Massadmin
    Parallelizes system commands on mass remote servers.
News | Documentation | Download | License | Support

Help support massadmin!

Usage

/usr/local/bin/massadmin options

    -c conf_file: commands list file.
    -e cmd_list : comma separated list of commands.
    -l srv_list : servers list file.
    -h host_list: comma separated list of servers.
    -d          : debug mode.
    -o out_file : output result to a file. Default is stdout.
    -q nb_proc  : change limit to nb_proc concurrent processes. Default: 15.
    -r dir      : change running directory to dir.
    -p log_list : comma separated list of login:password pair to use.

I really recommand you to test with the -d option on a single computer the massadmin commands you will defined before running them on all you remote servers. Remember that untested commands can mass damage your servers especialy when they are run as root user!

Servers list

Servers list file

You must set the -l command line option to specify the server list file to use to specify the remote hosts to connect to and the login/password pair to use.

Format of the server list file:

    chdir:/jump/dir
    login:login1:login2:login3...
    password:pass1:pass2:pass3...
    hostname:login:passwd

Note: All these configuration directives can be replaced with command line options to allow dynamic calls (using xargs for example).

chdir

The 'chdir' directive is used to force massadmin to change the running directory of massadmin. This overriden with the -r command line option (see USAGE).

login and password

These two directives 'login' and 'password' are used to defined a common set of login/password pair to use to connect to all following hostname definition. Each login and password will be tried/used until a connection to the server is openned and this is repeated for all servers in the list.

The separator is the colon character ':'. If you have this character in the password you have to add a backslash (\) before it.

These two directives can be replaced by the -p command line option (see USAGE).

hostname definition

The hostname line must be replaced by the server real hostname or his ip address. You can also give a specific login/password for this host separated by the colon character ':'. If you have this character in the password you have to add a backslash (\) before.

Each defined host will be ping before all. If a server is not responding, it will be removed from the list and a warnong message will be displayed.

Command line server list

You may want to specify dynamically the server list to massadmin, for that use the -h command line option. The value of this option is a comma separated list of hostname like in the servers list file.

For example:

    massadmin -h "srv1.mydom.com:root:adm12,srv2.mydom.com:root:adm34"

or the same but using the global login/password definition with the -p option

    massadmin -h "srv1.mydom.com,srv2.mydom.com" -p "root:adm12,root:adm34"

If you have a comma in you password, you have to add a backslash (\) before as well has the login/password colon separator ':'.

Configuration file

Format:

    protocol:authen:command1:command2:...:

Where

    - Protocol can be: FTP,TELNET,RSH,SSH,SCP,SFTP
    - Authen is the "login;password" phrase. Separator is a semi-colon ';'.
    - command is any command handled by this protocol

Authen can be empty if you set login/password into the host list file.

Example:

    FTP:ftpuser;ftppasswd:lcd /usr/tmp/:cd /usr/tmp:put foo.txt bar.txt:
    TELNET:username;userpassw:cd /home/foo:rm bar.txt:
    RSH:root:ls -la:

If you want to retrieve the output of a command just add a pipe at the end of the command, the result of the command will be added to the output stream:

    RSH:root:ls -la:
    FTP:ftpuser;ftppasswd:lcd /ust/tmp/:cd /usr/tmp:ls -la|:bye:
    TELNET:usernam;userpassw:cd /home/toto:ls *.txt|:exit:
    SSH:usernam;userpassw:cd /home/toto:ls *.txt|:exit:
    # Local to remote (put)
    SCP:usernam;userpassw:local_source_file:remote_destination_file
    SCP:usernam;userpassw:local_source_dir:remote_destination_dir
    # Remote to local (get)
    SCP:usernam;userpassw::local_destination_file:remote_file
    SCP:usernam;userpassw::local_destination_dir:remote_dir
    SFTP:usernam;userpassw:cd /usr/tmp/:put foo.txt

All entries defined in the file are executed in the given order.

Some examples:

    FTP::cd /usr/tmp/:del crontab.txt:del newcron.sh:put crontab.txt:ls |
    RSH::perl /root/change_network.pl|
    FTP::cd /home/someuser/:ls -la|:ls -la|
    TELNET::ls -la|:ps auxw | grep "named" |
    SSH::cd /home/someuser/:ls -la|:ls -la|
    # Local to remote (put)
    SCP::localarch.tar.gz:/user/tmp/localarch.tar.gz
    SCP::/opt/someApp/:/home/program/
    # Remote to local (get)
    SCP:::/usr/tmp/localarch.tar.gz:localarch.tar.gz
    # Remote to local (recursive get)
    SCP:::/home/program/:/opt/someApp/

Here is how to do a su - as root user, the su - and root password is separated by a space character.

    TELNET::su - RootPwd:ls -la |
or
    SSH::su - RootPwd:ls -la |

In each command definition you can use the %SRVEXE_HOST special keyword, it will be replaced by the remote server hostname in which the command is executed. This is useful for example if you make backup and want to add the hostname into a filename.

Special characters

Remember that the commands are passed to a Perl program (massadmin) so if you have special Perl characters like $ or other you need to escape them.

For example a call to a perl command to replace some string into a file must be written like that: 

    massadmin -h remotehost -p "root:admpasswd" -e "SSH::perl -p -i -e 's/cn\: ([^\\s]+) (.*)/cn\: \$2 \$1/' ldap-add.ldiff"

This command revert the first and last name in a LDAP ldiff file.

The normal perl command line substitution call would be: 

    perl -p -i -e 's/cn: ([^\s]+) (.*)/cn: $2 $1/' ldap-add.ldiff

Please always test your massadmin command before running it on mass hosts.

Authentication

The authentication on remote servers can be defined at 3 different levels. Here are how they are used by massadmin in the order they will be executed.

Command line level

The command line configuration file support a per command authentication level. If you defined authent at this level, it will override all other authentication method. Or more precisely this will be the first tried, if it failed the 2 other authentication level will be tried.

Hostname level

The hostname definition allow a per host authentication level. If you defined authent at this level, it will override the global login/password definition.

Global level

In the login/password server list configuration directive you can defined a set of authentication users and password that will be tried on each remote servers in the order they are written.

In this example:

    ./massadmin -h "remotesrv.mydom:root:mdpadm" -p "admin:pass1,root:pass2" \
    -e 'SSH:root;myadmpass:/usr/sbin/ether-wake 00\:25\:44\:DA\:43\:BF |:exit:'

The first authentication that will be tried is the one given in the SSH command, 'root;myadmpass'. If it fail or is not defined, this will be the one given in the remote server definition, 'root:mdpadm' and if it fail or is not defined here, massadmin will try each authentication defined in the -p command line option, 'admin:pass1' first and if it fail 'root:pass2'.

 
Copyright (c) 2002-2010 Gilles Darold - All rights reserved. (GPL v3).