This might be a very simple question, I hope, about the system.util.execute Python script function.
I read in the Forum about how to execute a Windows executable program, in order to run a command as though you were at the command line. You use CMD.EXE, in this case to refer to a Batch file.
Does anyone know how to do the same for a Linux shell ?
The goal is actually to have a way to shut down the Ignition server computer (shutdown -h now) before powering down the equipment in which it is installed. While yes, they could do that from a SSH shell or web shell, these users are somewhat unsophisticated. I don’t want them just yanking the cord out of the wall.
I’ve experimented with calling the /bin/bash shell, or just sending the command directly, but so far no luck. The Linux box is running the barest bones of Ubuntu 10.04.
in order to cleanly shutdown ignition when the computer shuts down, you want to play with run levels. I haven’t looked closely at how the install sets up the start/stop scripts for ignition but I’d guess these is already being handled.
Working from that assumption, and the example the Travis gives, you will need to give the ignition user sudo rights to run shutdown. (google/man sudo for more info) after that’s setup, your file.sh would look like:
#!/usr/bin/bash
sudo shutdown -h now or even #!/usr/bin/bash
sudo shutdown -r nowto reboot.
The great thing about sudo is it allows you to grant root access to non root users while limiting that access to very specifc commands. In this case it would by only the shutdown command. You can even limit the command options to only -r or -h so they can only reboot or halt it.
Thanks very much for the replies guys. This is an outstanding Forum !
I realize this is a lot like falling off a log for most folks, so I appreciate the patience. I’m obviously doing something simple wrong.
When I installed Ignition, I installed it to run as the root user. Even when my shell script file has nothing more than “echo Hello World”, Ignition can’t seem to execute the script file. I did chmod +x to make the script file runnable by any user.
I’ve tried it both in the Playground and on a button, with
system.util.execute(["/home/hello.sh"])
I always get an uncaught exception:
[code]Traceback (innermost last):
File “”, line 1, in ?
java.io.IOException: Cannot run program “/home/hello.sh”: CreateProcess error=2, The system cannot find the file specified
Caused by: java.io.IOException: CreateProcess error=2, The system cannot find the file specified
java.io.IOException: java.io.IOException: Cannot run program “/home/hello.sh”: CreateProcess error=2, The system cannot find the file specified
Ignition v7.3.4 (b599)
Java: Sun Microsystems Inc. 1.6.0_29[/code]
Sounds like your running this from a client. In that case it will execute in the client machine. If you want it to run on the gateway, then you have to create a gateway script that runs the external shell script to shutdown the machine.
If you really are trying to shutdown the client machine, then you need to install the external shell script on the client machine.
Sure enough, a gateway script connected to a Tag doing an OnChange trigger fired the bash script on the Gateway computer.
Performing a “shutdown -h now” stops the Ignition Gateway and sends the computer diving for runlevel 0.
I was concerned that the same script would also execute upon startup of the Scripting system, but so far it hasn’t.
Now if I can just figure out how to make the OnChange trigger only on False to True, I’d be great. I suppose I don’t have to worry much about it re-triggering on True -> False because it will be shutting down.
Reading a little deeper on the Gateway Scripts help page was the trick. The OnChange gateway scripts provide an “initialChange” flag and a Value object, which you can then use in your script to make sure the OnChange action only occurs when you want it to.
Remembering also the vital lesson that everything is case-sensitive in Python (initialchange and initialChange are not the same !) my Gateway Script just reads:
if initialChange == 0 and newValue.value == 1 : system.util.execute(["/home/shutdownscript.sh"])
where shutdownscript.sh is a text file in the /home directory on the Ubuntu computer that hosts the Ignition Gateway, which has been set using “chmod +x” to be executable.
shutdown -h now
Because in my case Ignition runs as root, I don’t need to use sudo or provide credentials. When the PLC toggles that “Ignition_Gateway_Shutdown” bit, the Gateway shuts down in an orderly way and I’m done.
[quote=“Kakkerlak”]
Because in my case Ignition runs as root,[/quote]
I feel bound to mention the insecurity of this. If Ignition ever gets hacked on you (I know the Devs try really hard to ensure that it can’t happen) then the hackers have root access to the system.
The more correct way is to create a user that the gateway runs under and then limit the access that user has to only those parts of the system that it needs.
This of course is just the tip of securing your system. The first step is to make an assessment of the threat. Not knowing anything about your setup, perhaps its fine for the gateway to run as root.
No need to reply. Just mentioning it for the masses they may not know or understand Linux. I’m sure we can have a loooong thread on securing Linux. Maybe in a new forum? At least it’s own thread on the Linux forum.
Robert, you are absolutely correct and I appreciate you bringing it up.
I would never do this to a real SCADA installation; this is a standalone embedded system that never connects to a network. I’m giving Ignition the ability to shut down its own gateway: that’s not something you’re usually going to see !
Nevertheless, having written that statement out has reinforced how foolish it is to expect that a PC won’t be connected to the WAN and the Internet just because it’s not designed or intended to be. There’s nothing keeping a user from connecting a monitor and keyboard to it and using the configuration console to take it off of the nonroutable internal network it uses.
So tomorrow I’m going to reinstall Ignition as a non-root user, and go through the process of configuring its permissions.
