Jenkins - 远程访问被拒绝
我正在使用 ArtifactDeployer 插件将构建作业工件部署到远程位置(Windows 共享 SMB)。 然而詹金斯从未成功。抛出如下错误:
[ArtifactDeployer] - 从后操作开始部署... [ArtifactDeployer] - [错误] - 部署失败。无法创建目录...构建步骤 [ArtifactDeployer] - 将工件从工作区部署到远程目录的更改构建结果为失败
本地部署工作正常。
Jenkins 机器操作系统是 Windows 7 32 位 Prof. Jenkins 使用本地系统帐户作为服务运行。
我尝试使用另一个帐户,即我的用户帐户,但服务无法启动(Windows 错误 1069:由于登录失败,服务未启动)。 网络服务帐户确实运行了,但 Jenkins 抛出错误,无法访问 .NET 框架。
手动尝试远程复制时,效果很好。我可以创建目录并写入内容。当然是在同一台机器上。
我在 Jenkins 中尝试了两种不同的远程引用: 1) \\目标目录 2) I:\ - 通过将驱动器号映射到 Windows 中的远程目录 没有成功...
有什么提示或建议吗?谢谢!
2012 年 2 月 15 日更新: 此问题仍然没有解决方案或解决方法。 这不仅仅是插件的问题,我使用“执行 Windows 批处理命令”也遇到了这个问题。 我发现了一个我想分享的错误报告。
解决方案
我找到了解决方案 。您必须向域中的计算机而不是该计算机的用户授予访问权限。如果你回头看一下,似乎非常合乎逻辑。
第二个解决方案是使用域用户帐户运行服务。上面我犯了一个错误,使用本地用户 .\user 而不是 DOMAIN\user。
I'm using the ArtifactDeployer plugin to deploy the build job artifacts to a remote location (Windows share SMB).
However Jenkins never manages to succeed. Throwing errors like:
[ArtifactDeployer] - Starting deployment from the post-action ...
[ArtifactDeployer] - [ERROR] - Failed to deploy. Can't create the directory ... Build step
[ArtifactDeployer] - Deploy artifacts from workspace to remote directories' changed build result to FAILURE
Local deployment works fine.
The Jenkins machine OS is Windows 7 32-bit Prof.
Jenkins is running as a service using a local system account.
I tried using another account, my user account but the service failed to start (Windows error 1069: the service did not start due to a logon failure).
The network service account did run but than Jenkins throws errors it can't access the .NET framework.
When manually trying the remote copy, this works fine. I can create directories and write to it. On the same machine of course.
I tried two different remote reference in Jenkins:
1) \\targetdirectory
2) I:\ - by mapping a drive letter to the remote dir in windows
No success...
Any tips or suggestions? Thanks!
Update 15/02/2012:
Still no solution or workaround for this issue.
It's not only the plugin, I hit also this issue using "Execute Windows batch command".
I found a bug report that I want to share.
Solution
I found a solution. You have to grant access persmission to the computer in a domain instead of the user of that machine. Seems very logic if you look back to it.
A 2nd solution is to run the service using a domain user account. Above I made a mistake by using the local user .\user in stead of DOMAIN\user.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您没有域名,那么以下内容肯定有效。即使您有域名,这个应该也能工作。
背景信息:
您需要将映射驱动器映射到该服务正在使用的同一帐户,并且在正确的时间可用。通常映射的驱动器仅在登录用户登录时映射。服务用户上下文本身不会“登录”——例如,如果我将驱动器映射为 MyUser 并且服务运行为MyUser,在我通过输入密码实际登录之前,驱动器将不可用。但是,我们可以使用脚本在启动(而不是登录)时为特定用户映射驱动器。 Jenkins 通常以本地系统帐户运行,因此如果您不想更改它,则需要以
SYSTEM用户身份运行下面的脚本。如果您不想将此映射驱动器授予以 SYSTEM 身份运行的所有服务/进程,则可以创建一个特定用户供 Jenkins 运行,并运行该服务和下面的脚本作为该用户(这可能更安全)。解决步骤:
在 ArtifactDeployer 中,您想要部署到映射的网络驱动器。就我而言,这是 S:。
远程共享上的权限没有特殊设置。 (在我的例子中,Windows Server 2008 共享用于映射驱动器的用户名和密码。)
在您选择的用户的位置编写一个批处理文件
MapDrives.bat(默认值:SYSTEM) 可以访问,其中包含以下内容:请注意,我在该行中映射到 S:。
通过任务计划程序,创建一个以与服务相同的用户身份运行的任务(默认:
SYSTEM),触发启动时,并在其操作时运行批处理文件 <代码>MapDrives.bat。重新启动,它应该可以工作!
引用:
经过许多页面和多次测试后,最终在这里找到了最好的建议,并引导我找到了上述解决方案。
https://stackoverflow.com/a/4763324/150794
If you don't have a domain, the following will work for sure. This should work even if you have a domain.
Background Info:
You need your mapped drive to be mapped for the same account that the service is using AND be available at the right time. Normally mapped drives are mapped only for the logged in user, at the time that they log in. Service user contexts don't get "logged in" per se -- for example, if I map a drive as MyUser and the service runs as MyUser, the drive won't be available until I actually log in by typing in my password. However, we can use a script to map the drive at startup (instead of login) for a particular user. Jenkins normally runs as Local System Account, so if you don't want to change that, you'll need to run the script below as the
SYSTEMuser. You can instead create a specific user for Jenkins to run as, if you don't want to grant this mapped drive to all services/processes that run asSYSTEM, and run both the service and the script below as that user (this is probably more secure).Solution Steps:
In ArtifactDeployer you want to deploy to a mapped network drive. In my case this is S:.
There is no special setup for permissions on the remote share. (In my case, a Windows Server 2008 share with a username and password that is used for mapping the drive.)
Write a batch file
MapDrives.batin a place that your chosen user (default:SYSTEM) has access to, with the following in it:Note that I am mapping to S: in that line.
Via Task Scheduler, create a task that runs as the same user as the service (default:
SYSTEM), triggersAt Startup, and as it's action, runs the batch fileMapDrives.bat.Reboot and it should work!
Citations:
After diving through many pages and many tests, ultimately, the best suggestions were found here, and led me to the above solution.
https://stackoverflow.com/a/4763324/150794
确保您的“本地系统帐户”具有远程目录的访问权限(包括写入权限)。然后使用符号
将驱动器号映射到远程目录仅适用于您当前正在使用的用户帐户。驱动器号映射将不可用于任何其他帐户。
Make sure your 'local system account' has access rights to the remote directory (including write access). Then use the notation
Mapping drive letters to remote directories only applies to the user account you are currently working with. The drive letter mapping will not be available to any other account.