Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Checking a cluster of servers 1
- Thread starter ddrillich
- Start date
Hi
Ideally that should be done using key based authentication instead of password.
If that can not be solved, you can script it with [tt]expect[/tt], which will simulate an interactive session for the run tool. ( You will need [tt]expect[/tt] on the local machine only. )
Feherke.
feherke.ga
Ideally that should be done using key based authentication instead of password.
If that can not be solved, you can script it with [tt]expect[/tt], which will simulate an interactive session for the run tool. ( You will need [tt]expect[/tt] on the local machine only. )
Feherke.
feherke.ga
- Thread starter
- #3
-
1
- #4
Some simple for loop will be what I use like .....
build a server list file:
Contents of serverlist.txt
------------------
server1
server2
server3
server4
~
~
server19
server20
-------------------
Then create a 2 (4) line script like:
#Script to cycle through servers and provide output
User="adminUser"
for server in `cat serverlist.txt`; do ssh -q -tt $User@$server "hostname; df -kh; echo '============'"; done
# end script
from there you can get funky and add as many commands as you may wish.
As said in other postings above best done is you setup SSH keys so your not prompted for password.
Good luck.
build a server list file:
Contents of serverlist.txt
------------------
server1
server2
server3
server4
~
~
server19
server20
-------------------
Then create a 2 (4) line script like:
#Script to cycle through servers and provide output
User="adminUser"
for server in `cat serverlist.txt`; do ssh -q -tt $User@$server "hostname; df -kh; echo '============'"; done
# end script
from there you can get funky and add as many commands as you may wish.
As said in other postings above best done is you setup SSH keys so your not prompted for password.
Good luck.
- Thread starter
- #5
- Thread starter
- #7
In answer to your question Dan, I'm sure it is possible to use expect however its really easy to set up shared key across your list of servers
On your "host server" (the one that you want to run the distributed commands from) create your key's with:
$ ssh-keygen -t dsa
Accept the defaults and just return when it prompts for passphrase (so an empty pass phrase)
Then for this same user on this "host server"
$ cd .ssh/
$ cat id_dsa.pub # this is your public key that you will now place on all the 20 servers
Copy the contents of that public key into the keyboard buffer ..
Now for every one of the 20 servers you need to login with the global user (the one that has the same username) and place (paste) that key into that users .ssh/authorized_keys2 file ( if those servers don't have a .ssh dir and the authorized_keys2 file you can either create them or use ssh-keygen (as you did above) to create the .ssh dir and local keys on each of the 20 servers and create the authorized_keys2 file then.
So stepping back a bit ...
1) Create your keys on "host server"
2) copy the contents of id_dsa.pub from "host server" into buffer
3) login and edit/create a .ssh/authorized_keys2 file on each of the 20 servers and paste the keyboard buffer (pub key contents) into that file
4) ensure the correct permissions are set on remote servers ( chmod 700 .ssh and chmod 600 .ssh/authorized_keys2 )
5) test a connection from "host server" to one or all of the 20 servers (this should be a simple ssh adminuser@server15 )
That should drop you directly into server15 without prompting for password or passphrase.
Interesting I just tested with my local Ubuntu key to my remote CentOS server and I got an error (new to me but probably not unusual on Ubuntu "of which I'm not yet a fan"
) ...
"Agent admitted failure to sign using the key."
Easy fixed with the following:
HP-650-Notebook-PC:$ eval "$(ssh-agent -s)"
Agent pid 7572
HP-650-Notebook-PC:$ ssh-add
Identity added: /home/someone/.ssh/id_dsa (/home/someone/.ssh/id_dsa)
HP-650-Notebook-PC
I was then able to do a simple $ ssh user@myCentOS.server.com and drop in without being prompted for password.
NOTE: !!!! take care when adding .pub key contents to your 20 remote servers .ssh/authorized_keys2 files as they may already have other public keys in those files so be sure to preserve the contents by adding your key on a new line.
OK this is a long winded process and there are much more efficient processes to do the same thing but this is a good manual way to get the job done.
ALSO I'd agree with amritjsr above investigate "dsh" that's something I may do but if it's not already part of your 20 servers OS then this may mean adding it to your server then you have to be sure that your build/security process allows such additions (especially if they are production machines) otherwise the ssh keys is your best option and requires no additions to your builds.
Again good luck
OH! Final word .. guard your id.dsa (private key) as if your life depends on it as obviously it now open's the door to 20+ servers.
Laurie
On your "host server" (the one that you want to run the distributed commands from) create your key's with:
$ ssh-keygen -t dsa
Accept the defaults and just return when it prompts for passphrase (so an empty pass phrase)
Then for this same user on this "host server"
$ cd .ssh/
$ cat id_dsa.pub # this is your public key that you will now place on all the 20 servers
Copy the contents of that public key into the keyboard buffer ..
Now for every one of the 20 servers you need to login with the global user (the one that has the same username) and place (paste) that key into that users .ssh/authorized_keys2 file ( if those servers don't have a .ssh dir and the authorized_keys2 file you can either create them or use ssh-keygen (as you did above) to create the .ssh dir and local keys on each of the 20 servers and create the authorized_keys2 file then.
So stepping back a bit ...
1) Create your keys on "host server"
2) copy the contents of id_dsa.pub from "host server" into buffer
3) login and edit/create a .ssh/authorized_keys2 file on each of the 20 servers and paste the keyboard buffer (pub key contents) into that file
4) ensure the correct permissions are set on remote servers ( chmod 700 .ssh and chmod 600 .ssh/authorized_keys2 )
5) test a connection from "host server" to one or all of the 20 servers (this should be a simple ssh adminuser@server15 )
That should drop you directly into server15 without prompting for password or passphrase.
Interesting I just tested with my local Ubuntu key to my remote CentOS server and I got an error (new to me but probably not unusual on Ubuntu "of which I'm not yet a fan"
) ..."Agent admitted failure to sign using the key."
Easy fixed with the following:
HP-650-Notebook-PC:$ eval "$(ssh-agent -s)"
Agent pid 7572
HP-650-Notebook-PC:$ ssh-add
Identity added: /home/someone/.ssh/id_dsa (/home/someone/.ssh/id_dsa)
HP-650-Notebook-PC
I was then able to do a simple $ ssh user@myCentOS.server.com and drop in without being prompted for password.
NOTE: !!!! take care when adding .pub key contents to your 20 remote servers .ssh/authorized_keys2 files as they may already have other public keys in those files so be sure to preserve the contents by adding your key on a new line.
OK this is a long winded process and there are much more efficient processes to do the same thing but this is a good manual way to get the job done.
ALSO I'd agree with amritjsr above investigate "dsh" that's something I may do but if it's not already part of your 20 servers OS then this may mean adding it to your server
Again good luck
OH! Final word .. guard your id.dsa (private key) as if your life depends on it as obviously it now open's the door to 20+ servers.
Laurie
- Status
Similar threads
- Locked
- Question
- Locked
- Question