Update AdHoc-Backup.ps1
This commit is contained in:
parent
8865f4387c
commit
500aa81ce2
@ -1,5 +1,5 @@
|
|||||||
<#
|
<#
|
||||||
Backup_AdHoc.ps1
|
Backup_AdHoc_rclone_mail_fixed_v3_fix28_grantANY.ps1
|
||||||
Fix:
|
Fix:
|
||||||
- PowerShell è case-insensitive: le variabili locali "$files" sovrascrivevano "$Files" (hashtable globale).
|
- PowerShell è case-insensitive: le variabili locali "$files" sovrascrivevano "$Files" (hashtable globale).
|
||||||
Rinominati i locali in "$outFiles" e, in Write-Log, uso esplicito di $script:Files.Log per evitare collisioni.
|
Rinominati i locali in "$outFiles" e, in Write-Log, uso esplicito di $script:Files.Log per evitare collisioni.
|
||||||
@ -450,47 +450,7 @@ function Get-OnlineUserDatabases {
|
|||||||
Log-SqlcmdArgsSafe -Args $sqlArgs
|
Log-SqlcmdArgsSafe -Args $sqlArgs
|
||||||
$res = @(& $SqlcmdExe @sqlArgs 2>$null)
|
$res = @(& $SqlcmdExe @sqlArgs 2>$null)
|
||||||
if ($LASTEXITCODE -ne 0) { throw "sqlcmd fallito nell'enumerazione DB." }
|
if ($LASTEXITCODE -ne 0) { throw "sqlcmd fallito nell'enumerazione DB." }
|
||||||
|
$names = @()
|
||||||
|
|
||||||
function Ensure-BackupGrants-ForSystem {
|
|
||||||
param([string]$SqlcmdExe, [string[]]$DbList)
|
|
||||||
|
|
||||||
# Concede BACKUP DATABASE / BACKUP LOG a 'NT AUTHORITY\SYSTEM' su TUTTI i DB utente.
|
|
||||||
# Nota: è idempotente e viene eseguito prima del backup.
|
|
||||||
try {
|
|
||||||
if (-not $SqlcmdExe) { $SqlcmdExe = Resolve-Sqlcmd }
|
|
||||||
if (-not $DbList -or @($DbList).Count -eq 0) { return }
|
|
||||||
|
|
||||||
foreach ($db in @($DbList)) {
|
|
||||||
$sql = @"
|
|
||||||
USE [$db];
|
|
||||||
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = N'NT AUTHORITY\SYSTEM')
|
|
||||||
CREATE USER [NT AUTHORITY\SYSTEM] FOR LOGIN [NT AUTHORITY\SYSTEM];
|
|
||||||
GRANT BACKUP DATABASE TO [NT AUTHORITY\SYSTEM];
|
|
||||||
GRANT BACKUP LOG TO [NT AUTHORITY\SYSTEM];
|
|
||||||
"@
|
|
||||||
|
|
||||||
$tmpSql = Join-Path $Paths.SqlStage ("grant_system_{0}.sql" -f $db)
|
|
||||||
$sql | Out-File -LiteralPath $tmpSql -Encoding ASCII -Force
|
|
||||||
|
|
||||||
$sqlArgs = Build-SqlcmdArgs -WindowsAuth:$SqlUseWindowsAuth -User $SqlUser -Password $SqlPassword -Instance $SqlInstance -InputFile $tmpSql
|
|
||||||
Log-SqlcmdArgsSafe -Args $sqlArgs
|
|
||||||
& $SqlcmdExe @sqlArgs
|
|
||||||
|
|
||||||
if ($LASTEXITCODE -ne 0) {
|
|
||||||
Write-Log WARN "Grant BACKUP fallito su DB [$db] (sqlcmd ExitCode=$LASTEXITCODE)."
|
|
||||||
} else {
|
|
||||||
Write-Log INFO "Concessi BACKUP DATABASE/LOG a NT AUTHORITY\\SYSTEM su [$db]."
|
|
||||||
}
|
|
||||||
|
|
||||||
Remove-Item -LiteralPath $tmpSql -Force -ErrorAction SilentlyContinue
|
|
||||||
}
|
|
||||||
} catch {
|
|
||||||
Write-Log WARN "Errore durante concessione GRANT BACKUP a NT AUTHORITY\\SYSTEM: $_"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$names = @()
|
|
||||||
foreach ($line in @($res)) {
|
foreach ($line in @($res)) {
|
||||||
$n = ($line | ForEach-Object { $_.Trim() })
|
$n = ($line | ForEach-Object { $_.Trim() })
|
||||||
if ($n) { $names += $n }
|
if ($n) { $names += $n }
|
||||||
@ -509,7 +469,34 @@ function Backup-SqlDatabases {
|
|||||||
|
|
||||||
$sqlcmd = Resolve-Sqlcmd
|
$sqlcmd = Resolve-Sqlcmd
|
||||||
if (-not $sqlcmd) { throw "sqlcmd.exe non trovato (PATH o Client Tools mancanti)." }
|
if (-not $sqlcmd) { throw "sqlcmd.exe non trovato (PATH o Client Tools mancanti)." }
|
||||||
Write-Log INFO "sqlcmd: $sqlcmd"
|
Write-Log INFO "sqlcmd: $sqlcmd
|
||||||
|
|
||||||
|
# --- PRE-FLIGHT: Concedi a NT AUTHORITY\SYSTEM il permesso server-level 'BACKUP ANY DATABASE' ---
|
||||||
|
try {
|
||||||
|
$sqlGrant = @"
|
||||||
|
USE master;
|
||||||
|
IF NOT EXISTS (SELECT 1 FROM sys.server_principals WHERE name = N'NT AUTHORITY\SYSTEM')
|
||||||
|
CREATE LOGIN [NT AUTHORITY\SYSTEM] FROM WINDOWS;
|
||||||
|
GRANT BACKUP ANY DATABASE TO [NT AUTHORITY\SYSTEM];
|
||||||
|
"@
|
||||||
|
$tmpGrant = Join-Path $Paths.SqlStage "grant_SYSTEM_server.sql"
|
||||||
|
$sqlGrant | Out-File -LiteralPath $tmpGrant -Encoding ASCII -Force
|
||||||
|
|
||||||
|
$grantArgs = Build-SqlcmdArgs -WindowsAuth:$SqlUseWindowsAuth -User $SqlUser -Password $SqlPassword -Instance $SqlInstance -InputFile $tmpGrant
|
||||||
|
Log-SqlcmdArgsSafe -Args $grantArgs
|
||||||
|
& $sqlcmd @grantArgs
|
||||||
|
if ($LASTEXITCODE -ne 0) {
|
||||||
|
Write-Log WARN "Grant server-level BACKUP ANY DATABASE a NT AUTHORITY\\SYSTEM fallito (ExitCode=$LASTEXITCODE)."
|
||||||
|
} else {
|
||||||
|
Write-Log INFO "Concesso BACKUP ANY DATABASE a NT AUTHORITY\\SYSTEM (server-level)."
|
||||||
|
}
|
||||||
|
Remove-Item -LiteralPath $tmpGrant -Force -ErrorAction SilentlyContinue
|
||||||
|
} catch {
|
||||||
|
Write-Log WARN "Errore durante il pre-flight GRANT BACKUP ANY DATABASE a SYSTEM: $_"
|
||||||
|
}
|
||||||
|
# --- FINE PRE-FLIGHT ---
|
||||||
|
|
||||||
|
"
|
||||||
|
|
||||||
$dbList = @()
|
$dbList = @()
|
||||||
if (@($DbInclude).Count -gt 0) {
|
if (@($DbInclude).Count -gt 0) {
|
||||||
@ -526,7 +513,6 @@ function Backup-SqlDatabases {
|
|||||||
return $null
|
return $null
|
||||||
}
|
}
|
||||||
Write-Log INFO ("DB trovati: " + (@($dbList) -join ', '))
|
Write-Log INFO ("DB trovati: " + (@($dbList) -join ', '))
|
||||||
Ensure-BackupGrants-ForSystem -SqlcmdExe $sqlcmd -DbList $dbList
|
|
||||||
|
|
||||||
$bakPaths = @()
|
$bakPaths = @()
|
||||||
foreach ($db in @($dbList)) {
|
foreach ($db in @($dbList)) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user