been researching on this for a couple of days but have been going in circles here.
I need to write a script that fetches the data from Oracle db and do something with the data. In my script I will have to fetch data multiple times.
My machine has the SQLDeveloper-21.4.3 which I got from installing InstantClient-Basic-Windows-21.3.0. I use the SQL Developer to connect to the db which is on another machine; this is how I can look into tables, views etc. of the db.
Secondly, this script will be hosted on another server that runs Windows-Server-2012-R2. I am just using my machine to write the script because I cannot use the server to do this. Therefore, I am looking for a solution that requires minimum amount of installing.
Thirdly, we do not have Oracle commercial license. This Oracle db I am trying to access is on the machine installed by a third party that installed some instruments. This company uses Oracle as they collect data on the instruments installed.
I was hoping the solution would be something similar to invoking connection to MS SQL where I downloaded module that gave cmdlets to connect to the MS SQL.
Oracle does have Oracle Modules for PowerShell but neither have I found information on how to use them nor have I understood the little information provided by Oracle on this. For this to work one of the requirement is:
A configuration file and key pair used for signing API requests, with
the public key uploaded to Oracle Cloud using Oracle Cloud
Infrastructure Console. Only the user calling the API should possess
the private key.
I don't know the heck Oracle is talking about here. Like, what is this configuration file, where is it? Where would I get the key pair from for signing API request. What is Oracle Infrastructure Console, where do I get it from? You get the idea.
Link: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/powershell.htm
Therefore, I went the .DLL route.
This is what I have done so far:
I installed Oracle.ManagedDataAccess.Core -Version 3.21.61 from NuGet.
Unzipped the package and moved the Oracle.ManagedDataAccess.dll to the location of my script.
The code is:
$OracleDLLPath = "C:\Users\Desktop\CNC_File_Transfer_VSCode\Fastems_NicNet\Oracle.ManagedDataAccess.dll"
$datasource = " (DESCRIPTION =
(ADDRESS =
(PROTOCOL = TCP)
(HOST = 10.50.61.9)(PORT = 1521))
(CONNECT_DATA = (SERVER = DEDICATED)
(SERVICE_NAME = Fa1)
(FAILOVER_MODE = (TYPE = SELECT)
(METHOD = BASIC)
(RETRIES = 180)
(DELAY = 5))))"
$username = "username"
$password = "password"
$queryStatment = "SELECT [PROG_TYPE] FROM NC_PROGRAMS FETCH FIRST 10 ROWS ONLY"
#Load Required Types and modules
Add-Type -Path $OracleDLLPath
Import-Module SqlServer
Write-Host $queryStatment
#Create the connection string
$connectionstring = 'User Id=' + $username + ';Password=' + $password + ';Data Source=' + $datasource
#Creates a data adapter for the command
$da = New-Object Oracle.ManagedDataAccess.Client.OracleDataAdapter($cmd);
#The Data adapter will fill this DataTable
$resultSet = New-Object System.Data.DataTable
#Only here the query is sent and executed in Oracle
[void]$da.fill($resultSet)
#Close the connection
$con.Close()
WRITE-HOST $resultSet
This gives an error though:
Add-Type : Unable to load one or more of the requested types. Retrieve
the LoaderExceptions property for more information.
I am new to programming in general. I would really appreciate if someone could provide detailed steps on resolving this. Thanks in advance.
I'm trying to re-configure long term backup retention for my Azure SQL Database from a previously deleted recovery services vault (via Powershell) to a new recovery services vault
Now when I try to configure it gives me an error saying
TemplateBladeVirtualPart
SQLAZUREEXTENSION
Here is the script I used to removed the old recovery services vault (if it matters?)
$vault = Get-AzureRmRecoveryServicesVault -Name "is-vault-prod"
Set-AzureRmRecoveryServicesVaultContext -Vault $vault
$container = Get-AzureRmRecoveryServicesBackupContainer -ContainerType AzureSQL -FriendlyName $vault.Name
$item = Get-AzureRmRecoveryServicesBackupItem -Container $container -WorkloadType AzureSQLDatabase
$availableBackups = Get-AzureRmRecoveryServicesBackupRecoveryPoint -Item $item
$containers = Get-AzureRmRecoveryServicesBackupContainer -ContainerType AzureSQL -FriendlyName $vault.Name
ForEach ($container in $containers)
{
$items = Get-AzureRmRecoveryServicesBackupItem -container $container -WorkloadType AzureSQLDatabase
ForEach ($item in $items)
{
Disable-AzureRmRecoveryServicesBackupProtection -item $item -RemoveRecoveryPoints -ea SilentlyContinue
}
Unregister-AzureRmRecoveryServicesBackupContainer -Container $container
}
Remove-AzureRmRecoveryServicesVault -Vault $vault
Unfortunately, you just cannot choose another Recovery service vault once you had already used one.
I did a test in my lab and tried to disable the long backup retention but still failed, and found that:
This screenshot means that once you configured a recovery service vault for a SQL Server, it will be locked , you cannot use another vault.
I also found this in a FAQ:
Can I register my server to store backups to more than one vault?
No, you can currently store backups to only one vault at a time.
I understand why you want to use another vault.
However, We can just use this recovery service vault currently.If it was deleted, we cannot use long-term backup retention. It seems like a bad point of design. I will report this issue and I believe this feature would be better in future.
You can also post your idea in this Feedback Forum.
Hope this helps!
As part of a larger .Net 4.0 program I have a piece that queries the WMI for a list of network adapters and from that creates a list<> of physical adapters with MAC addresses.
It works on the machines I've tried it on, but when sent to the client, the list is empty. If they run IPCONFIG /ALL at a command prompt the MACs are listed.
My first thought is that there is a group policy in place preventing the enumeration, but everything I've found so far points to group policies that affects remote access through the firewall.
I've tried it locally as both a standard user and administration user, both provide the same list.
The empty query does not generate an exception.
I could ask them to go to the machines and check individual permissions, but since this seems to be a group issue that seems to be the wrong direction. What am I missing?
public static List<WmiNetworkInterfaceItem> QueryphysicalNetworkInterfaces()
{
ManagementObjectSearcher searcher =
new ManagementObjectSearcher("root\\CIMV2",
"SELECT * FROM Win32_NetworkAdapter");
List<WmiNetworkInterfaceItem> result = new List<WmiNetworkInterfaceItem>();
foreach (ManagementObject queryObj in searcher.Get()) {
if (queryObj["PhysicalAdapter"].Equals(true)) {
if (queryObj["AdapterTypeId"] != null) {
if (queryObj["AdapterTypeId"].ToString().Equals("0")) {
WmiNetworkInterfaceItem wmiNetworkInterfaceItem = new WmiNetworkInterfaceItem();
wmiNetworkInterfaceItem.Name = ManagementObjectPropertyString(queryObj["Name"]);
wmiNetworkInterfaceItem.MacAddress = ManagementObjectPropertyString(queryObj["MACAddress"]);
wmiNetworkInterfaceItem.PhysicalAdapter = queryObj["PhysicalAdapter"].Equals(true);
wmiNetworkInterfaceItem.AdapterType = ManagementObjectPropertyString(queryObj["AdapterType"]);
wmiNetworkInterfaceItem.AdapterTypeId = -1;
int.TryParse(ManagementObjectPropertyString(queryObj["AdapterTypeId"]), out wmiNetworkInterfaceItem.AdapterTypeId);
wmiNetworkInterfaceItem.Description = ManagementObjectPropertyString(queryObj["Description"]);
wmiNetworkInterfaceItem.PermanentAddress = ManagementObjectPropertyString(queryObj["PermanentAddress"]);
result.Add(wmiNetworkInterfaceItem);
}
}
}
}
return result;
}
Using the WBEMTest utility included with Windows as suggested by user atp_09 in comments, I was able to have the customer query his machine. Using this query exactly one adapter was returned in both standard and administrative user accounts indicating there was nothing in the machine preventing this from working.
SELECT * FROM Win32_NetworkAdapter where PhysicalAdapter = true
Upon further review there was an error in how I later dealt with the list with a single response.
I want to use tclodbc from Linux environment to connect to a MS SQL server. I have the driver (freeTDS) and the connection string. But I don't know how to configure the driver to be used by tclodbs. There is a command
database configure operation driver attributes
But I don't know what to put as operation and attributes, and whether this is the right command.
Related to my question: Accessing Microsoft SQL Server from Tcl running on GNU/Linux
OK, here's my take based on these guides about how to make a DSN-less connection using the FreeTDS driver.
I've tested it a Debian Lenny system having tclodbc 2.5-5, unixodbc 2.2.11 and libdbd-freetds 0.8.2-1-4.1 and tcl 8.4.16-2 installed against an instance of Microsoft SQL Server 2005.
package require tclodbc
proc cs_append {varName args} {
set alen [llength $args]
if {$alen < 2 || $alen % 2 != 0} {
return -code error "Wrong # args: should be varName key value ?key value?"
}
upvar 1 $varName qs
foreach {key value} $args {
if {$qs ne ""} {
append qs \;
}
append qs $key = \{ [string map {\{ \\\{} $value] \}
}
}
set user test
set pass secret
set cs ""
cs_append cs DRIVER FreeTDS UID $user PWD $pass \
Server myserver.domain.local \
ClientCharset UTF-8 \
APP "My test app"
database connect db $cs
foreach row [db {select * from MyDatabase..MyTable}] {
puts $row
}
db disconnect
Some notes:
The FreeTDS driver must be known to the ODBC subsystem by means of it being registeded in the /etc/odbcinst.ini file. I suppose that at least on my system appropriate packages take care of this by themselves but you'd better verify if you have FreeTDS registered in that file, otherwise that DRIVER=FreeTDS bit in the connection string won't work as ODBC will have no idea how to load the named driver library.
The ClientCharset and APP connection string parameters do not work in my case. While I can live with the second, the first one sucks big time because in this case the character data is returned in some botched encoding.
But there's no such problem when I use named server from the /etc/freetds/freetds.conf file using the ServerName=THAT_SERVER instead of Server=SERVER_HOST in the connection string. Unfortunately, this kind of defeats half of the purpose of using DSN-less setup.
Quite possibly it's a bug in my version of the FreeTDS driver, and I have a really outdated system here, so YMMV and you better check yourself on your system.
If we look at the documentation, we see that there are 6 operations, of which the one you probably want is add_dsn. An example is included (below, with a small correction):
set driver "Microsoft Access Driver (*.mdb)"
set attributes [list "DSN=mydsn" "DBQ=c:\mydb.mdb" "FIL=MS Access"]
database configure add_dsn $driver $attributes
I'm afraid you'll have to consult the FreeTDS documentation to get the right collection of attributes, but I think (based on this evidence) that you'll have the driver being FreeTDS and the attributes might be OK if it is an empty list (or with just TDS_Version=5.0 in it). I really don't know too much about configuring ODBC…
I would like to know if it is possible to know if a instance of sql server is in mirror/prinicipal by running any sql query? and secondly i want to run this on say 60-80 instances everyday at 4am automatically possible? I would like to use powershell used it before quite easy to use from experience. Tks
It is possible. You will need to play around with SMO objects.
$server = "dwhtest-new"
$srv = New-Object Microsoft.SqlServer.Management.Smo.Server $server
$db = New-Object Microsoft.SqlServer.Management.Smo.Database
$dbs = $srv.Databases
foreach ($db1 in $dbs)
{
$db = New-Object Microsoft.SqlServer.Management.Smo.Database
$db = $db1
$DatabaseName = $db.Name
Write-Host $DatabaseName
Write-Host "MirroringStatus:" $db.MirroringStatus
Write-Host "DBState:" $db.Status
Write-Host
}
If your DB's mirroring is still intact you will recieve 'Synchronized' for MirroringStatus and its its the Primary it will say "Normal" for the status and if its the failover it will say "Restoring". Unfortunately there is no way, that im aware of, to just pull out the status of "Mirror" or "principle". You will jsut have to build logic to check both fo those values.
Restoring
It depends on how are you going to setup the job?
If you want to run it from one central server that collects all the information then SMO would be the way to go with PowerShell. The answer provided by KickerCost can work but would need some more work to be able to run it for multiple servers. It would be best to take his example and turn it into a working function that will allow the server names to be piped in.
If you are going to just run a job locally on each server (scheduled task or SQL Agent job) that may point to the script on a network share, then maybe output that info to a file (like servername_instance.log) you can use a one-liner with SQLPS:
dir SQLSERVER:\SQL\KRINGER\Default\Databases | Select Name, MirroringStatus
KRINGER is my server name, with a default instance. If you have named instances then replace the "default" with the instance name.
Your output from this command would be similar to this:
Name MirroringStatus
---- ---------------
AdventureWorks None
AdventureWorksDW None
Obviously I don't have any databases involved in mirroring.