3

In either cloud-init user-data runcmd, or in autoinstall late-commands, I need to essentially run this command as part of a Clevis + Tang initialization for a LUKS encrypted volume:

echo '<secret>' | clevis luks bind -d /dev/sda2 tang '{"url": "http://<ip-tangserver>" , "adv": "/tmp/adv.jws" }'

The problem is, I'm having a hard time determining if this is actually possible using either runcmd or late-commands, and if so, how I can do this in a YAML-compliant way, eg:

runcmd:
  - echo 'some-luks-temp-passwd' | clevis luks bind -d /dev/vda3 tang '{"url": "http://192.168.122.150" , "adv": "/tmp/adv.jws" }'

Enclosing the entire string above doesn't seem to work either, yamllint still shows a syntax error:

runcmd:
  - "echo 'some-luks-temp-passwd' | clevis luks bind -d /dev/vda3 tang '{"url": "http://192.168.122.150" , "adv": "/tmp/adv.jws" }'"

Thanks!

Kodiak Firesmith
  • 39
  • 1
  • 2
  • try this bash -c 'echo '\''<secret>'\'' | clevis luks bind -d /dev/sda2 tang '\''{"url": "http://<ip-tangserver>" , "adv": "/tmp/adv.jws" }'\''' – lnee Feb 03 '22 at 00:40
  • What I did is put the thing I want to run in a file and do i=$(cat tmp) next run this set | grep "^i=" remove the "i=" part, and you're good – lnee Feb 03 '22 at 00:43
  • Thanks @lnee, but it looks like the escaping above still results in yamllint failures. syntax error: expected <block end>, but found ','

    I'm going to keep on digging but thank you for the option to try!

     – Kodiak Firesmith Feb 03 '22 at 12:33
  • bash -c "$(xxd -r -p <<<"hexblob)" replace "hexblob" with the output of this hexdump -v -e '/1 "%02X "' "REPLACEWITHFILETHAT HAS YOUR CODE" |sed -e 's/ //g'" (note code was taken from https://github.com/lnee94/resh/blob/main/l/bintools) – lnee Feb 03 '22 at 13:38

1 Answers1

3

You might be able to use YAML multiline syntax. I'm not sure what is failing with your current syntax, but here is an autoinstall snippet that uses json, piping, output redirection, and Heredoc in multiline syntax.

#cloud-config
runcmd:
  - |
    echo '{"foo":"FOO" , "bar" : "BAR"}' > /run/cmd.log
    cat <<EOF | xxd >> /run/cmd.log
    {
      "foo": "FOO",
      "bar": "BAR"
    }
    EOF

FWIW, this is the resulting /run/cmd.log file

root@ubuntu-server:/# cat /run/cmd.log
{"foo":"FOO" , "bar" : "BAR"}
00000000: 7b0a 2020 2266 6f6f 223a 2022 464f 4f22  {.  "foo": "FOO"
00000010: 2c0a 2020 2262 6172 223a 2022 4241 5222  ,.  "bar": "BAR"
00000020: 0a7d 0a                                  .}.
Andrew Lowther
  • 6,451