forked from dsccommunity/SqlServerDsc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
3-AddConnectPermissionToTwoReplicasEachWithDifferentServiceAccount.ps1
109 lines (93 loc) · 3.68 KB
/
3-AddConnectPermissionToTwoReplicasEachWithDifferentServiceAccount.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<#
.EXAMPLE
This example will add connect permission to both an Always On primary replica and an
Always On secondary replica, and where each replica has a different SQL service account.
#>
$ConfigurationData = @{
AllNodes = @(
@{
NodeName = '*'
SqlInstanceName = 'MSSQLSERVER'
<#
NOTE! THIS IS NOT RECOMMENDED IN PRODUCTION.
This is added so that AppVeyor automatic tests can pass, otherwise
the tests will fail on passwords being in plain text and not being
encrypted. Because it is not possible to have a certificate in
AppVeyor to encrypt the passwords we need to add the parameter
'PSDscAllowPlainTextPassword'.
NOTE! THIS IS NOT RECOMMENDED IN PRODUCTION.
#>
PSDscAllowPlainTextPassword = $true
},
@{
NodeName = 'SQLNODE01.company.local'
Role = 'PrimaryReplica'
},
@{
NodeName = 'SQLNODE02.company.local'
Role = 'SecondaryReplica'
}
)
}
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceNode1Credential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceNode2Credential
)
Import-DscResource -ModuleName SqlServerDsc
node $AllNodes.Where{$_.Role -eq 'PrimaryReplica' }.NodeName
{
SqlServerEndpointPermission SQLConfigureEndpointPermissionPrimary
{
Ensure = 'Present'
ServerName = $Node.NodeName
InstanceName = $Node.SqlInstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode1Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlServerEndpointPermission SQLConfigureEndpointPermissionSecondary
{
Ensure = 'Present'
ServerName = $Node.NodeName
InstanceName = $Node.SqlInstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode2Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
Node $AllNodes.Where{ $_.Role -eq 'SecondaryReplica' }.NodeName
{
SqlServerEndpointPermission SQLConfigureEndpointPermissionPrimary
{
Ensure = 'Present'
ServerName = $Node.NodeName
InstanceName = $Node.SqlInstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode1Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlServerEndpointPermission SQLConfigureEndpointPermissionSecondary
{
Ensure = 'Present'
ServerName = $Node.NodeName
InstanceName = $Node.SqlInstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode2Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}