Install-NetworkController

Install-NetworkController

Creates a network controller application on top of the network controller cluster.

구문

Parameter Set: Default
Install-NetworkController -ClientAuthentication <ClientAuthentication> {None | Kerberos | X509} -Node <NetworkControllerNode[]> -ServerCertificate <System.Security.Cryptography.X509Certificates.X509Certificate2> [-CertificateThumbprint <String> ] [-ClientCertificateThumbprint <String[]> ] [-ClientSecurityGroup <String> ] [-ComputerName <String> ] [-Credential <PSCredential> ] [-EnableAllLogs] [-Force] [-RestIPAddress <String> ] [-RestName <System.String> ] [-UseSsl] [-Confirm] [-WhatIf] [ <CommonParameters>]

자세한 설명

The Install-NetworkController cmdlet creates a network controller application on the network controller cluster. After you run this cmdlet, the network controller is running.

The steps for configuring a network controller are as follows:
1. Install the network controller role on all the computers that will be functioning as a network controller in your deployment.
2. From one of those computers (or any other remote computer), run the New-NetworkControllerNodeObject cmdlet to enter the details of the node to be part of the deployment. Repeat this step for all the computers that are part of the deployment. These node objects will be passed as a parameter to the next cmdlet.
3. Run the Install-NetworkControllerCluster cmdlet to create a new network controller cluster.
4. Run the Install-NetworkController cmdlet to create the network controller application on top of the cluster.

매개 변수

-CertificateThumbprint<String>

Specifies the digital public key X.509 certificate of a user account that has permission to perform this action. Specify the certificate thumbprint of the certificate. Specify this parameter only if you run this cmdlet on a computer that is not part of the network controller cluster.

-ClientAuthentication<ClientAuthentication>

Specifies the type of authentication that network controller uses to communicate with representational state transfer (REST) clients. 이 매개 변수에 허용되는 값은 다음과 같습니다.

-- Kerberos
-- X509
-- None

If the clients and network controller computers are domain joined, you should specify Kerberos authentication. Otherwise, specify X509 authentication. We do not recommend a value of None for production environments.

-ClientCertificateThumbprint<String[]>

Specifies an array of thumbprints of the certificates of REST clients that can communicate with the network controller. Specify this parameter only if the value of the ClientAuthentication parameter is X509.

-ClientSecurityGroup<String>

Specifies the security group that contains the name of the REST clients that can communicate with the network controller. Specify this parameter only if the value of the ClientAuthentication parameter is Kerberos.

-ComputerName<String>

Specifies the name of the network controller node on which this cmdlet operates.

-Credential<PSCredential>

Specifies a user credential that has permission to perform this action. The default is the current user. Specify this parameter only if you run this cmdlet on a computer that is not part of the network controller cluster.

-EnableAllLogs

Indicates that this cmdlet enables collection of both cluster and application logs. By default, only cluster logs are collected.

-Force

사용자에게 확인 메시지를 표시하지 않고 명령을 강제 실행합니다.

-Node<NetworkControllerNode[]>

Specifies an array of network controller nodes. You can create the node objects by using New-NetworkControllerNodeObject cmdlet.

-RestIPAddress<String>

Specifies the IP address on which network controller nodes communicate with the REST clients. This IP address must not be an existing IP address on any of the network controller nodes.

-RestName<System.String>

Specifies the DNS name of the Network Controller cluster. This must be specified if the Network Controller nodes are in different subnets. In this case, you must also enable dynamic registration of the RestName on the DNS servers.

-ServerCertificate<System.Security.Cryptography.X509Certificates.X509Certificate2>

Specifies the certificate to use to encrypt communication between the network controller and REST clients, as well as communication between the network controller and southbound clients. This certificate must have Server Authentication EKU and should be trusted by the REST clients. Also, the certificate subject name or subject alternative name (SAN) must resolve to the REST IP address in DNS

-UseSsl

Indicates that the remote machine uses the Secure Sockets Layer (SSL) protocol to establish a connection to the Network Controller node. The default value of this parameter is false. Specify this parameter only if you run this cmdlet on a computer that is not part of the network controller cluster.

-Confirm

cmdlet을 실행하기 전에 확인 메시지를 표시합니다.

-WhatIf

cmdlet이 실행되는 경우 발생할 결과를 보여 줍니다. cmdlet은 실행되지 않습니다.

<CommonParameters>

이 cmdlet은 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, -OutVariable 등의 일반 매개 변수를 지원합니다. 자세한 내용은 TechNet의 about_CommonParameters(https://go.microsoft.com/fwlink/p/?LinkID=113216)

입력

입력 형식은 cmdlet으로 파이프할 수 있는 개체의 형식입니다.

출력

출력 형식은 cmdlet 실행 시 출력되는 개체의 형식입니다.

• This cmdlet returns an object that contains the following fields:

  -- Names of the network controller nodes
  -- Authentication mode used between cluster nodes
  -- Client security group
  -- Client certificate thumbprints
  -- Server certificate that is used for encryption of data between the network controller and REST and southbound clients.
  -- REST IP address
  -- Application version

예

Example 1: Create a network controller in a test environment

The first command creates a network controller node object, and then stores it in the $NodeObject variable.

The second command gets a certificate named NCEncryption, and then stores it in the $Certificate variable. The command uses standard Windows PowerShell® cmdlets. For more information, type Get-Help Get-Item, Get-Help Get-ChildItem, and Get-Help Where.

The third command creates a network controller cluster by using the Install-NetworkControllerCluster cmdlet. The cluster contains the node object stored in $NodeObject.

The final command deploys the network controller in a test environment. Since single node is used in the deployment, there is no high availability support. This network controller employs no authentication between the cluster nodes, or between the REST clients and network controller. The command specifies the $Certificate to encrypt the traffic between the REST clients and network controller.

PS C:\> $NodeObject = New-NetworkControllerNodeObject -Name "Node01" -Server "NCNode11" -FaultDomain "fd:/rack1/host1" -RestInterface Ethernet 
PS C:\> $Certificate = Get-Item Cert:\LocalMachine\My | Get-ChildItem | where {$_.Subject -imatch "NCEncryption" }
PS C:\> Install-NetworkControllerCluster -Node $NodeObject -ClusterAuthentication None 
PS C:\> Install-NetworkController -Node $NodeObject -ClientAuthentication None -RestIpAddress "10.0.0.1/24" -ServerCertificate $Certificate 

Example 2: Create a network controller in a domain joined environment

The first three commands create network controller node objects, and then stores them in the $Node01, $Node02, and $Node03 variables.

The fourth command gets a certificate named NCEncryption, and then stores it in the $Certificate variable. The command uses standard cmdlets.

The fifth command creates a network controller cluster by using the Install-NetworkControllerCluster cmdlet. The cluster contains the node objects stored in the variables.

The final command deploys the network controller in a domain joined environment. Network controller uses Kerberos authentication between the cluster nodes, and between the REST clients and network controller. Only clients that are part of the RestClients security group can communicate with the network controller. The certificate in $Certificate is used to encrypt traffic between the REST clients and network controller.

PS C:\> $Node01 = New-NetworkControllerNodeObject -Name "Node01" -Server "NCNode01.Contoso.com" -FaultDomain "fd:/rack1/host1" -RestInterface Ethernet 
PS C:\> $Node02 = New-NetworkControllerNodeObject -Name "Node02" -Server "NCNode02.Contoso.com" -FaultDomain "fd:/rack1/host2" -RestInterface Ethernet 
PS C:\> $Node03 = New-NetworkControllerNodeObject -Name "Node03" -Server "NCNode03.Contoso.com" -FaultDomain "fd:/rack2/host3" -RestInterface Ethernet 


PS C:\> $Certificate = Get-Item Cert:\LocalMachine\My | Get-ChildItem | where {$_.Subject -imatch "NCEncryption" }
PS C:\> Install-NetworkControllerCluster -Node @($Node01,$Node02,$Node03) -ClusterAuthentication Kerberos -ManagementSecurityGroup "Contoso\NCManagementAdmins" -LogLocation "\\share\diagnostics" -CredentialEncryptionCertificate $Certificate 
PS C:\> Install-NetworkController -Node @($Node01,$Node02,$Node03) -ClientAuthentication Kerberos -ClientSecurityGroup "Contoso\RestClients" -RestIpAddress "10.0.0.1/24" -StoreCertificate $Certificate -EnableAllLogs

관련 항목

Export-NetworkController

Get-NetworkController

Import-NetworkController

Set-NetworkController

Uninstall-NetworkController

New-NetworkControllerNodeObject

Install-NetworkControllerCluster