I’m having trouble with running powershell scripts (postdeploy.ps1) that require an Import-Module - the import fails when running in the Octopus host, but works fine when running from the powershell command line. Anyone run into this (and solve it?)
thanks in advance
Hi Steve,
What error message did you receive when you tried the import?
Does changing the Tentacle service to run under a different service account help (you’ll need to make the account a local admin to test it)?
Paul
Paul,
I’m getting various flavors of “Access Denied”. I ran into a similar
problem with msdeploy and was able to fix it by following instructions I
found in several places on the internet. In short, I ran the account
under admin, but I also did:
sc privs wmsvc
SeChangeNotifyPrivilege/SeImpersonatePrivilege/SeAssignPrimaryTokenPrivileg
e/SeIncreaseQuotaPrivilege
The combination of these two seemed to do the trick.
I tried the same idea with Tentacle, running it under a new admin account,
then granting the same privs as above to “Octopus Tentacle” service. No
change, still getting access denied. So then I tried running Tentacle in
the foreground with elevated privileges (I.e. Run as admin). This
produced a different error:
2012-06-15 20:42:15 DEBUG Script output:
2012-06-15 20:42:15 DEBUG ERROR: Set-ExecutionPolicy : PromptForChoice is
not supported by the Octopus PowerShell host
ERROR: At line:1 char:20
ERROR: + Set-ExecutionPolicy <<<< Bypass -Scope process
ERROR: + CategoryInfo : NotSpecified: (
[Set-ExecutionPolicy], NotSupportedExceptionERROR: +
FullyQualifiedErrorId :
System.NotSupportedException,Microsoft.PowerShell.Commands.SetExecutionPoli
cyCommand
Let me know if I can provide more info. I’m guessing that Tentacle needs
to try to elevate to take advantage of the additional privs available to
it but this is way outside my area of expertise.
Best regards,
Steve
Hi Steve,
The PowerShell PromptForChoice bug is fixed in the next release; as far as I know though it should only effect running from the console.
Would you be able to post the error message you get when running Tentacle as a service? Also did you restart the Tentacle service after running sc privs? Note that Tentacle by default runs as Local Service which already has those privileges.
Also, what is the name of the module you are importing, so that I can try and reproduce it?
Paul
Hi Paul,
Answers to your questions are below; the error was apparently caused by
some combination of not running the Tentacle service under an admin
identity and not specifying the module name with a fully qualified path -
perhaps the module path was not available in the execution environment(?).
In any event all is working now. When we bring this up on our qa and
staging environments hopefully I’ll have a more precise explanation for
you.
The PowerShell PromptForChoice bug is fixed in the next release; as
far as I know though it should only effect running from the console.
Yes I only get that error running from the console.
I did restart the service after running sc privs; The module in question
is FailoverClusters which is only present on nodes that are part of a
failover cluster.
Here is the error from the service, it doesn’t reveal much:
You do not have administrative privileges on the cluster. Contact your
network administrator to request access. Access is denied at
System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable
input) at System.Management.Automation.Runspaces.Pipeline.Invoke()
This is while the Tentacle agent is running under an ID that is a member
of the local administrators group; admin group does have admin rights on
the cluster.