Need help on converting a bash script into rexpect

[tjyang]

Hi @philippkeller

• And this is the command and logs from realm join command

#realm join -v --computer-ou="ou=servers,dc=test,dc=com" test.com -U admin_ad
 * Resolving: _ldap._tcp.test.com
 * Performing LDAP DSE lookup on: 100.76.1.18
 * Performing LDAP DSE lookup on: 100.76.1.19
 * Performing LDAP DSE lookup on: 100.64.0.65
 * Successfully discovered: test.com
Password for admin_ad: admin_ad_password

• This is one-liner bash script I used to join a centos 7 to MS AD domain.

realm join -v --computer-ou="ou=ma,ou=servers,dc=test,dc=com" test.com -U admin_ad << MYPASSWD
admin_ad_password
MYPASSWD

• And this is using rexpect 0.3

//Run this code with cargo
// Join test.com AD domain on CentOS 7 with SSSD enabled.
//  Following is the response from realm command
//!  realm join -v --computer-ou="ou=unit1,ou=servers,dc=test,dc=com" test.com -U admin_ad
//!  * Resolving: _ldap._tcp.test.com
//!  * Performing LDAP DSE lookup on: 100.76.1.18
//!  * Performing LDAP DSE lookup on: 100.76.1.19
//!  * Performing LDAP DSE lookup on: 100.58.0.65
//!  * Successfully discovered: test.com
//! Password for admin_ad:

extern crate rexpect;

use rexpect::spawn;
use rexpect::errors::*;

fn  join() -> Result<()> {
    let mut p = spawn("realm join -v --computer-ou=\"ou=ma,ou=servers,dc=test,dc=com\" test.com -U admin_ad", Some(30_000))?;
    p.exp_regex("^Password for .*: ")?;
    p.send_line("admin_ad_password")?;
    p.exp_eof()?;
    Ok(())
}

fn main() {
    join().unwrap_or_else(|e| panic!("Failed to joing test.com AD domain {}", e));
}

• The error Is there a way to skip first 5 lines from realm command output ?

>target/debug/joinad
thread 'main ' panicked at 'Failed to joing test.com AD domain EOF (End of File): Expected Regex: "^Password for .*: " but got EOF after reading " * Resolving: _ldap._tcp.test.com

• I inserted "p.wait_for_prompt()?;" before " p.exp_regex" but I got compilation error saying no wait_for_promp method for ptysession ...

[philippkeller]

the problem is that p.exp_regex("^Password for .*: ")?; will try to match Password at the beginning of the not-yet-consumed output, not the line: That means you try to match ^Password on the string starting with * Resolving: _ldap._tcp.test.com.

You can remove the ^ or replace it with \n

[tjyang]

@philippkeller , Thanks for the explanation about not-yet-consumed output string starting with " Resolving ..." and ended with "Password for .: ".

[philippkeller]

marvellous! So it worked then?

[philippkeller]

@tjyang also thanks to your issue I now added a note about matching beginning of line to the documentation

[tjyang]

Thanks for the link to method.exp_regex documentation.

Currently the command just ended without error message after I replace "^" with "\n" as you suggested.

Is there a method to print out the output "realm join .." for debugging/informational purpose ?

I like to print output before " p.exp_regex("\nPassword " line. ...

[philippkeller]

yes, exp_regex outputs a tuple:

1. the yet unread output
2. the matched regex

So the realm join message should be in the first part. You might need regex to extract the piece you're interested in

[tjyang]

• If I run the "realm join ..." command from bash problem with correct password. I got following line with $?=1, this due I am running as non-root user and sssd not setup.

realm: Couldn't join realm: Not authorized to perform this action

• Looks like I need a error handling logic on $?=1, before exp_eof line and print out error message (.*Couldn't join realm: ...) How can I do that ?

  <snipped>
  fn  join() -> Result<()> {
  let mut p = spawn("realm join -v --computer-ou=\"ou=ma,ou=servers,dc=test,dc=com\" test.com -U admin_ad", Some(30_000))?;
  p.exp_regex("\nPassword for .*: ")?;
  p.send_line("admin_ad_password")?;   
  p.exp_eof()?;
  Ok(())
  }
  <snipped>

[philippkeller]

you can check for the exit code like this:

match p.process.wait() {
    Ok(wait::WaitStatus::Exited(_, 0)) => println!("realm exited with code 0, all good!"),
    _ => println!("realm exited with code >0, or it was killed"),
}

I also added a full example with how to handle exit codes here.

Thanks for these questions! Keep 'em coming as it helps me to extend the documentation

[tjyang]

Thanks for the p.process.wait pointer .

How can I print out the error message from stderr (2) once exit code is not zero ?

[philippkeller]

p.exp_eof()? returns all the not yet consumed output (that is stdout and stderr combined, because in tty you combine those two outputs, as in the shell you see them both together). In your example this would include the error message of realm.

I extended this example (see line 23 and following) to show how that would be used in context.

[tjyang]

@philippkeller

Thanks for great help so far. I will switch from golang-gexpect to rust-rexpect for AD join/leave operations from linux.

Following is the expect output from cargo run.

<snipped>
    Finished dev [unoptimized + debuginfo] target(s) in 2.43 secs
     Running `target/debug/ad`
 realm join  failed with exit code 1
Output (stdout and stderr):
realm: Couldn't join realm: Not authorized to perform this action

[philippkeller]

glad to hear that :) Judging from the output it seems that your program is working, the issue is only with the user permissions, correct?

[tjyang]

I will post a follow up once I have my rust A.D. binary working to the way I need. like adding command line argument processing to use default ad admin account if no one provided. Sigh, too many compute languages to learn in sysadmin life.