stackoom
  简体   繁体   中英

Octopus deploy can't find SQL Credential when trying to restore a database from Azure using powershell

 原文  2018-07-17 10:44:44       sql-server/ powershell/ azure/ octopus-deploy

Question

I've written a powershell script to restore from url a database from Azure. Testing locally on my machine this works fine. When I log into the server and run the script it works fine.

However, if I set up octopus deploy to run the script it is unable to find the SQL credential. This code returns false : 

If (Get-SqlCredential -Name $credentialName -Path $instanceName -ErrorAction SilentlyContinue )

So I'm thinking that however the octopus tentacle tries to run the script, using LocalSystem, it doesn't have the privileges to get the SQL Credential. Why wouldn't LocalSystem be able to get the Credentials?

Is my suspicion correct? I've noticed that you can run a tentacle under a specific user account but is this the best way to do it? Also, it will have these elevated privileges for every deployment which isn't great as none of the others require any additional privileges.

I'm reluctant to run it under an existing user account and I don't really want to create a new one just for this deployment process.

Are there any alternatives to using another user account? or is the above incorrect and there's another reason for this?

2 answers

solution1
 2  2018-07-17 12:08:20

I don't use Octopus for deployments but with any 3rd party tool of this nature in regard to SQL Server...it would always be a best practice to create a deployment account so you ensure least privilege.

A quick search in Octopus` documentation they seem to suggest the same information on having a deployment account specific to an environment :

Finally, it is good security practice to have a different deployment account per environment. That deployment account only has permissions to make schema changes in their environment. An account used to change a test environment should not be able to change production.

solution2
 0  2018-07-17 13:50:04

I have tested using my account for the Octopus Tentacle and it works. So it is indeed an issue with the privileges of the LocalSystem. This, and the documentation Shawn Melton has linked to here suggest this is the preferred method of doing things.

For those with the same problem, you can change the user account the tentacle uses by opening Services , right click on the appropriate OctopusDeploy Tentacle (you may have more than one), Properties , Log On and enter the account details:

在此处输入图片说明

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SQL database Restore using Powershell set Variable Can we create Database Scoped credential inside T-SQL procedure on Azure Restore Azure SQL Database using T-SQL (create stored procedure) Powershell to restore database(SQL Server) How to restore schema on the Azure SQL Server Databases using PowerShell script? Deploy Database From C# To Sql Azure SQL Azure and Powershell for DACPAC deploy Restore MS SQL Server Database using powershell and task scheduler Trying to deploy Asp.Net Memebership database to SQL Azure Can't restore database from backup file
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM