Develop Reference

PowerShell script to SSH to Multiple Linux devices and restart/reboot them

I am comfortable with writing single queries. I am new to writing bash scripts trying to automate the daily stuff. I need help on creating a PowerShell or bash script where I can SSH to multiple Linux devices with same SSH key and then reboot the devices.
I access linux devices manually with the following command in PowerShell
ssh -i C:\<path-to-the-private-key\test.ppk test#XX.X.X.XXX (X - IP Address)
Then I enter the following command
sudo reboot
It asks me to type the password and then restarts the device.
I have 100+ devices that I need to restart.
I can get a list of all IP address in a text file. How can we search for all the IP address in a text file, authenticate with the SSH private key and run the sudo command to restart the device?
Would it also be possible to throw a message if it was not able to restart a device?
Any help would be appreciated.
This is the script that I have.
testreboot.sh
#!/bin/bash
pw="test123"
hosts='IP.txt'
while read -r line; do {
/usr/bin/expect << EOF do
ssh test#"$hosts" 'sudo reboot'
expect "*?assword*"
send "%pw\r"
EOF
}
done < $hosts
IP.txt
XXX.XX.XX.XX
XXX.XX.XX.XX
XXX.XX.XX.XX
XXX.XX.XX.XX
I have Ubuntu 20.04 installed from Windows App Store. I am trying to run the testreboot.sh from PowerShell using the following command and get the following error message.
bash testreboot.sh
testreboot.sh: line 2: $'\r': command not found
testreboot.sh: line 3: $'\r': command not found
testreboot.sh: line 5: $'\r': command not found
testreboot.sh: line 16: syntax error near unexpected token `done'
testreboot.sh: line 16: `done < $hosts'

A better solution to this problem is to use something like Ansible, Chef, or Puppet to solve these multi-server coordination needs.

Here is an example in a shell script using expect to ssh to another server and login:
NOTE: When you use expect in this manner, you need to escape " and $ and
other items. If password has $, it must be escaped.
This is where after logging in and expect see a command prompt
For example:
44 [localhost.localdomain]/home/map%
This is where you would need to add sudo reboot command
-re \"$reg_ex_prompt\" {
}
Test Script:
#!/bin/sh
#
debug=0
exit_val=0
spawn_item="ssh"
destination="user_name#<IP of server to shh>"
reg_ex_prompt='\[%|>|\$|#\] $'
#
# Change -D 0 to -D 1 to debug interactivly
#
expect -D $debug -c "
spawn $spawn_item $destination
set ret 1
set timeout 20
expect {
timeout {
send_user \"Timeout reached!\"
exit \$ret
}
eof {
puts \"End of test connection reached!\"
if { \$ret == 0 } {
puts \"Connection test Successful!\"
puts \"Exiting $destination ...\"
} else {
puts \"Connection Failure!\"
}
exit \$ret
}
\"Connection refused\" {
puts \"ERROR: Trouble connecting to $device_type_parm destination $destination\"
puts \"Aborting...\"
exit \$ret
}
\"Permission denied\" {
puts \"ERROR: User name or password is incorrect for $destination\"
puts \"Aborting...\"
exit \$ret
}
\"Connection reset by peer\" {
puts \"ERROR: Trouble connecting to $destination\"
puts \"Aborting...\"
exit \$ret
}
\"you sure you want to continue connecting\" {
send \"yes\r\"
exp_continue
}
\"assword:\" {
puts \"\r\nSending password\"
send \"password\\\$\r\"
exp_continue
}
\"Choice? \" {
send \"1\r\"
exp_continue
}
\"Q. Quit\" {
send \"q\r\"
exp_continue
}
-re \"$reg_ex_prompt\" {
send \"sudo reboot\r\"
sleep 2
set ret 0
exit \$ret
}
interact
} "
# get the exit value from expect statment above
exit_val=$?

Unable to interpolate sensitive environment variables

I have a piece of code that runs like this
package core.jenkins
class Utils implements Serializable {
def script
Utils(script) {
this.script = script
}
def func() {
script.withCredentials([script.usernamePassword(credentialsId: 'chartmuseum-basic-auth', usernameVariable: 'USER', passwordVariable: 'PASSWORD')]) {
script.sh "helm repo add --username script.USER} --password ${script.PASSWORD} chartmuseum \"http://${chartmuseumHostname}:8080\""
}
}
The above works perfectly fine but I do not a warning
Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure.
Affected argument(s) used the following variable(s): [PASSWORD, USER]
See https://jenkins.io/redirect/groovy-string-interpolation for details.
+ helm repo add --username **** --password **** chartmuseum http://apps-chartmuseum.apps.svc.cluster.local:8080
So following the guide, Im doing the following
script.withCredentials([script.usernamePassword(credentialsId: 'chartmuseum-basic-auth', usernameVariable: 'USER', passwordVariable: 'PASSWORD')]) {
script.sh 'helm repo add --username $script.USER --password $script.PASSWORD chartmuseum "http://$chartmuseumHostname:8080"'
}
But running the variable values are not be properly substitured and I get
+ helm repo add --username .USER --password .PASSWORD chartmuseum http://:8080
Error: Looks like "http://:8080" is not a valid chart repository or cannot be reached: Get http://:8080/index.yaml: dial tcp :8080: connect: connection refused
So neither the credentials nor the value of the chartmuseumHostname variable is being substituted correctly. What am I missing here ?

Actuall withCredentials() creates a environment variable which you can access it from shell scripts.
See here: https://www.jenkins.io/doc/pipeline/steps/credentials-binding/
Try using directly the shell variables:
script.sh 'helm repo add --username $USER --password $PASSWORD chartmuseum "http://$chartmuseumHostname:8080"'

Just binding together the answers already on this post, the withCredentials makes it so that you should be able to use the variables directly (answer by #catalin), the single quotes make it so that jenkins should stop complaining about security and if you want to be extra careful, you can double quote the variable values as suggested in the docs for withCredentials.
This should give you something like this:
script.withCredentials([script.usernamePassword(credentialsId: 'chartmuseum-basic-auth',
usernameVariable: 'USER',
passwordVariable: 'PASSWORD')]) {
script.sh 'helm repo add --username "$USER" --password "$PASSWORD" chartmuseum "http://$chartmuseumHostname:8080"'
}
which still leaves us with the question of why you are calling things with the script. prefix as mentioned in the comments by #matt-schuchard.

I try using the suggestion by #Catalin (https://www.jenkins.io/doc/pipeline/steps/credentials-binding/ using directly the shell variables)
But for me adding double quotes inside single quotes doesn't work.
The only solution I found is taking the variables out of the single quotes like:
'myscript $secretvariable' + notsecretvariable
Examples:
Test1: Try using recommended solution (jenkins/#catalin)
Code:
sh label: 'Test1', script: 'echo this is a secret $docker_pwd this is not "$dockerRegistry"'
Result: variable dockerRegistry is not interpolated/resolved
15:50:43 [Pipeline] sh (Test1)
15:50:43 + echo this is a secret **** this is not ''
15:50:43 this is a secret **** this is not
Test2: Take non-sensitive variable out of the single quotes:
sh label: 'Test2', script: 'echo this is a secret $docker_pwd this is not' + dockerRegistry
Result: variable dockerRegistry is properlly resolved
15:50:44 [Pipeline] sh (Test2)
15:50:44 + echo this is a secret **** this is not my.repositories.xx
15:50:44 this is a secret **** this is not my.repositories.xx

docker -minio - The access key ID you provided does not exist in our records

I have a docker file that should wait for a database with wait_for_it.sh and run a minio server.
I read the secrets from run/secrets and creates the MINIO_SECRET_KEY and MINIO_ACCESS_KEY.
THE MINIO SERVER is up but I cannot connect with a minio client (js client) and I GOT the following error:
The access key ID you provided does not exist in our records
My client code:
const accessKey = fileService.readFile(configService.get('minio').access_key_file);
const secretKey = fileService.readFile(configService.get('minio').secret_key_file);
this.minioClient = new Minio.Client({
endPoint: configService.get('minio').host,
port: configService.get('minio').port,
useSSL: configService.get('minio').useSSL,
accessKey: accessKey.trim(),
secretKey: secretKey.trim()
});
my docker entry point (bash):
docker_secrets_env() {
ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE"
SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE"
if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
if [ -f "$ACCESS_KEY_FILE" ]; then
MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
export MINIO_ACCESS_KEY
fi
if [ -f "$SECRET_KEY_FILE" ]; then
MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
export MINIO_SECRET_KEY
fi
fi
}
docker_secrets_env
./wait-for-it.sh mongo:27017 --timeout=0 --strict -- \
minio server /data & \
thanks

Try to access it directly at localhost:9000 with your preset credentials,
if that doesn't work try default credentials :
user: minioadmin
PWD: minioadmin
if this works it means the docker image wasn't run properly.

How to pass Rundeck key storage to script

I created Rundeck Key storage and stored password in it
Then created Job option
Then in inline script i specified folowing (keys/JIRA is Rundeck password storage)
curl -XN -u user:keys/JIRA
But password is not passed and authnetication fails, what am i doing wrong ?

The password value will be expanded when it is passed to the script. Below is an example:
- description: ''
executionEnabled: true
id: 1f7f5312-0887-4841-a7ef-1c30f712f927
loglevel: INFO
name: How to pass Rundeck key storage to script
nodeFilterEditable: false
options:
- name: JiraPass
secure: true
storagePath: keys/jira.password
valueExposed: true
scheduleEnabled: true
sequence:
commands:
- args: ${option.JiraPass}
script: |
#!/usr/bin/env bash
jira_password=$1
echo curl -XN -u "user:$1"
keepgoing: false
strategy: node-first
uuid: 1f7f5312-0887-4841-a7ef-1c30f712f927

Unable to execute "hive -e 'select * from table" using .exec() method of simple-ssh npm module

I am unable to execute a hive -e command using simple-ssh module .exec() in nodejs.
I think there is a problem with the single/double quotes ' or ". I don't know which quote to put in what sequence. I tried a lot of combination, but none of them worked.
Here is the code below:
var runSSH(obj){
var ssh = new SSH({
host: remote1,
user: 'root',
timeout: 1500000,
key: require('fs').readFileSync("C:/Users/Aiman/Desktop/hRep_prv"),
agent: process.env.SSH_AUTH_SOCK,
agentForward: true
});
ssh.exec('timeout 900 ssh -i /root/rsaPrvtKeyPath/to/remoteHost2 '+remoteHost2+' \'for i in '+remote3+' '+remote4+'; do clush -w ${i} "hive -e \'select * from table_name limit 3;\'" done\' ',{
out: function(stdout) {
devHive_check += stdout;
obj.devHive_check = devHive_check;
console.log(stdout);
}
}) //-->not executing
.exec('timeout 300 ssh -i /root/rsaPrvtKeyPath/to/remoteHost2 '+remoteHost2+' \'for i in '+remote3+' '+remote4+'; do clush -w ${i} "ps -ef | grep HiveServer2"; done;\' ',{
out: function(stdout) {
devHS2_check += stdout;
obj.devHS2_check = devHS2_check;
console.log(stdout);
}
})//-->running fine
.exec('echo "parse and save"',{
out: function(){
parseData(obj);
ssh.end();
}
}).start(); //-->running fine
}
I am logging into remoteHost1, running a couple of shell scripts (which are runnig fine), then I am doing an ssh to remoteHost2 to check Hive (hive is running on remote3 and remote4).
HiveServer2 is running fine, but Hive isn't.
Please help me.

Its solved now.
Instead of the single quotes inside hive, it requires a doulbe quotes, i.e. instead line ssh.exec('timeout 900 ssh -i /root/rsaPrvtKeyPath/to/remoteHost2 '+remoteHost2+' \'for i in '+remote3+' '+remote4+'; do clush -w ${i} "hive -e \'select * from table_name limit 3;\'" done\' ',{
I did
ssh.exec('timeout 900 ssh -i /root/rsaPrvtKeyPath/to/remoteHost2 '+remoteHost2+' \'for i in '+remote3+' '+remote4+'; do clush -w ${i} "hive -e \\\"select * from table_name limit 3;\\\" " done\' ',{, and it worked.
Thanks #mscdex for your support.