Keeping several machines updated using “dsh” and “sudo”

Published
by
cyco
4 years, 1 month ago
in Debian
. Tags: , , .

If you manage a whole bunch of servers or client workstations (or both), it comes in handy
to update them all with just one command.
(Credits: This is based on an article to be found in the “Linux Magazin 5/2003, page 33″. Thanks!)

Servers/Workstations

Run:

# adduser –disabled-login update
# apt-get install sudo

Use “visudo” to edit /etc/sudoers similar to:

Cmnd_Alias      APTGET = /usr/bin/apt-get update,
/usr/bin/apt-get -y upgrade, /usr/bin/apt-get -y dist-upgrade
root	          ALL=(ALL) ALL
update          ALL = NOPASSWD : APTGET

This allows user “root” to execute every command on every machine (default) as well as the user “update”
to execute all commands from APTGET as root on every machines without having to enter a password.

(If you have a NIS/NFS-network, of course just add the user “update” to the NIS-server and add
“+update:*:::::” to the other machines.)

You also have to create the file ~update/.ssh/authorized_keys which simply holds the public-key(s) from the key-pair(s) to be generated on the initiating machine(s) (see below). This allows you to login to your servers/workstations as user “update” without having to provide a password.

The initiating machine

Run:

# apt-get install dsh

/etc/dsh/dsh.conf:

verbose = 0
remoteshell = ssh
showmachinenames = 1
waitshell = 1

~/.dsh/machines.list:

update@machine1
update@machine2
[...]

This configures the “dancer’s shell”.

If you don’t already have an ssh-keypair, generate one (man ssh-keygen) and - as mentioned above -
copy the public-key to your machines’ ~update/.ssh/authorized_keys file(s).

Update all machines using:

# dsh -a — ’sudo apt-get update && sudo apt-get -y upgrade’

You might also want to use “-c” as an option to dsh. Check out its manpage.

Creative Commons License
The Keeping several machines updated using “dsh” and “sudo” by Cyconet Blog, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License. Terms and conditions beyond the scope of this license may be available at blog.waja.info.

0 Responses to “Keeping several machines updated using “dsh” and “sudo””

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

Too Cool for Internet Explorer