无法从 Azure Automation Runbook 访问 Azure FileShare 存储容器

Not able to access Azure FileShare Storage container from Azure Automation Runbook

我有以下 Azure Automation Runbook 脚本,其目标是从 REST API 调用中获取 dump/export,该调用必须 运行 来自能够到达的目标设备REST API 设备。所以 Azure Automation 运行book 的目标是“代理服务器”,然后我们从这里获取 REST API 备份。

该方法一直有效,但一旦 'cm.vm.run_command' 出现输出大小限制并且 t运行 正在备份,我们就无法从目标服务器复制此备份文件。我们找到的解决方法是将备份文件从 'target/proxy server' 直接复制到安装在 target/proxy 服务器上的存储帐户文件共享中。我现在的问题是,当从 Azure Automation 运行ning 时,它无法访问其他用户安装的驱动器 and/or 无法安装设备或像下面的错误消息一样直接访问它。有人对此有其他选择吗?我能够检查 运行book 在来自 t 的存储帐户端口 443/445 上是否有连接。这是此处描述的可能原因之一 https://docs.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems

在我收到的命令和错误以及使用的整个脚本下方。

Copy-item -Path C:\Devicebackup.txt -Destination \storage_account_name.file.core.windows.net\configdatafileshare\Orchestration 
net use w: \storage_account_name.file.core.windows.net\configdatafileshare\Orchestration `'/yBapkthow==`' /user:Azure\storage_account_name

Copy-item : The network path was not found
At C:\Packages\Plugins\Microsoft.CPlat.Core.RunCommandWindows.1.5\Downloads\s
cript9.ps1:15 char:1
+ Copy-item -Path C:\Devicebackup.txt -Destination \storage_account_name. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Copy-Item], IOException
    + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Comma 
   nds.CopyItemCommand
 
The option /DL2D2QKD1OU2ZKEOJVRK4LGPIRTJKAJBZ+EDKNHWVYYEJDDYSL9CPB5T8F/9VWQBMBWC37B1NJS4YBAPKTHOW== is unknown.

The syntax of this command is:

NET USE
[devicename | *] [\computername\sharename[\volume] [password | *]]
        [/USER:[domainname\]username]
        [/USER:[dotted domain name\]username]
        [/USER:[username@dotted domain name]
        [/SMARTCARD]
        [/SAVECRED]
        [[/DELETE] | [/PERSISTENT:{YES | NO}]]

NET USE {devicename | *} [password | *] /HOME

NET USE [/PERSISTENT:{YES | NO}]
Param (
    [Parameter(Mandatory=$false)][string] $rgName
    ,[Parameter(Mandatory=$false)][string] $ProxyServerName
)


function CreatePSCommandFile {
    Param(
    [parameter(Mandatory=$true)][String[]]$DeviceName,
    [parameter(Mandatory=$true)][String[]]$DeviceIP,
    [parameter(Mandatory=$true)][String[]]$ApiToken   
    )

    $remoteCommand =
@"
add-type @`"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
`"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri 'www.mydownload.com' -UseBasicParsing -Headers @{    Authorization="Bearer $($ApiToken)" } | Out-file C:\Devicebackup.txt
net use w: \storage_account_name.file.core.windows.net\configdatafileshare\Orchestration `'/STORAGE_KEY+EDknHWvyyeJDDYsL9cPB5T8F/9VwqBmbwc37B1NJS4yBapkthow==`' /user:Azure\storage_account_name
Copy-item -Path C:\Devicebackup.txt -Destination \storage_account_name.file.core.windows.net\configdatafileshare\Orchestration

"@
    Set-Content -Path .\InvokeCommand.ps1 -Value $remoteCommand
}
$connectionName = "AzureRunAsConnection"
try {
    # Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName         
    Write-Host "Logging in to Azure..."
    $connectionResult = Connect-AzAccount `
        -ServicePrincipal `
        -Tenant $servicePrincipalConnection.TenantID `
        -ApplicationId $servicePrincipalConnection.ApplicationID `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = "Connection $connectionName not found."
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}


function Backup-Device {
    Param (
        [Parameter(Mandatory=$false)][string] $DeviceName
        ,[Parameter(Mandatory=$false)][string] $DeviceIP
        ,[Parameter(Mandatory=$false)][string] $ApiToken        
    )
    # Execute Backup on Fortigate Rest API
    CreatePSCommandFile -DeviceName $DeviceName -DeviceIP $DeviceIP -ApiToken $ApiToken
    $Output = Invoke-AzVMRunCommand -ResourceGroupName $rgName -VMName $ProxyServerName -CommandId 'RunPowerShellScript' -Scriptpath ".\InvokeCommand.ps1"  -Parameter @{'api_url' = "10.29.255.212"; 'api_token' = "0p6h1rmspjf37kp80bc6ny88jw"}
    ($Output).Value.Message
}

Backup-Device -DeviceName "DeviceName" -DeviceIP '10.29.255.212' -ApiToken 'Api_Token'

分享一位有福的同事提出的解决方案:)

使用 New-SmbMapping 我们能够从 Azure 自动化 PS 脚本成功装载存储帐户文件共享。

if (!(Test-Path `$MapDrive)) {
    New-SmbMapping -LocalPath `$MapDrive -RemotePath `$RemotePath -UserName `$UserName -Password `$Key
}
Copy-Item .\Devicebackup.txt `$MapDrive