Hi,
I've got a powershell script that I'm currently invoking using the
script module - assuming I can get this working I'll probably turn it
into a module, but I need to get over some issues first.
The purpose of the script is to configure Azure Online Backup on an on
premise Windows Server. The script is working fine when run from an
interactive powershell prompt.
The script is getting passed some credentials, a resource group and a
backup vault name.
It invokes Add-AzureRmAccount (which suceeds) and then
Get-AzureRMBackupVault which also succeeds (and returns the backup vault
info). So clearly auth to Azure is working correctly.
The next step is running Get-AzureRMBackupVaultCredentials which
downloads a credential file to the local filesystem to be passed to
Start-OBRegistration. That step works fine when the script is run
interactively, but when the script is run by Ansible it fails with "The
specified network password is not correct".
I'm guessing that for some reason Get-AzureRMBackupVaultCredentials
authenticates to Azure in a different way than the other Azure
Powershell scripts and that is in some way incompatible with (or
disallowed from) Powershell Remote Sessions.
A slight punt of doing 'Enable-WSManCredSSP -Role "Client"
-DelegateComputer "*"' but that didn't help..
Has anyone had any similar experiences with using the Azure Powershell
cmdlets in a script run by Ansible?
I realise this is probably verging on more of a powershell vs Ansible
question..
There may be a way to do the equivalent of
Get-AzureRMBackupVaultCredentials via the Azure API - I'll have a look
at that if I can't resolve this issue.
Script is below if anyone wants to try it, it assumes an existing
Resource Group, Vault and the Azure Recovery Services client installed.
thanks,
Barney.
--
Barney Sowood
bar...@sowood.co.uk
param(
[Parameter(Mandatory=$True)]
[string]$Username=$null,
[Parameter(Mandatory=$True)]
[string]$Password=$null,
[Parameter(Mandatory=$True)]
[string]$ResourceGroup=$null,
[Parameter(Mandatory=$True)]
[string]$VaultName=$null,
[Parameter(Mandatory=$True)]
[string]$EncryptionPassphrase=$null
)
$ErrorActionPreference = "Stop"
# Login to Azure
$securePassword = ConvertTo-SecureString $Password -AsPlainText -Force
$azureCreds = New-Object
System.Management.Automation.PSCredential($Username, $securePassword)
Add-AzureRmAccount -Credential $azureCreds
# Get the backup vault
$backupVault = Get-AzureRMBackupVault –ResourceGroupName $ResourceGroup
–Name $VaultName
# Download backup creds
$credsFilename = Get-AzureRMBackupVaultCredentials -Vault $backupVault
-TargetLocation $env:TMP
# Register host
$creds = $env:TMP + "\" + $credsFilename
Start-OBRegistration -VaultCredentials $creds -Confirm:$false
# Cleanup creds
Remove-Item -Force $creds
# Set encryption passphrase
ConvertTo-SecureString -String $EncryptionPassphrase -AsPlainText -Force
| Set-OBMachineSetting
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1473183499.2382679.717424553.67ACFDC8%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
