CLI Reference
The StackStorm command line client (CLI) st2 allows you to operate your StackStorm system using the
command line. It communicates with the StackStorm processes using public APIs.
Installation
The CLI client is installed by default on your StackStorm system. It can also be installed on a client
system using pip:
pip install st2client
Configuration
The command line client can be configured using one or more of the approaches listed below:
Configuration file (
~/.st2/config)Environment variables (
ST2_API_URL, etc.)Command line arguments (
st2 --cacert=... action list, etc.)
Command line arguments have highest precedence, followed by environment variables, and then configuration file values.
If the same value is specified in multiple places, the value with the highest precedence will be
used. For example, if api_url is specified in the configuration file and in an environment
variable ($ST2_API_URL), the environment variable will be used.
Configuration File
The CLI can be configured through an ini-style configuration file. By default, st2 will
use the file at ~/.st2/config.
If you want to use configuration from a different file (e.g. you have one config per deployment
or environment), you can select which file to use using the ST2_CONFIG_FILE environment
variable or the --config-file command line argument.
For example (environment variable):
ST2_CONFIG_FILE=~/.st2/prod-config st2 action list
For example (command line argument):
st2 --config-file=~/.st2/prod-config action list
An example configuration file with all the options and the corresponding explanations is included below:
# Configuration file for the StackStorm CLI
[general]
base_url = http://127.0.0.1
api_version = v1
# Path to the CA cert bundle used to validate the SSL certificates
cacert =
[cli]
debug = True
# True to cache the retrieved auth token during authentication in ~/.st2/token
# and use the cached token in the subsequent API requests
cache_token = True
# Timezone used for timestamps displayed in the CLI. If not provided it defaults
# to UTC
timezone = Europe/Ljubljana
[credentials]
# Credentials used to authenticate against the auth API and retrieve the auth
# token
username = test1
password = testpassword
# or authenticate with an api key.
# api_key = <key>
# Optional additional http basic auth credentials which are sent with each HTTP
# request except the auth request to /v1/auth/tokens endpoint.
# Available in StackStorm >= v3.4.0
# NOTE: Username can't contain colon (:) character.
# basic_auth = username:password
[api]
url = http://127.0.0.1:9101/v1
# or for a remote instance
# url = https://example.com/api/v1
[auth]
url = http://127.0.0.1:9100/
# or for a remote instance
#url = https://example.com/auth/v1
[stream]
url = http://127.0.0.1:9102
# or for a remote instance
# url = https://example.com/stream/v1
If you want the CLI to skip parsing of the configuration file, you can do that by passing the
--skip-config flag to the CLI:
st2 --skip-config action list
Authentication and Auth Token Caching
The previous section showed an option for storing your password in plaintext in your configuration
file. The st2 login command offers an alternative that does not store the password in plaintext.
Similar to st2 auth, you must provide your username and password:
st2 login st2admin --password 'Password1!'
This command caches your authentication token, but also modifies the CLI configuration to include
the referenced username. This way, future commands will know which cached token to use for
authentication, since tokens are cached using the token-<username> format. The password itself
does not need to be stored in the config file.
Warning
st2 login will overwrite the “credentials” section of the configuration.
It will overwrite the configured username and will remove any configured password.
These auth tokens are by default cached on the local filesystem (in the ~/.st2/token-<username>
file) and re-used for subsequent requests to the API service. You will need to re-login once the
generated token has expired, or use of the --write-password flag, which writes the password to
the config.
The st2 whoami command will tell you who is the currently authenticated user.
You can switch between users by re-running the st2 login command. Any existing users’ token
cache files will remain, but the CLI configuration will be changed to point to the new username.
Note
As with many other st2 commands, st2 login will not create the configuration file
for you. Keep this in mind especially if you’re leveraging the --config-file CLI option,
or similar.
You can still use the “old” method of supplying both username and password in the configuration file. If both a username and password are present in the configuration, then the client will automatically try to authenticate with these credentials.
If you want to disable auth token caching and want the CLI to retrieve a new auth token on each
invocation, set cache_token to False:
[cli]
cache_token = False
The CLI will by default also try to retrieve a new token if an existing one has expired.
If you have manually deleted or revoked a token before expiration you can clear the cached token
by removing the ~/.st2/token file.
If the configuration file has an API key as authentication credentials, the CLI will use that as the primary method of authentication instead of auth token.
Using Debug Mode
The command line tools accepts the --debug flag. When this flag is provided,
debug mode will be enabled. Debug mode consists of the following:
On error/exception, full stack trace and client settings (API URL, auth URL, proxy information, etc.) are printed to the console.
The equivalent
curlcommand for each request is printed to the console. This makes it easy to reproduce actions performed by the CLI usingcurl.Raw API responses are printed to the console.
For example:
st2 --debug action list --pack=core
Example output (no error):
st2 --debug action list --pack=core
# -------- begin 140702450464272 request ----------
curl -X GET -H 'Connection: keep-alive' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-requests/2.5.1 CPython/2.7.6 Linux/3.13.0-36-generic' 'http://localhost:9101/v1/actions?pack=core'
# -------- begin 140702450464272 response ----------
[
{
"runner_type": "http-runner",
"name": "http",
"parameters": {
...
Example output (error):
st2 --debug action list --pack=core
ERROR: ('Connection aborted.', error(111, 'Connection refused'))
Client settings:
----------------
ST2_BASE_URL: http://localhost
ST2_AUTH_URL: https://localhost:9100
ST2_API_URL: http://localhost:9101/v1
Proxy settings:
---------------
HTTP_PROXY:
HTTPS_PROXY:
Traceback (most recent call last):
File "./st2client/st2client/shell.py", line 175, in run
args.func(args)
File "/data/stanley/st2client/st2client/commands/resource.py", line 218, in run_and_print
instances = self.run(args, **kwargs)
File "/data/stanley/st2client/st2client/commands/resource.py", line 37, in decorate
return func(*args, **kwargs)
...
Using CLI in Scripts
The CLI returns a non-zero return code for any erroneous operation. You can capture the return code of CLI commands to check whether the command succeeded.
For example:
st2 action get twilio.send_sms
+-------------+--------------------------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------------------------+
| id | 54bfff490640fd2f6224ac1a |
| ref | twilio.send_sms |
| pack | twilio |
| name | send_sms
Now, let’s get the exit code of the previous command:
echo $?
0
Now, let’s run a command that we know will fail:
st2 action get twilio.make_call
Action "twilio.make_call" is not found.
Let’s check the exit code of the last command:
echo $?
2
Obtaining an Authentication Token in Scripts
If you want to authenticate and obtain an authentication token inside your (shell) scripts, you can
use the st2 auth CLI command in combination with the -t flag.
This flag will cause the command to only print the token to stdout on successful
authentication. This means you don’t need to deal with parsing JSON or CLI output format.
Example usage:
st2 auth test1 -p 'testpassword' -t
0280826688c74bb9bd541c26631df298
Example usage inside a Bash script:
TOKEN=$(st2 auth test1 -p 'testpassword' -t)
# Now you can use the token (e.g. pass it to other commands, set an
# environment variable, etc.)
echo ${TOKEN}
Changing the CLI Output Format
By default, the CLI returns and prints results in a user-friendly table-oriented format:
st2 action list --pack=slack
+--------------------+-------+--------------+-------------------------------+
| ref | pack | name | description |
+--------------------+-------+--------------+-------------------------------+
| slack.post_message | slack | post_message | Post a message to the Slack |
| | | | channel. |
+--------------------+-------+--------------+-------------------------------+
If you want a raw JSON result as returned by the API (e.g. you are using the CLI as part of your
script and you want the raw result which you can parse), you can pass the -j flag:
st2 action list -j --pack=slack
[
{
"description": "Post a message to the Slack channel.",
"name": "post_message",
"pack": "slack",
"ref": "slack.post_message"
}
]
Only Displaying a Particular Attribute
By default, when retrieving the action execution result using st2 execution get,
the whole result object will be printed:
st2 execution get 54d8c52e0640fd1c87b9443f
STATUS: succeeded
RESULT:
{
"failed": false,
"stderr": "",
"return_code": 0,
"succeeded": true,
"stdout": "Mon Feb 9 14:33:18 UTC 2015"
}
If you only want to retrieve a specific result attribute, use the -k <attribute name> flag:
st2 execution get -k stdout 54d8c52e0640fd1c87b9443f
Mon Feb 9 14:33:18 UTC 2015
If you only want to retrieve and print out a specific attribute of the execution,
you can do that using --attr <attribute name> flag.
For example, if you only want to print start_timestamp attribute of the result
object:
st2 execution get 54d8c52e0640fd1c87b9443f -a start_timestamp
start_timestamp: 2015-02-24T23:01:15.088293Z
You can also specify multiple attributes:
st2 execution get 54d8c52e0640fd1c87b9443f --attr status result.stdout result.stderr
status: succeeded
result.stdout: Mon Feb 9 14:33:18 UTC 2015
result.stderr:
Similarly for the execution list command:
st2 execution list -a id status result
+--------------------------+-----------+---------------------------------+
| id | status | result |
+--------------------------+-----------+---------------------------------+
| 54eb51000640fd34e0a9a2ce | succeeded | {u'succeeded': True, u'failed': |
| | | False, u'return_code': 0, |
| | | u'stderr': u'', u'stdout': |
| | | u'2015-02-23 |
| | | 16:10:39.916375\n'} |
| 54eb51000640fd34e0a9a2d2 | succeeded | {u'succeeded': True, u'failed': |
| | | False, u'return_code': 0, |
| | | u'stderr': u'', u'stdout': |
| | | u'2015-02-23 |
| | | 16:10:40.444848\n'} |
Escaping Shell Variables
When you use local and remote actions (e.g. core.local, core.remote, etc.), you need to
wrap cmd parameter values in a single quote or escape the variables. Otherwise, the shell
variables will be expanded locally which is something you usually don’t want.
Using single quotes:
st2 run core.local env='{"key1": "val1", "key2": "val2"}' cmd='echo "ponies ${key1} ${key2}"'
Escaping the variables:
st2 run core.remote hosts=localhost env='{"key1": "val1", "key2": "val2"}' cmd="echo ponies \${key1} \${key2}
Specifying Parameters with Type “array”
When running an action using st2 run command, you specify the value of parameters with type
array as a comma delimited string.
Inside the CLI, this string gets split on commas and passed to the API as a list.
Example 1 - Simple Case (Array of Strings)
st2 run mypack.myaction parameter_name="value 1,value2,value3"
In this case, the parameter_name value would get passed to the API as a list (JSON array) with
three items - ["value 1", "value2", "value3"].
Example 2 - Complex Case (Array of Objects)
When you want to pass more complex type (e.g. arrays of objects) value to an action, you can do it like this:
st2 run --auto-dict mypack.set_interfaces \
nic_info="target:eth0,ipaddr:192.168.0.10,netmask:255.255.255.0,mtu:1454" \
nic_info="target:eth1,ipaddr:192.168.0.11,netmask:255.255.255.0,mtu:2000"
In this case, the nic_info value passed to the mypack.set_interfaces action would be parsed
and look like this:
[{'netmask': '255.255.255.0', 'ipaddr': '192.168.0.10', 'target': 'eth0', 'mtu': 1454},
{'netmask': '255.255.255.0', 'ipaddr': '192.168.0.11', 'target': 'eth1', 'mtu': 2000}]
Note
The st2 cli option --auto-dict is required to use this functionality. When you run action
without this option, each colon separated parameters are not parsed as dict object but just string.
And this option and its functionality will be deprecated in the next release in favor of a more robust conversion method.
To parse each value in the object as an expected type, you need to specify the type of each value in the action metadata, like this.
parameters:
nic_info:
type: array
properties:
target:
type: string
ipaddr:
type: string
netmask:
type: string
mtu:
type: integer
Or you can use JSON notation:
st2 run mypack.myaction parameter_name='[{"Name": "MyVMName"}]'
Note
When using JSON string notation, parameter value needs to be wrapped inside single
quotes (e.g. parameter='{"Key": "Value"}'), otherwise quotes (") inside the JSON
string need to be escaped with a backslash (\ - e.g.
parameter="{\"Key\": \"Bar\"}").
Specifying Parameters with Type “object”
When running an action using st2 run command, you can specify the value of parameters with type
object using two different approaches:
JSON String Notation
For complex objects, you should use JSON notation:
st2 run core.remote hosts=localhost env='{"key1": "val1", "key2": "val2"}' cmd="echo ponies \${key1} \${key2}
Note
When using JSON string notation, parameter value needs to be wrapped inside single
quotes (e.g. parameter='{"Key": "Value"}'), otherwise quotes (") inside the JSON
string need to be escaped with a backslash (\ - e.g.
parameter="{\"Key\": \"Bar\"}").
Comma-delimited key=value Pairs String Notation
For simple objects (such as specifying a dictionary where both keys and values are simple strings), use this notation:
st2 run core.remote hosts=localhost env="key1=val1,key2=val2" cmd="echo ponies \${key1} \${key2}"
Reading Parameter Values From a File
The CLI also supports the special @parameter notation which makes it read parameter
values from a file.
An example of when this might be useful is when you are using http runner actions, or when you want to read information such a private SSH key content from a file.
Example:
st2 run core.remote hosts=<host> username=<username> @private_key=/home/myuser/.ssh/id_rsa cmd=<cmd>
Re-running an Action
To re-run a particular action, you can use the st2 execution re-run <existing
execution id> command.
By default, this command re-runs an action with the same set of input parameters which were used with the original action.
The command takes the same arguments as the run/action execute command. This means you can
pass additional runner or action specific parameters to the command. Those parameters are then
merged with the parameters from the original action and used to run a new action.
For example:
st2 run core.local env="VAR=hello" cmd='echo $VAR; date'
.
+-----------------+--------------------------------+
| Property | Value |
+-----------------+--------------------------------+
| id | 54e37a3c0640fd0bd07b1930 |
| context | { |
| | "user": "stanley" |
| | } |
| parameters | { |
| | "cmd": "echo $VAR; date", |
| | "env": { |
| | "VAR": "hello" |
| | } |
| | } |
| status | succeeded |
| start_timestamp | Tue, 17 Feb 2015 17:28:28 UTC |
| result | { |
| | "failed": false, |
| | "stderr": "", |
| | "return_code": 0, |
| | "succeeded": true, |
| | "stdout": "hello |
| | Tue Feb 17 17:28:28 UTC 2015 |
| | " |
| | } |
| action | core.local |
| callback | |
| end_timestamp | Tue, 17 Feb 2015 17:28:28 UTC |
+-----------------+--------------------------------+
st2 run re-run 54e37a3c0640fd0bd07b1930
.
+-----------------+--------------------------------+
| Property | Value |
+-----------------+--------------------------------+
| id | 54e37a630640fd0bd07b1932 |
| context | { |
| | "user": "stanley" |
| | } |
| parameters | { |
| | "cmd": "echo $VAR; date", |
| | "env": { |
| | "VAR": "hello" |
| | } |
| | } |
| status | succeeded |
| start_timestamp | Tue, 17 Feb 2015 17:29:07 UTC |
| result | { |
| | "failed": false, |
| | "stderr": "", |
| | "return_code": 0, |
| | "succeeded": true, |
| | "stdout": "hello |
| | Tue Feb 17 17:29:07 UTC 2015 |
| | " |
| | } |
| action | core.local |
| callback | |
| end_timestamp | Tue, 17 Feb 2015 17:29:07 UTC |
+-----------------+--------------------------------+
st2 run re-run 7a3c0640fd0bd07b1930 env="VAR=world"
.
+-----------------+--------------------------------+
| Property | Value |
+-----------------+--------------------------------+
| id | 54e3a8f50640fd140ae20af7 |
| context | { |
| | "user": "stanley" |
| | } |
| parameters | { |
| | "cmd": "echo $VAR; date", |
| | "env": { |
| | "VAR": "world" |
| | } |
| | } |
| status | succeeded |
| start_timestamp | Tue, 17 Feb 2015 20:47:49 UTC |
| result | { |
| | "failed": false, |
| | "stderr": "", |
| | "return_code": 0, |
| | "succeeded": true, |
| | "stdout": "world |
| | Tue Feb 17 20:47:49 UTC 2015 |
| | " |
| | } |
| action | core.local |
| callback | |
| end_timestamp | Tue, 17 Feb 2015 20:47:49 UTC |
+-----------------+--------------------------------+
Cancel an Execution
When dealing with long running executions, you may want to cancel some of them before they have completed.
To cancel an execution, run:
st2 execution cancel <existing execution id>
Passing Environment Variables to Runner as env Parameter
Local, remote and Python runners support the env parameter. This parameter tells the runner
which environment variables should be accessible to the action which is being executed.
User can specify environment variables manually using the env parameter in the same manner as
other parameters:
st2 run core.remote hosts=localhost env="key1=val1,key2=val2" cmd="echo ponies \${key1} \${key2}"
In addition to that, users can pass the -e/--inherit-env flag to the action run
command.
This flag will cause the command to inherit all the environment variables which are accessible to
the CLI and send them as an env parameter to the action.
Keep in mind that some global shell login variables such as PWD, PATH and others are
ignored and not inherited. The full list of ignored variables can be found in the
action.py file.
For example:
st2 run --inherit-env core.remote cmd=...