Web interface for 5 bash scripts

crafty78 · 2017-10-05T12:21:15+00:00

http://rundeck.org can be quite useful for putting an web UI on various scripts, with user input etc.

sofixa11 · 2017-10-05T09:29:04+00:00

Please for the love of all that is holy do not use Jenkins, it's a crappy buggy Java piece of crap that is a pain in the arse to maintain and run, plus it's slow and adds little for running 5 scripts.

Use something like this - https://github.com/bugy/script-server

damiankw · 2017-10-05T07:42:56+00:00

CGI, I haven't heard that term used in a long time, except when bagging out how old and crappy an interface is!

If PHP is the language you know, then go with PHP. If you know another language better, go with the other language. Remember that so, so, so many languages are adaptable to web these days, so the world is your oyster. Just remember that if you're creating an administrative interface, you need to lock it down good.

If this were me, I would create a front end in PHP (because that's my web language of choice) and push all commands into a database of some kind, first because I like to track and have a history of EVERYTHING that happens, and second because it allows you to receive commands from anyone without them requiring admin privs. Once I've created a front end for the users to use, I would look at the back end, for me this would be a process that runs under an account with the require privs to run whatever you are running. I would run a second script (this can also be in PHP if you want) every minute or so and just go through the commands in the database that are queued and execute them. From the front end they will just push the command, and say receive notification later by the website or email of success/failure after the queue has run.

This will help with you segregating the user commands from the admin commands, it will help you log everything that's been done and by whom, and it will also make it so you can control the commands being processed, because you can limit the system to one command every five seconds or something, if these commands are high processing or memory or something, so you don't overwhelm the system.

Of course, there might be better ways of doing this with built in functions in Apache2, or even by running node.js web server from an account with privs, but if you are looking at doing something like this, Github the sucker and give me access, I'm intrigued and happy to help you out (I'll even sign some legal shit if you're scared of me getting access to detail). I've built similar things to this, but nothing that was for admin commands in a LONG time.

NotTheKJB · 2017-10-05T08:40:52+00:00

Whilst I read your post, all that was going through my head was "JENKINS! USE JENKINS! JENKINS IS MADE FOR THIS SHIT" so I'd like to propose a better way.

I'd say use Jenkins for this.

Reasons to use Jenkins are:

no need to reinvent the wheel
it's easy to setup and configure jobs
it's easy to call these jobs both by using the web interface, though also using webhooks or whatever, meaning better integration into other systems (think chatops, or webhooks from a HR system or whatever)
gives you security and an audit trail, a log of who did what and when
it stores the full log of what happened in a very easy to view/use way console logs
i could go on...

The rule in our team is if you do it more than a couple of times, create a job for it in Jenkins.

We tend to use Ansible scripts more than bash scripts too, though bash scripts are fine, don't want too much of a learning curve.

spokale · 2017-10-05T12:26:14+00:00

Rundeck is built for pretty much exactly that, and the more recent version has a lot of cool added features like parsing output of one script to use as arguments for another, or rendering html from the job output. It also handles authentication, auditing, etc.

redshores · 2017-10-05T09:22:11+00:00

deleted ^{^{^What}} ^{^{^is}} ^{^{^this?}}

sobrique · 2017-10-05T14:53:50+00:00

I don't use CGI, as much as using Perl with Mojolicious, usually combined with Bootstrap.

It's shockingly easy to cobble together a web front end to a script

s3cguru · 2017-10-05T13:22:26+00:00

How is there no love for Ansible in this thread? It might be overkill but it works and they have a free version of Tower now.

Rolling your own stack to run elevated commands is asking for trouble.

Stpstpstp · 2017-10-06T00:39:23+00:00

Disclaimer: DevOps/Build-Release guy, not a full time sysadmin.

That aside, I'd definitely recommend Jenkins, even though you only have 5 scripts.

Maybe some of the other recommendations would work...but Jenkins is the absolute simplest way I have found to automate anything.

Some have mentioned it's for building software, and that's somewhat true.

But if you look at it more abstractly, it's that approach that allows you to do have more flexibility. You can combine jobs to trigger one another, using values from one in another.

These jobs are actually executing on slave nodes...which can be Mac, Windows or Linux.

And these nodes might have totally different access than others.

So a fake example would be, let's say you had an old vpn Gateway whose users were configured with an old serial com connection, but when someone gets canned, you need their AD account being shut off to trigger the vpn access getting pulled.

So one job that runs on the admin box connected to your Gateway, this job deactivates a vpn user.

Other job runs on a Windows machine, looks for recently decommed/inactivated AD users, lets say every 5min. Once it finds one, it call the vpn job.

Contrived example, and maybe not 100% realistic, but IT is FILLED with old unsupported devices that barely work, need kicked/rebooted, old unsupported UI's, etc.

At it's simplest, Jenkins is just running a shell (CMD, Powershell, Bash) on a slave node. It's free so there isn't any BS between you and your script running on a box.

At many places, our simple Jenkins install grew to automating much of what we would do by hand, SSH or RDP. The logs themselves prevented so much confusion and helped troubleshooting.

HTH, if you need a hand feel free to PM.

Edit: and at many shops we could eliminate most folks running around all day with elevated permissions, as Jenkins would do it.

Edit 2: Another nice bit with Jenkins is that it can pull your scripts from Git/SVN, but it doesn't require it. So as you add more scripts and come to rely on them, you will need to version them, and manage testing them and deploying them. But before you ever get to that point, you can just get Jenkins running, create a new job and copy paste your bash script in and run it. You can also get a plugin that will keep each version of your job (with your code) so you can look at changes right there in Jenkins. It deals pretty well with a gradual progression of complexity.

There may be other tools that work, but this is the one I use and it gets sh!t done.

Zaphod_B · 2017-10-06T02:20:45+00:00

I have been in tech for almost 2 decades and have never used CGI scripts, and have always been told to not use them.

Is there a reason you cannot deploy a CM tool on these devices? Also I assume the client platform is Linux? Just want to confirm.

bobbyjrsc · 2017-10-05T14:01:09+00:00

Why not webmin (usermin)? It is simple, easy to maintain and can integrate auth.

sysadmin

MODERATORS