Question:
I’ve got an Octopus Tentacle running a deploy script. The tentacle is running as the LocalSystem account.
Inside the script, I’m able to do pretty much everything I need, aside from some archive bit. The archive needs to be done under different domain credentials because it’s on a network share.
The frustrating this is that the code below works locally, but when run off the tentacles, it fails with the error
—————————————————-[ Backup Nupkg ]—————————————————- Storing a backup
version of GeoSphere.1.2.1.1722.nupkg for the Development environment
Error 09:24:32 [localhost] There is an error launching the
background process. Error Error 09:24:32 reported: Access is
denied. Error 09:24:32 At
C:\Octopus\Deployments\Development\GeoSphere\1.2.1.1722\deploy.ps1:121
Error 09:24:32 char:1 Error 09:24:32
+ Receive-Job $job Error 09:24:32
+ ~~~~~~~~~~~~~~~~ Error 09:24:32
+ CategoryInfo : OpenError: (localhost:String) [], PSRemotingTran Error 09:24:32 sportException Error 09:24:32
+ FullyQualifiedErrorId : -2147467259,PSSessionStateBroken Info 09:24:32 HasMoreData : False StatusMessage : Location :
localhost Command :
Import-Module $args[3]
Backup-Nupkg $args[0] $args[1] $args[2]
JobStateInfo : Failed Finished : System.Threading.ManualResetEvent InstanceId :
0c031592-4c2a-4f8b-b014-a5ba79be09f7 Id : 1 Name :
Job1 ChildJobs : {Job2} PSBeginTime : 13/11/2014 9:24:30 AM
PSEndTime : 13/11/2014 9:24:31 AM PSJobTypeName : BackgroundJob
Output : {} Error : {} Progress : {} Verbose
: {} Debug : {} Warning : {} State : Failed
Fatal 09:24:32 PowerShell script returned a non-zero exit code: 1
Tentacle version 2.5.11.614
Here’s the code
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$pwd = convertto-securestring "[PASSWORD]" -asplaintext -force $cred=new-object -typename System.Management.Automation.PSCredential -argumentlist "[DOMAIN\USER]",$pwd $packageName = "GeoSphere.$Version.nupkg" $backupPath = $($es.backupPath) $artifactsPath = $($es.artifactsPath) $job = Start-Job -ScriptBlock { Import-Module $args[3] Backup-Nupkg $args[0] $args[1] $args[2] } -ArgumentList @($packageName,$backupPath,$artifactsPath,"$currentDir\modules\ApplicationUtilities") -Credential $cred Wait-Job $Job Receive-Job $job |
Here’s the ApplicationUtilities Module
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
function Backup-Nupkg{ param( [parameter(Mandatory=$true,position=0)] [string] $packageName, [parameter(Mandatory=$true,position=1)] [string] $backupPath, [parameter(Mandatory=$true,position=2)] [string] $artifactsPath ) if(!(Test-Path $($backupPath))) { md $($backupPath) } else { Remove-Item "$($backupPath)\*" -recurse -Force } Copy-Item $artifactsPath\$packageName $backupPath } Export-ModuleMember Backup-Nupkg |
What is the magic trick to getting this to run off of the Tentacle as it does locally?
Answer:
I tried the same thing without any luck, it seems like it’s not possible to start jobs as a different user. In this similar question, Leblanc ended up using WinRM and Invoke-Command instead:
run script block as a specific user with Powershell
(I don’t think this is anything Octopus specific – the issue seems to be more of a problem with SYSTEM being able to start processes as a different user, or with Start-Job under SYSTEM, or perhaps both)