0

我有以下 Azure Automation Runbook 脚本,其目标是从 REST API 调用中进行转储/导出,该调用必须从能够访问 REST API 设备的目标设备运行。因此,Azure 自动化运行手册以“代理服务器”为目标,然后我们从中获取 REST API 备份。

该方法一直有效,因为一旦“cm.vm.run_command”出现输出大小限制并截断备份,我们就无法从目标服务器复制此备份文件。我们为此找到的解决方法是将备份文件从“目标/代理服务器”直接复制到安装在目标/代理服务器上的存储帐户文件共享中。我现在的问题是从 Azure 自动化运行时,它无法访问其他用户安装的驱动器和/或无法安装设备或直接访问它,如下面的错误消息。有没有人对此有任何选择?我能够检查运行手册是否在来自 t 的存储帐户端口 443/445 上具有连接性。这是此处描述的可能原因之一https://docs.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems

在我收到的命令和错误以及使用的整个脚本下方。

Copy-item -Path C:\Devicebackup.txt -Destination \\storage_account_name.file.core.windows.net\configdatafileshare\Orchestration 
net use w: \\storage_account_name.file.core.windows.net\configdatafileshare\Orchestration `'/yBapkthow==`' /user:Azure\storage_account_name


Copy-item : The network path was not found
At C:\Packages\Plugins\Microsoft.CPlat.Core.RunCommandWindows\1.1.5\Downloads\s
cript9.ps1:15 char:1
+ Copy-item -Path C:\Devicebackup.txt -Destination \\storage_account_name. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Copy-Item], IOException
    + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Comma 
   nds.CopyItemCommand
 
The option /DL2D2QKD1OU2ZKEOJVRK4LGPIRTJKAJBZ+EDKNHWVYYEJDDYSL9CPB5T8F/9VWQBMBWC37B1NJS4YBAPKTHOW== is unknown.

The syntax of this command is:

NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
        [/USER:[domainname\]username]
        [/USER:[dotted domain name\]username]
        [/USER:[username@dotted domain name]
        [/SMARTCARD]
        [/SAVECRED]
        [[/DELETE] | [/PERSISTENT:{YES | NO}]]

NET USE {devicename | *} [password | *] /HOME

NET USE [/PERSISTENT:{YES | NO}]

Param (
    [Parameter(Mandatory=$false)][string] $rgName
    ,[Parameter(Mandatory=$false)][string] $ProxyServerName
)


function CreatePSCommandFile {
    Param(
    [parameter(Mandatory=$true)][String[]]$DeviceName,
    [parameter(Mandatory=$true)][String[]]$DeviceIP,
    [parameter(Mandatory=$true)][String[]]$ApiToken   
    )

    $remoteCommand =
@"
add-type @`"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
`"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri 'www.mydownload.com' -UseBasicParsing -Headers @{    Authorization="Bearer $($ApiToken)" } | Out-file C:\Devicebackup.txt
net use w: \\storage_account_name.file.core.windows.net\configdatafileshare\Orchestration `'/STORAGE_KEY+EDknHWvyyeJDDYsL9cPB5T8F/9VwqBmbwc37B1NJS4yBapkthow==`' /user:Azure\storage_account_name
Copy-item -Path C:\Devicebackup.txt -Destination \\storage_account_name.file.core.windows.net\configdatafileshare\Orchestration

"@
    Set-Content -Path .\InvokeCommand.ps1 -Value $remoteCommand
}
$connectionName = "AzureRunAsConnection"
try {
    # Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName         
    Write-Host "Logging in to Azure..."
    $connectionResult = Connect-AzAccount `
        -ServicePrincipal `
        -Tenant $servicePrincipalConnection.TenantID `
        -ApplicationId $servicePrincipalConnection.ApplicationID `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = "Connection $connectionName not found."
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}


function Backup-Device {
    Param (
        [Parameter(Mandatory=$false)][string] $DeviceName
        ,[Parameter(Mandatory=$false)][string] $DeviceIP
        ,[Parameter(Mandatory=$false)][string] $ApiToken        
    )
    # Execute Backup on Fortigate Rest API
    CreatePSCommandFile -DeviceName $DeviceName -DeviceIP $DeviceIP -ApiToken $ApiToken
    $Output = Invoke-AzVMRunCommand -ResourceGroupName $rgName -VMName $ProxyServerName -CommandId 'RunPowerShellScript' -Scriptpath ".\InvokeCommand.ps1"  -Parameter @{'api_url' = "10.29.255.212"; 'api_token' = "0p6h1rmspjf37kp80bc6ny88jw"}
    ($Output).Value.Message
}

Backup-Device -DeviceName "DeviceName" -DeviceIP '10.29.255.212' -ApiToken 'Api_Token'
4

1 回答 1

0

分享一位有福的同事提出的解决方案:)

使用New-SmbMapping,我们能够成功地从 Azure 自动化 PS 脚本挂载存储帐户文件共享。

if (!(Test-Path `$MapDrive)) {
    New-SmbMapping -LocalPath `$MapDrive -RemotePath `$RemotePath -UserName `$UserName -Password `$Key
}
Copy-Item .\Devicebackup.txt `$MapDrive
于 2020-09-17T14:37:45.437 回答