Re: [CentOS] use pssh to restart a service
> > This is why it is paramount to use visudo command as opposed editing the > /etc/sudoers file directly! The visudo command will check the edited > temporary sudoers file syntax before committing to /etc! Ok! Makes sense! I'll make sure I do that from now on! Thanks!! Tim On Mon, Nov 2, 2015 at 5:25 AM, Anthony K wrote: > On 02/11/15 12:35, Tim Dunphy wrote: > >> Hey Gordon, >> >> Sorry, man my bad! Disabling the tty requirement for my sudo user does >> indeed work. I had a type-o in the sudoers file, and when I corrected it, >> my sudo command via pssh started working! >> >> This is why it is paramount to use visudo command as opposed editing the > /etc/sudoers file directly! The visudo command will check the edited > temporary sudoers file syntax before committing to /etc! > > ak. > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] use pssh to restart a service
On 02/11/15 12:35, Tim Dunphy wrote: Hey Gordon, Sorry, man my bad! Disabling the tty requirement for my sudo user does indeed work. I had a type-o in the sudoers file, and when I corrected it, my sudo command via pssh started working! This is why it is paramount to use visudo command as opposed editing the /etc/sudoers file directly! The visudo command will check the edited temporary sudoers file syntax before committing to /etc! ak. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] use pssh to restart a service
Hey Gordon, Sorry, man my bad! Disabling the tty requirement for my sudo user does indeed work. I had a type-o in the sudoers file, and when I corrected it, my sudo command via pssh started working! #pssh -i -h es_list "/bin/sudo /bin/systemctl restart elasticsearch; sleep 10" [1] 20:31:32 [SUCCESS] bluethu...@es3.jokefire.com Stderr: sudo: sorry, you must have a tty to run sudo [2] 20:31:32 [SUCCESS] bluethu...@es2.jokefire.com [3] 20:31:32 [SUCCESS] bluethu...@es1.jokefire.com I'm still getting the 'sorry you must have a tty to run sudo' message coming from one of the nodes. But the command succeeds so it's no big deal! Odd tho that one node would be barking about that, considering my sudoers is distributed via puppet. Anyway, it's all good as far as I'm concerned. At least this works! I'll check that 3rd node and see if there's any difference to the sudoers file I guess. Thanks for your help! Tim On Sun, Nov 1, 2015 at 7:06 PM, Gordon Messmer wrote: > On 10/31/2015 04:16 PM, Tim Dunphy wrote: > >> Got the same exact message! >> >> Anything else I can try? >> > > I think you need to double-check your sudoers file. Use the '-i' argument > to pssh to get more information. > > # cat /etc/sudoers.d/gordon > gordonALL=(ALL)NOPASSWD: ALL > > $ pssh -h t -i sudo echo true > [1] 16:02:12 [FAILURE] MYHOST Exited with error code 1 > Stderr: sudo: sorry, you must have a tty to run sudo > > > > # cat /etc/sudoers.d/gordon > Defaults:gordon!requiretty, visiblepw > gordonALL=(ALL)NOPASSWD: ALL > > $ pssh -h t -i sudo echo true > [1] 16:02:30 [SUCCESS] MYHOST > true > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] use pssh to restart a service
On 10/31/2015 04:16 PM, Tim Dunphy wrote: Got the same exact message! Anything else I can try? I think you need to double-check your sudoers file. Use the '-i' argument to pssh to get more information. # cat /etc/sudoers.d/gordon gordonALL=(ALL)NOPASSWD: ALL $ pssh -h t -i sudo echo true [1] 16:02:12 [FAILURE] MYHOST Exited with error code 1 Stderr: sudo: sorry, you must have a tty to run sudo # cat /etc/sudoers.d/gordon Defaults:gordon!requiretty, visiblepw gordonALL=(ALL)NOPASSWD: ALL $ pssh -h t -i sudo echo true [1] 16:02:30 [SUCCESS] MYHOST true ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] use pssh to restart a service
Can you try: 'sh -c "/bin/sudo -S /bin/systemctl restart elasticsearch"' Or perhaps without the single quotes, as well. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Tim Dunphy" > To: "CentOS mailing list" > Sent: Saturday, 31 October, 2015 23:16:57 > Subject: Re: [CentOS] use pssh to restart a service >> >> What does the sudo log say? > > > This is all the secure logs say about the ssh session: > > [root@logs:~] #tail -f /var/log/secure > Oct 31 19:15:20 logs sshd[24407]: Accepted publickey for bluethundr from > 47.18.111.100 port 47469 ssh2: RSA > ae:62:1f:de:54:89:af:2c:10:16:0e:fd:8d:7e:81:06 > Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session opened > for user bluethundr by (uid=0) > Oct 31 19:15:21 logs sshd[24410]: Received disconnect from 47.18.111.100: > 11: disconnected by user > Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session closed > for user bluethundr > > No change in the logs after making the suggested change to disable tty: > > [root@logs:~] #cat /etc/sudoers.d/bluethundr > Defaults:myuser!requiretty, visiblepw > > Got the same exact message! > > Anything else I can try? > > Thanks > > On Sat, Oct 31, 2015 at 5:34 PM, Gordon Messmer > wrote: > >> On 10/31/2015 02:04 PM, Tim Dunphy wrote: >> >>> pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" >>> >> >> The default configuration prohibits use if input echo can't be disabled. >> That means no "-S". >> >> I modify that for users where necessary: >> >> /etc/sudoers.d/myuser: >> Defaults:myuser!requiretty, visiblepw >> >> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] use pssh to restart a service
> > What does the sudo log say? This is all the secure logs say about the ssh session: [root@logs:~] #tail -f /var/log/secure Oct 31 19:15:20 logs sshd[24407]: Accepted publickey for bluethundr from 47.18.111.100 port 47469 ssh2: RSA ae:62:1f:de:54:89:af:2c:10:16:0e:fd:8d:7e:81:06 Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session opened for user bluethundr by (uid=0) Oct 31 19:15:21 logs sshd[24410]: Received disconnect from 47.18.111.100: 11: disconnected by user Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session closed for user bluethundr No change in the logs after making the suggested change to disable tty: [root@logs:~] #cat /etc/sudoers.d/bluethundr Defaults:myuser!requiretty, visiblepw Got the same exact message! Anything else I can try? Thanks On Sat, Oct 31, 2015 at 5:34 PM, Gordon Messmer wrote: > On 10/31/2015 02:04 PM, Tim Dunphy wrote: > >> pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" >> > > The default configuration prohibits use if input echo can't be disabled. > That means no "-S". > > I modify that for users where necessary: > > /etc/sudoers.d/myuser: > Defaults:myuser!requiretty, visiblepw > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] use pssh to restart a service
On 10/31/2015 02:04 PM, Tim Dunphy wrote: pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" The default configuration prohibits use if input echo can't be disabled. That means no "-S". I modify that for users where necessary: /etc/sudoers.d/myuser: Defaults:myuser!requiretty, visiblepw ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] use pssh to restart a service
Tim, What does the sudo log say? -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Tim Dunphy" > To: "CentOS mailing list" > Sent: Saturday, 31 October, 2015 21:22:28 > Subject: Re: [CentOS] use pssh to restart a service >> >> Have you tried running the command from a conventional login? >> sudo -S >> expects a password from stdin, where is that being supplied? > > > Yep! That works fine. > > #ssh -qt bluethu...@es1.example.com "/bin/sudo -S /bin/systemctl restart > elasticsearch" > #ssh -qt bluethu...@es1.example.com "/bin/echo $?" > 0 > > And the user has 'NOPASSWD' access. > > Any ideas? > > Thanks, > Tim > > On Sat, Oct 31, 2015 at 5:09 PM, Tony Schreiner > wrote: > >> On Sat, Oct 31, 2015 at 5:04 PM, Tim Dunphy wrote: >> >> > Hi all, >> > >> > I need to restart a service on a few elasticsearch nodes. I'm trying to >> do >> > it with pssh. >> > >> > I'm getting this error when I try to do that: >> > >> > pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" >> > [1] 17:01:50 [FAILURE] bluethu...@es2.example.com Exited with error >> code 1 >> > [2] 17:01:51 [FAILURE] bluethu...@es3.example.com Exited with error >> code 1 >> > [3] 17:01:51 [FAILURE] bluethu...@es1.example.com Exited with error >> code 1 >> > >> > I have to sudo up from my user account as root logins are disallowed. >> > >> > However a simple 'echo hello' command that doesn't require sudo works >> fine: >> > >> > #pssh -h es_list "/bin/echo hello" >> > [1] 17:00:40 [SUCCESS] bluethu...@es1.example.com >> > [2] 17:00:41 [SUCCESS] bluethu...@es3.example.com >> > [3] 17:00:41 [SUCCESS] bluethu...@es2.example.com >> > >> > What am I doing wrong? >> > >> > Thanks, >> > Tim >> > >> > >> Have you tried running the command from a conventional login? >> >> sudo -S >> expects a password from stdin, where is that being supplied? >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] use pssh to restart a service
> > Have you tried running the command from a conventional login? > sudo -S > expects a password from stdin, where is that being supplied? Yep! That works fine. #ssh -qt bluethu...@es1.example.com "/bin/sudo -S /bin/systemctl restart elasticsearch" #ssh -qt bluethu...@es1.example.com "/bin/echo $?" 0 And the user has 'NOPASSWD' access. Any ideas? Thanks, Tim On Sat, Oct 31, 2015 at 5:09 PM, Tony Schreiner wrote: > On Sat, Oct 31, 2015 at 5:04 PM, Tim Dunphy wrote: > > > Hi all, > > > > I need to restart a service on a few elasticsearch nodes. I'm trying to > do > > it with pssh. > > > > I'm getting this error when I try to do that: > > > > pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" > > [1] 17:01:50 [FAILURE] bluethu...@es2.example.com Exited with error > code 1 > > [2] 17:01:51 [FAILURE] bluethu...@es3.example.com Exited with error > code 1 > > [3] 17:01:51 [FAILURE] bluethu...@es1.example.com Exited with error > code 1 > > > > I have to sudo up from my user account as root logins are disallowed. > > > > However a simple 'echo hello' command that doesn't require sudo works > fine: > > > > #pssh -h es_list "/bin/echo hello" > > [1] 17:00:40 [SUCCESS] bluethu...@es1.example.com > > [2] 17:00:41 [SUCCESS] bluethu...@es3.example.com > > [3] 17:00:41 [SUCCESS] bluethu...@es2.example.com > > > > What am I doing wrong? > > > > Thanks, > > Tim > > > > > Have you tried running the command from a conventional login? > > sudo -S > expects a password from stdin, where is that being supplied? > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] use pssh to restart a service
On Sat, Oct 31, 2015 at 5:04 PM, Tim Dunphy wrote: > Hi all, > > I need to restart a service on a few elasticsearch nodes. I'm trying to do > it with pssh. > > I'm getting this error when I try to do that: > > pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" > [1] 17:01:50 [FAILURE] bluethu...@es2.example.com Exited with error code 1 > [2] 17:01:51 [FAILURE] bluethu...@es3.example.com Exited with error code 1 > [3] 17:01:51 [FAILURE] bluethu...@es1.example.com Exited with error code 1 > > I have to sudo up from my user account as root logins are disallowed. > > However a simple 'echo hello' command that doesn't require sudo works fine: > > #pssh -h es_list "/bin/echo hello" > [1] 17:00:40 [SUCCESS] bluethu...@es1.example.com > [2] 17:00:41 [SUCCESS] bluethu...@es3.example.com > [3] 17:00:41 [SUCCESS] bluethu...@es2.example.com > > What am I doing wrong? > > Thanks, > Tim > > Have you tried running the command from a conventional login? sudo -S expects a password from stdin, where is that being supplied? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] use pssh to restart a service
Hi all, I need to restart a service on a few elasticsearch nodes. I'm trying to do it with pssh. I'm getting this error when I try to do that: pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" [1] 17:01:50 [FAILURE] bluethu...@es2.example.com Exited with error code 1 [2] 17:01:51 [FAILURE] bluethu...@es3.example.com Exited with error code 1 [3] 17:01:51 [FAILURE] bluethu...@es1.example.com Exited with error code 1 I have to sudo up from my user account as root logins are disallowed. However a simple 'echo hello' command that doesn't require sudo works fine: #pssh -h es_list "/bin/echo hello" [1] 17:00:40 [SUCCESS] bluethu...@es1.example.com [2] 17:00:41 [SUCCESS] bluethu...@es3.example.com [3] 17:00:41 [SUCCESS] bluethu...@es2.example.com What am I doing wrong? Thanks, Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
