Issue with a worklet

I am working on a worklet to report back in the Activity log and then take after if the firewall is enabled on some CentOS boxes. But for some reason I cannot get the echos to appear in the activity log. Below is what I have.

#!/bin/bash
if [[ `firewall-cmd --state` = running ]]
then
    firewall_state=active
else
    firewall_state=inactive
fi
echo "Firewall State: $firewall_state" 1>&2
if [[ `systemctl is-enabled firewalld` = enabled ]]
then
    firewall_status=enabled
elif [[ `systemctl is-enabled firewalld` = masked ]]
then
    firewall_status=masked
elif [[ `systemctl is-enabled firewalld` = disabled ]]
then
    firewall_status=disabled
else
    firewall_status=unknown
fi
echo "Firewall Status: $firewall_status" 1>&2
if [ "$firewall_state" = "active" ] || [ "firewall_status" = "enabled" ]
then
    exit 1
else
    exit 0

It looks like you have the right command for the echo to go to the activity log. If you just try to write plain text to the activity log using the echo and 1>&2, does that show up at all?

No it is blank

How about just some test code that all it does is try to write to the activity log? That will tell us if it’s a bug on our end or something in the rest of the code.

Used the below code, same result.

#!/bin/bash
echo "This is a test" 1>&2
exit 0

Ok let me test it out on my end to reproduce. What version of Centos are you on, so I can make sure I have the same conditions?

Both test boxes are CentOS 7.8

1 Like

I was talking this over with the support folks and they let me know what they think the issue is. The way the worklet works is that it stores both stdout and stderr, and then which it writes to the activity log depends on the return code. If it exits with 0 then stdout gets written to the activity log, and if it exits with 1 (or anything else) it writes stderr. In the case of your code above, since it’s returning 0 it is throwing away stderr. Try your test echo code with the echo just going to stdout (i.e. remove the 1>&2) and see if it shows up. If that works, then I’d say echo to both stdout and stderr and then no matter which exit code gets returned you’ll see the firewall state info show up.

Follow-up - I just tested out this behavior and it does work. You can duplicate your echo statements:
echo “firewall status”
echo “firewall status” 1>&2

and that way it will be captured no matter which path the rest of the code takes and what the return code is.

Odd, still returns nothing in the log.

#!/bin/bash
if [[ `firewall-cmd --state` = running ]]
then
    firewall_state=active
else
    firewall_state=inactive
fi
if [[ `systemctl is-enabled firewalld` = enabled ]]
then
    firewall_status=enabled
elif [[ `systemctl is-enabled firewalld` = masked ]]
then
    firewall_status=masked
elif [[ `systemctl is-enabled firewalld` = disabled ]]
then
    firewall_status=disabled
else
    firewall_status=unknown
fi
echo "Firewall Status: $firewall_status" 1>&2
echo "Firewall Status: $firewall_status"
echo "Firewall State: $firewall_state" 1>&2
echo "Firewall State: $firewall_state"
if [ "$firewall_state" = "active" ] || [ "firewall_status" = "enabled" ]
then
    exit 1
else
    exit 0

Interestingly if I put the echos in the remediation section it does echo.

That is strange - let me play with the full code on my end and see if I can get it to show up.

1 Like

Sorry, got sidetracked from this last week. One question: are you running the above code in the evaluation section or the remediation section? Evaluation code won’t write to the activity log, so maybe try reporting from the remediation code if that’s the case?

1 Like