Hi All, I am a newbie to Linux and was hoping for a little help. I am currently working on a method to setup a user on around 350 RHEL 7 boxes and a central server from which the user can SSH on to any of the boxes.

Before I start I have root access to all the boxes and am aware of public key requirements.

What I would like to do is the following:

1. A script to check the SSH connection to each of the boxes from the central server. I need to be able to do a SSH connection test to each of the 350 servers and record the results in a log file stating successful / failed to be reviewed. The purpose of this is to determine if the user has already been setup on some of the servers (as it might have already been).

2. Once the above has been completed, a script to remotely setup the user across the 350 boxes from the central server.

This is my first post and I know I'm probably asking for a lot, but any help will be greatly appreciated.

Thanks in advance

1. research ldap

2. research mpssh (I would use this as a first cut)

3. Check into puppet

4. To sync keys (one host at a time, alas) I would use ssh-copy-id

1 members found this post helpful.

If you are fine with python scripting, then check Fabric module. Its pretty handle module.

Thanks for the response!

1. I am aware of LDAP, however the servers in question all use different authentication methods. Some are using LDAP, some using IDM and some IPA. Then there are others that aren't using anything. As this is the case, it was decided that the user would be setup locally on each server until a universal authentication method can be put in place. It's a mess I know, but you work with what you have

2 & 3. Sorry I should have stated this but due to security policies in place I cannot install any more packages than are already installed. Unfortunately the RHEL 7 version i am working with does not have mpssh / puppet package installed and as such I wont be able to use either of those.

4. As I cannot install any more packages, the KEY sync I have been doing one at a time so far, very painfully and very slowly

I have started to write a script to test the initial ssh connection to each of the boxes. The idea is to have a script and a hostlist.log from where the script obtains the server names. The script at the moment is not working so any help or pointers would be of great help!!!

Hostlist.log contains:
server1.com
server2.com
server3.com
etc

Script:



When I run the script nothing happens, no log file is created and no error is displayed on screen.

Please help!!!!

Isn't that what the expensive RHEL support contract you've paid is for?

As far as orchestration tools, is Ansible there on your systems?

I run my administration from a laptop. I install CentOS on the laptop and then any packages I please to make my life easier.
I suggest that this might serve you well.

Puppet requires installation, but mpssh can be installed and configured on your (linux) workstation. It only depends upon OpenSSH on the remote nodes, and that is on by default for RHEL7 and most other distributions.

The ssh-copy-id was a script at one time, but I believe it is now included in OpenSSH. In any case, you only need it on your administration workstation and only to make it easy to sync the keys.
I hope this helps.

Hi r34per,

probaly this line is the whole issue (that your script doesn't put out anything):

You could change it to:

(or if you want to use a pipe)

Also this line:

Should probaly also use 'append (>>)'

Ansible comes with modules designed exactly for this, not only user and group management but also if you choose to modify additional config files while you're at it, it's a good opportunity to include that.

http://docs.ansible.com/ansible/late...er_module.html

Given the circumstances you describe, I think that you should talk to your manager, and that (s)he should probably talk to the IT department. "Security policies" can be changed, and in an organization of any size there might be someone else in IT who will have a "much better idea" (such as the ones already suggested) and the ability to make it happen. Right now, you run the risk of having cobbled-up a "solution" that sort-of works –*but, does not work very well (how could it?) – but that fundamentally affects system security. Which no one else in the organization knows about, even though they need to.

So, this might well be a thing that needs to be discussed at a broader and higher level than yourself, and treated as a very formal project understood by all potential stakeholders ... of which there are a very great many. "Blow the whistle" on this requirement to get more people, and teams, involved in it.

To help debugging shell scripts
2nd line echoes to the screen everything the script does, inc before-&-after versions of each cmd, so you can see what the parser is doing.
Very useful.