Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Checking a cluster of servers 1

Status
Not open for further replies.

ddrillich

Technical User
Jun 11, 2003
546
US
Good Day,

I'm looking for a way to log in to, let's say, 20 Linux servers and perform a simple command on each, such as df –kh.

All the servers have the same user name/password.

Is there a simple way to do that?

Regards,
Dan
 
Some simple for loop will be what I use like .....

build a server list file:

Contents of serverlist.txt

------------------
server1
server2
server3
server4
~
~
server19
server20
-------------------

Then create a 2 (4) line script like:

#Script to cycle through servers and provide output
User="adminUser"
for server in `cat serverlist.txt`; do ssh -q -tt $User@$server "hostname; df -kh; echo '============'"; done
# end script

from there you can get funky and add as many commands as you may wish.

As said in other postings above best done is you setup SSH keys so your not prompted for password.

Good luck.
 
Absolutely beautiful!

Assuming the password is the same for all the servers in the cluster, is it possible to use expect and run the script without user input?

Regards,
Dan
 
please configure dsh ( distributed shell ), you can configure multiple nodes ( not necessarily they must be the clsuter node ) and run same command at a time on multiple box.
 
Hi Amritjsr,

Configuring dsh is unfortunately not doable in our case.

Regards,
Dan
 
In answer to your question Dan, I'm sure it is possible to use expect however its really easy to set up shared key across your list of servers

On your "host server" (the one that you want to run the distributed commands from) create your key's with:

$ ssh-keygen -t dsa

Accept the defaults and just return when it prompts for passphrase (so an empty pass phrase)

Then for this same user on this "host server"
$ cd .ssh/
$ cat id_dsa.pub # this is your public key that you will now place on all the 20 servers
Copy the contents of that public key into the keyboard buffer ..

Now for every one of the 20 servers you need to login with the global user (the one that has the same username) and place (paste) that key into that users .ssh/authorized_keys2 file ( if those servers don't have a .ssh dir and the authorized_keys2 file you can either create them or use ssh-keygen (as you did above) to create the .ssh dir and local keys on each of the 20 servers and create the authorized_keys2 file then.

So stepping back a bit ...
1) Create your keys on "host server"
2) copy the contents of id_dsa.pub from "host server" into buffer
3) login and edit/create a .ssh/authorized_keys2 file on each of the 20 servers and paste the keyboard buffer (pub key contents) into that file
4) ensure the correct permissions are set on remote servers ( chmod 700 .ssh and chmod 600 .ssh/authorized_keys2 )
5) test a connection from "host server" to one or all of the 20 servers (this should be a simple ssh adminuser@server15 )
That should drop you directly into server15 without prompting for password or passphrase.

Interesting I just tested with my local Ubuntu key to my remote CentOS server and I got an error (new to me but probably not unusual on Ubuntu "of which I'm not yet a fan" :) ) ...

"Agent admitted failure to sign using the key."

Easy fixed with the following:

HP-650-Notebook-PC:$ eval "$(ssh-agent -s)"
Agent pid 7572
HP-650-Notebook-PC:$ ssh-add
Identity added: /home/someone/.ssh/id_dsa (/home/someone/.ssh/id_dsa)
HP-650-Notebook-PC

I was then able to do a simple $ ssh user@myCentOS.server.com and drop in without being prompted for password.

NOTE: !!!! take care when adding .pub key contents to your 20 remote servers .ssh/authorized_keys2 files as they may already have other public keys in those files so be sure to preserve the contents by adding your key on a new line.

OK this is a long winded process and there are much more efficient processes to do the same thing but this is a good manual way to get the job done.

ALSO I'd agree with amritjsr above investigate "dsh" that's something I may do but if it's not already part of your 20 servers OS then this may mean adding it to your server then you have to be sure that your build/security process allows such additions (especially if they are production machines) otherwise the ssh keys is your best option and requires no additions to your builds.

Again good luck

OH! Final word .. guard your id.dsa (private key) as if your life depends on it as obviously it now open's the door to 20+ servers.

Laurie


 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top