3

In either cloud-init user-data runcmd, or in autoinstall late-commands, I need to essentially run this command as part of a Clevis + Tang initialization for a LUKS encrypted volume:

echo '<secret>' | clevis luks bind -d /dev/sda2 tang '{"url": "http://<ip-tangserver>" , "adv": "/tmp/adv.jws" }'

The problem is, I'm having a hard time determining if this is actually possible using either runcmd or late-commands, and if so, how I can do this in a YAML-compliant way, eg:

runcmd:
  - echo 'some-luks-temp-passwd' | clevis luks bind -d /dev/vda3 tang '{"url": "http://192.168.122.150" , "adv": "/tmp/adv.jws" }'

Enclosing the entire string above doesn't seem to work either, yamllint still shows a syntax error:

runcmd:
  - "echo 'some-luks-temp-passwd' | clevis luks bind -d /dev/vda3 tang '{"url": "http://192.168.122.150" , "adv": "/tmp/adv.jws" }'"

Thanks!

Kodiak Firesmith
  • 39

1 Answers1

4

You might be able to use YAML multiline syntax. I'm not sure what is failing with your current syntax, but here is an autoinstall snippet that uses json, piping, output redirection, and Heredoc in multiline syntax.

#cloud-config
runcmd:
  - |
    echo '{"foo":"FOO" , "bar" : "BAR"}' > /run/cmd.log
    cat <<EOF | xxd >> /run/cmd.log
    {
      "foo": "FOO",
      "bar": "BAR"
    }
    EOF

FWIW, this is the resulting /run/cmd.log file

root@ubuntu-server:/# cat /run/cmd.log
{"foo":"FOO" , "bar" : "BAR"}
00000000: 7b0a 2020 2266 6f6f 223a 2022 464f 4f22  {.  "foo": "FOO"
00000010: 2c0a 2020 2262 6172 223a 2022 4241 5222  ,.  "bar": "BAR"
00000020: 0a7d 0a                                  .}.
Andrew Lowther
  • 7,251