From my local machine, I am writing a script, which when executed should SSM on to my EC2 instance and write its own shell script (topic-creation.sh) within a user directory.
The intent is that later on, a user can run topic-creation.sh at their own leisure.
The purpose of topic-creation.sh will be to create a MSK topic (the name of which I define on my local machine), and check what the output result is from that command
(I intend to use the output for a little bit of grepping for variation of certain error handling)
Sounds simple enough!
But for several hours now, I've been battling the ability to escape a dollar sign as part of my document string.
Here's what I mean:
my local script:
MSK_ARN=$(terraform output -state "$TF_OUTPUT_FILE" -raw msk_cluster_arn)
kafka_version=$(aws kafka describe-cluster --cluster-arn "$MSK_ARN" | jq -r '.ClusterInfo.CurrentBrokerSoftwareInfo.KafkaVersion')
msk_bootstrap_brokers=$(aws kafka get-bootstrap-brokers --cluster-arn "$MSK_ARN" | jq -r '.BootstrapBrokerStringSaslIam')
msk_broker=$(echo "$msk_bootstrap_brokers" | cut -d ',' -f 1)
TOPIC='A_TOPIC'
document_json=$(cat <<-JSON
{
"schemaVersion": "2.2",
"description": "Install Kafka and configure AWS MSK IAM authentication",
"mainSteps": [
{
"action": "aws:runShellScript",
"name": "createTopicCreationShFile",
"inputs": {
"runCommand": [
"sudo -u ec2-user tee /home/ec2-user/topic-creation.sh <<EOF",
"#!/bin/bash",
"set -e",
"cd /home/ec2-user/kafka/kafka_2.13-$kafka_version/bin",
"output=$(./kafka-topics.sh --create --bootstrap-server $msk_broker --command-config client.properties --replication-factor 3 --partitions 1 --topic $TOPIC 2>&1)",
"echo $output",
"EOF"
]
}
},
{
"action": "aws:runShellScript",
"name": "ec2userChmod700TopicCreationSh",
"inputs": {
"runCommand": [
"if sudo -u ec2-user chmod 700 /home/ec2-user/topic-creation.sh; then echo 'topic-creation.sh has chmod 700 granted to it for ec2-user'; else echo 'topic-creation.sh does not have chmod 700 granted to it for ec2-user.'; exit 1; fi"
]
}
}
]
}
JSON
)
aws ssm create-document --name "MyTopicSetupDocument" --document-type "Command" --document-format "JSON" --content "$document_json"
create_topic_shell_json=$(aws ssm send-command --instance-id "$EC2_INSTANCE_ID" --document-name "MyTopicSetupDocument" --output json)
aws ssm delete-document --name "MyTopicSetupDocument"
So..
My desired result, is that when I cat topic-creation.sh I will see:
#!/bin/bash
set -e
cd /home/ec2-user/kafka/kafka_2.13-2.8.1/bin
output=$(./kafka-topics.sh --create --bootstrap-server my-bootstrap-broker --command-config client.properties --replication-factor 3 --partitions 1 --topic A_TOPIC
echo $output
This would be perfect, it would mean that $kafka_version, $msk_broker and $TOPIC would have been successfully interpreted whilst creating the document... and the usage of $ around the "output" variable would still be plaintext and would only get interpreted during execution of the actual topic-creation.sh (by the intended user).
However, that is sadly not the case. My command runs successfully, but when I hop onto my EC2 instance and check the contents of topic-creation.sh I get:
[ec2-user@ip ~]$ cat topic-creation.sh
#!/bin/bash
set -e
cd /home/ec2-user/kafka/kafka_2.13-2.8.1/bin
output=./scripts/bundle-create-topics.sh: line 61: ./kafka-topics.sh: No such file or directory
echo
[ec2-user@ip]$
So, a few things to point out here.
There has been a successful interpolation of $kafka_version here, seen by the -2.8.1 part of my kafka directory (and from this I can safely assume the same story for $msk_broker and $TOPIC)
BUT it seems as if my compiler(?) has tried to interpret "$output" for me, rather than keeping it plaintext.
Silly mistake, I thought, so I tried escaping the dollar around output:
automation_document_json=$(cat <<-JSON
{
"schemaVersion": "2.2",
"description": "Install Kafka and configure AWS MSK IAM authentication",
"mainSteps": [
{
"action": "aws:runShellScript",
"name": "createTopicCreationShFile",
"inputs": {
"runCommand": [
"sudo -u ec2-user tee /home/ec2-user/topic-creation.sh <<EOF",
"#!/bin/bash",
"set -e",
"cd /home/ec2-user/kafka/kafka_2.13-$kafka_version/bin",
"output=\$(./kafka-topics.sh --create --bootstrap-server $msk_broker --command-config client.properties --replication-factor 3 --partitions 1 --topic $TOPIC 2>&1)",
"echo \$output",
"EOF"
]
I thought surely this should do the trick,
But when I hop back onto EC2 and cat the newly created topic-creation.sh... I get:
[ec2-user@ip-100-80-24-9 ~]$ cat topic-creation.sh
#!/bin/bash
set -e
cd /home/ec2-user/kafka/kafka_2.13-2.8.1/bin
output=/var/lib/amazon/ssm/i-0a75270976825cd6d/document/orchestration/833cbbc2-6c5e-4c17-b8b6-3c47aff6558a/createTopicCreationShFile/_script.sh: line 1: ./kafka-topics.sh: No such file or directory
echo
[ec2-user@ip-100-80-24-9 ~]$
Ooooph, it seems as if AWS (rather than my compiler?) has tried to interpret $output here.
But this has confused me. Because the command was simply to tee the text into a .sh, I don't understand why some strange process is occurring here.
Finally, I felt like I had already extended my depth of any understanding, and I seen a suggestion to try $$ instead of $:
automation_document_json=$(cat <<-JSON
{
"schemaVersion": "2.2",
"description": "Install Kafka and configure AWS MSK IAM authentication",
"mainSteps": [
{
"action": "aws:runShellScript",
"name": "createTopicCreationShFile",
"inputs": {
"runCommand": [
"sudo -u ec2-user tee /home/ec2-user/topic-creation.sh <<EOF",
"#!/bin/bash",
"set -e",
"cd /home/ec2-user/kafka/kafka_2.13-$kafka_version/bin",
"output=$$(./kafka-topics.sh --create --bootstrap-server $msk_broker --command-config client.properties --replication-factor 3 --partitions 1 --topic $TOPIC 2>&1)",
"echo $$output",
And on my EC2, when I cat it:
[ec2-user@ip-100-80-24-9 ~]$ cat topic-creation.sh
#!/bin/bash
set -e
cd /home/ec2-user/kafka/kafka_2.13-2.8.1/bin
output=5703(./kafka-topics.sh --create --bootstrap-server my-bootstrap-broker --command-config client.properties --replication-factor 3 --partitions 1 --topic A_TOPIC 2>&1)
echo 5703output
[ec2-user@ip-100-80-24-9 ~]$
Now... this is probably the closest I've gotten so far! Except $$ seems to get transformed into a numerical representation.. not ideal. But I was just happy to finally see the rest of that command rather than AWS or my compiler trying to help out.
Any ideas how I can fix this?
I didn't think it would be this troublesome.