How to execute mass commands to Multiple Servers
/ Establishing passwordless SSH key authentication on 50+
servers
These days, I'm managing many, many servers. The servers are
ordered in few groups. Each of the servers in the server groups
contains identical hardware, identical Linux distribution as well
as identical configuration.
Since managing multiple servers normally, takes a lot of time,
applying changes to every single host loosing time in looking for
the password is not a a good idea.
Thus I was forced to start managing the servers in a cluster like
fashion, by executing commands on a server group using a simple for
bash loop etc.
To be able to use this mass execution of course I needed away
either to pass on the server group password just once and issue a
command on the whole server group or use a passwordless
authentication ssh key pair.
Before I switched to using SSH keys to authenticate passwordless, I
first tried to use a bit of tools which were claimed to be helpful
in the task of executing the same commands to a group of servers. I
have tested the tools
pssh, sudossh and dsh but none of them
was capable of logging in and executing a bunch of commands to the
group of remote servers.
I gave my best to make pssh work on Debian and CentOS
distributions, but even though all my experiemnts and efforts to
make the so much talked about
pssh to work were bad!
I've seen also another tool called
Cluster SSH which was
said to be capable of issuing commands simultaneously on a number
of hosts.
Cluster SSH looked promising, however the only problem was
it's supposed to run under xterm or some kind of X graphics based
terminal and therefore it did not matched my desired.
Finally I got pissed of trying these mostly useless
mass command
linux server administration tools and decided to come
COME
BACK TO THE PRIMITIVE ;) and use the good all known, well
established method of
Passwordless SSH server login with ssh
public/private DSA key auth.
Therefore here the problem come to this to generate one single DSA
ssh authenticatoin key and replicate/copy it to the whole group of
50 servers.
These task initially seemed quite complex, but with the help of a
one liner bash shell script, it seemed to be a piece of cake
;)
To achieve this task, all I had to do is:
a. Generate an SSH key with
ssh-keygen command
and
b. Use a one liner shell script to copy the generated
id_rsa.pub file, to each server.
and
c. Create a file containig all server IP addresses to pass to the
shell script.
Here are the two lines of code you will have to use to achieve
these tasks:
1. Generate a DSA ssh key
linux:~# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/hipo/.ssh/id_dsa):
y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in y.
Your public key has been saved in y.pub.
The key fingerprint is:
b0:28:48:a2:60:65:5a:ed:1b:9d:6c:ff:5f:37:03:e3
hipo@pc-freak.net
Here press enter few times and be sure not to fill in any
passphrase when asked 'bout it.
2. Create a file containing all server IPs
Just create a file let's say
server-list.txt and make sure
you include all the server IPs, one per line.
3. Use the following little script to upload the newly generated
id_dsa.pub to the server list
linux:~# while read line; do ssh-copy-id -i ~/.ssh/id_dsa.pub
root@"$line"; done < server-list.txt
Now you will have to paste the server password for about 50 times
(if you have a file with 50 servers), however the good news is it
will be just a wait and paste 50 times, if the servers are all
configured to have the same root administrator pass (which was the
case with me).
So until you do the boring pasting part, you can start up a nice
music and enjoy ;)
Cheers ;)