执行PowerShell-Script在Jenkins上安装软件时,Node的管理用户缺乏安装权限
我们有一个用于使用中央Jenkins Master和四个节点(VSPHERE WIN10 VM)的测试软件的设置。最近,运行测试的管道已经失败了,因为它无法安装节点测试所需的软件组件。
该脚本称为如下start -process -filepath“ $ env:systemroot \ system32 \ msiexec.exe” -argumentlist' /i $($ setUpdir)\ setup_mariadb.mariadb.msi serviceName = mysql utf8 = 1 install utf8 = 1 installdir = 1 installdir = $($ dbinstalldir) l*v“ $($ logPath)”'-Wait
在本地执行此操作时,它会在没有任何问题的情况下安装Mariadb。但是,如果安装是通过Jenkins触发的(作为同一用户),它会停止并记录当前用户没有执行安装的必要权限。
我尝试的是:
VM不再在任何域中(以防止域控制器 覆盖GPS)
组策略,以便管理员用户(不是内置,自我创建) 始终在管理员上下文中执行脚本。
记录了当前在节点上执行脚本的用户(正如预期的是,可以在本地安装无问题的管理用户)
设置它,以便授课者组执行与Jenkins Master(通过任务调度程序)的连接到希望获得丢失特权
Thinker
- ,Pipeline通过另一个用户帐户访问网络资源,
$pass = "PASSWORD" | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PsCredential('USERNAME@DOMAIN', $pass)
New-PSDrive -Name "X" -PSProvider FileSystem -Root "NETWORK SHARE" -Credential $cred -persist
也许是是否对必要的权限产生了影响,
- 安装脚本是通过jenkins管道中的
bat函数调用的powershell文件,例如:
def installExit = bat returnStatus: true, script: 'PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& .\SCRIPT.ps1 ;exit $LASTEXITCODE"'
这是否会影响执行过程中使用的上下文?
We have a setup to test software that uses a central Jenkins Master and four nodes (vSphere Win10 VMs). Recently, the pipeline that runs the tests has been failing because it can't install software components necessary for testing on the nodes.
The script is called as followsStart-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/i $($SetupDir)\Setup_MariaDB.msi SERVICENAME=MySQL UTF8=1 INSTALLDIR=$($dbInstallDir) /qn /L*V "$($logPath)"' -Wait
When executing this locally, it installs MariaDB without any problems. However, if the installation is triggered via Jenkins (as the same user), it stops and logs that the current user does not have the necessary permissions to execute the installation.
What I tried:
The VMs are no longer in any domain (to prevent Domain Controller
overriding GPs)Group policies are set so the admin user (not built-in, self-created)
always executes scripts in admin context.Logged the user that currently executes scripts on the node (As expected, it's the admin user that can install without problems locally)
Set it so that the connection to the jenkins master (via Task Scheduler) is executed by the Admistrators group to hopefully gain missing privileges
Thoughts
- At an earlier point, the pipeline accesses network resources through another user account
$pass = "PASSWORD" | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PsCredential('USERNAME@DOMAIN', $pass)
New-PSDrive -Name "X" -PSProvider FileSystem -Root "NETWORK SHARE" -Credential $cred -persist
Maybe that has an effect on the necessary permissions
- The installation script is a powershell file invoked through the
batfunction in the jenkins pipeline, like this:
def installExit = bat returnStatus: true, script: 'PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& .\SCRIPT.ps1 ;exit $LASTEXITCODE"'
Could this have an effect on the context used during execution?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论