I'm trying to use SOPS to decrypt a file using Jenkins, using this command:
sops -k -d mysecret.yaml > out
But then I get this output and it waits till forever:
Vim: Warning: Output is not to a terminal
I've tried to export some env. vars, but I ended up with the same result
export TERM=xterm-256color
export EDITOR="/usr/bin/vim"
Can anyone please explain to me why that happens?
Update:
By using sops -k -d mysecret.yaml --output OUT with the above env. vars and now I can see file being decrypted but still vim process is not finish and the task stays forever.
I shouldn't use -k as a command argument after removing KMS ARN and replacing it with export SOPS_KMS_ARN="arn:aws:kms:us-east-1:xxxxxx:key/xxx-xxxx-xxxxx"
Correct command is:
export SOPS_KMS_ARN="arn:aws:kms:us-east-1:xxxxxx:key/xxx-xxxx-xxxxx
sops -d rsi-tls-cert.yaml | kubectl apply -f -
Related
I have an Alpine docker container and depending on how I connect using ssh the path is different. If I connect using a PTY shell:
ssh root#localhost sh -lc env | grep PATH
this prints:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
However if don't use this shell:
ssh root#localhost sh -c env | grep PATH
this prints:
PATH=/bin:/usr/bin:/sbin:/usr/sbin
Why is this happening? What do I need to do so that the second command produces the same output as the first command?
With sh -l you start a login shell:
When invoked as an interactive login shell, or a non-interactive shell with the --login option, it first attempts to read and execute commands from /etc/profile and ~/.profile, in that order. The --noprofile option may be used to inhibit this behavior.
...
A non-interactive shell invoked with the name sh does not attempt to read any other startup files.
From https://linux.die.net/man/1/sh
That is you can probably edit the profile files to make the login shell behave similar to noprofile but it might become difficult the other way around.
I'll answer my own question. This stack overflow post has the main info needed: Where to set system default environment variables in Alpine linux?
Given that, there are two alternatives:
Declare PATH using the ENV option of the Dockerfile
Or add PermitUserEnvironment yes to sshd_config file and define PATH in ~/.ssh/environment
I'm building what I think is a simple dockerfile and have got one line in the code that is throwing an error.
# dockerfile
...
RUN curl -k --output bin/theta `curl -k 'https://mainnet-data.thetatoken.org/binary?os=linux&name=theta'`
RUN curl -k --output bin/thetacli `curl -k 'https://mainnet-data.thetatoken.org/binary?os=linux&name=thetacli'`
RUN curl -k --output guardian_mainnet/node/config.yaml `curl -k 'https://mainnet-data.thetatoken.org/config?is_guardian=true'`
...
The first two curl commands run without any issue. The third curl command throws an error:
Warning: Failed to create the file guardian_mainnet/node/config.yaml: No such file or directory
The directory is created and does exist. The prior two curl commands use exactly the same format and result in both the theta and thetacli files being created.
I've actually setup a docker container with the base image predicated on the FROM for this dockerfile. From there I've run the code in the dockerfile line-by-line and it has executed without any problem (including the third line). In other words, if I manually run the dockerfile commands from the CLI for the base container it works - it's only when building the container from the dockerfile at the host level that the error is thrown.
The only differences are (i) the file type of .yaml and (ii) the ? in the https link. But I've found nothing that says that would be a problem. [I've tried saving without the extension and it didn't make a difference.]
What am I missing?
Im trying to run my .sh scipt status.sh via a telegram message:
Ubuntu 20.04.1 LTS server
Telegram-cli with a lua script to action status.sh script
when i send the message "status" to my server via telegram it actions the status.sh script, in this script i have a bunch of stuff that gathers info for me and sends it back to telegram so i can see what the status of my server is, however (i recently did a fresh install of the server) for some reason if the script has a line of code starting with sudo i get:
line 38: /usr/bin/sudo: Permission denied
if i run the script from the command line ./status.sh it runs without any problem!? so im thinking its because it is being called from telegram or lua!?
example of code that generates the error: sudo ifconfig enp0s25 >> file
on the other hand this line works without a problem:
sudo echo Time: $(date +"%H:%M:%S") > file
/usr/bin has 0755 permission set
sudo has 4755 permission set
The following command
sudo ifconfig enp0s25 >> file
would not work if file requires root privilege to be modified.
sudo affects ifconfig but not the redirection.
To fix it:
sudo sh -c 'ifconfig enp0s25 >> file'
As mentioned in Egor Skriptunoff's answer, sudo only affects the command being run with sudo, and not the redirect.
Perhaps nothing is being written to file in your case because ifconfig is writing the output you are interested in to stderr instead of to stdout.
If you want to append both stdout and stderr to file as root, use this command:
sudo sh -c 'ifconfig enp0s25 >> file 2>&1'
Here, sh is invoked via sudo so that the redirect to file will be done as root.
Without the 2>&1, only ifconfig's stdout will be appended to file. The 2>&1 tells the shell to redirect stderr to stdout.
If file can be written to without root, this may simplify to
sudo ifconfig enp0s25 >> file 2>&1
I have created a declarative jenkins pipeline and one of it's stages is as follows:
stage('Docker Image'){
steps{
bat 'docker build -t HMT/demo-application:%BUILD_NUMBER% --no-cache -f Dockerfile .'
}
}
This is the docker file:
FROM tomcat:alpine
RUN wget -O /usr/local/tomcat/webapps/launchstation04.war http://localhost:8082/artifactory/demoArtifactory/com/demo/0.0.1-SNAPSHOT/demo-0.0.1-SNAPSHOT.war
EXPOSE 9100
CMD /usr/local/tomcat/bin/cataline.bat run
I am getting the below error.:
[91m/bin/sh:
01:33:28 [0mThe command '/bin/sh -c wget -O /usr/local/tomcat/webapps/launchstation04.war http://localhost:8082/artifactory/demoArtifactory/com/demo/0.0.1-SNAPSHOT/demo-0.0.1-SNAPSHOT.war' returned a non-zero code: 127
UPDATE:
I have updated the command to
RUN wget -O /usr/local/tomcat/webapps/launchstation04.war -U jenkinsuser:Learning#% http://localhost:8082/artifactory/demoArtifactory/com/demo/0.0.1-SNAPSHOT/demo-0.0.1-20200823.053346-18.war
There is no problem in my command.Jfrog artifactory was unable to authorize this action.So I added username and password details but it still didn't work.
Error:
wget: server returned error: HTTP/1.1 401 Unauthorized
It didnt work after modifiying the password policy to unsupported.But it worked when I allowed anonymous access.
How to provide access using credentials.
Need more clarification on your question. Not sure where you are using curl command.
Image tomcat:alpine doesn't contains curl command. Unless you install it manually.
bash-4.4# type curl
bash: type: curl: not found
bash-4.4#
If your ask is regarding the sh -c option, if the script is invoked through CMD option, yes it will use sh. Instead you can give a try with ENTRYPOINT.
You can provide username & password via command line:
wget --user user --password pass
Using curl :
curl -u username:password -O
But void using special characters:
Change your password to another once in: [a-z][A-Z][0-9]
Try an API Key instead of password, I have a feeling that "#" may be throwing you off. Quotes can help there too or separating the password with -p
Also look at the request logs for whether the entry comes as 401 for the user, or anonymous/unauthenticated
Lastly, see if you can cURL from outside the image and then ADD the file in, as that will remove any external factors that may vary from the host (where I assume the command works)
I want to do OCR on some of my images, but images are not quite very impressive. So, for cleaning it I wanted to use Fred's ImageMagick Textcleaner script. Command that I gave:-
sh textcleaner.sh input_file output_file -g -e stretch -f 25 -o 20 -t 30 -u -s 1 -T -p 20
This is the arguments which Fred has given on website itself. I am also doing for same sample image. But I don't think so any of my options are working everything is by default. And I keep getting this error also
textcleaner.sh: line 177: type: textcleaner.sh: not found
usage: dirname path
usage: basename string [suffix]
basename [-a] [-s suffix] string [...]
And At last I had to keep the files in same folder where my textcleaner script is. How can I make it global and give the absolute path to it rather than putting the files wherever textcleaner is.
It's a bash script - it says so in the first line - yet you are trying to run it in sh - which is not bash. You need to make the script executable, by running
chmod +x textcleaner
then you can run it properly using:
./textcleaner ... arguments ...
That should make the error message go away. Then try showing us a sample image so we can try and see what the problem is.
In my ImageMagick scripts, the syntax is script name ...arguments... input output. So your command should be
bash textcleaner.sh -g -e stretch -f 25 -o 20 -t 30 -u -s 1 -T -p 20 input_file output_file
See my Pointers For Use (for further configuration) at my home page: http://www.fmwconcepts.com/imagemagick/index.php