hello,
We have large environment with hundreds of virtual machines. During our services deployment we need to copy some files from build drop to all these machines.
So, we have:
- User machine, where deployment scripts executing
- Build drop machine, where files are
- Target machine
Powershell is used as script language. Something like:
$buildDrop = "\\sourceMachine\Build"
$machineTarget = "targetMachine"
Invoke-Command -ComputerName $machineTarget -ArgumentList $buildDrop -ScriptBlock {
Param( $buildDrop )
Test-Path $buildDrop # Will return False
}
This approach leads to double hop issue, which I'm not able to solve due to CredSSP feature is not supported on XP and 2k3 machines. And copy invoked on user machine leads to performance bottle neck (data travels through user machine).
Is there any way to make build drop always visible from all target machines? May be somehow add them to trusted location or something like this?
Thanks in advance!
I found solution which works in our environment.
It is not possible to transfer credentials through double hop without Cred-SSP, but you can run something on target machine without first hop.
The simplest way is to use psexec with -s flag (run remote process in the System account), final string was something like this:
psexec \\someHost -s robocopy "\\stagingHost\Staging" "\\someHost\C$\Staging" /MIR
Also you can start some PS script in same way, just ensure that script execution is allowed on remote machine:
psexec \\someHost -s "\\stagingHost\Staging\Script.ps1" SomeArg1 SomeArg2
Check this article, to understand how psexec works. While service on someHost
CredSSP is the solution to the double-hop problem.
Remove the user's desktop from the equation. Set up a proper build & deployment server/service/application on your build server and manage everything from there. RedGate has a new product that will probably help you greatly with this, Deployment Manager
If the machine you're using can get to the other machines just copy the files using your machine:
$computers | % {copy '\\servershare\build' "\\$_\c`$\Temp"}
$sb = {C:\Temp\Dosomething.txt args[0]}
$computers | % {Invoke-command -comp $_ -scriptBlock $sb -argumentlist $arg}
来源:https://stackoverflow.com/questions/15242248/double-hop-access-to-copy-files-without-credssp