Tuesday, October 2, 2012

Run Commands Remotely on Multiple Servers

Have you ever had to run the same command on several servers? It takes a lot of time to login to each server and then run a command or group of commands. There is also the possibility for errors, so I wrote this note to remind myself how to do this, if ever I need it. To get the most from this post you need to have your SSH agent working. If your SSH agent is not working don't worry the script below will still work, but you will have to login to each server on your list as the script moves along.

I'm going to use a real world example to explain how to run commands on many servers. I often have to do security checks on my servers. Many of the checks I do consist of checking file permissions and ownership. An easy enough check, but it can take time if you have to check more then 10 servers. So with that being said, we are going to check ownership and permissions on the /etc/resolve.conf file. I will using a space theme for the terminal examples in this guide. The user account is man and the servers are earth, moon, mars and saturn

Lets get started by testing the command we are going to use.
man@earth> ssh moon ls -l /etc/resolve.conf
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
man@earth>

Ok above I logged into moon and ran the ls -l command and the result was printed to the screen. After the command executed the connection to moon was disconnected and you are returned to earth.
Test the in a script.man@earth>for s in moon
> do
> ssh -q $s ls -l /etc/resolve.conf
> done
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
man@earth>

Let me explain what is going on in the script above. The line for s in `moon` makes s a variable. So when the 3rd line says ssh -q $s it is seen as ssh -q moon, by the computer. The -q option for ssh stops any ssh banner from displaying. Which will make seeing the out put from several servers much easier to see.

Open your favorite text editor and create the file below and call it check.
#!/bin/bash
servers="moon mars saturn"
for s in $servers
do
ssh -q $s uname -n
ssh -q $s ls -l /etc/resolve.conf
done

Now lets test the check script.
man@earth> bash check
moon
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
mars
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
saturn
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
man@earth

Now the output shows the script logging into moon 2 times and running uname -n and then the ls command. Then followed by output from mars and saturn.

Note - By typing bash in front of a BASH script you can execute the script without making it executable.

To make the script a little more useful I'm adding a server list file called servers. I will also append the output of the commands to a file called result, on the server (earth). The final script is below.

Example of the servers file
moon
mars
saturn


The final script
#!/bin/bash
for s in `cat servers`
do
ssh -q $s uname -n >> result
ssh -q $s ls -l /etc/resolve.conf >> result
done



I hope this helps someone