We have a setup to test software that uses a central Jenkins Master and four nodes (vSphere Win10 VMs). Recently, the pipeline that runs the tests has been failing because it can't install software components necessary for testing on the nodes.

The script is called as follows
Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/i $($SetupDir)\Setup_MariaDB.msi SERVICENAME=MySQL UTF8=1 INSTALLDIR=$($dbInstallDir) /qn /L*V "$($logPath)"' -Wait

When executing this locally, it installs MariaDB without any problems. However, if the installation is triggered via Jenkins (as the same user), it stops and logs that the current user does not have the necessary permissions to execute the installation.

What I tried:

  • The VMs are no longer in any domain (to prevent Domain Controller overriding GPs)

  • Group policies are set so the admin user (not built-in, self-created) always executes scripts in admin context.

  • Logged the user that currently executes scripts on the node (As expected, it's the admin user that can install without problems locally)

  • Set it so that the connection to the jenkins master (via Task Scheduler) is executed by the Admistrators group to hopefully gain missing privileges

Thoughts

  • At an earlier point, the pipeline accesses network resources through another user account
    $pass = "PASSWORD" | ConvertTo-SecureString -AsPlainText -Force
    $cred = New-Object System.Management.Automation.PsCredential('USERNAME@DOMAIN', $pass)
    New-PSDrive -Name "X" -PSProvider FileSystem -Root "NETWORK SHARE" -Credential $cred -persist

Maybe that has an effect on the necessary permissions

  • The installation script is a powershell file invoked through the bat function in the jenkins pipeline, like this:
def installExit = bat returnStatus: true, script: 'PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& .\SCRIPT.ps1 ;exit $LASTEXITCODE"'

Could this have an effect on the context used during execution?

0

There are 0 answers