JEA servers

A similar approach can be used when updating one or more JEA servers. A short update command can be sent from a software deployment solution, in a scheduled task or by a privileged user. A benefit of using JEA is that you can host multiple endpoints with different sets of cmdlets.

You could, for example, supply a role capability that offers cmdlets related to package management so that your orchestration solution can connect to the endpoint, install, update, and remove modules and nothing else:

#region Updating JEA servers

# Initialize paths
$modulePath = Join-Path -Path ($env:PSModulePath -split ';')[1] -ChildPath JeaRoles
$manifestPath = Join-Path $modulePath -ChildPath 'JeaRoles.psd1'
$roleCapabilitiesPath = Join-Path $modulePath -ChildPath RoleCapabilities

if (-not (Test-Path $roleCapabilitiesPath))
{
    [void] (New-Item -ItemType Directory -Path $roleCapabilitiesPath -Force)
}

# Create Role Capability File
$parameters = @{
    Path = (Join-Path $roleCapabilitiesPath ModuleServicing.psrc)
    ModulesToImport = @(
        'PackageManagement'
        'PowerShellGet'
    )
}

New-PSRoleCapabilityFile @parameters

The previous code sample will generate a role capability file that exports the entire PackageManagement and PowerShellGet modules. The next piece of code will create and register the new endpoint, which you can connect to to update installed modules:

# Create Module Manifest
$parameters = @{
    Path = $manifestPath
    ModuleVersion = '1.0.0'
    FileList = @(
        'RoleCapabilitiesJeaServicing.psrc'
    )
}
New-ModuleManifest @parameters

# Create session configuration
$parameters = @{
    SessionType = 'RestrictedRemoteServer'
    Path = '.Servicing.pssc'
    TranscriptDirectory = 'C:Transcripts'
    RunAsVirtualAccount = $true
    RoleDefinitions = @{
        'contosoOrchestratorServicing' = @{ 
            RoleCapabilities = 'ModuleServicing'
        }
    }
    LanguageMode = 'ConstrainedLanguage'
}
New-PSSessionConfigurationFile @parameters

# Register session configuration
$parameters = @{
    Path = '.Servicing.pssc'
    Force = $true
    Name = 'JeaServicing'
}
Register-PSSessionConfiguration @parameters

Lastly, the endpoint can be connected to in order to test it. Viewing a list of all of the cmdlets should show both the cmdlets of the PackageManagement module, as well as PowerShellGet. Installing and updating modules is now possible with this endpoint.

# Test the new endpoint
Enter-PSSession -ComputerName $env:COMPUTERNAME -ConfigurationName JeaServicing
Get-Command # Displays the PackageManagement and PowerShellGet cmdlets now

# Typical lifecycle
Install-Module AutomatedLab.Common,Datum -Force -AllowClobber

Get-InstalledModule | Update-Module -Force

Uninstall-Module Datum
#endregion
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.121.214