Looking for Guidance - load PSWSMan into Lambda/PowerShell Core

LizRollet commented 2 years ago

SUMMARY

I am attempting to use PSWSMan in a lambda to pull information from AWS FSx and present the information returned as a .json file

I have added a lambda layer with PSWSMan and can view information on the module so I know it is being added. However, I am not able to invoke/load WSMan. I copied the libmi.so and libpsrpclient.so files from your PSWSMan module to the /powershell directory for the custom runtime. I can verify that those files are present in /opt/powershell.

I have read https://github.com/jborean93/omi/issues/24, https://github.com/PowerShell/PowerShell/issues/16382 and https://github.com/jborean93/omi to understand how to get the .so files to load and be used by my powershell script. The script currently uses the code from https://github.com/jborean93/omi/issues/24 to load libpsrpclient.so; I am currently outputting the results of ldd "$pwshDir/libpsrpclient.so" ldd "$pwshDir/libmi.so"

along with get-module and get-WSManVersion results.

What is being returned: [ "\tlinux-vdso.so.1 (0x00007fffa3b94000)", "\tlibmi.so => /opt/powershell/libmi.so (0x00007fcdcc650000)", "\tlibpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcdcc432000)", "\tlibc.so.6 => /lib64/libc.so.6 (0x00007fcdcc087000)", "\tlibdl.so.2 => /lib64/libdl.so.2 (0x00007fcdcbe83000)", "\tlibssl.so.1.0.0 => not found", "\tlibcrypto.so.1.0.0 => not found", "\tlibz.so.1 => /lib64/libz.so.1 (0x00007fcdcbc6e000)", "\t/lib64/ld-linux-x86-64.so.2 (0x00007fcdccb76000)", "\tlinux-vdso.so.1 (0x00007ffe4bdfa000)", "\tlibpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcf6c248000)", "\tlibdl.so.2 => /lib64/libdl.so.2 (0x00007fcf6c044000)", "\tlibssl.so.1.0.0 => not found", "\tlibcrypto.so.1.0.0 => not found", "\tlibz.so.1 => /lib64/libz.so.1 (0x00007fcf6be2f000)", "\tlibc.so.6 => /lib64/libc.so.6 (0x00007fcf6ba84000)", "\t/lib64/ld-linux-x86-64.so.2 (0x00007fcf6c73f000)", { "Name": "AWS.Tools.Common", "Path": "/opt/modules/AWS.Tools.Common/4.1.174/AWS.Tools.Common.psd1", "Description": "The AWS Tools for PowerShell lets developers and administrators manage their AWS services from the PowerShell scripting environment. In order to manage each AWS service, install the corresponding module (e.g. AWS.Tools.EC2, AWS.Tools.S3...).\r\nThe module AWS.Tools.Installer (https://www.powershellgallery.com/packages/AWS.Tools.Installer/) makes it easier to install, update and uninstall the AWS.Tools modules.\r\nThis version of AWS Tools for PowerShell is compatible with Windows PowerShell 5.1+ and PowerShell Core 6+ on Windows, Linux and macOS. When running on Windows PowerShell, .NET Framework 4.7.2 or newer is required.\r\nAlternative modules, AWSPowerShell.NetCore and AWSPowerShell, provide support for all AWS services from a single module and also support older versions of Windows PowerShell and .NET Framework." }, { "Name": "PSWSMan", "Path": "/opt/modules/PSWSMan/2.3.0/PSWSMan.psd1", "Description": "Module to install and manage the forked WSMan client libraries for Linux and macOS.\nSee https://github.com/jborean93/omi for more details." }, { "MI": null, "PSRP": null } ]

I also get an error: [91mGet-WSManVersion: [0m/var/task/examplehandler.ps1:79 [96mLine | [96m 79 | [0m [96mGet-WSManVersion[0m [96m | [91m ~~~~~~~~~~~~~~~~ [91m[96m | [91mlibmi could not be loaded, make sure it and its dependencies [96m | [91mare available [0m [91mGet-WSManVersion: [0m/var/task/examplehandler.ps1:79 [96mLine | [96m 79 | [0m [96mGet-WSManVersion[0m [96m | [91m ~~~~~~~~~~~~~~~~ [91m[96m | [91mlibpsrpclient could not be loaded, make sure it and its [96m | [91mdependencies are available [0m

Has anyone tested this use case? Is it even possible?

MODULE VERSION

 "Name": "PSWSMan",
    "Path": "/opt/modules/PSWSMan/2.3.0/PSWSMan.psd1",
    "Description": "Module to install and manage the forked WSMan client libraries for Linux and macOS.\nSee https://github.com/jborean93/omi for more details."

OS / ENVIRONMENT

Custom runtime on Amazon Linux 2 - https://github.com/awslabs/aws-lambda-powershell-runtime

jborean93 commented 2 years ago

The ldd output you are using is still showing that it is using a version of libmi that has been compiled against OpenSSL 1.0.0 which is what WIndows ships with. I'm unsure why copying the files didn't work but essentially without the proper libpsrpclient and libmi being used then it's most likely going to fail.

This info should work https://github.com/jborean93/omi/issues/24#issuecomment-798995921 but it is a bit old and has to be slightly modified:

Add-Type -TypeDefinition @'
using System;
using System.Collections.Generic;
using System.Reflection;
using System.Runtime.InteropServices;

namespace CloudShell
{
    public static class MI
    {
        public static Dictionary<string, string> DllMap = new Dictionary<string, string>();

        public static IntPtr ImportResolver(string libraryName, Assembly assembly, DllImportSearchPath? searchPath)
        {
            if (DllMap.ContainsKey(libraryName))
                libraryName = DllMap[libraryName];

            return NativeLibrary.Load(libraryName, assembly, searchPath);
        }
    }
}
'@

$libbase = Join-Path (Import-Module -Name PSWSMan -PassThru).ModuleBase bin glibc-3
[CloudShell.MI]::DllMap['libpsrpclient'] = Join-Path $libBase libpsrpclient.so
[Runtime.InteropServices.NativeLibrary]::SetDllImportResolver([PSObject].Assembly, [CloudShell.MI]::ImportResolver)

Change glibc-3 to glibc-1.1 if you are using OpenSSL 1.1.x or use the musl prefix instead of glibc if you are on a musl based distribution like Alpine.

LizRollet commented 2 years ago

Ah – using musl might be the missing piece. I had tried to find some documentation on what distribution equated to what directory in the bin. This opens a few possibilities so I’ll try a few more things.

Thank you for responding!

Liz

From: Jordan Borean @.> Sent: Sunday, November 13, 2022 6:40 PM To: jborean93/omi @.> Cc: Rollet, Liz @.>; Author @.> Subject: Re: [jborean93/omi] Looking for Guidance - load PSWSMan into Lambda/PowerShell Core (Issue #57)

The ldd output you are using is still showing that it is using a version of libmi that has been compiled against OpenSSL 1. 0. 0 which is what WIndows ships with. I'm unsure why copying the files didn't work but essentially without the proper ZjQcmQRYFpfptBannerStart This email originated from outside of Moody's Do not click links or open attachments unless you recognize the sender and know the content is safe. ZjQcmQRYFpfptBannerEnd

The ldd output you are using is still showing that it is using a version of libmi that has been compiled against OpenSSL 1.0.0 which is what WIndows ships with. I'm unsure why copying the files didn't work but essentially without the proper libpsrpclient and libmi being used then it's most likely going to fail.

This info should work #24 (comment)https://github.com/jborean93/omi/issues/24#issuecomment-798995921 but it is a bit old and has to be slightly modified:

Add-Type -TypeDefinition @'

using System;

using System.Collections.Generic;

using System.Reflection;

using System.Runtime.InteropServices;

namespace CloudShell

{

public static class MI

{

    public static Dictionary<string, string> DllMap = new Dictionary<string, string>();

    public static IntPtr ImportResolver(string libraryName, Assembly assembly, DllImportSearchPath? searchPath)

    {

        if (DllMap.ContainsKey(libraryName))

            libraryName = DllMap[libraryName];

        return NativeLibrary.Load(libraryName, assembly, searchPath);

    }

}

}

'@

$libbase = Join-Path (Import-Module -Name PSWSMan -PassThru).ModuleBase bin glibc-3

[CloudShell.MI]::DllMap['libpsrpclient'] = Join-Path $libBase libpsrpclient.so

Change glibc-3 to glibc-1.1 if you are using OpenSSL 1.1.x or use the musl prefix instead of glibc if you are on a musl based distribution like Alpine.

— Reply to this email directly, view it on GitHubhttps://github.com/jborean93/omi/issues/57#issuecomment-1312854359, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AL5X6CQUABQ5DRHUA7GONKTWIF353ANCNFSM6AAAAAAR2VDUSQ. You are receiving this because you authored the thread.Message ID: @.**@.>>

Moody's monitors email communications through its networks for regulatory compliance purposes and to protect its customers, employees and business and where allowed to do so by applicable law. The information contained in this e-mail message, and any attachment thereto, is confidential and may not be disclosed without our express permission. If you are not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you have received this message in error and that any review, dissemination, distribution or copying of this message, or any attachment thereto, in whole or in part, is strictly prohibited. If you have received this message in error, please immediately notify us by telephone, fax or e-mail and delete the message and all of its attachments. Every effort is made to keep our network free from viruses. You should, however, review this e-mail message, as well as any attachment thereto, for viruses. We take no responsibility and have no liability for any computer virus which may be transferred via this e-mail message.

franshamk commented 1 year ago

Hey @LizRollet did you ever get this working? I'm following a similar trail... Curious if it worked out for you.

jborean93 / omi