HP UX System Adstration manual Command Fanout, Parallel Distributed Shell

Page 83

4 Command Fanout

Command fanout utilities allow the system administrator to replicate shell commands across multiple systems. Traditionally, administrators have created wrappers around tools such as remote shell (see remsh(1)) and secure shell (see ssh(1)) to provide command fanout functions.

4.1 Parallel Distributed Shell

The Distributed Systems Administration Utilities (DSAU) include the open source tool Parallel Distributed Shell (pdsh). pdsh formalizes the use of remsh and ssh for distributing commands to groups of systems. Unlike remsh/ssh wrappers, pdsh offers the following benefits:

High performance

Commands are issued in parallel to groups of target system. pdsh supports a sliding window or fanout setting to control the number of concurrent commands.

Command timeout settings

pdsh supports a command execution timeout which controls how long a remote command can execute before being disconnected (to prevent problem commands from hanging). It also supports a connect timeout which prevents blocking when remote systems are unreachable.

Output processing and return status

pdsh correctly handles stdout and stderr processing and supports returning a “worst of” return status so the caller can detect errors from remote systems.

Flexible target system specifications

pdsh supports several mechanisms for specifying the target hosts on which to operate. They can be specified on the command line, on stdin, in a well known file (/etc/machines) or in a file pointed to by the WCOLL environment variable. Specific systems can be excluded from the command line as well.

Hostlist expressions

For groups of systems using a prefixNNN naming convention (for example, h1, h2, ..., hN), pdsh allows target nodes specification using hostlist expressions such as “h[1-10]” which would fan out a command to hosts named h1 through h10.

Intelligent output filtering

pdsh prefaces each line of output with the hostname of originating system. dshbak (see dshbak(8)) is a filter that can format the standard pdsh output in several different ways. The dshbak -cflag looks for output from different hosts that is identical and consolidates the output instead of duplicating it. The header will indicate the hosts to which the consolidated output applies.

Choice of command transports

pdsh can use either remote shell rcmd (see rcmd(3)) or ssh as a command transport. Note that the ssh transport offers greatly improved security. See “Security Configuration” (page 85) for details.

Parallel copy command

The pdcp command provides a parallelized copy command to copy a local source file to multiple targets.

Figure 4-1: “pdsh Architecture ”, shows the components of pdsh and its architecture.

4.1 Parallel Distributed Shell

83

Image 83
Contents Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index List of Figures Syslog-ngLog-Forwarding ConfigurationList of Tables Consolidated Logging CommandsTarget Node Error Messages Related Information About this DocumentIntended Audience Typographic ConventionsProduct Support HP Encourages Your Comments Introduction Command Fanout Commands Distributed Systems Administration Utilities CommandsConfiguration Synchronization Command Consolidated Logging CommandsOpen Source Components Utility Setup CommandOpen Source cfengine Commands Open Source pdsh CommandsDsau Manual Page Sections Distributed Systems Administration Utilities Manual PagesOpen Source syslog-ng Command Cfengine Overview Configuration SynchronizationConfiguration Synchronization Cfengine Daemons and CommandsCfengine Overview Cfengine Master Server Deployment ModelsUsing the Configuration Synchronization Wizard Configuring cfengineWizard displays the following introductory screen Configuration Data for csyncwizard# /opt/dsau/sbin/csyncwizard Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Serviceguard Automation Features Cluster Configuration Notes for cfengineVar/opt/dsau/cfengine/inputs directory Opt/dsau/bin/csyncdispatcher Memberadded newhost Using the Wizard to Configure a Synchronization ClientWhen prompted, enter the name of the client to add Manual Configuration# mkdir -p /var/opt/dsau/cfenginemaster/inputs Manually Configuring a Standalone Synchronization ServerStart by creating the directory # cp localhost.pub root-10.0.0.5.pub # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys# cfrun -v -- --verbose # /sbin/init.d/cfservd start# cfagent --no-lock --verbose --no-splay # cfrun -- --inform# mkdir -p /csync/dsau/cfenginemaster/masterfiles Initial Serviceguard Package PreparationList Managed Clients in cfrun.hosts Policyhost = csync.abc.xyz.com# /opt/dsau/sbin/cfkey Edit the cfservd.conf File# cexec /sbin/init.d/cfservd start # ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd# cp localhost.pub root-192.10.25.12.pub # ccp * /var/opt/dsau/cfengine/ppkeys# cmapplyconf -P csync.conf # cmmodpkg -e csync Test the configuration by performing the following steps# ccp csync csync.conf /etc/cmcluster/csync Apply the package and start itOn a managed client, use the command Configuring a Synchronization Managed ClientChoosing a Synchronization Invocation Method Security NotesEncryption Checksum alerts Key ExchangeCsync Network Port Usage Encryption# /sbin/init.d/cfservd stop Disabling Use of cfengineLogging Options Checksum AlertsUnable to connect to a cfengine client or master Cfengine TroubleshootingSyntax error due to missing or superfluous spaces #cfagent -KCfagent -d, -d1, -d2, or -d3 cfservd Cfrun 2describes syslog Facilities Messages Consolidated LoggingIntroduction to syslog Syslog Message FormatImproved Log Consolidation Log Consolidation OverviewMessage Filtering Syslog Co-existence Etc/cmcluster/package-name/package-name.log Syslog-ng Log Consolidator Configuration Log Consolidation ConfigurationOpt/dsau/sbin/clogwizard Using the Log Consolidation WizardConfiguration Data for clogwizard Answer yes y. The wizard then prompts Where N is the expected number of clientsAnswer yes y or press Enter. The next question is If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Or press Enter. The next question is Configuring a Log Forwarding Client Using clogwizardEnter the ssh port to be used for port forwarding Manually Configuring a Standalone Log Consolidation Server Manually Configuring Log ConsolidationFor example, for TCP # /sbin/init.d/syslogd stop # /sbin/init.d/syslogd startReplace the %UDPLOOPBACKLOG% token with Add the following lines Create the following symbolic linkChange the Clogconfigured line to If using the TCP protocol, addLog Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens Creating the clog Package If consolidating package logs of this cluster, addIf using VxVM, comment out the LVM Volume Group line Then use cmviewcl to make sure it is running Testing and Starting the clog PackageDistribute it cluster-wide Manually Configuring a Standalone Log Forwarding Client Manually Configuring Log Forwarding ClientsUsing VxVM Instead of LVM Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% Create the following symbolic link on each cluster member If using the TCP protocol, add the following linesIf using ssh port forwarding, add Otherwise, if using the UDP protocol, addForwarding Ascii Log Data Start syslog-ngon all cluster members usingFor the filter line For the destination lineFor the log line Consolidating Package Logs on the Log Consolidation Server#/sbin/init.d/syslogd stop Perform the following steps to disable log consolidationDisabling Log Consolidation Disabling a Standalone Log Consolidation System# /sbin/init.d/syslog-ng stop Disabling a Serviceguard Cluster Log Consolidation SystemDisabling a Standalone Log Forwarding Client #/sbin/init.d/syslogd start#/sbin/init.d/syslogd stop #/sbin/init.d/syslogd start Disabling a Serviceguard Cluster Log Forwarding ClientSsh Port Forwarding Securing Consolidated LogsLog File Protections # cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Using Bastille to Harden the SystemClog Network Port Usage To log in to the System Management Homepage, navigate to Using the System and Consolidated Log ViewerViewing System and Consolidated Logs Starting System Management HomepageViewing System and Consolidated Logs Page Parallel Distributed Shell Command FanoutCwall displays a wall1M broadcast message on multiple hosts Pdsh Utility WrappersAll nodes Systems# csshsetup -r -f memberslist.txt Security ConfigurationRemote Shell Security Setup Ssh Security SetupTarget Node Error Messages Command Fanout TroubleshootingSsh Command Messages Rsh Command MessagesHP-Supported Open Source pdsh Options Page Cfanouthosts IndexLVM UDP