I want to run python script (test.py) using STAF using below command but getting Retrun code 1
H:\>STAF 192.168.252.81 process START SHELL COMMAND "python /opt/test/test.p
" PARAMS "3344" wait returnstdout
Response
--------
{
Return Code: 1
Key : <None>
Files : [
{
Return Code: 0
Data :
}
]
}
Check that the remote machine is on trust list, then try it without "PARAMS" or hardcode the value inside your python script.
Related
When trying to pass through build.ID to shell-local post processor the evaluate string in the post processor is ERR_ID_NOT_IMPLEMENTED_BY_BUILDER I am using vsphere-iso.
The docs mention
Here is the list of available build variables:
ID: Represents the VM being provisioned. For example, in Amazon it is the instance ID; in DigitalOcean, it is the Droplet ID; in VMware, it is the VM name.
So I assumed it was supported with vsphere-iso?
Basically I am trying to passthrough the evaluated vm/template name through to a post powershell post processor.
Here is the post processor config:
post-processor "shell-local" {
environment_vars = [
"VCENTER_USER=${var.vsphere_username}",
"VCENTER_PASSWORD=${var.vsphere_password}",
"VCENTER_SERVER=${var.vsphere_endpoint}",
"TEMPLATE_NAME=${build.ID}",
"TEMPLATE_UUID=${local.build_uuid}",
]
env_var_format = "$env:%s=\"%s\"; "
execute_command = ["${var.common_post_processor_cli}.exe", "{{.Vars}} {{.Script}}"]
script = "scripts/windows/cleanup.ps1"
}
Here is the post processor script
param(
[string]
$TemplateName = $env:TEMPLATE_NAME
)
Write-Host $TemplateName
Here is the result logged to the console
==> vsphere-iso.windows-server-standard-dexp (shell-local): Running local shell script: scripts/windows/cleanup.ps1
vsphere-iso.windows-server-standard-dexp (shell-local): ERR_ID_NOT_IMPLEMENTED_BY_BUILDER
Currently working on a AWS Lambda function to execute shell script (with arguments) remotely on EC2 instance.
Shell script argument values are stored as environment variables in Lambda.
How to reference the env variables of Lambda inside SSM send command?
Have a code snippet like this: (but it doesn't work)
response = ssm_client.send_command(
InstanceIds=instances,
DocumentName="AWS-RunShellScript",
Parameters={
"commands": ["sh /bin/TEST/test.sh -v {{os.environ:tar_version}}"]
},
OutputS3BucketName="tar",
OutputS3Region="eu-west-1"
)
Request you to please help me here.
Thanks
All you need to do is simple string formatting. Using Python's f-strings:
import os
tar_version = os.environ['TAR_VERSION']
response = ssm_client.send_command(
InstanceIds=instances,
DocumentName="AWS-RunShellScript",
Parameters={
"commands": [f"sh /bin/TEST/test.sh -v {tar_version}"]
},
OutputS3BucketName="tar",
OutputS3Region="eu-west-1"
)
In AWS SSM, I use RunRemoteScript document to run a PowerShell script to install some software on SSM managed instances. The script is hosted in a public accessible S3 bucket.
The RunCommand works fine with the script not taking any parameters. Software was successfully deployed to managed instances. But my script has a unique CID embedded in the code. For security reasons, I need to take it out and set it as a parameter for the PS script. Ever since then, the RunCommand just keeps failing.
My script looks like below (with parameter CID):
param (
[Parameter(Position = 0, Mandatory = 1)]
[string]$CID
)
Start-Transcript -Path "$([System.Environment]::GetEnvironmentVariable('TEMP','Machine'))\app_install.log" -Append
function Install-App {
<#
Installs App
#>
[CmdletBinding()]
[OutputType([PSCustomObject])]
param (
[Parameter(Position = 0, Mandatory = 1)]
[string]$msiURL,
[Parameter(Position = 2, Mandatory = 1)]
[string]$InstallCheck,
[Parameter(Position = 3, Mandatory = 1)]
[string]$CustomerID
)
if ( -not(Test-Path $installCheck)) {
# Do stuff
...
}
else {
Write-Host ("$installCheck - Already Installed")
Return "Already Installed, Skipped $(($msiURL -split '([^\\/]+$)')[1])"
}
}
Install-App -msiURL "https://s3.amazonaws.com/app.foo.com/Windows/app.exe" -InstallCheck "C:\Program Files\App\app.exe" -CustomerID $CID
Stop-Transcript
By following AWS SSM documentation below, I run the command below to kick off the RunCommand.
https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-remote-scripts.html
aws ssm send-command --document-name "AWS-RunRemoteScript" --targets "Key=instanceids,Values=mi-abc12345"
--parameters '{"sourceType":["S3"],"sourceInfo":["{\"path\": "https://s3.amazonaws.com/app.foo.com/Windows/app_install.ps1\"}"],"commandLine":["app_install.ps1 abcd123456"]}'
The RunCommand keeps failing with error below:
----------ERROR-------
app_install.ps1 : The term 'app_install.ps1' is not recognized
as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\ProgramData\Amazon\SSM\InstanceData\mi-abcd1234\document\orchest
ration\a6811111d-c411-411-a222-bad123456\runPowerShellScript\_script.ps1:4
char:2
+ app_install.ps1 abcd123456
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (app_install.ps1:String)
[], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
failed to run commands: exit status 255
I suspect this is to do with the way how RunCommand handles the argument for the PowerShell script. But I cannnot find any examples other than the official document, which I followed. Anyone can point out what the issue is here?
BTW, I already tried putting the ps1 after ".\" without luck.
I found out the cause of the issue. The IAM role attached to the instance did not have sufficient rights to access the S3 bucket holds the script. As a result SSM wasn't able to download the script to the instance, hence the error "...ps1 is not recognized".
So it's not related to the code actually.
I built a native java AWS Lambda function using Graal and Micronaut as explained here
After deploying it to AWS Lambda (custom runtime), I can't successfully execute it.
The error that AWS shows is:
{
"errorType": "Runtime.ExitError",
"errorMessage": "RequestId: 9a231ad9-becc-49f7-832a-f9088f821fb2 Error: Runtime exited with error: exit status 1"
}
The AWS log output is:
START RequestId: 9a231ad9-becc-49f7-832a-f9088f821fb2 Version: $LATEST
01:13:08.015 [main] INFO i.m.context.env.DefaultEnvironment - Established active environments: [ec2, cloud, function]
Error executing function (Use -x for more information): Error decoding JSON stream for type [request]: No content to map due to end-of-input
at [Source: (BufferedInputStream); line: 1, column: 0]
END RequestId: 9a231ad9-becc-49f7-832a-f9088f821fb2
REPORT RequestId: 9a231ad9-becc-49f7-832a-f9088f821fb2 Duration: 698.31 ms Billed Duration: 700 ms Memory Size: 512 MB Max Memory Used: 54 MB
RequestId: 9a231ad9-becc-49f7-832a-f9088f821fb2 Error: Runtime exited with error: exit status 1
Runtime.ExitError
But when I test it locally using
echo '{"value":"testing"}' | ./server
I got
01:35:56.675 [main] INFO i.m.context.env.DefaultEnvironment - Established active environments: [function]
{"value":"New value: testing"}
The function code is:
#FunctionBean("user-data-function")
public class UserDataFunction implements Function<UserDataRequest, UserData> {
private static final Logger LOG = LoggerFactory.getLogger(UserDataFunction.class);
private final UserDataService userDataService;
public UserDataFunction(UserDataService userDataService) {
this.userDataService = userDataService;
}
#Override
public UserData apply(UserDataRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("Request: {}", request.getValue());
}
return userDataService.get(request.getValue());
}
}
And the UserDataService is:
#Singleton
public class UserDataService {
public UserData get(String value) {
UserData userData = new UserData();
userData.setValue("New value: " + value);
return userData;
}
}
To test it on AWS console, I configured the following test event:
{ "value": "aws lambda test" }
PS.: I uploaded to AWS Lambda a zip file that contains the "server" and the "bootstrap" file to allow the "custom runtime" as explained before.
What I'm doing wrong?
Thanks in advance.
Tiago Peixoto.
EDIT: added the lambda test event used on AWS console.
Ok, I figured it out. I just changed the bootstrap file from this
#!/bin/sh
set -euo pipefail
./server
to this
#!/bin/sh
set -euo pipefail
# Processing
while true
do
HEADERS="$(mktemp)"
# Get an event
EVENT_DATA=$(curl -sS -LD "$HEADERS" -X GET "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next")
REQUEST_ID=$(grep -Fi Lambda-Runtime-Aws-Request-Id "$HEADERS" | tr -d '[:space:]' | cut -d: -f2)
# Execute the handler function from the script
RESPONSE=$(echo "$EVENT_DATA" | ./server)
# Send the response
curl -X POST "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/$REQUEST_ID/response" -d "$RESPONSE"
done
as explained here
I am trying to run the ciphertool.sh -Dconfigure command to encrypt the passwords in my WSO2 Identity Server.
I have gone through the usual process of running the command, then entering the keystore password when prompted. Ex:
>./ciphertool.sh -Dconfigure
BUILD SUCCESSFUL
Total time: 20 seconds
Using CARBON_HOME: C:\Program Files\WSO2\Identity Server\5.7.0
Using JAVA_HOME: C:\Program Files\Java\jdk1.8.0_181
[Please Enter Primary KeyStore Password of Carbon Server : ]
I want to make the process more automated and include the keystore password of the Carbon Server when running the ciphertool.sh -Dconfigure command, NOT when the prompt is shown.
I know that you can leverage the password-tmp file when DECRYPTING passwords as described here: https://docs.wso2.com/display/Carbon440/Resolving+Encrypted+Passwords
This lets you skip the step where the password is prompted. Can we do something similar when ENCRYPTING passwords?
Things I have tried:
The "yes" command: yes PASSWORD| $WSO2IS_HOME/bin/ciphertool.sh -Dconfigure
Using "echo": echo PASSWORD | $WSO2IS_HOME/bin/ciphertool.sh -Dconfigure
Redirecting from a file: $WSO2IS_HOME/bin/ciphertool.sh -Dconfigure < PASSWORD.txt
Every time I run these command, the ciphertool script doesn't seem to pick up on the password I am trying to pass in. The error looks like this:
Exception in thread "main" org.wso2.ciphertool.exception.CipherToolException: String cannot be null
at org.wso2.ciphertool.utils.Utils.getValueFromConsole(Utils.java:54)
at org.wso2.ciphertool.utils.KeyStoreUtil.initializeCipher(KeyStoreUtil.java:48)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:53)
Turns out WSO2 IS supports this. I wasn't able to find it documented anywhere though.
The initialize() method in CipherTool.java (https://github.com/wso2/cipher-tool/blob/master/components/ciphertool/src/main/java/org/wso2/ciphertool/CipherTool.java) has this code
private static void initialize(String[] args) {
String property;
for (String arg : args) {
if (arg.equals("-help")) {
printHelp();
System.exit(0);
} else if (arg.substring(0, 2).equals("-D")) {
property = arg.substring(2);
if (property.equals(Constants.CONFIGURE)) {
System.setProperty(property, Constants.TRUE);
} else if (property.equals(Constants.CHANGE)) {
System.setProperty(property, Constants.TRUE);
} else if (property.length() >= 8 && property.substring(0, 8).equals(Constants.CONSOLE_PASSWORD_PARAM)) {
System.setProperty(Constants.KEYSTORE_PASSWORD, property.substring(9));
} else {
System.out.println("This option is not define!");
System.exit(-1);
}
}
}
Utils.setSystemProperties();
}
Constants.CONSOLE_PASSWORD_PARAM is "password".
So the command to pass in the keystore password would look like this:
>./ciphertool.sh -Dconfigure -Dpassword=MY_PASSWORD