At work with the growth of clients in firm network I need to distribute updates automatically.
To do this I encountered a lot af weird problems due to Linux grants and Bash execution.
So let's have a look to our structure.
We have one server (a CentOS 6.5 in this case, but it's not significant) and many Ubuntu 12.04 LTS clients (also this is not very signficant).
you need this to create a public and a private key useful to subsitute to the password.
Then send to the server the public key generated on client
Adjust grants to permit only to root to manage this file.
The authorized_keys is the file where every client will store its public key, so at every login, server will check this file to recognize the key sent from the client.
I define that this file should download at every execution some file from server via SCP.
Once opened SSH, also SCP is opened.
The next step is to define when this script should be called. I decided to define this directly on crontab. Due to user grants, the simplest way to do this is to log in as root on the client and access to root's crontab. So type
and then insert this line
In this manner I define that twice a day, at 9 A.M. and 2 P.M. this script will be executed and both STDOUT and STDERR will redirect to the file "update.log".
You can define every hour or day you prefer, this is only an example.
For a more detailed guide about crontab see this: www.thegeekstuff.com/practical-crontab-examples/
For this reason, on the client I create a script that will send automatically an email every time the log file will be written.
That's all. This is only a little aspect that could show you the potentiality of this tool.
For example I use this to update blacklists and whitelists on clients Dansguardian or to update an https proxy that I've made and that I accurately dscrive on this pages soon or later.
Thanks all and don't hesitate to ask if you are confused about this.
To do this I encountered a lot af weird problems due to Linux grants and Bash execution.
So let's have a look to our structure.
We have one server (a CentOS 6.5 in this case, but it's not significant) and many Ubuntu 12.04 LTS clients (also this is not very signficant).
Our goal
Download automatically from every client some settings (whatever you want) from server and update automatically the client settings.Step 1 - SSH automatically to server
On client
First of all I need to ssh automatically to server. So log as root on the client and then type ssh-keygen -t rsa
you need this to create a public and a private key useful to subsitute to the password.
Then send to the server the public key generated on client
cd /root/
cat .ssh/id_rsa.pub | ssh [username]@[servername] -p [port] 'cat >> .ssh/authorized_keys'
On server
chmod 700 .ssh
chmod 640 .ssh/authorized_keys
Adjust grants to permit only to root to manage this file.
The authorized_keys is the file where every client will store its public key, so at every login, server will check this file to recognize the key sent from the client.
Step 2 - Configure the automation
On client
Now that we managed to login automatically every time we want, let's see how we could automate something.
First I create the file to be automated, something like this, named "script_to_execute.sh"
#!/bin/bash
scp -P [port] -c blowfish -C [username]@[servername]:/source_path/script /destination_path/s I define that this file should download at every execution some file from server via SCP.
Once opened SSH, also SCP is opened.
The next step is to define when this script should be called. I decided to define this directly on crontab. Due to user grants, the simplest way to do this is to log in as root on the client and access to root's crontab. So type
crontab -e
and then insert this line
0 9,14 * * * /bin/sh /path/script 2>&1 | tee -a /path/update.log
In this manner I define that twice a day, at 9 A.M. and 2 P.M. this script will be executed and both STDOUT and STDERR will redirect to the file "update.log".
You can define every hour or day you prefer, this is only an example.
For a more detailed guide about crontab see this: www.thegeekstuff.com/practical-crontab-examples/
Step 3 - Create an alert
On client
In the past two steps we've seen how to log on automatically and how to automate the execution of a script. Now we need to know if our automatic updates are working or not.For this reason, on the client I create a script that will send automatically an email every time the log file will be written.
#!/bin/bash
# sendemail.sh
subject="Log update PC "
pcname=`cat /etc/hostname`
subject=$subject$pcname
email="recipient@foo.com"
# copy the content of update.log to emailmessage variable
emailmessage=`cat /path/update.log`
logfile="/path/update.log"
actualsize=$(du -b "$logfile" | cut -f 1)
# check if update.log file contains something
if [ $actualsize -gt 0 ]; then
sendEmail -f sender@foo.com -t "$email" -u "$subject" -m "$emailmessage" -s [smtp_name]:[smtp_port] -xu [smtp_username] -xp [smtp_password]
fi
# delete update.log
rm /path/update.log
That's all. This is only a little aspect that could show you the potentiality of this tool.
For example I use this to update blacklists and whitelists on clients Dansguardian or to update an https proxy that I've made and that I accurately dscrive on this pages soon or later.
Thanks all and don't hesitate to ask if you are confused about this.
No comments:
Post a Comment