问题
I've got an Octopus Tentacle running a deploy script. The tentacle is running as the LocalSystem account.
Inside the script, I'm able to do pretty much everything I need, aside from some archive bit. The archive needs to be done under different domain credentials because it's on a network share.
The frustrating this is that the code below works locally, but when run off the tentacles, it fails with the error
----------------------------------------------------[ Backup Nupkg ]---------------------------------------------------- Storing a backup version of GeoSphere.1.2.1.1722.nupkg for the Development environment
Error 09:24:32 [localhost] There is an error launching the
background process. Error Error 09:24:32 reported: Access is
denied. Error 09:24:32 At
C:\Octopus\Deployments\Development\GeoSphere\1.2.1.1722\deploy.ps1:121
Error 09:24:32 char:1 Error 09:24:32
+ Receive-Job $job Error 09:24:32
+ ~~~~~~~~~~~~~~~~ Error 09:24:32
+ CategoryInfo : OpenError: (localhost:String) [], PSRemotingTran Error 09:24:32 sportException Error 09:24:32
+ FullyQualifiedErrorId : -2147467259,PSSessionStateBroken Info 09:24:32 HasMoreData : False StatusMessage : Location :
localhost Command : Import-Module $args[3]
Backup-Nupkg $args[0] $args[1] $args[2]
JobStateInfo : Failed Finished : System.Threading.ManualResetEvent InstanceId :
0c031592-4c2a-4f8b-b014-a5ba79be09f7 Id : 1 Name :
Job1 ChildJobs : {Job2} PSBeginTime : 13/11/2014 9:24:30 AM
PSEndTime : 13/11/2014 9:24:31 AM PSJobTypeName : BackgroundJob
Output : {} Error : {} Progress : {} Verbose
: {} Debug : {} Warning : {} State : Failed
Fatal 09:24:32 PowerShell script returned a non-zero exit code: 1
Tentacle version 2.5.11.614
Here's the code
$pwd = convertto-securestring "[PASSWORD]" -asplaintext -force
$cred=new-object -typename System.Management.Automation.PSCredential -argumentlist "[DOMAIN\USER]",$pwd
$packageName = "GeoSphere.$Version.nupkg"
$backupPath = $($es.backupPath)
$artifactsPath = $($es.artifactsPath)
$job = Start-Job -ScriptBlock {
Import-Module $args[3]
Backup-Nupkg $args[0] $args[1] $args[2]
} -ArgumentList @($packageName,$backupPath,$artifactsPath,"$currentDir\modules\ApplicationUtilities") -Credential $cred
Wait-Job $Job
Receive-Job $job
Here's the ApplicationUtilities Module
function Backup-Nupkg{
param(
[parameter(Mandatory=$true,position=0)] [string] $packageName,
[parameter(Mandatory=$true,position=1)] [string] $backupPath,
[parameter(Mandatory=$true,position=2)] [string] $artifactsPath
)
if(!(Test-Path $($backupPath))) {
md $($backupPath)
} else {
Remove-Item "$($backupPath)\*" -recurse -Force
}
Copy-Item $artifactsPath\$packageName $backupPath
}
Export-ModuleMember Backup-Nupkg
What is the magic trick to getting this to run off of the Tentacle as it does locally?
回答1:
I tried the same thing without any luck, it seems like it's not possible to start jobs as a different user. In this similar question, Leblanc ended up using WinRM and Invoke-Command instead:
run script block as a specific user with Powershell
(I don't think this is anything Octopus specific - the issue seems to be more of a problem with SYSTEM being able to start processes as a different user, or with Start-Job under SYSTEM, or perhaps both)
来源:https://stackoverflow.com/questions/26915264/powershell-job-with-alternate-credentials-from-octopus-deploy