Central management
Dear all,
Please recommend some methods of: -Deploy some files -Execute some scripts as root in few hundred servers. Just can't think of the best way of doing it. These are RHEL servers but we have different releases. Thanks in advance. |
cluster ssh?
RedHat satellite server? |
Thanks Tinkster,
Clusterssh, should be the one. But any idea whether it could be scripted to execute some commands as root on a bunch. I cannot do a ssh key exchange for root. Cheers!! |
Quote:
|
Quote:
either w/o password, or with the same password on all clients. The beauty of clusterssh is that you can do the "same interactive command simultaneously on all machines" (of course, that's a danger, too, if you fat-finger something and e.g. break networking on all of them in one fell swoop)... Cheers, Tink |
Thanks cmdln and Tink,
Tink, I don't mind having the root password in a file and feed it into a script, delete it after the activity is done. When i configure sudo, that user will have access to run any script with the name given in the sudoers file. Security guys will not be happy with that isn't it?. What do you think? All other apps life cfengine, puppet, etc. They need to have a agen running on the clients am i right?. Is it possible for me to push a script and execute them as root in these?. cheers, |
Quote:
sudo will execute the binary given with full path in sudoers file if it happens to be in the search PATH of the user. He will not be able to e.g. make a script called if-down-eth0 in his home and run that using sudo. Quote:
Cheers, Tink |
Tinkster,
Consider the follwoing: user1 pluto=NOPASSWD : /home/user1/runitnow The above line means user1 could run the /home/user1/runitnow without any password as root. Am i right ? Then when this script exists, anyone can run any set of commands as /home/user1/runitnow the script without a problem. This is what i want to stop. Cheers |
Well... don't put scripts you need to run as root
in users homes, then. Simple as that. Put them in a shared location like /usr/local/scripts, make sure that neither the directory nor the script are world-writable (and that the script is safe, e.g. won't allow the user to interrupt it and end up on a root shell; scripts and sudo are a bit of a mixed bag .... ). Cheers, Tink |
All times are GMT -5. The time now is 04:52 PM. |