堆栈内存溢出
  简体   繁体   English

无法从 Azure 自动化 Runbook 访问 Azure FileShare 存储容器

[英]Not able to access Azure FileShare Storage container from Azure Automation Runbook

 原文  2020-09-16 19:21:55       azure/ powershell/ automation/ fileshare/ runbook

问题描述

I've the following Azure Automation Runbook script which goal is to take an dump/export from a REST API call which must run from a target device which is able to reach the REST API device.我有以下 Azure 自动化 Runbook 脚本,其目标是从 REST API 调用中进行转储/导出,该调用必须从能够访问 REST API 设备的目标设备运行。 So Azure Automation runbook is targeting a "proxy server" then from this we're taking the REST API backup.因此,Azure 自动化 Runbook 的目标是“代理服务器”,然后我们从中获取 REST API 备份。

The approach has been working exception the fact we're able not to copy this backup file from the target server once 'cm.vm.run_command' presents output size limitation and is truncating the backup.该方法一直有效,因为一旦“cm.vm.run_command”出现输出大小限制并截断备份,我们就无法从目标服务器复制此备份文件。 The workaround we found for this was copying the backup file from the 'target/proxy server' directly into a Storage Account Fileshare which is mounted on the target/proxy server.我们为此找到的解决方法是将备份文件从“目标/代理服务器”直接复制到安装在目标/代理服务器上的存储帐户文件共享中。 My problem now is when running from Azure Automation it's not able to access the drive mounted by other user and/or is not able to mount the device or access it directly like below errors messages.我现在的问题是从 Azure 自动化运行时,它无法访问其他用户安装的驱动器和/或无法安装设备或直接访问它,如下面的错误消息。 Does anybody have any alternative for this ?有没有人对此有任何选择? I was able to check the runbook is having connectivity on the storage account ports 443/445 from t.我能够检查 Runbook 在存储帐户端口 443/445 上从 t 连接。 That was one of the possible reasons described here https://docs.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems这是此处描述的可能原因之一https://docs.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems

Below the commands and errors I'm receiving and the whole script used.在我收到的命令和错误以及使用的整个脚本下方。

Copy-item -Path C:\Devicebackup.txt -Destination \\storage_account_name.file.core.windows.net\configdatafileshare\Orchestration 
net use w: \\storage_account_name.file.core.windows.net\configdatafileshare\Orchestration `'/yBapkthow==`' /user:Azure\storage_account_name


Copy-item : The network path was not found
At C:\Packages\Plugins\Microsoft.CPlat.Core.RunCommandWindows\1.1.5\Downloads\s
cript9.ps1:15 char:1
+ Copy-item -Path C:\Devicebackup.txt -Destination \\storage_account_name. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Copy-Item], IOException
    + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Comma 
   nds.CopyItemCommand
 
The option /DL2D2QKD1OU2ZKEOJVRK4LGPIRTJKAJBZ+EDKNHWVYYEJDDYSL9CPB5T8F/9VWQBMBWC37B1NJS4YBAPKTHOW== is unknown.

The syntax of this command is:

NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
        [/USER:[domainname\]username]
        [/USER:[dotted domain name\]username]
        [/USER:[username@dotted domain name]
        [/SMARTCARD]
        [/SAVECRED]
        [[/DELETE] | [/PERSISTENT:{YES | NO}]]

NET USE {devicename | *} [password | *] /HOME

NET USE [/PERSISTENT:{YES | NO}]

Param (
    [Parameter(Mandatory=$false)][string] $rgName
    ,[Parameter(Mandatory=$false)][string] $ProxyServerName
)


function CreatePSCommandFile {
    Param(
    [parameter(Mandatory=$true)][String[]]$DeviceName,
    [parameter(Mandatory=$true)][String[]]$DeviceIP,
    [parameter(Mandatory=$true)][String[]]$ApiToken   
    )

    $remoteCommand =
@"
add-type @`"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
`"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri 'www.mydownload.com' -UseBasicParsing -Headers @{    Authorization="Bearer $($ApiToken)" } | Out-file C:\Devicebackup.txt
net use w: \\storage_account_name.file.core.windows.net\configdatafileshare\Orchestration `'/STORAGE_KEY+EDknHWvyyeJDDYsL9cPB5T8F/9VwqBmbwc37B1NJS4yBapkthow==`' /user:Azure\storage_account_name
Copy-item -Path C:\Devicebackup.txt -Destination \\storage_account_name.file.core.windows.net\configdatafileshare\Orchestration

"@
    Set-Content -Path .\InvokeCommand.ps1 -Value $remoteCommand
}
$connectionName = "AzureRunAsConnection"
try {
    # Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName         
    Write-Host "Logging in to Azure..."
    $connectionResult = Connect-AzAccount `
        -ServicePrincipal `
        -Tenant $servicePrincipalConnection.TenantID `
        -ApplicationId $servicePrincipalConnection.ApplicationID `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = "Connection $connectionName not found."
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}


function Backup-Device {
    Param (
        [Parameter(Mandatory=$false)][string] $DeviceName
        ,[Parameter(Mandatory=$false)][string] $DeviceIP
        ,[Parameter(Mandatory=$false)][string] $ApiToken        
    )
    # Execute Backup on Fortigate Rest API
    CreatePSCommandFile -DeviceName $DeviceName -DeviceIP $DeviceIP -ApiToken $ApiToken
    $Output = Invoke-AzVMRunCommand -ResourceGroupName $rgName -VMName $ProxyServerName -CommandId 'RunPowerShellScript' -Scriptpath ".\InvokeCommand.ps1"  -Parameter @{'api_url' = "10.29.255.212"; 'api_token' = "0p6h1rmspjf37kp80bc6ny88jw"}
    ($Output).Value.Message
}

Backup-Device -DeviceName "DeviceName" -DeviceIP '10.29.255.212' -ApiToken 'Api_Token'

1 个解决方案

解决方案1
 0 已采纳  2020-09-17 14:37:45

Sharing the solution which was presented by a blessed colleague :)分享一位有福的同事提出的解决方案:)

Using New-SmbMapping we were able to mount the Storage Account File Share from Azure Automation PS script successfully.使用New-SmbMapping,我们能够从 Azure 自动化 PS 脚本成功挂载存储帐户文件共享。

if (!(Test-Path `$MapDrive)) {
    New-SmbMapping -LocalPath `$MapDrive -RemotePath `$RemotePath -UserName `$UserName -Password `$Key
}
Copy-Item .\Devicebackup.txt `$MapDrive

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 来自另一个 RunBook 的 Azure 自动化 RunBook - Azure Automation RunBook from Another RunBook 使用 Azure 自动化帐户,跨存储将文件从一个文件共享复制到另一个文件共享 - Using Azure Automation Account, Copy files from one Fileshare to another Fileshare across Storage Azure Runbook Powershell将zip文件从Blob容器移动到FileShare并在目标位置将其解压缩 - Azure Runbook Powershell move zip file from Blob Container to FileShare and Unzip the file once in destination 如何连接 Azure 自动化 Runbook 中的存储帐户 - How to connect with Storage account in Azure automation runbook Python 代码通过 azure 自动化运行手册连接 azure blob 存储 - Python code to connect azure blob storage via azure automation runbook Azure自动化:Runbook失败 - Azure automation: runbook is failing Azure自动化Runbook - Azure automation Runbook 将 Azure 容器文件内容作为参数传递给 Azure 自动化运行手册 - Pass Azure Container File content as parameter to Azure Automation Runbook 从 Azure Storage FileShare 读取文件数据 - Read file data from Azure Storage FileShare 使用Azure自动化导入Azure自动化RunBook - Import Azure Automation RunBook using Azure Automation
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM