Run local scripts on multiple servers using sudo user through a script
Solution 1
One idea, though it might not be the best out there, is for you to configure ssh to use key based authentication instead of password authentication. This instructions should be sufficient in case you are not aware of it SSH Key Authentication
I don't know what your test script contains nor the complexity of it. let's assume that it is a fair complex script and it saves the output under /tmp/script_output/ and in this case I suggest the following:
while read -r i
do
scp $2 admin@remote_server:/tmp/
ssh -t admin@remote_server /tmp/$2
ssh admin@remote_server rm /tmp/$2
scp -r admin@remote_server:/tmp/script_output/ /tmp/
ssh admin@remote_server rm -rf /tmp/script_output
done < "$1"
By the way, from the sudoers
#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
# You have to run "ssh -t hostname sudo <cmd>".
#
Defaults requiretty
Solution 2
I had the same problem some time ago. That's my solution:
https://github.com/maciejkorzen/misc-ruby/blob/master/ssh-batch-upload-sftp-and-run.rb
- Download this script.
- Create CSV file with names of servers and passwords (I assume that login is the same on each server).
- Create script that you want to execute.
- Adjust variables in my Ruby script, run it and let it do all the work for you. :-)
Solution 3
The following will allow you to execute sudo
commands on multiple hosts while only having to enter your sudo
password once at the beginning.
What is missing is the for loop or something that sets the HOSTS
variable to the hosts you have. The script creates a file in the temp
folder that contains the sudo
password, but that file is deleted immediately. This allows the command to use the sudo
password without it being displayed in the terminal window or in your script.
#!/bin/bash
if "something"
then
else
cat > /tmp/$HOSTS-pw.sh <<EOS
#!/bin/sh
ssh user@$HOSTS sudo "your command here" <<EOC
$SUDOPW
EOC
EOS
fi
chmod 700 /tmp/$HOSTS-pw.sh
/tmp/$HOSTS-pw.sh >/dev/null
if [ -f /tmp/$HOSTS-pw.sh ]; then rm -f /tmp/$HOSTS-pw.sh; fi
echo "Enter SUDO password:"
read -s SUDOPW
for loop here!
unset SUDOPW
exit 0
![SouravA](https://i.stack.imgur.com/lrvqN.jpg?s=256&g=1)
SouravA
Updated on September 18, 2022Comments
-
SouravA almost 2 years
I have about 100 remote servers. I want to manage all my servers using one terminal server to update , run commands with sudo privileges.
I need to have one main script that takes another test script as an argument. The main script run through a with loop using a hosts file with remote server names.
The test script has all the actual sudo commands to be run on the remote servers at once
./mainscript hostfile testscript for example, test script may have "sudo yum -y update" or a string of commands.
This seems easy if I login as root user. But I want to run this as user 'admin' who has sudo privileges on all the remote servers. All these scripts are located locally on terminal server.
Please suggest me any ideas you may have to achieve this?
-
Gilles 'SO- stop being evil' over 11 yearspossible duplicate of Copying protected files between servers in one line?
-
Gilles 'SO- stop being evil' over 11 years
-
Michael Mrozek over 11 years@Gilles I'm missing something, how is this a duplicate? It seems unrelated, but has three close votes
-
Gilles 'SO- stop being evil' over 11 years@MichaelMrozek On second reading, you're right. That earlier question addresses
ssh sudo …
, but here there's the additional difficulty of scripting over many servers. -
Gilles 'SO- stop being evil' over 11 yearsWhat is your
sudo
configuration? Willadmin
have to type a password to runsudo
? If so, is this password stored in a file somewhere, or do you want to enter it interactively? -
SouravA over 11 years@Gilles I am using key based authentication on all servers and admin has sudo privileges without having to enter password on all the remote servers. Now, I need to pass a script to main script to do all the actual work.
-
-
jordanm over 11 yearsI seriously doubt anyone wants to
rm -rf /tmp
. -
Lekensteyn over 11 yearsThis is bad, it needs to setup a SSH session five times which takes quite some time for 100 servers. You'd better combine the commands like
ssh admin@server 'cat > file && chmod +x file && ./file;rm -f file' < script >output
or something like that (for chaining). Also, this answer does not answer the question with sudo. -
SouravA over 11 yearsHello all, I am using key based authentication for all the logins. But I still need to know how to use sudo in this ssh command. I am using ssh -tt admin@server , it does what it need to do ,but spits out an error "tcgetattr: Inappropriate ioctl for device" . For time being , I am redirecting the error to a log error file. Also, Lekensteyn, do you think the following commmand will be helpful instead of what alexandre suggested. ssh admin@server 'cat > file && chmod +x file && ./file;rm -f file' < testscript >output
-
BitsOfNix over 11 yearsAnswering all, Corrected the rm -rf /tmp as I what I wanted was clear the script output. Add the -t to the ssh as per sudoers specification. The sudo requires tty.