support

Definition

The support command enables self-service support. support has two subcommands: report and reset-secret. These commands allow you to gather diagnostic data and send it to Fugue, and to reset a user secret on the Conductor, respectively.

Usage

fugue [global options] support [options] <report|reset-secret> [command arguments]

Subcommands

report
Gather diagnostic data and send to Fugue.
reset-secret
Reset a user secret on the Conductor.

Options

Global options are detailed here.

-h | --help
Show help text. The help flag is available throughout the CLI in both an application-level and command-level context. It enables a user to view help text for any command within the Fugue CLI.

Support Subcommands

report

Definition

report downloads Conductor component logs, generates a support report, zips it up, and uploads the ZIP file to an S3 bucket belonging to Fugue, Inc.

Note: All start and end times are provided in UTC.

The ZIP contains the following files:

  • conductor_policies.json, containing the IAM policy document assigned to the Conductor role
  • a logs directory, containing individual log files for each Conductor component
  • a project directory, containing a copy of your Fugue project directory
  • vars.json, containing the Vars Conductor database (not the Vars user database)

Warning

Remove any sensitive, private, or personal information from your Fugue project directory before executing fugue support report. The command zips up the contents of the Fugue project directory and sends it to Fugue, Inc. Note: Your Fugue user credentials are not included in the data that is sent.

Usage

fugue support report [options]

Options

-s | --start
Start time for logs. Format: “mm/dd/YYYY HH:MM” or “30m ago” or “2h ago” or “1d ago”
-e | --end
End time for logs.
--skip-logs
Generate and send a support report without downloading and sending logs
--skip-vars
Generate and send a support report without downloading and sending Vars data
--u | --upload
Upload report to Fugue Support
-h | --help
Display report help message

reset-secret

Definition

reset-secret resets a user secret on the Conductor. If a user database does not exist, it will be seeded when resetting the root user’s secret.

Once the Fugue CLI has returned your new secret, execute the user set command (fugue user set <user_id> <user_secret>) to set the user and new credentials. Note: Because the user set command overwrites your fugue.yaml file, any comments in it will be deleted. If you wish to preserve comments, manually copy and paste your new root secret into the userSecret field instead of using user set.

Warning

A user with read/write IAM permissions for KMS and S3 can subvert the RBAC system by using the fugue support reset-secret command to create new root credentials.

Usage

fugue support reset-secret [options]

Options

--kms-key KEY
The KMS key with which to encrypt the secret when saving to S3. You can use either a KMS key ID or an alias. Default: alias/fugue/rbac/secrets
--user-id ID
The user whose secret you want to reset. Default: root
--bucket BUCKET
S3 bucket where user data is stored.
-h | --help
Display reset-secret help message.

Examples

Using the Report Command

To generate a support report and send it to Fugue, you can use the fugue support report command. For example, the following command downloads all logs from the previous 30 minutes:

fugue support report -s "30m ago"

The CLI will produce output as it downloads logs, and at the end, you’ll be asked whether you’d like to upload the report to Fugue Support:

Copying project data
Retrieving conductor IAM profile
Retrieving Vars table metadata
Retrieving CloudWatch logs
Downloading log /fugue/conductor/commKitMan
Downloading log /fugue/conductor/conductor-stats
Downloading log /fugue/conductor/conductor-versions
Downloading log /fugue/conductor/demarc
Downloading log /fugue/conductor/dynamicdynamodb
Downloading log /fugue/conductor/fugue-accounts-svc
Downloading log /fugue/conductor/fugue-broker
Downloading log /fugue/conductor/fugue-ludwig-validator
Downloading log /fugue/conductor/fugue-notification-svc
Downloading log /fugue/conductor/fugue-policy-svc
Downloading log /fugue/conductor/fugue-reflector-descriptor
Downloading log /fugue/conductor/fugue-reflector-descriptor-autoscaling
Downloading log /fugue/conductor/fugue-reflector-descriptor-cloudformation
Downloading log /fugue/conductor/fugue-reflector-descriptor-cloudfront
Downloading log /fugue/conductor/fugue-reflector-descriptor-cloudwatch
Downloading log /fugue/conductor/fugue-reflector-descriptor-dynamodb
Downloading log /fugue/conductor/fugue-reflector-descriptor-ec2
Downloading log /fugue/conductor/fugue-reflector-descriptor-elasticache
Downloading log /fugue/conductor/fugue-reflector-descriptor-elb
Downloading log /fugue/conductor/fugue-reflector-descriptor-iam
Downloading log /fugue/conductor/fugue-reflector-descriptor-lambda
Downloading log /fugue/conductor/fugue-reflector-descriptor-rds
Downloading log /fugue/conductor/fugue-reflector-descriptor-route53
Downloading log /fugue/conductor/fugue-reflector-descriptor-s3
Downloading log /fugue/conductor/fugue-reflector-descriptor-sns
Downloading log /fugue/conductor/fugue-reflector-descriptor-sqs
Downloading log /fugue/conductor/fugue-scheduler-signal-handler
Downloading log /fugue/conductor/fugue-translate-broker
Downloading log /fugue/conductor/manager
Downloading log /fugue/conductor/resmon
Downloading log /fugue/conductor/team-fugue
Downloading log /fugue/conductor/vars-conductor
Downloading log /fugue/conductor/vars-migration
Downloading log /fugue/conductor/vars-system
Downloading log /fugue/conductor/vars-system-compact
Downloading log /fugue/conductor/vars-userland
Downloading log /fugue/conductor/vars-userland-compact
CloudWatch logs downloaded successfully
Downloading VARS database... This can take a very long time.
Vars is ready, saving to /var/folders/mj/j5mrqxjx4t94x91c206cqgk00000gn/T/tmpqrmf2g4d/fugue_report-2017-05-24-20-32-42/vars.json
Packaging report
Diagnostics package written to '/Users/main-user/projects/fugue_report-2017-05-24-20-32-42.zip'
[ WARN ] Would you like to upload the report to Fugue Support? [y/N]:

If you enter y, you’ll see this confirmation, where xxxxxxxxxxxx is replaced by your 12-digit AWS account ID:

Uploading report to Fugue Support as xxxxxxxxxxxx/fugue_report-2017-05-24-20-32-42.zip

Using the Reset-Secret Command

If you need to reset your user secret – for example, if you’ve lost access to your root credentials – you may use the fugue support reset-secret command.

Without arguments, the command resets the user secret for the root user.

fugue support reset-secret

You’ll see output like this:

Secret reset using KMS key 'alias/fugue/rbac/secrets'

User:
  userId: root
  userSecret: dWMTW1V5mXCiVN6YJAjuTCQjEXAMPLEEXAMPLEEXAMPLE

You must then use the user set command to set the specified user with the new credentials:

fugue user set root dWMTW1V5mXCiVN6YJAjuTCQjEXAMPLEEXAMPLEEXAMPLE

Note: To reset a secret for a different user, utilize the --user-id option:

fugue support reset-secret --user-id alice

Don’t forget to execute the user set command afterward!