我正在尝试使用 python 创建一个 CLI 工具,列出 azure 帐户中的所有订阅。然后,用户需要输入他们要查阅的订阅号。之后,该订阅中的所有虚拟机都会列出。然后,用户输入想要安装日志传送程序 (winlogbeat) 的 VM 的选项号。然后,该脚本应该下载并安装 dn run winlogbeat 作为该虚拟机内的服务。我正在使用托管身份。
我面临的问题与访问该虚拟机中某些路径的权限有关,尽管我在 subprocess.run 中使用选项 -Verb runAs ,如下所示:
subprocess.run(['powershell', '-Command', f'Start-Process powershell -ArgumentList "-ExecutionPolicy Bypass -NoExit -Command \"{powershell_command}\"" -Verb runAs'], check=True)
这是我的代码:
def run_command_as_admin(command):
subprocess.run(['powershell', '-Command', f'Start-Process powershell -ArgumentList "-ExecutionPolicy Bypass -NoExit -Command \\"{command}\\"" -Verb runAs'])
def install_winlogbeat_service(vm_name):
try:
download_winlogbeat()
run_command_as_admin(f'& "C:\\Program Files\\Winlogbeat\\install-service-winlogbeat.ps1"')
click.echo(f"Winlogbeat installed and service started on VM '{vm_name}'")
except subprocess.CalledProcessError as e:
click.echo(f"Error: Failed to install Winlogbeat and start service on VM '{vm_name}': {e}")
def download_winlogbeat():
winlogbeat_version = "7.16.3" # Example version
winlogbeat_url = f"https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-{winlogbeat_version}-windows-x86_64.zip"
download_dir = os.path.expanduser("~") # User's home directory
zip_file_path = os.path.join(download_dir, "winlogbeat.zip")
subprocess.run(['powershell', '-Command', f'Invoke-WebRequest -Uri "{winlogbeat_url}" -OutFile "{zip_file_path}"'], check=True)
subprocess.run(['powershell', '-Command', f'Expand-Archive -Path "{zip_file_path}" -DestinationPath "C:\\Program Files" -Force'], check=True)
os.rename(os.path.join("C:\\Program Files", f"winlogbeat-{winlogbeat_version}-windows-x86_64"), "C:\\Program Files\\Winlogbeat")
这是我收到的错误:
New-Item : Access to the path 'powershell' is denied.
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psm1:986 char:21
+ ...New-Item $currentArchiveEntryPath -Type Directory -Confir ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: PermissionDenied: (C:\Program File...ule\powershell:String) [New-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : CreateDirectoryUnauthorizedAccessError,Microsoft.PowerShell.Commands.NewItemCommand
同样适用于:
New-Item : Access to the path 'visualization' is denied.
New-Item : Access to the path 'security' is denied.
New-Item : Access to the path 'config' is denied.
New-Item : Access to the path 'sysmon' is denied.
New-Item : Access to the path 'powershell' is denied
如果您在尝试在虚拟机上的
C:\WINDOWS\system32\
下创建目录时遇到错误,您可能需要本地管理员访问权限。由于您使用托管身份连接到该虚拟机,请检查MS Doc了解更多详细信息。
要解决此问题,您可以将 虚拟机管理员登录 角色分配给
Managed Identity
。
VM-使用调用cmd.ps1创建目录
New-Item -Path "C:\Windows\System32" -Name "Powershell-Test1" -ItemType "directory"
这是我用来在
Azure VM
中创建目录的脚本。
Connect-AzAccount -Identity -AccountId "9b0d59a2-6329-4ba8-8d20-b32174689edc"
Invoke-AzVMRunCommand -ResourceGroupName 'Venkat' -VMName 'venkat-vm' -CommandId 'RunPowerShellScript' -ScriptPath 'VM-create a Directory using invoke cmd.ps1'
输出:
运行脚本后,文件夹已成功创建。