command_execution_options
command execution.
⚙️ Compatible targets: Linux
Parameters
| Name | Documentation |
|---|---|
| command | Command to be executed. This parameter is required. |
| args | Arguments to the command. This parameter is optional. |
| run_in_audit_mode | Specify if command must be run in audit mode, "true" or "false" (defaults to "false"). Choices:
This parameter is optional. |
| in_shell | Specify whether the command should be executed within a shell, "true" or "false" (defaults to "false"). Choices:
This parameter is optional. |
| shell_path | Define the path to the shell to be used, absolute path on the target node (applicable only in shell mode, defaults to "/bin/sh"). This parameter is optional. |
| chdir | Set the working directory from which the command will be executed. This parameter is optional. |
| timeout | Define a timeout duration in seconds for the command execution (defaults to "30" seconds). This parameter is optional. |
| stdin | Provide input to the standard input (stdin) of the executed command. This parameter is optional. |
| stdin_add_newline | Control whether a newline character is appended to the stdin input, "true" or "false" (defaults to "true"). Choices:
This parameter is optional. |
| compliant_codes | Specify the compliant codes. This parameter is optional. |
| repaired_codes | Specify the repaired codes. This parameter is optional. |
| output_to_file | Define a file path to store the output generated by the command (absolute path on the target node). This parameter is optional. |
| strip_output | Controls if the EOL is strip from the output, "true" or "false" (defaults to "false"). Choices:
This parameter is optional. |
| uid | Specify the user ID (UID) under which the command will be executed. This parameter is optional. |
| gid | Specify the group ID (GID) under which the command will be executed. This parameter is optional. |
| user | Specify the user under which the command will be executed. This parameter is optional. |
| group | Specify the group under which the command will be executed. This parameter is optional. |
| umask | Set the umask value for the executed command. This parameter is optional. |
| env_vars | The variables to pass to the environment of the executed command. This parameter is optional. |
| show_content | Controls output of the report, "true" or "false" (defaults to "true"). Choices:
This parameter is optional. |
Outcome conditions
You need to replace ${command} with its actual canonified value.
- ✅ Ok:
command_execution_options_${command}_ok- ☑️ Already compliant:
command_execution_options_${command}_kept - 🟨 Repaired:
command_execution_options_${command}_repaired
- ☑️ Already compliant:
- ❌ Error:
command_execution_options_${command}_error
Example
method: command_execution_options
params:
in_shell: 'true'
timeout: OPTIONAL_VALUE
compliant_codes: OPTIONAL_VALUE
uid: OPTIONAL_VALUE
gid: OPTIONAL_VALUE
shell_path: OPTIONAL_VALUE
repaired_codes: OPTIONAL_VALUE
env_vars: OPTIONAL_VALUE
show_content: 'true'
umask: OPTIONAL_VALUE
args: OPTIONAL_VALUE
output_to_file: OPTIONAL_VALUE
group: OPTIONAL_VALUE
chdir: OPTIONAL_VALUE
stdin: OPTIONAL_VALUE
stdin_add_newline: 'true'
run_in_audit_mode: 'true'
command: VALUE
strip_output: 'true'
user: OPTIONAL_VALUE
Documentation
The command_execution_options method executes a command on the system with configurable execution
parameters such as timeout, user/group, environment, and shell options.
This function is a wrapper around
Rudder command execution module,
providing simplified parameterization and safe defaults.
Result status
The method’s result depends on the execution mode:
-
Enforce mode
- If the command exit code is contained in
repaired_codes, the status isrepaired. - If the exit code is contained in
compliant_codes, the status issuccess. - Any other exit code produces an
errorreport.
- If the command exit code is contained in
-
Audit mode
- By default, the status is always
not_applicable. - If
run_in_audit_modeis set to"true", the same logic as in enforce mode is applied (repaired/success/errordepending on exit codes).
- By default, the status is always
Notes
- When
in_shell=true, thecommandis passed directly to the shell. Pipes, subshells, and compound commands are supported. - When
in_shell=false, you must useargs(JSON array of strings). No shell expansion happens: variables like$HOME, wildcards (*), or redirections (>/|) are treated literally. argsandin_shellare mutually exclusive: they cannot be used at the same time.stdin_add_newlineensures input ends with a newline, useful when using interactive inputs viastdinenv_varsmust be a JSON object where keys and values are strings.
Examples
Minimal usage (required command)
method: command_execution_options
params:
command: "echo Hello"
With arguments (JSON array, no shell)
method: command_execution_options
params:
command: "/usr/bin/echo"
args: ["Hello", "World"]
in_shell: "false"
Using a shell with pipes
method: command_execution_options
params:
command: "cat /etc/os-release | grep NAME"
in_shell: "true"
Running as specific user and group
method: command_execution_options
params:
command: "id"
uid:: "1001"
gid:: "1001"
Setting environment variables (JSON object)
method: command_execution_options
params:
command: "env"
env_vars:: { "MY_VAR": "Hello World" }