Persistent Windows file share mount (#81)

* Terraform 1.2.7 * Update providers * Address provider deprecation warnings * Replace New-SmbGlobalMapping with 'net use'
geekzter · Aug 14, 2022 · 07940bf · 07940bf
1 parent 8fbe894
commit 07940bf
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 6 deletions.
diff --git a/scripts/host/host_configuration.ps1 b/scripts/host/host_configuration.ps1
@@ -35,9 +35,15 @@ if (![string]::IsNullOrEmpty("${smb_share}")) {
         New-LocalUser -Name "$agentUser" -Description "Pre-created by $($MyInvocation.MyCommand.Name)" -NoPassword -AccountNeverExpires
     }
 
-    ConvertTo-SecureString -String "${storage_account_key}" -AsPlainText -Force | Set-Variable storageKey
-    New-Object System.Management.Automation.PSCredential -ArgumentList "AZURE\${storage_account_name}", $storageKey | Set-Variable credential 
-    New-SmbGlobalMapping -RemotePath "${smb_share}" -Credential $credential -LocalPath ${drive_letter}: -FullAccess @( "NT AUTHORITY\SYSTEM", $agentUser, "${user_name}" ) -Persistent $true #-UseWriteThrough
+    # BUG: 'New-SmbGlobalMapping -Persistent $true' is not persistent
+    # ConvertTo-SecureString -String "${storage_account_key}" -AsPlainText -Force | Set-Variable storageKey
+    # New-Object System.Management.Automation.PSCredential -ArgumentList "AZURE\${storage_account_name}", $storageKey | Set-Variable credential 
+    # New-SmbGlobalMapping -RemotePath "${smb_share}" -Credential $credential -LocalPath ${drive_letter}: -FullAccess @( "NT AUTHORITY\SYSTEM", "NT AUTHORITY\NETWORK SERVICE", "${user_name}" ) -Persistent $true -RequirePrivacy $true #-UseWriteThrough
+
+    # FIX: Use classic command-line tools instead
+    cmd.exe /C "cmdkey /add:`"${smb_fqdn}`" /user:`"AZURE\${storage_account_name}`" /pass:`"${storage_account_key}`""
+    net use ${drive_letter}: ${smb_share} /global /persistent:yes /user:AZURE\${storage_account_name} "${storage_account_key}"
+    dir ${drive_letter}:
 
     # Link agent diagnostics directory
     "{0}:\{1}\{2}" -f "${drive_letter}", (Get-Date -Format 'yyyy\\MM\\dd'), $env:COMPUTERNAME | Set-Variable diagnosticsSMBDirectory

diff --git a/scripts/host/prepare_agent.ps1 b/scripts/host/prepare_agent.ps1
@@ -45,9 +45,15 @@ if ("${smb_share}") {
         Write-Error -Message "Unable to reach '${storage_share_host}' via port 445."
     }
 
-    ConvertTo-SecureString -String "${storage_account_key}" -AsPlainText -Force | Set-Variable storageKey
-    New-Object System.Management.Automation.PSCredential -ArgumentList "AZURE\${storage_account_name}", $storageKey | Set-Variable credential 
-    New-SmbGlobalMapping -RemotePath "${smb_share}" -Credential $credential -LocalPath ${drive_letter}: -FullAccess @( "NT AUTHORITY\SYSTEM", "NT AUTHORITY\NETWORK SERVICE", "${user_name}" ) -Persistent $true #-UseWriteThrough
+    # BUG: 'New-SmbGlobalMapping -Persistent $true' is not persistent
+    # ConvertTo-SecureString -String "${storage_account_key}" -AsPlainText -Force | Set-Variable storageKey
+    # New-Object System.Management.Automation.PSCredential -ArgumentList "AZURE\${storage_account_name}", $storageKey | Set-Variable credential 
+    # New-SmbGlobalMapping -RemotePath "${smb_share}" -Credential $credential -LocalPath ${drive_letter}: -FullAccess @( "NT AUTHORITY\SYSTEM", "NT AUTHORITY\NETWORK SERVICE", "${user_name}" ) -Persistent $true -RequirePrivacy $true #-UseWriteThrough
+
+    # FIX: Use classic command-line tools instead
+    cmd.exe /C "cmdkey /add:`"${smb_fqdn}`" /user:`"AZURE\${storage_account_name}`" /pass:`"${storage_account_key}`""
+    net use ${drive_letter}: ${smb_share} /global /persistent:yes /user:AZURE\${storage_account_name} "${storage_account_key}"
+    dir ${drive_letter}:
 
     # Link agent diagnostics directory
     "{0}:\{1}\{2}" -f "${drive_letter}", (Get-Date -Format 'yyyy\\MM\\dd'), $env:COMPUTERNAME | Set-Variable diagnosticsSMBDirectory

diff --git a/terraform/modules/scale-set-windows-agents/windows.tf b/terraform/modules/scale-set-windows-agents/windows.tf
@@ -4,6 +4,7 @@ locals {
       diagnostics_directory    = "C:\\agent\\_diag"
       drive_letter             = "X"
       environment              = var.environment_variables
+      smb_fqdn                 = var.diagnostics_smb_share != null ? replace(var.diagnostics_smb_share,"/","") : ""
       smb_share                = var.diagnostics_smb_share != null ? replace(var.diagnostics_smb_share,"/","\\") : ""
       storage_account_key      = var.diagnostics_smb_share != null ? data.azurerm_storage_account.files.0.primary_access_key : ""
       storage_account_name     = var.diagnostics_smb_share != null ? data.azurerm_storage_account.files.0.name : ""

diff --git a/terraform/modules/self-hosted-windows-agent/windows.tf b/terraform/modules/self-hosted-windows-agent/windows.tf
@@ -4,6 +4,7 @@ locals {
       diagnostics_directory    = "C:\\ProgramData\\pipeline-agent\\diag"
       drive_letter             = "X"
       environment              = var.environment_variables
+      smb_fqdn                 = var.diagnostics_smb_share != null ? replace(var.diagnostics_smb_share,"/","") : ""
       smb_share                = var.diagnostics_smb_share != null ? replace(var.diagnostics_smb_share,"/","\\") : ""
       storage_account_key      = var.diagnostics_smb_share != null ? data.azurerm_storage_account.files.0.primary_access_key : ""
       storage_account_name     = var.diagnostics_smb_share != null ? data.azurerm_storage_account.files.0.name : ""