I have a scenario to automate the manual build update process via shell script on multiple VM nodes.
For the same, I am trying the below sample script to first ssh into the instance and then switch to root user to perform the further steps like copying the build to archives directory under /var and then proceed with the later steps.
Below is the sample script,
#!/bin/sh
publicKey='/path/to/publickey'
buildVersion='deb9.deb build'
buildPathToStore='/var/cache/apt/archives/'
pathToHomedir='/home'
script="whoami && pwd && ls -la && whoami && mv ${buildVersion} ${buildPathToStore} && find ${buildPathToStore} | grep deb9"
for var in "$#"
do
copyBuildPath="${publicKey} ${buildVersion} ${var}:/home/admin/"
echo "copy build ==>" ${copyBuildPath}
scp -r -i ${copyBuildPath}
ssh -i $publicKey -t $var "sudo su - & ${script}; " # This shall execute all commands as root
done
So the CLI stats for the above script are something like this
admin //this is the user check
/home/admin
total 48
drwxr-xr-x 6 admin admin 4096 Dec 6 00:28 .
drwxr-xr-x 6 root root 4096 Nov 17 14:07 ..
drwxr-xr-x 3 admin admin 4096 Nov 17 14:00 .ansible
drwx------ 2 admin admin 4096 Nov 23 18:26 .appdata
-rw------- 1 admin admin 5002 Dec 6 17:47 .bash_history
-rw-r--r-- 1 admin admin 220 May 16 2017 .bash_logout
-rw-r--r-- 1 admin admin 3506 Jun 14 2019 .bashrc
-rw-r--r-- 1 admin admin 675 May 16 2017 .profile
drwx------ 4 admin admin 4096 Nov 23 18:26 .registry
drwx------ 2 admin admin 4096 Jun 21 2019 .ssh
-rw-r--r-- 1 admin admin 0 Dec 6 19:42 testFile.txt
-rw------- 1 admin admin 2236 Jun 21 2019 .viminfo
admin
If I use sudo su -c and remove &
like:
ssh -i $publicKey -t $var "sudo su -c ${script}; "
Then for once whoami returns the user as root but the working directory still prints as /home/admin instead of /root
And the next set of commands are still accounted for admin user rather than the root. So the admin user do not have the privileges to move the build to archive directory and install the build.
Using & I want to ensure that the further steps are being done in the background.
Not sure how to proceed ahead with this. Good suggestions are most welcome right now :)
"sudo su - & ${script}; "
expands to:
sudo su - & whoami && pwd && ...
First sudo su - is run in the background. Then the command chain is executed.
sudo su -c ${script};
expands to:
sudo su -c whoami && pwd && ...
So first sudo su - whoami is executed, which runs whoami as root. Then if this command is successful, then pwd is executed. As normal user.
It is utterly hard to correctly pass commands to execute on remote site using ssh. It is increasingly hard to do it with sudo su - the command will be triple (or twice?) word splitted - one time by ssh, then by the shell, then by the shell run by sudo su.
If you do not need interactive communication, it's best to use a here document with -s shell option, something along (untested):
# DO NOT store commands to use in a variable.
# or if you do and you know what you are doing, properly quote it (printf "%q ") and run it via eval
script() {
set -euo pipefail
whoami
pwd
ls -la
whoami
mv "$buildVersion" "$buildPathToStore"
find "$buildPathToStore" | grep deb9
}
ssh ... "sudo bash -s" <<EOF
echo "Yay! anything here!"
echo "Note that here document delimiter is not quoted!"
$(
# safely import context to work with
# note how command substitution is executed on host side
declare -f script
# pass variables too!
declare -p buildVersion buildPathToStore buildPathToStore
)
script
EOF
When you use su alone it keeps you in your actual directory, if you use su - it simulates the root login.
You should write : su - root -c ${script};
Related
My goal is to have Jenkins 2 execute alpha integration tests between an express js app and a postgres db. I am to spin up containerized resources locally and test successfully with bash scripts that employ docker-compose. The relevant bash script is scripts/docker/dockerRunTest.sh.
However, when I try to do the same thing via Jenkins, Jenkins claims that the initiating script is not found.
Jenkinsfile
stage('Alpha Integration Tests') {
agent {
docker {
image 'tmaier/docker-compose'
args '-u root -v /var/run/docker.sock:/var/run/docker.sock --network host'
}
}
steps {
sh 'ls -lah ./scripts/docker/'
sh './scripts/docker/dockerRunTest.sh'
}
}
Output
+ ls -lah ./scripts/docker/
total 36
drwxr-xr-x 2 root root 4.0K Jan 26 21:31 .
drwxr-xr-x 6 root root 4.0K Jan 26 20:54 ..
-rwxr-xr-x 1 root root 2.2K Jan 26 21:31 docker.lib.sh
-rwxr-xr-x 1 root root 282 Jan 26 21:31 dockerBuildApp.sh
-rwxr-xr-x 1 root root 289 Jan 26 21:31 dockerBuildTestRunner.sh
-rwxr-xr-x 1 root root 322 Jan 26 21:31 dockerDown.sh
-rw-r--r-- 1 root root 288 Jan 26 21:31 dockerRestart.sh
-rwxr-xr-x 1 root root 482 Jan 26 21:31 dockerRunTest.sh
-rwxr-xr-x 1 root root 284 Jan 26 21:31 dockerUp.sh
+ ./scripts/docker/dockerRunTest.sh
/var/jenkins_home/workspace/project-name#2#tmp/durable-9ac0d23a/script.sh: line 1: ./scripts/docker/dockerRunTest.sh: not found
ERROR: script returned exit code 127
The file clearly exists per the ls output. I have some hazy idea that there may be some conflict between how shell scripts and bash scripts work, but I cannot quite grasp the nuance in how Jenkins is not able to execute a script that clearly exists.
edit (including script contents):
dockerRunTest.sh
#!/bin/bash
MY_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd -P )"
MY_DIR="${MY_DIR:?}"
SCRIPTS_DIR="$(realpath "${MY_DIR}/..")"
ROOT_DIR="$(realpath "${SCRIPTS_DIR}/..")"
TEST_DIR="${ROOT_DIR}/test/integration"
SRC_DIR="${ROOT_DIR}/src"
REPORTS_DIR="${ROOT_DIR}/reports"
. "${SCRIPTS_DIR}/docker/docker.lib.sh"
dockerComposeUp
dockerExecuteTestRunner
dockerComposeDown
docker.lib.sh
#!/bin/bash
CURRENT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd -P )"
CURRENT_DIR="${CURRENT_DIR:?}"
SCRIPTS_DIR="$(realpath "${CURRENT_DIR}/..")"
ROOT_DIR="$(realpath "${SCRIPTS_DIR}/..")"
. "${SCRIPTS_DIR}/lib.sh"
dockerComposeUp() {
docker-compose build --no-cache
docker-compose up --detach --force-recreate
DC_CODE=$?
if [ ${DC_CODE} -ne 0 ]; then
# Introspection
docker-compose logs
docker-compose ps
exit ${DC_CODE}
fi
}
dockerComposeDown() {
# docker-compose rm: Removes stopped service containers.
# -f, --force - Don't ask to confirm removal.
# -s, --stop - Stop the containers, if required, before removing.
# -v - Remove any anonymous volumes attached to containers.
docker-compose rm --force --stop -v
}
dockerComposeRestart() {
dockerComposeDown
dockerComposeUp
}
dockerBuildTestRunner() {
docker build -f test/Dockerfile -t kwhitejr/botw-test-runner .
}
dockerExecuteTestRunner() {
IMAGE_NAME="kwhitejr/botw-test-runner"
echo "Build new ${IMAGE_NAME} image..."
dockerBuildTestRunner
echo "Run ${IMAGE_NAME} executable test container..."
docker run -it --rm --network container:api_of_the_wild_app_1 kwhitejr/botw-test-runner
}
tmaier/docker-compose image doesn't have /bin/bash interpreter installed by default since latest tag is an alpine image [1, 2]. This can be confirmed by running:
$ docker run -it --rm tmaier/docker-compose bash
/usr/local/bin/docker-entrypoint.sh: exec: line 35: bash: not found
To get the script working, either install bash in the docker image using apk add bash or change the shebang to #!/bin/sh if the script can be run using ash shell (the default shell in busybox).
[1] https://github.com/tmaier/docker-compose/blob/b740feb61fb25030101638800a609605cfd5e96a/Dockerfile#L2
[2] https://github.com/docker-library/docker/blob/d94b9832f55143f49e47d00de63589ed41f288e7/18.09/Dockerfile#L1
I have the similar issue but in my case, it is because the shell script file has EOL in Windows format (if you open the file in the terminal using vi, you will see each line ends with ^M)
I can fix this using Notepad++ Edit -> EOL Conversion -> Unix (LF)
I have a bash script, create-file.sh, that creates a file named a:
$ cat create-file.sh
# /bin/bash
touch a
When I run the script it creates a file 'a' with my user as owner.
$ ./create-file.sh
$ ls -l
-rw-r--r-- 1 shai wheel 0 Aug 16 17:19 a
However when I run the script under sudo the file is created with root as user:
$ sudo ./create-file.sh
$ ls -l
-rw-r--r-- 1 root wheel 0 Aug 16 17:19 a
Is there a way to tell a script that runs under sudo to create the file with my user as owner?
you would be correct to say that a script that touches a single file does not need to run under sudo. This example is of course a reduction of the original problem, my script has much more and does need to run under sudo, but I still want the files to be created with my user as owner.
sudo exports the original username as SUDO_USER; you can chown to that.
#!/bin/bash
touch a
[[ $SUDO_USER ]] && chown "$SUDO_USER" a
Similarly, if your sudo configuration allows (as is default) root to drop privileges to any other user without an explicit password prompt, you can take advantage of that:
#!/bin/bash
# drop privileges back to non-root user if we got here with sudo
depriv() {
if [[ $SUDO_USER ]]; then
sudo -u "$SUDO_USER" -- "$#"
else
"$#"
fi
}
depriv touch a
I´m using lemonlatte / docker-webvirtmgr as base file, but the problem is that there are no ssh keys configured for the user www-data, so I wrote the following shell script:
#!/bin/sh
if [ ! -d "/var/local/webvirtmgr/nginxhome" ]; then
mkdir /var/local/webvirtmgr/nginxhome
chown -R www-data:www-data /var/local/webvirtmgr/nginxhome
usermod -d /var/local/webvirtmgr/nginxhome www-data
su - www-data -s /bin/bash -c "ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N ''"
su - www-data -s /bin/bash -c "touch /var/local/webvirtmgr/nginxhome/.ssh/config && echo -e 'StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null' >> /var/local/webvirtmgr/nginxhome/.ssh/config"
su - www-data -s /bin/bash -c "chmod 0600 ~/.ssh/config"
fi
After that I added the two statements to the dockerfile:
ADD setupssh.sh /webvirtmgr/setupssh.sh
RUN /bin/sh -c "/webvirtmgr/setupssh.sh"
I already tried CMD /webvirtmgr/setupssh.sh, RUN /webvirtmgr/setupssh.sh but with no success...
When I run the script inside the container by hand it is working fine.
What is wrong here?
greetings
UPDATE:
Here is the link to the repo of the maintainer: link
UPDATE 2:
The build of the dockerfile was successful and I put the statement between:
RUN apt-get -ys clean
<statements were here>
WORKDIR /
The directory /var/local/webvirtmgr is defined as a volume.
VOLUME /var/local/webvirtmgr
Therefore this directory is a mountpoint in the running container and what you have added to it gets overwritten.
You will have to use a different directory, then your script will work.
Here´s a Dockerfile to test it:
FROM lemonlatte/docker-webvirtmgr
RUN mkdir /var/local/webvirtmgr2
RUN touch /var/local/webvirtmgr2/t && touch /var/local/webvirtmgr/t
RUN ls -la //var/local/webvirtmgr
RUN ls -la /var/local/webvirtmgr2
Output:
Sending build context to Docker daemon 4.608 kB
Sending build context to Docker daemon
Step 0 : FROM lemonlatte/docker-webvirtmgr
---> 18e2839dffea
Step 1 : RUN mkdir /var/local/webvirtmgr2
---> Running in d7a1e897108e
---> cc029293525e
Removing intermediate container d7a1e897108e
Step 2 : RUN touch /var/local/webvirtmgr2/t && touch /var/local/webvirtmgr/t
---> Running in 1a1375651fa7
---> e314c2529d90
Removing intermediate container 1a1375651fa7
Step 3 : RUN ls -la //var/local/webvirtmgr
---> Running in 5228691c84f5
total 8
drwxr-xr-x 2 www-data www-data 4096 Jun 6 09:22 .
drwxr-xr-x 6 root root 4096 Jun 6 09:22 ..
---> ec4113936961
Removing intermediate container 5228691c84f5
Step 4 : RUN ls -la /var/local/webvirtmgr2
---> Running in a6d2a683391a
total 8
drwxr-xr-x 2 root root 4096 Jun 6 09:22 .
drwxr-xr-x 6 root root 4096 Jun 6 09:22 ..
-rw-r--r-- 1 root root 0 Jun 6 09:22 t
---> 3cb98c5c1baf
Removing intermediate container a6d2a683391a
Successfully built 3cb98c5c1baf
I have two shell scripts .
(working one)
$ cat script_nas.sh
#!/bin/bash
for i in `cat nas_filers`
do echo $i
touch /mnt/config-backup/nas_backup/$i.auditlog.0.$(date '+%Y%m%d')
ssh -o ConnectTimeout=5 root#$i rdfile /etc/configs/config_saved > /mnt/config-backup/nas_backup/$i.auditlog.0.$(date '+%Y%m%d')
done
other
(not working one)
$ cat script_san.sh
#!/bin/bash
for i in `cat san_filers`
do echo $i
touch /mnt/config-backup/san_backup/$i.auditlog.0.$(date '+%Y%m%d')
ssh -o ConnectTimeout=5 root#$i rdfile /etc/configs/config_saved > /mnt/config-backup/san_backup/$i.auditlog.0.$(date '+%Y%m%d')
done
Cron entries are:
$ crontab -l
Filers config save script
0 0 * * * /mnt/config-backup/script_san.sh
0 0 * * * /mnt/config-backup/script_nas.sh
0 0 * * * /mnt/config-backup/delete_file
Script script_san.sh is not working.
Outputs are like
SAN backup directory
san_backup]# ls -lart alln01-na-exch01a.cisco.com.auditlog*
-rw-r--r-- 1 root root 210083 Mar 1 22:24 alln01-na-exch01a.auditlog.0.20150301
[root#XXXXX san_backup]# pwd
/mnt/config-backup/san_backup
NAS backup directory
nas_backup]# ls -lart rcdn9-25f-filer43b.cisco.com.auditlog*
-rw-r--r-- 1 root root 278730 Feb 26 00:06 rcdn9-25f-filer43b.cisco.com.auditlog.0.20150226
-rw-r--r-- 1 root root 281612 Feb 27 00:17 rcdn9-25f-filer43b.cisco.com.auditlog.0.20150227
-rw-r--r-- 1 root root 284105 Feb 28 00:02 rcdn9-25f-filer43b.cisco.com.auditlog.0.20150228
-rw-r--r-- 1 root root 284101 Mar 1 00:02 rcdn9-25f-filer43b.cisco.com.auditlog.0.20150301
[root#XXXXXXX nas_backup]#
From cron logs I can see that cron is executing both the script but output for script_san.sh is not coming.
From my experience, most of the times script is working manually but not from crontab is because login scripts were not running. Try to add something like source ~/.bash_profile in the begging of script or first line in cron file. Did you try (for debugging) to run the script with at command?
I am using the Bash FTP command to ftp files, however i have a problem where i try to create a directory that is more than 2 folders deep. It works if i use two folders deep but if i go to three folders deep then it fails. For example:
mkdir foo/bar - this works
mkdir foo/bar/baz - this fails
I have also tried this:
mkdir -p foo/bar/baz - which didn't work, it ended up creating a '-p' directory
The shell script i am trying to run is actually quite simple but as you can see the directory structure is 3 folders deep and it fails to create the required folders:
#!/bin/bash
DIRECTORY="foo/bar/baz"
FILE="test.pdf"
HOST="testserver"
USER="test"
PASS="test"
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASS
mkdir $DIRECTORY
cd $DIRECTORY
binary
put $FILE
quit
END_SCRIPT
mkdir under ftp is implemented by the ftp server, not by calling /bin/mkdir no such options as -p,
what you should do is
mkdir foo
cd foo
mkdir bar
cd bar
mkdir baz
cd baz
If you still want your original construct, you can also do it like this:
#!/bin/bash
foo() {
local r
local a
r="$#"
while [[ "$r" != "$a" ]] ; do
a=${r%%/*}
echo "mkdir $a"
echo "cd $a"
r=${r#*/}
done
}
DIRECTORY="foo/bar/baz"
FILE="test.pdf"
HOST="testserver"
USER="test"
PASS="test"
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASS
$(foo "$DIRECTORY")
binary
put $FILE
quit
END_SCRIPT
Try lftp instead:
[dong#idc1-server1 ~]$ lftp sftp://idc1-server2
lftp idc1-server2:~> ls
drwxr-xr-x 3 dong dong 4096 Jun 16 09:11 .
drwxr-xr-x 18 root root 4096 Apr 1 22:25 ..
-rw------- 1 dong dong 116 Jun 16 09:28 .bash_history
-rw-r--r-- 1 dong dong 18 Oct 16 2013 .bash_logout
-rw-r--r-- 1 dong dong 176 Oct 16 2013 .bash_profile
-rw-r--r-- 1 dong dong 124 Oct 16 2013 .bashrc
drwx------ 2 dong dong 4096 Jul 24 2014 .ssh
lftp idc1-server2:~> mkdir a/b/c/d
mkdir: Access failed: No such file (a/b/c/d)
lftp idc1-server2:~> mkdir -p a/b/c/d
mkdir ok, `a/b/c/d' created