// NewCoreManager creates a new core plugin manager.
func NewCoreManager(instanceIdPtr *string, regionPtr *string, log logger.T) (cm *CoreManager, err error) {
// initialize appconfig
var config appconfig.SsmagentConfig
if config, err = appconfig.Config(false); err != nil {
log.Errorf("Could not load config file: %v", err)
return
}
// initialize region
if *regionPtr != "" {
if err = platform.SetRegion(*regionPtr); err != nil {
log.Errorf("error occured setting the region, %v", err)
return
}
}
var region string
if region, err = platform.Region(); err != nil {
log.Errorf("error fetching the region, %v", err)
return
}
log.Debug("Using region:", region)
// initialize instance ID
if *instanceIdPtr != "" {
if err = platform.SetInstanceID(*instanceIdPtr); err != nil {
log.Errorf("error occured setting the instance ID, %v", err)
return
}
}
var instanceId string
if instanceId, err = platform.InstanceID(); err != nil {
log.Errorf("error fetching the instanceID, %v", err)
return
}
log.Debug("Using instanceID:", instanceId)
if err = fileutil.HardenDataFolder(); err != nil {
log.Errorf("error initializing SSM data folder with hardened ACL, %v", err)
return
}
//Initialize all folders where interim states of executing commands will be stored.
if !initializeBookkeepingLocations(log, instanceId) {
log.Error("unable to initialize. Exiting")
return
}
context := context.Default(log, config).With("[instanceID=" + instanceId + "]")
corePlugins := coreplugins.RegisteredCorePlugins(context)
return &CoreManager{
context: context,
corePlugins: *corePlugins,
}, nil
}
// ReplaceParameters traverses an arbitrarily complex input object (maps/slices/strings/etc.)
// and tries to replace parameters given as {{parameter}} with their values from the parameters map.
//
// Strings like "{{ parameter }}" are replaced directly with the value associated with
// the parameter. That value need not be a string.
//
// Strings like "a {{ parameter1 }} within a string" are replaced with strings where the parameters
// are replaced by a marshaled version of their values. In this case, the resulting object is always a string.
//
// Note: this only works on composite types []interface{} and map[string]interface{} which are what json.Unmarshal
// produces by default. If your object contains []string, for example, the object will be returned as is.
//
// Returns a new object with replaced parameters.
func ReplaceParameters(input interface{}, parameters map[string]interface{}, logger log.T) interface{} {
switch input := input.(type) {
case string:
// handle single parameter case first
for parameterName, parameterValue := range parameters {
if isSingleParameterString(input, parameterName) {
return parameterValue
}
}
// look for multiple parameter strings
for parameterName, parameterValue := range parameters {
var parameterValueString string
var err error
if parameterValueString, err = convertToString(parameterValue); err != nil {
logger.Error(err)
}
input = ReplaceParameter(input, parameterName, parameterValueString)
}
return input
case []interface{}:
// for slices, recursively replace parameters on each element of the slice
out := make([]interface{}, len(input))
for i, v := range input {
out[i] = ReplaceParameters(v, parameters, logger)
}
return out
case []map[string]interface{}:
// this case is not caught by the one above because map cannot be converted to interface{}
out := make([]map[string]interface{}, len(input))
for i, v := range input {
out[i] = ReplaceParameters(v, parameters, logger).(map[string]interface{})
}
return out
case map[string]interface{}:
// for maps, recursively replace parameters on each value in the map
out := make(map[string]interface{})
for k, v := range input {
out[k] = ReplaceParameters(v, parameters, logger)
}
return out
default:
// any other type, return as is
return input
}
}
// Failed marks plugin as Failed
func (out *ApplicationPluginOutput) MarkAsFailed(log log.T, err error) {
out.ExitCode = 1
out.Status = contracts.ResultStatusFailed
if len(out.Stderr) != 0 {
out.Stderr = fmt.Sprintf("\n%v\n%v", out.Stderr, err.Error())
} else {
out.Stderr = fmt.Sprintf("\n%v", err.Error())
}
log.Error(err.Error())
out.Errors = append(out.Errors, err.Error())
}
// Md5HashValue gets the md5 hash value
func Md5HashValue(log log.T, filePath string) (hash string, err error) {
var exists = false
exists, err = fileutil.LocalFileExist(filePath)
if err != nil || exists == false {
return
}
var f *os.File
f, err = os.Open(filePath)
if err != nil {
log.Error(err)
}
defer f.Close()
hasher := md5.New()
if _, err = io.Copy(hasher, f); err != nil {
log.Error(err)
}
hash = hex.EncodeToString(hasher.Sum(nil))
log.Debugf("Hash=%v, FilePath=%v", hash, filePath)
return
}
// killProcessOnTimeout waits for a timeout.
// When the timeout is reached, this method kills the underlying
// process of the command. This will unblock the command.Wait() call.
// If the task completed successfully this method returns with no action.
func killProcessOnTimeout(log log.T, command *exec.Cmd, timer *time.Timer) {
<-timer.C
log.Debug("Process exceeded timeout. Attempting to stop process.")
// task has been exceeded the allowed execution timeout, kill process
if err := killProcess(command.Process); err != nil {
log.Error(err)
return
}
log.Debug("Process stopped successfully")
}
func processSendReply(log log.T, messageID string, mdsService service.Service, payloadDoc messageContracts.SendReplyPayload, processorStopPolicy *sdkutil.StopPolicy) {
payloadB, err := json.Marshal(payloadDoc)
if err != nil {
log.Error("could not marshal reply payload!", err)
}
payload := string(payloadB)
log.Info("Sending reply ", jsonutil.Indent(payload))
err = mdsService.SendReply(log, messageID, payload)
if err != nil {
sdkutil.HandleAwsError(log, err, processorStopPolicy)
}
}
func killProcessOnTimeout(log log.T, command *exec.Cmd, timer *time.Timer) {
<-timer.C
log.Debug("Process exceeded timeout. Attempting to kill process!")
// task has been exceeded the allowed execution timeout, kill process
if err := command.Process.Kill(); err != nil {
log.Error(err)
return
}
log.Debug("Done kill process!")
}
// runCommandsRawInput executes one set of commands and returns their output.
// The input is in the default json unmarshal format (e.g. map[string]interface{}).
func (p *Plugin) runCommandsRawInput(log log.T, rawPluginInput interface{}, orchestrationDirectory string, cancelFlag task.CancelFlag, outputS3BucketName string, outputS3KeyPrefix string) (out contracts.PluginOutput) {
var pluginInput RunCommandPluginInput
err := jsonutil.Remarshal(rawPluginInput, &pluginInput)
if err != nil {
errorString := fmt.Sprintf("Invalid format in plugin properties %v;\nerror %v", rawPluginInput, err)
out.Errors = append(out.Errors, errorString)
out.Status = contracts.ResultStatusFailed
log.Error(errorString)
return
}
return p.runCommands(log, pluginInput, orchestrationDirectory, cancelFlag, outputS3BucketName, outputS3KeyPrefix)
}
// killProcessOnCancel waits for a cancel request.
// If a cancel request is received, this method kills the underlying
// process of the command. This will unblock the command.Wait() call.
// If the task completed successfully this method returns with no action.
func killProcessOnCancel(log log.T, command *exec.Cmd, cancelFlag task.CancelFlag) {
cancelFlag.Wait()
if cancelFlag.Canceled() {
log.Debug("Process cancelled. Attempting to stop process.")
// task has been asked to cancel, kill process
if err := killProcess(command.Process); err != nil {
log.Error(err)
return
}
log.Debug("Process stopped successfully.")
}
}
// RebootMachine reboots the machine
func RebootMachine(log log.T) {
log.Info("Executing reboot request...")
if RebootInitiated() {
return
}
syncObject.Lock()
defer syncObject.Unlock()
if err := reboot(log); err != nil {
log.Error("error in rebooting the machine", err)
return
}
rebootInitiated = true
}
// DeleteDirectory deletes a directory and all its content.
func DeleteDirectory(log log.T, dirName string) {
if err := os.RemoveAll(dirName); err != nil {
log.Error("error deleting directory", err)
}
}
// runCommands executes one set of commands and returns their output.
func (p *Plugin) runCommands(log log.T, pluginInput ApplicationPluginInput, orchestrationDirectory string, cancelFlag task.CancelFlag, outputS3BucketName string, outputS3KeyPrefix string) (out ApplicationPluginOutput) {
var err error
// if no orchestration directory specified, create temp directory
var useTempDirectory = (orchestrationDirectory == "")
var tempDir string
if useTempDirectory {
if tempDir, err = ioutil.TempDir("", "Ec2RunCommand"); err != nil {
out.Errors = append(out.Errors, err.Error())
log.Error(err)
return
}
orchestrationDirectory = tempDir
}
orchestrationDir := fileutil.RemoveInvalidChars(filepath.Join(orchestrationDirectory, pluginInput.ID))
log.Debugf("OrchestrationDir %v ", orchestrationDir)
// create orchestration dir if needed
if err = fileutil.MakeDirs(orchestrationDir); err != nil {
log.Debug("failed to create orchestrationDir directory", orchestrationDir, err)
out.Errors = append(out.Errors, err.Error())
return
}
// Get application mode
mode, err := getMsiApplicationMode(pluginInput)
if err != nil {
out.MarkAsFailed(log, err)
return
}
log.Debugf("mode is %v", mode)
// Download file from source if available
downloadOutput, err := pluginutil.DownloadFileFromSource(log, pluginInput.Source, pluginInput.SourceHash, pluginInput.SourceHashType)
if err != nil || downloadOutput.IsHashMatched == false || downloadOutput.LocalFilePath == "" {
errorString := fmt.Errorf("failed to download file reliably %v", pluginInput.Source)
out.MarkAsFailed(log, errorString)
return
}
log.Debugf("local path to file is %v", downloadOutput.LocalFilePath)
// Create msi related log file
localSourceLogFilePath := downloadOutput.LocalFilePath + ".msiexec.log.txt"
log.Debugf("log path is %v", localSourceLogFilePath)
// TODO: This needs to be pulled out of this function as it runs multiple times getting initialized with the same values
// Create output file paths
stdoutFilePath := filepath.Join(orchestrationDir, p.StdoutFileName)
stderrFilePath := filepath.Join(orchestrationDir, p.StderrFileName)
log.Debugf("stdout file %v, stderr file %v", stdoutFilePath, stderrFilePath)
// Construct Command Name and Arguments
commandName := msiExecCommand
commandArguments := []string{mode, downloadOutput.LocalFilePath, "/quiet", "/norestart", "/log", localSourceLogFilePath}
if pluginInput.Parameters != "" {
log.Debugf("Got Parameters \"%v\"", pluginInput.Parameters)
params := processParams(log, pluginInput.Parameters)
commandArguments = append(commandArguments, params...)
}
// Execute Command
_, _, exitCode, errs := p.ExecuteCommand(log, defaultWorkingDirectory, stdoutFilePath, stderrFilePath, cancelFlag, defaultApplicationExecutionTimeoutInSeconds, commandName, commandArguments)
// Set output status
out.ExitCode = exitCode
setMsiExecStatus(log, pluginInput, cancelFlag, &out)
if len(errs) > 0 {
for _, err := range errs {
out.Errors = append(out.Errors, err.Error())
log.Error("failed to run commands: ", err)
out.Status = contracts.ResultStatusFailed
}
return
}
// Upload output to S3
uploadOutputToS3BucketErrors := p.ExecuteUploadOutputToS3Bucket(log, pluginInput.ID, orchestrationDir, outputS3BucketName, outputS3KeyPrefix, useTempDirectory, tempDir, out.Stdout, out.Stderr)
out.Errors = append(out.Errors, uploadOutputToS3BucketErrors...)
// Return Json indented response
responseContent, _ := jsonutil.Marshal(out)
log.Debug("Returning response:\n", jsonutil.Indent(responseContent))
return
}
// s3Download attempts to download a file via the aws sdk.
func s3Download(log log.T, amazonS3URL s3util.AmazonS3URL, destFile string) (output DownloadOutput, err error) {
log.Debugf("attempting to download as s3 download %v", destFile)
eTagFile := destFile + ".etag"
config := &aws.Config{}
var appConfig appconfig.SsmagentConfig
appConfig, err = appconfig.Config(false)
if err != nil {
log.Error("failed to read appconfig.")
} else {
creds, err1 := appConfig.ProfileCredentials()
if err1 != nil {
config.Credentials = creds
}
}
config.S3ForcePathStyle = aws.Bool(amazonS3URL.IsPathStyle)
config.Region = aws.String(amazonS3URL.Region)
params := &s3.GetObjectInput{
Bucket: aws.String(amazonS3URL.Bucket),
Key: aws.String(amazonS3URL.Key),
}
if fileutil.Exists(destFile) == true && fileutil.Exists(eTagFile) == true {
var existingETag string
existingETag, err = fileutil.ReadAllText(eTagFile)
if err != nil {
log.Debugf("failed to read etag file %v, %v", eTagFile, err)
return
}
params.IfNoneMatch = aws.String(existingETag)
}
s3client := s3.New(session.New(config))
req, resp := s3client.GetObjectRequest(params)
err = req.Send()
if err != nil {
if req.HTTPResponse == nil || req.HTTPResponse.StatusCode != http.StatusNotModified {
log.Debug("failed to download from s3, ", err)
fileutil.DeleteFile(destFile)
fileutil.DeleteFile(eTagFile)
return
}
log.Debugf("Unchanged file.")
output.IsUpdated = false
output.LocalFilePath = destFile
return output, nil
}
if *resp.ETag != "" {
log.Debug("files etag is ", *resp.ETag)
err = fileutil.WriteAllText(eTagFile, *resp.ETag)
if err != nil {
log.Errorf("failed to write eTagfile %v, %v ", eTagFile, err)
return
}
}
defer resp.Body.Close()
_, err = FileCopy(log, destFile, resp.Body)
if err == nil {
output.LocalFilePath = destFile
output.IsUpdated = true
} else {
log.Errorf("failed to write destFile %v, %v ", destFile, err)
}
return
}
// RunCommand runs the given commands using the given working directory.
// Standard output and standard error are sent to the given writers.
func RunCommand(log log.T,
cancelFlag task.CancelFlag,
workingDir string,
stdoutWriter io.Writer,
stderrWriter io.Writer,
executionTimeout int,
commandName string,
commandArguments []string,
) (exitCode int, err error) {
command := exec.Command(commandName, commandArguments...)
command.Dir = workingDir
command.Stdout = stdoutWriter
command.Stderr = stderrWriter
exitCode = 0
// configure OS-specific process settings
prepareProcess(command)
log.Debug()
log.Debugf("Running in directory %v, command: %v %v.", workingDir, commandName, commandArguments)
log.Debug()
if err = command.Start(); err != nil {
log.Error("error occurred starting the command", err)
exitCode = 1
return
}
go killProcessOnCancel(log, command, cancelFlag)
timer := time.NewTimer(time.Duration(executionTimeout) * time.Second)
go killProcessOnTimeout(log, command, timer)
err = command.Wait()
timedOut := !timer.Stop() // returns false if called previously - indicates timedOut.
if err != nil {
exitCode = 1
log.Debugf("command failed to run %v", err)
if exiterr, ok := err.(*exec.ExitError); ok {
// The program has exited with an exit code != 0
if status, ok := exiterr.Sys().(syscall.WaitStatus); ok {
exitCode = status.ExitStatus()
// First try to handle Cancel and Timeout scenarios
// SIGKILL will result in an exitcode of -1
if exitCode == -1 {
if cancelFlag.Canceled() {
// set appropriate exit code based on cancel or timeout
exitCode = pluginutil.CommandStoppedPreemptivelyExitCode
log.Infof("The execution of command was cancelled.")
} else if timedOut {
// set appropriate exit code based on cancel or timeout
exitCode = pluginutil.CommandStoppedPreemptivelyExitCode
log.Infof("The execution of command was timedout.")
}
} else {
log.Infof("The execution of command returned Exit Status: %d", exitCode)
}
}
}
} else {
// check if cancellation or timeout failed to kill the process
// This will not occur as we do a SIGKILL, which is not recoverable.
if cancelFlag.Canceled() {
// This is when the cancellation failed and the command completed successfully
log.Errorf("the cancellation failed to stop the process.")
// do not return as the command could have been cancelled and also timedout
}
if timedOut {
// This is when the timeout failed and the command completed successfully
log.Errorf("the timeout failed to stop the process.")
}
}
log.Debug("Done waiting!")
return
}
// runCommands executes one set of commands and returns their output.
func (p *Plugin) runCommands(log log.T, pluginInput PSModulePluginInput, orchestrationDirectory string, cancelFlag task.CancelFlag, outputS3BucketName string, outputS3KeyPrefix string) (out PSModulePluginOutput) {
var err error
// if no orchestration directory specified, create temp directory
var useTempDirectory = (orchestrationDirectory == "")
var tempDir string
if useTempDirectory {
if tempDir, err = ioutil.TempDir("", "Ec2RunCommand"); err != nil {
out.Errors = append(out.Errors, err.Error())
log.Error(err)
return
}
orchestrationDirectory = tempDir
}
orchestrationDir := fileutil.RemoveInvalidChars(filepath.Join(orchestrationDirectory, pluginInput.ID))
log.Debugf("Running commands %v in workingDirectory %v; orchestrationDir %v ", pluginInput.RunCommand, pluginInput.WorkingDirectory, orchestrationDir)
// create orchestration dir if needed
if err = fileutil.MakeDirsWithExecuteAccess(orchestrationDir); err != nil {
log.Debug("failed to create orchestrationDir directory", orchestrationDir)
out.Errors = append(out.Errors, err.Error())
return
}
// Create script file path
scriptPath := filepath.Join(orchestrationDir, pluginutil.RunCommandScriptName)
log.Debugf("Writing commands %v to file %v", pluginInput, scriptPath)
// Create script file
if err = pluginutil.CreateScriptFile(log, scriptPath, pluginInput.RunCommand); err != nil {
out.Errors = append(out.Errors, err.Error())
log.Errorf("failed to create script file. %v", err)
return
}
// Download file from source if available
downloadOutput, err := pluginutil.DownloadFileFromSource(log, pluginInput.Source, pluginInput.SourceHash, pluginInput.SourceHashType)
if err != nil || downloadOutput.IsHashMatched == false || downloadOutput.LocalFilePath == "" {
errorString := fmt.Errorf("failed to download file reliably %v", pluginInput.Source)
out.MarkAsFailed(log, errorString)
return
} else {
// Uncompress the zip file received
fileutil.Uncompress(downloadOutput.LocalFilePath, PowerShellModulesDirectory)
}
// Set execution time
executionTimeout := pluginutil.ValidateExecutionTimeout(log, pluginInput.TimeoutSeconds)
// Create output file paths
stdoutFilePath := filepath.Join(orchestrationDir, p.StdoutFileName)
stderrFilePath := filepath.Join(orchestrationDir, p.StderrFileName)
log.Debugf("stdout file %v, stderr file %v", stdoutFilePath, stderrFilePath)
// Construct Command Name and Arguments
commandName := pluginutil.GetShellCommand()
commandArguments := append(pluginutil.GetShellArguments(), scriptPath, pluginutil.ExitCodeTrap)
// Execute Command
stdout, stderr, exitCode, errs := p.ExecuteCommand(log, pluginInput.WorkingDirectory, stdoutFilePath, stderrFilePath, cancelFlag, executionTimeout, commandName, commandArguments)
// Set output status
out.ExitCode = exitCode
out.Status = pluginutil.GetStatus(out.ExitCode, cancelFlag)
if len(errs) > 0 {
for _, err := range errs {
out.Errors = append(out.Errors, err.Error())
if out.Status != contracts.ResultStatusCancelled &&
out.Status != contracts.ResultStatusTimedOut &&
out.Status != contracts.ResultStatusSuccessAndReboot {
log.Error("failed to run commands: ", err)
out.Status = contracts.ResultStatusFailed
}
}
}
// read (a prefix of) the standard output/error
out.Stdout, err = pluginutil.ReadPrefix(stdout, p.MaxStdoutLength, p.OutputTruncatedSuffix)
if err != nil {
out.Errors = append(out.Errors, err.Error())
log.Error(err)
}
out.Stderr, err = pluginutil.ReadPrefix(stderr, p.MaxStderrLength, p.OutputTruncatedSuffix)
if err != nil {
out.Errors = append(out.Errors, err.Error())
log.Error(err)
}
// Upload output to S3
uploadOutputToS3BucketErrors := p.ExecuteUploadOutputToS3Bucket(log, pluginInput.ID, orchestrationDir, outputS3BucketName, outputS3KeyPrefix, useTempDirectory, tempDir, out.Stdout, out.Stderr)
out.Errors = append(out.Errors, uploadOutputToS3BucketErrors...)
// Return Json indented response
responseContent, _ := jsonutil.Marshal(out)
log.Debug("Returning response:\n", jsonutil.Indent(responseContent))
return
}