Steampipe unbundled →
Steampipe Hub 
Hub
Plugins
turbot/exec
Overview
2Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install exec

Exec + Steampipe

Execute commands locally or on remote Linux and Windows hosts through SSH or WinRM.

Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.

For example:

select
  output
from
  exec_command
where
  command = 'df -h';
+------------------------------------------------------+
| output                                               |
+------------------------------------------------------+
| Filesystem      Size  Used Avail Use% Mounted on     |
| /dev/root       7.6G  3.4G  4.3G  44% /              |
| tmpfs           483M     0  483M   0% /dev/shm       |
| tmpfs           194M  872K  193M   1% /run           |
| tmpfs           5.0M     0  5.0M   0% /run/lock      |
| /dev/xvda15     105M  5.3M  100M   5% /boot/efi      |
| tmpfs            97M  4.0K   97M   1% /run/user/1001 |
+------------------------------------------------------+

Documentation

Get started

Install

Download and install the latest Exec plugin:

steampipe plugin install exec

Credentials

ItemDescription
CredentialsLocal connection does not require credentials. For Linux remote connections, the plugin supports SSH private key authentication or password. For Windows remote connections, the plugin supports password authentication.
PermissionsAs the connection to host relies on SSH or WinRM, the user must have the necessary permissions to connect to the host.
RadiusEach connection represents a single Exec Installation.
Resolution1. With configuration provided in connection in steampipe .spc config file.
2. An exec.yaml file in a .exec folder in the current user's home directory (~/.exec/exec.yaml or %userprofile.exec\exec.yaml).

Configuration

There are multiple ways to configure the plugin depending on the type of connection you want to use. Bellows are some examples of how to configure the most common connections.

Local connection

connection "exec_local" {
  plugin = "exec"
}

Remote Linux connection through SSH

connection "exec_remote_linux" {
  plugin = "exec"


  protocol = "ssh"
  host = "my-remote-linux-host"
  user = "my-username"
  private_key = "~/.ssh/my-remote-linux-host.pem"
}

Remote Windows connection through WinRM

connection "exec_remote_windows" {
  plugin = "exec"


  protocol = "winrm"
  host = "18.228.214.45"
  port = 5985
  user = "Administrator"
  password = "rh=PM76t54nouv&dqwe3cNM7J1(*skZhh*"
}

Remote Windows connection through WinRM ignoring certificate validation

connection "exec_remote_windows" {
  plugin = "exec"


  protocol = "winrm"
  host = "18.228.214.45"
  https = true
  port = 5986
  insecure = true
  user = "Administrator"
  password = "rh=PM76t54nouv&dqwe3cNM7J1(*skZhh*"
}

Remote Linux connection through SSH with in-file private key

connection "exec_remote_linux" {
  plugin = "exec"


  protocol = "ssh"
  host = "my-remote-linux-host"
  user = "my-username"
  private_key = <<EOK
-----BEGIN RSA PRIVATE KEY-----
... snipped ...
-----END RSA PRIVATE KEY-----
EOK
}

Remote Linux connection through SSH with password

connection "exec_remote_linux" {
  plugin = "exec"
  
  protocol = "ssh"
  host = "my-remote-linux-host"
  user = "my-username"
  password = "my-password"
}

Remote Linux connection through SSH via bastion host

connection "production" {
  plugin = "exec"


  protocol = "ssh"
  host = "172.31.40.195"
  user = "ubuntu"
  private_key = "~/.ssh/my-remote-linux-host.pem"
  
  bastion_user = "ubuntu"
  bastion_host = "52.67.221.206"
  bastion_port = 22
  bastion_private_key = "~/.ssh/my-bastion-host.pem"
}

Remote Linux connection through SSH over proxy

connection "staging" {
  plugin = "exec"
  
  protocol = "ssh"
  host = "52.67.221.206"
  user = "ubuntu"
  private_key = "~/.ssh/my-remote-linux-host.pem"


  proxy_host = "10.10.10.200"
  proxy_port = 8080
  proxy_user_name = "luis"
  proxy_user_password = "c@v41c@nt3"
}

Remote Linux connection through SSH via bastion host over proxy

connection "production" {
  plugin = "exec"


  protocol = "ssh"
  host = "172.31.40.195"
  user = "ubuntu"
  private_key = "~/.ssh/my-remote-linux-host.pem"


  bastion_user = "ubuntu"
  bastion_host = "52.67.221.206"
  bastion_port = 22
  bastion_private_key = "~/.ssh/my-bastion-host.pem"


  proxy_host = "10.10.10.200"
  proxy_port = 8080
  proxy_user_name = "luis"
  proxy_user_password = "c@v41c@nt3"
}

Remote connection to multiple hosts

Here we are using aggregators to run the same query on multiple hosts. The staging_servers connection is an aggregator connection that will run the same query on all connections that match the *-staging pattern. The server1-staging and server2-staging connections are the actual connections to the remote hosts.

So, for example, if you run steampipe query "select * from staging_servers.exec_command where command = 'uname -a';" it will run the query on both server1-staging and server2-staging connections.

You can still run queries on individual connections, for example steampipe query "select * from server1-staging.exec_command where command = 'uname -a';" will only run the query on server1-staging.

connection "staging_servers" {
  plugin = "exec"
  
  type = "aggregator"
  connections = [ "*-staging" ]
}


connection "server1-staging" {
  plugin = "exec"


  protocol = "ssh"
  host = "my-remote-linux-host"
  user = "my-username"
  private_key = "~/.ssh/my-remote-linux-host.pem"
}


connection "server2-staging" {
  plugin = "exec"


  protocol = "ssh"
  host = "my-remote-linux-host"
  user = "my-username"
  private_key = "~/.ssh/my-remote-linux-host.pem"
}

Local connection using a specific interpreter

ZSH interpreter
connection "exec_local" {
  plugin = "exec"
  interpreter = ["/bin/zsh", "-c"]
}
Python3 interpreter
connection "exec_local" {
  plugin = "exec"
  interpreter = ["/bin/python3", "-c"]
}
Perl interpreter
connection "exec_local" {
  plugin = "exec"
  interpreter = ["/bin/perl", "-e"]
}

Pro-tip: If you are going to use multiple interpreters, you can name the connection name to reflect the interpreter used. For example, connection "exec_local_bash" { ... } or connection "exec_local_python" { ... } etc.

Limiting concurrent connections

For each query (command) executed, this plugin opens a new SSH/WinRM connection. If you are running a lot of queries against the same host, these connection attempts may be seen as abusive activity.

To reduce the chance of getting flagged, the plugin has a default max_concurrency limiter set to 15. However, this limiter can be toggled by defining a limiter resource in your exec.spc configuration file:

connection "exec_local" {
  plugin      = "exec"
  working_dir = "."
}


plugin "exec" {
  limiter "exec_global" {
    max_concurrency = 15
  }
}

Postgres FDW

This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- exec

The installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.

To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.

CREATE EXTENSION IF NOT EXISTS steampipe_postgres_exec;
CREATE SERVER steampipe_exec FOREIGN DATA WRAPPER steampipe_postgres_exec OPTIONS (config '<your_config>');
CREATE SCHEMA exec;
IMPORT FOREIGN SCHEMA exec FROM SERVER steampipe_exec INTO exec;

SQLite Extension

This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- exec

The installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.

To configure the SQLite extension, load the extension module and then run the steampipe_configure_exec function to configure it with plugin-specific options.

$ sqlite3
sqlite> .load ./steampipe_sqlite_extension_exec.so
sqlite> select steampipe_configure_exec('<your_config>');

Export

This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- exec

You can pass the configuration to the command with the --config argument:

steampipe_export_exec --config '<your_config>' <table_name>