1 2 Previous Next 17 Replies Latest reply on Nov 10, 2014 1:46 PM by tjsoftworks

    CLI fmsadmin for  FM12 and 13

    tjsoftworks

      First, I am a command line sysadmin kinda person.

      I do development too.

      And I have used fmsadmin since long ago ..... 10 years plus.

       

      So though this my sound like begin questions, I am asking because fmsadmin doesn't work they way I expect

       

      I wanted to start the filemaker 12 server today from the CLI

       

      I typed

      fmsadmin server start

      Error: 10006

      fmsadmin database open

      username (admin):

      password:

      fmsadmin: Permission denied, please try again.

       

      OK WTF ...

       

      sudo su -

      Password: *&^$^*(

      root# fmsadmin list files -u

      username (root): ^Z

       

      Why am I having to put in my root password?

       

      and on it goes .....

       

      I check that admin user is admin and in the admin group and that this group is added to the filemaker server admin console as an admin group....

       

      So, I don't understand fmsadmin and what permission are needed and when.

      I don't understand why root login doesn't allow full access.

       

      How do people setup sort that fmsadmin works for them?

      At times in the past I have had it work perfectly, at times I am baffled by the fact that the simple is so hard.

       

      fmsadmin is not a normal CLI tool and at times I create wrapper scripts to make it work like a normal CLI command so that workflows can do accomplished reasonably.

       

      I'm sure I'm not the only one.

       

      Anyone want to share their best practices? Wrapper scripts? And answers to the pain points?

        • 1. Re: CLI fmsadmin for  FM12 and 13
          dchabot

          Are you entering the user name and password you setup for Filemaker Server?

          This as you know is different from your root password I hope!

           

          DChabot

          • 2. Re: CLI fmsadmin for  FM12 and 13
            wimdecorte

            You don't have to use your root pw to run fmsadmin.  Unless the account you are logged into the machine is not an OS-level administrator I guess.

             

            tjsoftworks wrote:

             

            fmsadmin is not a normal CLI tool and at times I create wrapper scripts to make it work like a normal CLI command so that workflows can do accomplished reasonably.

             

             

            What do you mean by the statement above? What kind of workflows are you thinking about?

            How does a "normal" CLI command work in your expectation?

            • 3. Re: CLI fmsadmin for  FM12 and 13
              lavendt

              As Wim says, you do not need to be logged in as root user. In fact, if you currently user does not have sufficient privileges, it is normally good practise to just use the sudo before the command and enter the password of your root user.

               

              I find the fmsadmin CLI to work just like any other CLI like postfix and others.

               

              The error you get, can happen from the process you are trying to start.

               

              fmsadmin CLI require for several commands, that you type in the admin name and password of the FileMaker Server. This is what you setup when you install FMS. Not to be confused with OS level user.

               

              I have sometimes experienced that I could not get the server started with the command, but usually a machine restart resolve this.

              Be aware, that you need to have the latest version of FMS12 installed, as earlier versions can have issues with java.

               

              That being said, I am pretty sure that Wim would have some very good ideas on how to startup and manage the processes of FMS, if you still see issues after trying some of these suggestions....

              • 4. Re: CLI fmsadmin for  FM12 and 13
                tjsoftworks

                Thank you all for your replies.

                 

                The OS's of most interest to me now are Mavericks 10.9.5, some MtLion 10.8.5, and rarely a FMS11 on SnowLeopard 10.6.8 ( and then there is the WinServers 2008 but that is not the subject of this post )

                In all cases,

                     I am logged in as an admin user

                     The admin user is a member of the admin group.

                     The admin group has been added to FileMaker Server Admin via WebGUI as the group to administer the server.

                 

                Thus I expect the following to work

                 

                >>fmsadmin server start        ( and other reasonable commands )

                 

                Or at minimum, ( because I don't really want to run as root user at all ... ) I sudo temporarily with

                >>sudo fmsadmin server start

                   <<password>>> of the whoami user....

                Or at worst this supposed work as a fall back....

                >> sudo su -

                <<password>> of the called user NOT the root user which may not actually even be enabled......

                   #fmsadmin server start (as root user )

                NOT

                  #sudo fmsadmin server start

                username (root)

                password ....

                 

                ( Which is kinda crazy .... no really crazy,

                    cause I am allready an admin

                    in the admin group

                    and

                    I have sudo su - into root

                    which means I gave a password allready again

                    and thus I have permission three times over, right? without added another username password game to boot....

                )

                 

                I expect that either or both of these should work without additional usename/password/permission sudo-ing but often find this to not be the case.

                 

                Yes, java of various flavors, in various combinations of OS and FileMaker Server have caused problems.....

                 

                It appears this has finally settled down again but maybe that is causing problems again .....

                 

                I hope ( assume ) that FMS is taking care of it's needed and I wish and sometimes think that the FMS Tomcat server is an encapsulated/isolated self sufficient application server that is not effected by the other possible versions of Java on the OS.

                 

                On the FMSAdmin Webgui connection for < 13, the client java version seems to be happier these days .... mostly.... I have used Java 6, 7, & now 8 and all seem to be working with 6 getting retired out of my ecosystem for most FileMaker purposes..... Even FMS 11 seems to be happy connecting with a Java 7 client ( I believe that is true ).

                 

                Please feel free to correct any of my mis-impressions .... It is possible I have gotten jaded over the years and not been paying close enough attention to exact method I use to overcome the annoyance of the moment as I work around various administration issues....

                 

                Sometimes, many times in my role as the SysAdmin/DatabaseAdmin for a particular situation, I just need to get a server/database server back on line a quick as possible.

                 

                I have a collection of helper scripts that 1)  ssh into a remote fms and run a backup, 2) zip it up and 3) return it to the calling development environment to a particular directory in my development project structure depending on the particular client or project This was all nicely datetime stamped too and in turn it would then 4) fire up FMDiff to do base verification of the file set, and then 5) launch a particular verision of FileMaker Advanced to export a set of Design Report as XML which then finally 6) allowed BaseElements to spin up with the latest "report" for a development session. These have gotten broken and I have not had time to get them working again because I hit the wall on the various FileMaker Servers of figuring out fmsadmin and the permission issues that have the flavor of above.

                 

                This is why I ask this question.

                 

                Thanx for any thoughts.

                • 5. Re: CLI fmsadmin for  FM12 and 13
                  wimdecorte

                  The authentication group you set up in the admin console is to determine WHO gets to do admin tasks.  Just like you have to authenticate to get to the admin console, you have to authenticate for some CLI tasks.

                   

                  What you are after is SSO for both the FMS admin console and the FMS CLI, and that is not there, never has been.

                   

                  As to your workflow scripts: yes, most of us that do regular admin have variations of those.  But you have to find ways to inject the credentials if you do not want to hard-code them in your scripts.

                  • 6. Re: CLI fmsadmin for  FM12 and 13
                    tjsoftworks

                    Regarding "How does a "normal" CLI command work in your expectation?"

                     

                    Most unix/linux CLI command will give reason answers to these commands

                     

                    >>command -v    ( version )

                    or at least

                    >>command --version

                    >> command -h

                    or at leat

                    >> comand --help

                     

                    Some comands are better and help you out

                    It would be great if

                    >>fmsadmin server start

                    could be typed as

                    >>fmsadmin -s

                    or fmsadmin --start

                    or fmsadmin <return>

                        ( server, and other ): server<return>

                        ( start, stop, restart): start

                     

                    Or since we are on a Mac OS X machine....

                     

                    >>sudo su -

                    <password> one time for 3 minutes or whatever the timeout is....

                    >>launchctl start /Library/LaunchDaemon/com.filemaker.fms

                    etc.

                     

                    These are wishes mostly

                     

                    "normal" CLI command often allow pipes so that if I wanted the details about my database ( for example the last modified date ), I might think about this.....

                     

                    fmsadmin database list | grep -i mydatabase | ( give me column $5 )

                       gives the modification date of mydatabase.....

                     

                    And then there is the permission issue....

                     

                    Here an example that comes to mind.

                     

                    >>lsof

                       allows one to list the files of your userspace without a username and password

                    >>sudo lsof

                    password: fjsdahfldashjfgkls

                       allows one to list all the files being used on ones system but here we must put in a password and be on the sudoers list

                     

                    If however I do the following

                    sudo su -

                    password: fjlkfjdslajdfajdfl;

                    #whoami

                    root

                    #lsof

                    gives a list of all files in use without an additional username/password interruption

                    but

                    #fmsadmin server start

                    username (root):

                    password fdklsjflsadjdfaj;

                    Here even though I am root, I am still asked to input username and password again...

                     

                    This is the part I find "not normal". Is there a way to add the root user to the admin group? or do I have to add the wheel group at the admin group?

                     

                    Is my confusion, now clear? :-)

                    • 7. Re: CLI fmsadmin for  FM12 and 13
                      robwoof

                      Given that explanation, your confusion is understandable. However, you need to bear in mind that FileMaker Server's command line interface is not a typical Unix/Linux setup, and is not designed to be. Perhaps start with

                       

                      fmsadmin help commands

                       

                      or check out the Command Line section of the documentation for the respective server versions. That way you can manage your expectations of FMServer's command line behaviour.

                       

                      It's command line, Jim, but not as we know it. Assumptions will only get you so far. If they're not valid in this case, you only frustrate yourself if you do not let go of them.

                       

                      I hope I'm not sounding harsh - FileMaker Server's is not a "normal" command line setup, so be careful and read the docs.

                       

                      HTH

                      Rob

                      • 8. Re: CLI fmsadmin for  FM12 and 13
                        tjsoftworks

                        Hey Rob,

                         

                        No offense at all. I'm trying to clarify my misunderstand of "normal" behavior that has built up over the many years.

                         

                        I do go and look at the HTML docs because there is not a "man page" of the fmsadmin and I completely dislike the fmsadmin help THIS_OR_THAT documentation....

                         

                        Let me be 100% specific.

                         

                        Is everyone having to type in username and password all the time to use fmsadmin? or is there some magic setup of ones "dot" files that allows a better experience?

                         

                        Is there anyway to use public/private keys to avoid the manual password?

                         

                        Should one have to enter a <RETURN> to the username and a PASSWORD <return> for all commands? Only certain commands?

                         

                        Does anyone have a github repo of scripts to interact with the FileMaker Server is a more "normal" unix/linux/bsd command line kind of way?

                         

                        Do most people now use

                        >sudo launchctl load/unload for starting stopping filemaker services?

                         

                        I know this sounds like a set of beginner questions. I don't mind if people think that I'm a beginner - though I sometimes think that after a dozen years plus from Claris Works thru all versions of FileMaker to present, I might sound slightly more experienced.... ;-)

                        • 9. Re: CLI fmsadmin for  FM12 and 13
                          robwoof

                          With questions like these, no-one thinks you're a beginner  :-)

                           

                          If there is any magic setup to avoid the username/password in fmsadmin commands, whoever came up with it has kept it pretty quiet.

                           

                          Rob

                          • 10. Re: CLI fmsadmin for  FM12 and 13
                            tjsoftworks

                            " ...pretty quiet...."

                             

                            The gray beards can be "pretty quite" sometimes .... except when cursing at FM, Inc. 'cause they have to keep typing their password  ( even when logged in a root to avoid it.....  )

                             

                            Some of us use magic like LastPass CLI tool......

                            https://github.com/LastPass/lastpass-cli

                            git clone git@github.com:lastpass/lastpass-cli.git

                             

                            and wrapper scripts and

                            our other magic spells to work in a more secure and more lazy way.....

                             

                            for most things....

                             

                            Security is more than just having authorization and a password and typing it 101 times a day.... :-) don't ya know....

                            • 11. Re: CLI fmsadmin for  FM12 and 13
                              lavendt

                              I think that there is very good reasons for promting for username/password as this is set for the FMS.

                              You should be able to setup a group from you machine in FMS admin console, so that e.g. your machine admin user is automatically authenticated as admin of FMS.

                               

                              That being said, the following syntax can be used, when you want to fire a fmsadmin command and want to include username/password.

                              Please think twice before compiling into scripts, which potiential have a risk of ending up in the wrong hands and thereby exposing username/password of the FMS admin....

                               

                              fmsadmin -u <<fmsusername>> -p <<fmspassword>> LIST clients -s

                               

                              (this command will list all clients)

                              Please refer also to FMI documentation for the CLI commands for options etc.

                               

                              https://fmhelp.filemaker.com/docs/13/en/fms13_help.pdf

                              • 12. Re: CLI fmsadmin for  FM12 and 13
                                wimdecorte

                                tjsoftworks wrote:

                                 

                                 

                                Security is more than just having authorization and a password and typing it 101 times a day.... :-) don't ya know....

                                 

                                What is it you do with your servers that you need the command line that much?  I use the CLI whenever I can but never get to the point that I am frustrated by having to provide the credentials occassionaly.  I can not imagine what kind of workflow that would require to do this even once every day...

                                • 13. Re: CLI fmsadmin for  FM12 and 13
                                  lavendt

                                  I totally agree with Wim.

                                  While both Wim and I manage several servers, I normally only use the CLI when there is problems.

                                  The FMS admin console GUI has always provided fine tool for most -or all adminstrative tasks on the FMS. Even though the admin console gui was pre-13 written in java webstart, which has not been the best thing, when it worked, everything you really need to do, could easily be done from there.

                                  • 14. Re: CLI fmsadmin for  FM12 and 13
                                    tjsoftworks

                                    I currently call myself a "IT Automation Engineer". In this role, most of what I do is to make developers and IT engineer workflows more efficient. When one goes from managing 10 to 100 to 1000s of servers ( node ) of various types, username and password manually typed is not reasonable - particularly in the case where my passwords are very long and untypeable..... 32 random characters are typical. Machines will typically be managed programmatically so that for example a whole sequence of actions are done and perhaps across many servers.

                                     

                                    Thus, it is not a frustrated by having to provide the credientials occassionally, but the inability to do so securely and efficiently and quickly to "get things done."

                                     

                                    I am not a security light weight and typcially multifactor authentication is involved to even get close to the password, but once I have give my master permission and called for an action, I really don't need to be interrupted again by an application level ( I consider FileMaker Server just another application ) username and password request....

                                     

                                    Yes, one can do this:

                                     

                                    fmsadmin -u <<fmsusername>> -p <<fmspassword>> LIST clients -s

                                     

                                    where the username and password are inserted automatically.

                                     

                                    If that is the only way that will consistantly work, so be it.

                                     

                                    Personnally, I am finding the administration of FileMaker Servers to be one of my biggest pain points at the present time and thus I am re-examing how I automate the tasks that intersect with FileMaker Servers and their Host OS and sometimes this is further Hosted as a VM in a big farm of Servers.

                                     

                                    Security and managablity of FileMaker Servers and Databases and the automation of workflows is a pretty different animal than most of the Linux/Unix world of servers. Yes, databases are special kinds of animals because they most store state and do so with near 100% accuracy always. Even so, the world does not need most heat added and thus shrinking the footprint of FileMaker Server is desireable. I would love to host a FileMaker Server as a just a simple Docker process. I know this is a long, long, long way from the model FileMaker/Apple inc have taken FileMaker Server up to now but frankly, I don't see how FileMaker and FileMaker, Inc. will exist in 10 more years unless it start moving down this path.

                                     

                                    This is what is driving my professional path and specifically why I ask these kind of questions.... I am not saying I don't "like" FileMaker as a Development environment or as a database platform but I do believe we need to see a couple of things out of the FileMaker ecosystem - One is the server side automation and scaling as needed. The other is a development ecosystem that is much closer to a Git Workflow.

                                    1 2 Previous Next