使用Powershell和Jenkins进行远程访问 [英] Remote Access with Powershell and Jenkins
问题描述
我正在尝试在远程(Windows 2008 Server R2)计算机上运行Powershell脚本.如果直接从Powershell执行以下代码,则效果很好. (即,一切设置正确,WinRM服务正在运行,主机相互信任,登录正确...)
I am trying to run a powershell script on a remote (Windows 2008 Server R2) machine. The following code works great when executed directly from powershell. (I.e. everything is set up correctly, WinRM services are running, Hosts trust each other, login is correct...)
但是,当我从Jenkins实例执行完全相同的代码(在测试的同一台计算机上运行)时,出现 PSSessionStateBroken 连接失败,. (因为我的机器上是德语,所以未发布完整错误.)
However, when I execute the exact same code from a Jenkins instance (running on the same machine where I tested) I get a PSSessionStateBroken connection failure, . (Not posting full error because it is in German on my machine.)
我想这意味着Jenkins使用Powershell的方式有所不同,或者具有不同的Powershell/Winrm设置或特权不足.有什么想法吗?
I suppose that means Jenkins is using powershell differently or has different powershell/winrm settings or insufficient privileges. Any ideas?
$computer = "<some ip>"
$user = "Administrator"
$password = "<secretpassword>"
$securepassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user, $securepassword
Invoke-Command -ComputerName $computer -ScriptBlock { Get-ChildItem C:\ } -Credential $cred
编辑:通过以管理员身份运行jenkins服务来对其进行修复.对我有用,但感觉不对...
Managed to fix it by running jenkins service as Administrator. Works for me, but does not feel right...
推荐答案
自2014年3月起,Jenkins安装Jenkins服务以LocalSystem用户(即NT AUTHORITY\SYSTEM)身份运行. LocalSystem帐户使用以下方式访问网络计算机帐户.
As of March 2014, Jenkins installs the Jenkins service to run as the LocalSystem user (i.e., NT AUTHORITY\SYSTEM). The LocalSystem account accesses the network using the computer account.
例如,名为JENKINSSERVER的主机上的Jenkins使用MYDOMAIN Active Directory域中的MYDOMAIN\JENKINSSERVER$计算机帐户连接到远程计算机.
For example , Jenkins on a host named JENKINSSERVER connects to remote machines using the MYDOMAIN\JENKINSSERVER$ computer account in the MYDOMAIN Active Directory domain.
这意味着您需要将MYDOMAIN\JENKINSSERVER$帐户添加为TARGETSERVER上的BUILTIN\Administrators本地组的成员:
This means you need to add the MYDOMAIN\JENKINSSERVER$ account as a member of the BUILTIN\Administrators local group on the TARGETSERVER:
NET LOCALGROUP "Administrators" "MYDOMAIN\MYSERVER$" /add
NET LOCALGROUP "Administrators" "MYDOMAIN\MYSERVER$" /add
Caveat Emptor :这将授予在MYSERVER主机上作为LocalSystem或NetworkService执行的任何代码,以管理员身份在TARGETSERVER上运行远程命令.您最好为此服务创建一个特定的域用户,以将管理员权限限制为仅一个Jenkins服务.
Caveat Emptor: This grants any code executing as LocalSystem or NetworkService on the MYSERVER host to run remote commands on TARGETSERVER as an Administrator. You may be better off creating a specific domain user for just this service to restrict admin rights to just the single Jenkins service.
这篇关于使用Powershell和Jenkins进行远程访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
