pexpect kind of operation with ansible - ansible

I am looking to automate an interactive install process with ansible. This install does not have a silent install option or does not take command line arguments for the interactive questions. The question involve setting a folder location, making sure folder location is right etc for which answers might be default or custom.
I looked into the expect module of ansible but seems like it does not solve my purpose.
- expect:
command: passwd username
responses:
(?i)password: "MySekretPa$$word"
I don't need the command but it's required. Instead I am looking for something that could regex Are you sure you want to continue [y|n]? [n]: for which I want to send the default out By sending return or typing n as a response and for example Backup directory [/tmp] for which the response would be Carriage return.

I don't need the command but it's required. Instead I am looking for something that could regex Are you sure you want to continue [y|n]? [n]:
The module requires a command because you have to run something to get any output.
You obviously do have a command in mind, because you've run it manually and seen the output it produces. That's what you should be plugging into the module.
Alternatively, you can write a pexpect script yourself and use the command or shell modules to run it.

I've figured out a way that works for me. I piped in the arguments to the shell script which when run manually needs the answers. Like ./shell.sh <<< 'answer1\nanswer2\n' which works perfectly for me. This I have added to the task.

Related

Ansible response file for bash script

I have a Ansible playbook that downloads a DB2.tar.gz archive from Artifactory repo, unarchive and installs it on a remote server.
The problem is that the installer uses a bash script, and asks me a bunch of stuff. I need to install it quietly download-unarchive-install it on the server, without the need of a user input or any sort of output (there will be one in a file).
Someone told me that i need to first install it manually so that the i get a response file with the answers and questions, which then i need to convert it into a response file for Ansible. And i have no idea how to do this. Can you guys give me a hand on that? The entire playbook is done, I just need to sort this thing out and I don't know if I need to use a .yml file or .sh , another module or anything in Ansible.
Thank you !
Can you edit the script? Maybe try this -
exec < response.file
Just put the responses in order in the file on lines of their own.
Try this test as an example:
echo "yes
no
maybe">r
then create a tst script
exec <r
while read
do echo $REPLY
done
run ./tst, it should spit out the content of r.
# ./tst
yes
no
maybe

Using Ansible, what is preferable way to check the presence of particular command in user's PATH?

Let say you want to determine whether the user 'abc' has the command 'command_abc' in user's PATH. What's the best way to do that kind of check?
Is there anything better than to just use shell module and execute something like
sudo su abc which command_abc && echo 'ok'
[edit]
The only direct way I'm aware of is yours. But I would use become_user statements and the command module.
Hope that helps.
[old answer, but not the point of your question]
I would check if the path to the binary is set for him in .bashrc or .profile with lineinfile. After that a check for the right permissions on the binary should be enough, probably with the stat or file module. That way you have tested it too, but without the need of shell scripts.

How Secure is using execFile for Bash Scripts?

I have a node.js app which is using the child_process.execFile command to run a command-line utility.
I'm worried that it would be possible for a user to run commands locally (a rm / -rf horror scenario comes to mind).
How secure is using execFile for Bash scripts? Any tips to ensure that flags I pass to execFile are escaped by the unix box hosting the server?
Edit
To be more precise, I'm more wondering if the arguments being sent to the file could be interpreted as a command and executed.
The other concern is inside the bash script itself, which is technically outside the scope of this question.
Using child_process.execFile by itself is perfectly safe as long as the user doesn't get to specify the command name.
It does not run the command in a shell (like child_process.exec does), so there is no need to escape anything.
child_process.execFile will execute commands with the user id of the node process, so it can do anything that user could do, which includes removing all the server files.
Not a good idea to let user pass in command as you seem to be implying by your question.
You could consider running the script in a sandbox by using chroot, and limiting the commands and what resides on the available file system, but this could get complet in a hurry.
The command you pass will get executed directly via some flavor of exec, so unless what you trying to execute is a script, it does not need to be escaped in any way.

Is there a way to add to OS X's install.log from within a shell script?

Is there a way to add an entry to OS X's /var/log/install.log file from within a shell script?
Optimally the method wouldn't require root access as I don't think I'll have it.
The problem I'm having is I'm executing a shell script as part of an installation-check (p15 of Apple's Distribution Definition XML Schema) step from within an OS X installer package via the Javascript System.run() command (p30 of Apple's Installer Javascript Reference), but I can't see any output from that shell script.
I know the shell script is executing, because when I use the "logger" command from within the script, my log text appears inside /var/log/system.log. But in order to get a complete picture of what's going on, I'd need to merge it by hand with /var/log/install.log, which is where the general output of the installer, and any Javascript logging I do, ends up.
Any help would be appreciated. I've tried using the "logger" command's -f flag to use /var/log/install.log, e.g.
logger -f /var/log/install.log sometext
...but no dice; sometext still gets added to /var/log/system.log.
Read up on bash scripting.
You can add a line to a file like this
echo "My line here" >> /var/log/system.log
If it gives a Permission denied error, you need root access.
OK. Long time passed, and I found out the following.
In normal scenarios, anything written by pre and post install scripts (mine are python and bash) to stdout will be logged by the installer daemon to the /var/log/install.log. I experimented various tools to create my installer packages, and they usually did this.
However, in my own deployment installer, for some reason, only things written to stderr get logged to the /var/log/install.log - so you might want to try that too.
A little late, but just had the same problem and was able to add logs to install.log from AppleScript using logger with the LOG_INSTALL facility:
logger -p 'install.error' "My error message"
That's not an answer per se, but maybe a hint? Installer man pages mention a "LOG_INSTALL facility", whose output is the desired /var/log/install.log
But what is this "facility" and where is it available - I can't find. I really need to write my pre/post script failures and specific scenarios to that log.

how to invoke ruby script containing system command with cron job?

I have a ruby script containing system command like http://gist.github.com/235833, while I ran this script from shell, it works correctly, but when I added it to my cron job list, it doesn't work any more, the cron job is like:
10/* * * * * cd /home/hekin; /usr/bin/ruby my_script.rb
any idea what's going wrong with what i've done? Thank you.
Thank you all for your answers.
It's my mistake.
Since I'm using ssh key forwarding on the local machine, while I executed the script from the shell, the ssh key forwarding related environment variables are all sitting there, but from cron job context, those environment variables are missing.
Try to separate the things that might go wrong. The ones I can think of are:
The cron syntax - is the time value given legal and fitting your shell?
Permissions - execute permissions and read permissions for the relevant directory and file
Quoting - what scope does cron cover? Does it run only the first command?
In order to dissect this, I suggest you first run a really simple cron job, like 'ls'. Next run a single-liner script. Next embed your commands in a shell-script file. Somewhere along these lines you should find the problem.
The problem is your environment. While testing in your shell its fully equipped and boosted by your shell environment. While running under cron its very, very stripped down.
Where is the destination "." for your script? I guess it will be "/" and may not "$HOME" thus your script won't be able to write at that location and fails. Try using an absolut path for the destination.

Resources