0

I need to connect remotely to 800 servers using a user which is having sudo access n do points(in order 1,2,3)

  1. check status of syslog

    • If running go to step 2
    • If not restart d service

  2. Make entry in /etc/sudoers of remote machine

    • like sudo echo "ABC" >> /etc/sudoers

  3. Make an entry in local file of local machine (in which i am executing script) of what has been done in script

I managed to create a script which starts a service remotely.

for i in `cat test1`

do 
{
echo "********************************************$i***************************************************"
sshpass -p '<password>' ssh -t abc@$i "sudo /etc/init.d/httpd start
}
done

Note: Servers which are to be connected are in test1 file

Pls let me know how to integrate above three in a single script

Gilles 'SO- stop being evil'
  • 829,060
Ankush kalra
  • 31

3 Answers3

1

800 servers is a lot to manage. You should consider investigating other solutions.

  • Salt which uses a master server and a minion process on each managed machine
  • Ansible which is similar to salt.
  • Puppet Another management software
  • Depending on your distribution, you could investigate a deb or RPM package that wraps up all the changes you want to make, and then distribute it with a repository.
  • A keep-up daemon like monit or runsv can watch the system and ensure that your syslogd service is running.

Side note: directly editing /etc/sudoers is not best practice anymore Instead you should look at dropping custom files into /etc/sudoers.d/ and make sure that /etc/sudoers contains includedir /etc/sudoers.d

Criggie
  • 1,781
  • I know this doesn't specifically answer the question, but it does address the underlying problem which prompted the question. – Criggie Oct 09 '16 at 00:07
  • Ansible can do all of what the question asks, using ssh and sudo. No need for an agent. Salt can use ssh directly too, I believe, but I'm not as familiar with it. – jsbillings Oct 09 '16 at 01:41
  • @jsbillings Fair enough - my point was there are better ways to do what OP wants, without doing what they're asking for help with. Nothing wrong with multiple layers of protection - monit keeping sshd alive and ansible or salt doing the deployment of file updates. Learning how to use them properly, that's a whole `nother story! – Criggie Oct 09 '16 at 12:17
0

If (and only if) the commands you are using implement the correct return values normal shell commands expect, you can do it with something like

sshpass -p '<password>' ssh -t abc@$i "command to check syslog || command to restart service && command to add sudo entry" && local command

The idea is that at each stage you rely on the correct return value. If command to check syslog fails then command to restart service is executed, if this succeeds then command to add sudo entry is executed.

The ssh command should return the value of the last command run and if this is ok, the local command executes.

Of course this is very crude, if would be more stable to split these commands up into separate ssh commands checking the $? return value each time so that you could echo any problems out to the terminal or a log file.

Unbeliever
  • 365
  • Thanks for your comment..........If i do the below thing with sudo user,it returns permission denied..............please help sudo echo 3 > /proc/sys/vm/drop_caches.......also in the script which u have mentioned syslog service will be started regardless of the status...............i want to start service if and only if service is stopped.......... – Ankush kalra Oct 09 '16 at 13:46
  • As I said it depends on the return code of the command to check syslog, if that doesn't return the code code then its a more complex problem :( If the sudo returns permission denied, you need to troubleshoot the command the on the server itself. – Unbeliever Oct 09 '16 at 14:33
  • On the server this command also returns permission denied..........although i can also restart any service with sudo user...............i did some research with sudo user and came to know that i can start,stop any service with sudo user but i cant insert values in files using sudo ...............is that true???..........so how can i remove cache remotely vi sudo use......pls suggest – Ankush kalra Oct 09 '16 at 16:44
  • I'm sorry, what you are describing doesn't make much sense to me. sudo is used to change privileges, and though you can restrict by user, group and command, I've never come across it being able to stop being 'adding things to files' – Unbeliever Oct 09 '16 at 16:54
0

Write a script containing everything you need it to do then use ssh to run it on a remote server

Reference

ssh root@MachineB 'bash -s' < local_script.sh

The script will be run as if it is local to MachineB

Community
  • 1
Miati
  • 3,150