裸金属windows不要轻易动cloudbase-init
看下这篇文档,裸金属之外的Windows CVM重置密码有问题的,基本都能通过这篇文档解决,底层命令被破坏得太厉害的,建议备份数据重装系统,没必要在cloudbase-init上纠结
如果要重装cloudbase-init,把http://windows-1251783334.cos.ap-shanghai.myqcloud.com/CLOUDBASE-INIT_INSTALL.PS1 下载到桌面,
以管理员身份打开powershell命令行,执行
Set-ExecutionPolicy Unrestricted -force
然后,把桌面的脚本拖到命令行回车,然后等10分钟左右,会自动更新cloudbase-init到最新稳定版1.1.2
以上过程也可以全部自动化
利用powershell脚本自动化重装cloudbase-init,此方案前提是服务器能上网,如果机器没有外网,那只能在腾讯云上海地区的cvm使用,因为脚本我是放在上海COS的,上海CVM和同地域COS是走内网的,并且前提是正确解析上海COS域名到内网IP(一些使用者可能修改了默认DNS导致无法解析域名,因此要添加hosts,如果是默认的183打头的DNS,
183.60.82.98
183.60.83.19
就不用执行下面2句命令,如果机器有公网,也不需要执行)
cmd.exe /c "echo 169.254.0.47 windows-1251783334.cos.ap-shanghai.myqcloud.com>> c:\windows\system32\drivers\etc\hosts"
notepad c:\windows\system32\drivers\etc\hosts
第2句主要是打开hosts让你检查第1句添加得对不对
对上海的windows cvm,升级到cloudbase-init 1.1.2的完整powershell命令如下:
打开第1个powershell窗口
cmd.exe /c "echo 169.254.0.47 windows-1251783334.cos.ap-shanghai.myqcloud.com>> c:\windows\system32\drivers\etc\hosts"
notepad c:\windows\system32\drivers\etc\hosts
Set-ExecutionPolicy Unrestricted -force
打开第2个powershell窗口(全程大概10分钟内,需耐心等待)
Invoke-WebRequest -uri http://windows-1251783334.cos.ap-shanghai.myqcloud.com/CLOUDBASE-INIT_INSTALL.PS1 -OutFile c:\cloudbase-init_install.ps1
powershell -file c:\cloudbase-init_install.ps1sc.exe config cloudbase-init obj= LocalSystem
sc.exe config cloudbase-init depend= tcpip/dhcp/dnscache/Winmgmt
sc.exe failure cloudbase-init reset= 0 actions= restart/10000 2>&1 > $null
sc.exe qc cloudbase-init 8192
如果defender等安全软件不拦截,2008R2、2012R2系统防火墙默认不拦截,用这3句就可以自动化重装cloudbase-init
如果有第三方安全软件,建议放行C:\Windows\SysWOW64\certutil.exe,同时在执行如下代码时还需退出所有会话里的第三方安全软件(比如当前会话里的360你退出了,但其他的会话里有360,你在当前会话里执行代码还是会被360拦截)
Set-ExecutionPolicy Unrestricted -force
Set-executionpolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -Force;
C:\Windows\SysWOW64\certutil.exe -urlcache -split -f http://windows-1251783334.cos.ap-shanghai.myqcloud.com/CLOUDBASE-INIT_INSTALL.PS1 c:\cloudbase-init_install.ps1
powershell -file c:\cloudbase-init_install.ps1
sc.exe config cloudbase-init obj= LocalSystem
sc.exe config cloudbase-init depend= tcpip/dhcp/dnscache/Winmgmt
sc.exe failure cloudbase-init reset= 0 actions= restart/10000
sc.exe qc cloudbase-init 8192
net user cloudbase-init /del 2>&1> $null
$client = new-object System.Net.WebClient
$client.DownloadFile('http://windows-1251783334.cos.ap-shanghai.myqcloud.com/Cloudbase-Init.zip','C:\Cloudbase-Init.zip')
#wget "http://windowsgz-1251783334.cos.ap-guangzhou.myqcloud.com/ziyan/ec2service.py" -Outfile "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Lib\site-packages\cloudbaseinit\metadata\services\ec2service.py"
#wget "http://windows-1251783334.cos.ap-shanghai.myqcloud.com/ec2service.py" -Outfile "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Lib\site-packages\cloudbaseinit\metadata\services\ec2service.py"
$7zPath = "$env:ProgramFiles\7-Zip\7z.exe"
if (-not (Test-Path -Path $7zPath)) {
$client7 = new-object System.Net.WebClient
$client7.DownloadFile('http://windowsgz-1251783334.cos.ap-guangzhou.myqcloud.com/ziyan/7z2200-x64.msi','c:\7z2200-x64.msi')
msiexec.exe /i c:\7z2200-x64.msi /qn
Start-Sleep 30
del c:\7z2200-x64.msi 2>$null
}
& "$env:ProgramFiles\7-Zip\7z.exe" x -aoa C:\Cloudbase-Init.zip -o"C:\Program Files\Cloudbase Solutions\Cloudbase-Init\"
需要提醒的是:
域业务需要删掉cloudbase-init配置文件里的hostname模块(C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf中的cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,)
否则,一些特殊情况可能导致域业务异常,因为域业务跟hostname相关,如果cloudbase-init存在hostname模块,会导致hostname改变,从而影响域业务
如果defender等安全软件拦截,可以确定2012R2以上的系统防火墙默认会拦截,用这3句就可以自动化重装cloudbase-init
Set-ExecutionPolicy Unrestricted -force
Set-executionpolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -Force;
Invoke-WebRequest -uri http://windows-1251783334.cos.ap-shanghai.myqcloud.com/CLOUDBASE-INIT_INSTALL.PS1 -OutFile c:\cloudbase-init_install.ps1
powershell -file c:\cloudbase-init_install.ps1
sc.exe config cloudbase-init obj= LocalSystem
sc.exe config cloudbase-init depend= tcpip/dhcp/dnscache/Winmgmt
sc.exe failure cloudbase-init reset= 0 actions= restart/10000
sc.exe qc cloudbase-init 8192
net user cloudbase-init /del 2>&1 > $null
$client = new-object System.Net.WebClient
$client.DownloadFile('http://windows-1251783334.cos.ap-shanghai.myqcloud.com/Cloudbase-Init.zip','C:\Cloudbase-Init.zip')
#wget "http://windowsgz-1251783334.cos.ap-guangzhou.myqcloud.com/ziyan/ec2service.py" -Outfile "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Lib\site-packages\cloudbaseinit\metadata\services\ec2service.py"
#wget "http://windows-1251783334.cos.ap-shanghai.myqcloud.com/ec2service.py" -Outfile "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Lib\site-packages\cloudbaseinit\metadata\services\ec2service.py"
$7zPath = "$env:ProgramFiles\7-Zip\7z.exe"
if (-not (Test-Path -Path $7zPath)) {
$client7 = new-object System.Net.WebClient
$client7.DownloadFile('http://windowsgz-1251783334.cos.ap-guangzhou.myqcloud.com/ziyan/7z2200-x64.msi','c:\7z2200-x64.msi')
msiexec.exe /i c:\7z2200-x64.msi /qn
Start-Sleep 30
del c:\7z2200-x64.msi 2>$null
}
& "$env:ProgramFiles\7-Zip\7z.exe" x -aoa C:\Cloudbase-Init.zip -o"C:\Program Files\Cloudbase Solutions\Cloudbase-Init\"
需要提醒的是:
域业务需要删掉cloudbase-init配置文件里的hostname模块(C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf中的cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin,)
否则,一些特殊情况可能导致域业务异常,因为域业务跟hostname相关,如果cloudbase-init存在hostname模块,会导致hostname改变,从而影响域业务
因为安装cloudbase-init会产生cloudbase-init用户,不人为干预的话,就会以这种方式运行
所以我加了sc.exe config cloudbase-init obj= LocalSystem这句命令放弃使用cloudbase-init用户,既然没用了,你在用户和组里看到cloudbase-init用户碍眼的话,执行命令net user cloudbase-init /del 2>&1删掉它即可
如果以后要调整服务所运行的用户,那就留着,如果保持local system不调整,那就删掉cloudbase-init用户(建议删除,好奇害死猫,不建议尝试切换到.\cloudbase-init模式运行,可能导致密码成为1或随机密码)
如果安装虚拟化驱动、安装cloudbase-init都能全自动化完成并且完成后自动关机,这样很方便做镜像,分享powershell命令如下:
$client = new-object System.Net.WebClient
$client.DownloadFile('http://windows-1251783334.cos.ap-shanghai.myqcloud.com/115.159.148.149/wget64.exe',' c:\windows\wget.exe')
wget.exe http://windows-1251783334.cos.ap-shanghai.myqcloud.com/115.159.148.149/NT6NT10.bat -O c:\NT6NT10.bat
cmd.exe /c start /w /min c:\NT6NT10.bat
wget.exe http://windows-1251783334.cos.ap-shanghai.myqcloud.com/115.159.148.149/nosysprep.ps1 -O c:\nosysprep.ps1
restart-computer
重启后执行最后一句
powershell -file c:\nosysprep.ps1
$client = new-object System.Net.WebClient
#$client.DownloadFile('http://windowsgz-1251783334.cos.ap-guangzhou.myqcloud.com/ziyan/Cloudbase-Init.zip','C:\Cloudbase-Init.zip')
$client.DownloadFile('http://windows-1251783334.cos.ap-shanghai.myqcloud.com/Cloudbase-Init.zip','C:\Cloudbase-Init.zip')
#wget "http://windowsgz-1251783334.cos.ap-guangzhou.myqcloud.com/ziyan/ec2service.py" -Outfile "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Lib\site-packages\cloudbaseinit\metadata\services\ec2service.py"
#wget "http://windows-1251783334.cos.ap-shanghai.myqcloud.com/ec2service.py" -Outfile "C:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Lib\site-packages\cloudbaseinit\metadata\services\ec2service.py"
$7zPath = "$env:ProgramFiles\7-Zip\7z.exe"
if (-not (Test-Path -Path $7zPath)) {
$client7 = new-object System.Net.WebClient
$client7.DownloadFile('http://windowsgz-1251783334.cos.ap-guangzhou.myqcloud.com/ziyan/7z2200-x64.msi','c:\7z2200-x64.msi')
msiexec.exe /i c:\7z2200-x64.msi /qn
Start-Sleep 30
del c:\7z2200-x64.msi 2>$null
}
& "$env:ProgramFiles\7-Zip\7z.exe" x -aoa C:\Cloudbase-Init.zip -o"C:\Program Files\Cloudbase Solutions\Cloudbase-Init\"
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。