How can I interact with a Vagrant shell provisioning script? - heroku

I have a shell provisioning script that invokes a command that requires user input - but when I run vagrant provision, the process hangs at that point in the script, as the command is waiting for my input, but there is nowhere to give it. Is there any way around this - i.e. to force the script to run in some interactive mode?
The specifics are that I creating a clean Ubuntu VM, and then invoking the Heroku CLI to download a database backup (this is in my provisioning script):
curl -o /tmp/db.backup `heroku pgbackups:url -a myapp`
However, because this is a clean VM, and therefore this is the first time that I have run an Heroku CLI command, I am prompted for my login credentials. Because the script is being managed by Vagrant, there is no interactive shell attached, and so the script just hangs there.

If you want to pass temporary input or variables to a Vagrant script, you can have them enter their credentials as temporary environment variables for that command by placing them first on the same line:
username=x password=x vagrant provision
and access them from within Vagrantfile as
$u = ENV['username']
$p = ENV['password']
Then you can pass them as an argument to your bash script:
config.vm.provision "shell" do |s|
s.inline: "echo username: $1, password: $2"
s.args: [$u, $p]
end
You can install something like expect in the vm to handle passing those variables to the curl command.

I'm assuming you don't want to hard code your credentials in plain text thus trying to force an interactive mode.
Thing is just as you I don't see such option in vagrant provision doc ( http://docs.vagrantup.com/v1/docs/provisioners/shell.html ) so one way or another you need to embed the authentication within your script.
Have you thought about using something like getting a token and use the heroku REST Api instead of the CLI?
https://devcenter.heroku.com/articles/authentication

Related

Bash Scripting with LastPass CLI

Edit: As of 01/31/2023 the scripts that I am using below ARE working. Any patterns of inconsistencies that I find I will report here. Would like to leave this open in case others have findings/advice they are interested in sharing in relation to bash scripting/LastPass CLI/WSL
I am looking to use the LastPass CLI to make some changes to Shared Sites within our LastPass enterprise. I was able to write the scripts (fortunately with some help from others on here), however I am unable to get the commands to work properly within a script.
One of the commands that I WAS having troubles with was lpass share create. This command worked directly from the command line, but I was unable to run this command within a script successfully. I have a very simple script, similar to the one below:
#!/bin/bash
folderpath=$1
lpassCreateStoreFolder(){
lpass share create "$folderpath"
}
lpassLogin(){
echo 'testPWD' | LPASS_DISABLE_PINENTRY=1 lpass login --trust --force tester#test.com
}
lpassLogin
lpassCreateStoreFolder
I've been invoking my script through the PowerShell command line like so:
wsl "path/to/script" "Shared-00 Test LastPass CLI"
Sometimes this command works within the script and other times it does not. When I tried running this script around mid December, I had no success at all. The script would run through all the way, the CLI would even give me a response
Folder Shared-00 Test LastPass CLI created.
and the LastPass Admin Console logs show me a report of "Create Shared Folder". The problem is when I go to my LastPass Vault, the Shared Folder was rarely/if ever created. Running the command without a script, directly from the command line worked almost 100% of the time. I initially chalked this up to inconsistencies on their end, but now I am experiencing these same problems with a different command.
Similarly I have been using the lpass edit command to make edits to sites within our LastPass vault. Once again, I have a relatively simple script to make the edit to the site:
#!/bin/bash
lpassId=$1
lpassSetNotes(){
printf "Notes:\n What are your notes?\nThese are my notes" | lpass edit --non-interactive --sync=now "$lpassId"
}
lpassLogin(){
echo 'testPWD' | LPASS_DISABLE_PINENTRY=1 lpass login --trust --force test#test.com
}
lpassLogin
lpassSetNotes
and have been invoking this script through Powershell like so:
wsl "path/to/script" "000LastPassID000"
like the lpass share create command, running the script does not produce the desired output. The script runs all the way through and my changes are reflected in the logs, but when I go to the vault the site itself is never changed. The command DOES however work when I run it from the command line directly within WSL.
I am relatively new to writing Bash scripts/the Linux operating system, so I'm not entirely sure if this something wrong on my end or just the vendor's tool that I am utilizing producing inconsistencies. Any help would be appreciated, I know this issue might be hard to replicate without a LastPass account
Example LastPass CLI calls that work directly from command line in WSL
lpass share create "Shared-00 Testing LastPass CLI"
printf "Notes:\n What are your notes?\nThese are my notes" | lpass edit --non-interactive --sync=now "$lpassId"
References
LastPass CLI
CLI Manual
CLI GitHub

How to know what initial commands being executed right after a SSH login?

I was provided a tool to do a SSH to a remote host. The remote host is a new docker to be created. I was trying to understand if there are commands being executed right after the SSH (i.e. probably using ssh -t <some commands>).
It seems like the .bash_history does not include those cmds. In such case, what else can I do to figure out what cmds being executed right after my login? Thank you.
To find out the actual commands that are executed, you could add "set -v" or "set -x" to the shell initialization file(s) on the system you are ssh-ing to.
See man bash (the "INVOCATION" section) to find out which files will executed so that you can figure out which file to add the "set" command to.
You will probably want to do that temporarily ... because the output is verbose.
Another approach would be to configure sshd to set the logging level to DEBUG and see what commands are requested. However, note that sshd DEBUG logging is a user privacy violation.
If you are trying to do this kind of stuff to find out what is happening on the first "boot" of a docker instance, try putting the (temporarily) config changes into the docker image that you are starting.
The bash history only contains command lines that are submitted to the shell via a shell command prompt.

How to automate Quay.io login in a shell script?

I've got a shell script that I use to configure my Ubuntu instance upon instantiation. One of the things I need to do is login to my Quay.io account so I can pull docker images from my private registry. Kinda like so:
Instance-Config.sh
#!/bin/bash
docker login quay.io -u 'myUserName' -p 'myPassword' -e 'me#mydomain.com'
docker run quay.io/myUserName/myContainerName
The above script works just fine when logging in to Dockerhub, but when I try to use it to login to Quay.io it produces prompts for the various arguments (-u, -p, -e) when it should automatically fill those from the arguments provided in the command.
How do I go about automating login for Quay.io?
I should note that I've already tried logging in, copying the contents of the ~/.dockercfg file and then trying to echo the resulting string into a new .dockercfg file in the Instance-Init.sh script but there must be a machine id or something in the auth token that's produced and placed in the .dockercfg file so the resulting login from one machine cannot be used on a new instance (which is probably a good thing).
Doi. You need to put the host argument at the end, like illustrated in their docs:
#!/bin/bash
docker login -u 'myUserName' -p 'myPassword' -e 'me#mydomain.com' quay.io
docker run quay.io/myUserName/myContainerName
Hopefully that'll help someone else save some time.

Continuing shell script execution after SSHing into guest machine?

I have an Ubuntu guest box setup on my Windows host using Vagrant and VirtualBox. I'm trying to write a shell script that will...
vagrant up
vagrant ssh once vagrant up is complete
cd into a specific project directory in the guest machine once successfully SSHed into the guest machine
Right now my vagrant_shell_script.sh file contains the following:
vagrant up && vagrant ssh && echo 'cd vagrant/rails_tutorial/sample_app'
Everything works fine when I execute it in Git Bash, up to and including connecting via SSH to the guest machine, however after it successfully connects, the script seems to stop working and does not execute the final cd command. I presume this is because it is no longer able to communicate directly with my host machine through that particular Bash instance (please correct me if I'm wrong).
Is there any way to have it navigate directly to the target directory once the SSH connection is successful?
Please forgive me if this is a dumb question--relatively new to bash scripting.
This solved it. It's kind of hacky, but running
vagrant up && vagrant ssh -- -t 'cd /vagrant/rails_tutorial/sample_app; /bin/bash' gets you in. For some reason vagrant keeps kicking you out if you don't launch the shell.
vagrant ssh -- allows you to pass commands into the SSH client. This is vagrant's own utility. The next flag, -t is an SSH flag and it allows SSH to execute certain commands before it hands control back to you. You put your command after the -t flag, but make sure to end it with <last command> ; /bin/bash so that it launches a shell for you and you don't get kicked out.
you can also use Heredoc to run the commands after you ssh by using something similar to this in your script:
# Use heredoc to send script over ssh
$ssh_cmd << 'END_DOC'
cd <path>
commands
exit
END_DOC
echo $ssh_cmd

Running interactive Bash commands over ssh

I am trying to automate my server provisioning process using chef. Since I don't want to run chef as root, I need a chef/deployer user. But I don't want to create this user manually. Instead, I want to automate this step. So I took a shot at scripting it but ran into an issue:
The problem is that if I run
>ssh root#123.345.345.567 '/bin/bash -e' < ./add_user.sh
where add_user contains
//..if the username doesnt exist already
adduser $USERNAME --gecos ''
I never see the output or the prompts of the command.
Is there a way to run interactive commands in this way?
Is there a better way to add users in an automated fashion?
Try this:
ssh -t root#<ipaddress> adduser $USERNAME --gecos
Not sure why you have a $ in the IP address in your original example - that's likely to cause ssh to fail to connect, but since you didn't indicate that sort of failure, I'm assuming that's just a typo.
Since add_user.sh is just a simple command, there's no need for the added complexity of explicitly running bash or the redirection, just run the adduser command via ssh.
And lastly, since $USERNAME is likely defined on the local end, and not on the remote end, even if you could get your original command to "do what you said", you'd end up running adduser --gecos on the remote end, which isn't what you intended.
Try using :
ssh -t root#$123.345.345.567 '/bin/bash -e' < ./add_user.sh
instead.

Resources