Find the answer to your Linux question:
Results 1 to 9 of 9
I have to add to specific users - john28 and joe54 to the group wheel. I then have to go into /etc/sudoers and make sure that requiretty is commented out ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2011
    Posts
    87

    I need help writing a bash script


    I have to add to specific users - john28 and joe54 to the group wheel. I then have to go into /etc/sudoers and make sure that requiretty is commented out (#). I have to do this to about 40 Red Hat servers, and a script would make the entire process a lot easier.

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,380
    Have a look at Puppet
    It is worth the learning
    Documentation | Puppet Labs - Type Reference
    You must always face the curtain with a bow.

  3. #3
    drl
    drl is offline
    Linux Engineer drl's Avatar
    Join Date
    Apr 2006
    Location
    Saint Paul, MN, USA / CentOS, Debian, Slackware, {Free, Open, Net}BSD, Solaris
    Posts
    1,286
    Hi.

    For a less capable utility (but also less complex than puppet from the looks of it), I use pdsh for some simple tasks that require remote access. It can use ssh.
    Description: Efficient rsh-like utility, for using hosts in parallel
    Pdsh is a high-performance, parallel remote shell utility, similar to dsh.
    It has built-in, thread-safe clients for rsh. Pdsh uses a "sliding window"
    parallel algorithm to conserve socket resources on the initiating node and
    to allow progress to continue while timeouts occur on some connections.
    .
    It makes all parallel connections from one client machine, and attempts to
    keep 32 (default, can be changed on command line) connections to remote
    machines at any given time. It can run single commands or as an interactive
    shell.
    ( from Debian apt-cache show pdsh)
    It was in the repository for Debian (lenny, at least). More information at: https://computing.llnl.gov/linux/pdsh.html

    At one company I worked at, the IT staff used cfengine to help maintain a few hundred Linux workstations, Precision in IT Infrastructure Engineering - CFEngine I thought it was very complicated, but perhaps that was because every now and then the display would roll and roll and roll when cfengine was working.

    Good luck ... cheers, drl
    Welcome - get the most out of the forum by reading forum basics and guidelines: click here.
    90% of questions can be answered by using man pages, Quick Search, Advanced Search, Google search, Wikipedia.
    We look forward to helping you with the challenge of the other 10%.
    ( Mn, 2.6.n, AMD-64 3000+, ASUS A8V Deluxe, 1 GB, SATA + IDE, Matrox G400 AGP )

  4. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,380
    We used cfengine v2 before and the choice was either a complete rewrite of our .cf scripts to version 3 (as we were using some deprecated and say.. odd constructs)
    or a complete rewrite to puppet.

    The experience we made with the migration to puppet was, that the definitions are much shorter and easier to read now.
    Also, it is no longer neccessary to copy the whole cfengine directory structure to each host. Which is a great gain, as some of the files do contain accounts, that are exclusive to a environment.

    So it was impossible to share the same scripts with the developers and qa guys.
    We can now with a combination of puppet, hiera, augeas, git and quite a lot of thought on how to define modules and classes.

    But to be fair, we didnt give cfengine 3 the same effort.
    It is for sure more than worth a look also.


    There are also other system/config management tools, all require reading documentation, testing, reading again, etc.
    But once one understands such a tool, it becomes easy to maintain hundreds/thousands of machines.

    40 is already a number, that I wouldnt want to do maintencance without one.
    In fact my few machines at home are puppet controlled, but ymmv.
    You must always face the curtain with a bow.

  5. #5
    drl
    drl is offline
    Linux Engineer drl's Avatar
    Join Date
    Apr 2006
    Location
    Saint Paul, MN, USA / CentOS, Debian, Slackware, {Free, Open, Net}BSD, Solaris
    Posts
    1,286
    Hi.

    Good comments. the OP should be able to find something among the suggestions ... cheers, drl
    Welcome - get the most out of the forum by reading forum basics and guidelines: click here.
    90% of questions can be answered by using man pages, Quick Search, Advanced Search, Google search, Wikipedia.
    We look forward to helping you with the challenge of the other 10%.
    ( Mn, 2.6.n, AMD-64 3000+, ASUS A8V Deluxe, 1 GB, SATA + IDE, Matrox G400 AGP )

  6. #6
    Just Joined!
    Join Date
    Jan 2011
    Posts
    87
    I just need help writing a script... I'm confused what all of this talk about AIX is about.

  7. #7
    drl
    drl is offline
    Linux Engineer drl's Avatar
    Join Date
    Apr 2006
    Location
    Saint Paul, MN, USA / CentOS, Debian, Slackware, {Free, Open, Net}BSD, Solaris
    Posts
    1,286
    Hi.
    Quote Originally Posted by pauhn View Post
    I just need help writing a script... I'm confused what all of this talk about AIX is about.
    I apparently missed that -- where was AIX mentioned here? Or did you mean at the LINL page? I think I mentioned that it was running on my Linux (Debian 5, "lenny").

    Did you check your distribution repository? ... cheers, drl
    Last edited by drl; 08-16-2011 at 09:06 PM.
    Welcome - get the most out of the forum by reading forum basics and guidelines: click here.
    90% of questions can be answered by using man pages, Quick Search, Advanced Search, Google search, Wikipedia.
    We look forward to helping you with the challenge of the other 10%.
    ( Mn, 2.6.n, AMD-64 3000+, ASUS A8V Deluxe, 1 GB, SATA + IDE, Matrox G400 AGP )

  8. #8
    Just Joined!
    Join Date
    Jan 2011
    Posts
    87
    This puppet stuff: manages_aix_lam: The provider can manage AIX Loadable Authentication Module (LAM) system.

  9. #9
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,380
    That is a "provider", that deals with a AIX speciality.

    For your usecase, a manifest like this would deal with the user creation part:


    Arbitrary chosen filename: pauhn_users.pp
    Code:
    # pauhn_users.pp
    
    user { 'john28':
      ensure  => 'present',
      comment => 'John 28',
      gid     => 'users',
      home    => '/home/john28',
      shell   => '/bin/bash',
      uid     => '1000',
      groups  => 'wheel',
      password => 'JOHN28_HASH',
      managehome => 'true',
    }
    
    user { 'joe54':
      ensure  => 'present',
      comment => 'Joe 54',
      gid     => 'users',
      home    => '/home/joe54',
      shell   => '/bin/bash',
      uid     => '1000',
      groups  => 'wheel',
      password => 'JOE54_HASH',
      managehome => 'true',
    }
    Note: tested with puppet 2.7.3.

    You would apply that with
    Code:
    puppet apply -v pauhn_users.pp

    Now, for actual deployment, you would need a
    - puppet server
    - a certain directory structure plus filenames (pauhn_users.pp would be init.pp in a "module" of your choice)
    - puppet clients on your 40 machines
    - some sort of revision control (svn, git)

    Of course, the example manifest above can be (much) improved and abstracted.
    I would recommend to try the tutorial. http://docs.puppetlabs.com/learning/
    Maybe you like it and find it usefull for your scenario.


    A simple approach for the sudoers task is to have the modified file available via a puppet URL, and to distribute it from there to all machines.
    A slightly more interesting way is to modify the existing /etc/sudoers via the augeas tool, which can be used via puppet as well.
    Last edited by Irithori; 08-17-2011 at 08:11 AM. Reason: version update
    You must always face the curtain with a bow.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •