I used to manage ~150 Linux desktop and would have to do one off scripts
to make updates. Fortunately I found Puppet and now I never have to do
things like this any more but here's the Bash/Expect combo that I used
to use:
chris$ ./mass_copy.sh:
#!/bin/sh
export ROOTPW='secret1'
export ADMINPW='secret2'
HIVES="machine1 machine2 machine3"
for machine in $HIVES; do
/path/to/script/get_root.exp $machine
done
chris$ cat get_root.exp
#!/usr/bin/expect -f
set timeout 40
spawn ssh [lrange $argv 0 0]
expect "admin@$argv's password:"
send "$env(ADMINPW)\n"
expect "\\$"
send "exec su -\n"
expect "Password: "
send "$env(ROOTPW)\n"
expect "#"
send "/mnt/it_updates/update_something.sh\n"
interact
expect "\\#"
send "exit\n"
This was handed down to me by the sysadmin who was here before me and it
worked great except sometimes it would not log out of each machine and I
would have to babysit it and press CTRL-D after each run. It can easily
be expanded on to suit your needs, and maybe someone in the mailing list
can refine it, but if this is your job and you think there is even the
remotest possibility that you would have to do this again, seriously
look into Puppet, Func, mCollective, really anything is easier then
doing it this way.
Chris
On 3/4/10 12:48 AM, Chris Geldenhuis wrote:
> Tim Nelson wrote:
>
>>
>> Tim Nelson
>> Systems/Network Support
>> Rockbochs Inc.
>> (218)727-4332 x105
>>
>> ----- "Jeremy Rosengren"<jeremy.rosengren at gmail.com> wrote:
>>
>>> On Wed, Mar 3, 2010 at 3:36 PM, James Hogarth
>>>
>> <james.hogarth at gmail.com<mailto:james.hogarth at gmail.com>> wrote:
>>
>>>
>> > On 3 March 2010 21:20, Tim Nelson<tnelson at rockbochs.com
>> <mailto:tnelson at rockbochs.com>> wrote:
>> > > Greetings All-
>> > >
>> > > I'm about to embark on some remote management testing and need
>> a way to login to a remote system running CentOS 4.x/5.x via SSH,
>> su to root (using a password), then execute a command.
>> > >
>> > > I currently login to the boxes using key based SSH like this:
>> > >
>> > > ssh -i ~/remote_key admin@$REMOTEIP
>> > >
>> > > Then, I SU to root. However, if I try to do this automatically
>> like this:
>> > >
>> > > ssh -i ~/remote_key admin@$REMOTEIP 'su -l'
>> > >
>> > > I'm getting:
>> > >
>> > > "standard in must be a tty"
>> > >
>> > > So, how am I able to remote login using SSH, su to root, then
>> execute a command as root?
>> > >
>> > > All comments and suggestions welcome. Thanks!
>> > >
>> > > --Tim
>> > > _______________________________________________
>> > > CentOS mailing list
>> > > CentOS at centos.org<mailto:CentOS at centos.org>
>> > > http://lists.centos.org/mailman/listinfo/centos
>> > >
>> >
>> >
>> Best off configuring sudo for that user (with no password) and make
>> > sure that user has !requiretty in the sudoers configuration.
>> >
>> > James
>> >
>> > _______________________________________________
>> > CentOS mailing list
>> > CentOS at centos.org<mailto:CentOS at centos.org>
>> > http://lists.centos.org/mailman/listinfo/centos
>>
>>
>>
>>>
>> Does "ssh -t" help?
>>
>> YESS. It prevents the tty error from showing up and asks me for a
>> password as expected. BUT, how do I then automate the entering of the
>> password?
>>
>> John Kennedy mentioned using expect which I've used before but found
>> it to be 'finnicky'. I may have to look at it again...
>>
>> Changing settings such as sudo configuration or ssh config may be
>> daunting since I have a large number of systems(150+) that would need
>> to be modified. :-/
>>
>> --Tim
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
> I found that Python expect is far more logical and understandable for
> complex tasks than the expect command.
>
> ChrisG
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20100304/cd9b52c4/attachment-0004.html>