massadmin - parallelizes system commands on mass remote servers.
This program is used to send multiple system commands to a group of UNIX like
remote servers simultaneously using concurrent processes. Supported protocol:
FTP, SFTP, TELNET, SSH and SCP. With telnet and ssh all system command are
supported provide that they are not interactive.
His main usage is to send repetitive sysadmin task to a group of servers but you
can also use it for automatic ftp or scp backup and much more.
Commands are exactly those you will type on your terminal. It also allow you to
use 'su -' to execute your commands with TELNET and SSH protocols.
For example, suppose that you want to install a new printer driver on your
hundred of Cups servers, with massadmin, you can ftp or scp the new files or a
tarball to each server and move or untar files and reload cups in less than 10
Or you may want to wake up a computer on a remote lan using a local server:
./massadmin -h "remotesrv.mydom:root:mdpadm" -e 'SSH::/usr/sbin/ether-wake 00\:25\:44\:DA\:43\:BF |:exit:'
This will execute the ether-wake command line on the remotesrv.mydom server as
-c conf_file: commands list file.
-e cmd_list : comma separated list of commands.
-l srv_list : servers list file.
-h host_list: comma separated list of servers.
-d : debug mode.
-o out_file : output result to a file. Default is stdout.
-q nb_proc : change limit to nb_proc concurrent processes. Default: 15.
-r dir : change running directory to dir.
-p log_list : comma separated list of login:password pair to use.
-t seconds : set the timeout for all connections. Default is 60 seconds.
I really recommand you to test with the -d option on a single computer the
massadmin commands you will defined before running them on all you remote
servers. Remember that untested commands can mass damage your servers
especialy when tey are run asd root user!
Servers list file
You must set the -l command line option to specify the server list file to use
to specify the remote hosts to connect to and the login/password pair to use.
Format of the server list file:
Note: All these configuration directives can be replaced with command line
options to allow dynamic calls (using xargs for example).
- The 'chdir' directive is used to force massadmin to change the running
directory of massadmin. This overriden with the -r command line option
- login and password
- These two directives 'login' and 'password' are used to defined a common
set of login/password pair to use to connect to all following hostname
definition. Each login and password will be tried/used until a connection
to the server is openned and this is repeated for all servers in the list.
The separator is the colon character ':'. If you have this character in the
password you have to add a backslash (\) before it.
These two directives can be replaced by the -p command line option (see
Command line server list
- hostname definition
- The hostname line must be replaced by the server real hostname or his ip
address. You can also give a specific login/password for this host
separated by the colon character ':'. If you have this character in the
password you have to add a backslash (\) before.
Each defined host will be ping before all. If a server is not responding, it
will be removed from the list and a warnong message will be displayed.
You may want to specify dynamically the server list to massadmin, for that use
the -h command line option. The value of this option is a comma separated list
of hostname like in the servers list file.
massadmin -h "srv1.mydom.com:root:adm12,srv2.mydom.com:root:adm34"
or the same but using the global login/password definition with the -p option
massadmin -h "srv1.mydom.com,srv2.mydom.com" -p "root:adm12,root:adm34"
If you have a comma in you password, you have to add a backslash (\) before as
well has the login/password colon separator ':'.
- Protocol can be: FTP,TELNET,RSH,SSH,SCP,SFTP
- Authen is the "login;password" phrase. Separator is a semi-colon ';'.
- command is any command handled by this protocol
Authen can be empty if you set login/password into the host list file.
FTP:ftpuser;ftppasswd:lcd /usr/tmp/:cd /usr/tmp:put foo.txt bar.txt:
TELNET:username;userpassw:cd /home/foo:rm bar.txt:
If you want to retrieve the output of a command just add a pipe at the end of
the command, the result of the command will be added to the output stream:
FTP:ftpuser;ftppasswd:lcd /ust/tmp/:cd /usr/tmp:ls -la|:bye:
TELNET:usernam;userpassw:cd /home/toto:ls *.txt|:exit:
SSH:usernam;userpassw:cd /home/toto:ls *.txt|:exit:
# Local to remote (put)
# Remote to local (get)
SFTP:usernam;userpassw:cd /usr/tmp/:put foo.txt
All entries defined in the file are executed in the given order.
FTP::cd /usr/tmp/:del crontab.txt:del newcron.sh:put crontab.txt:ls |
FTP::cd /home/someuser/:ls -la|:ls -la|
TELNET::ls -la|:ps auxw | grep "named" |
SSH::cd /home/someuser/:ls -la|:ls -la|
# Local to remote (put)
# Remote to local (get)
Here is how to do a su - as root user, the su - and root password is separated
by a space character.
TELNET::su - RootPwd:ls -la |
In each command definition you can use the %SRVEXE_HOST special keyword, it will
be replaced by the remote server hostname in which the command is executed.
This is useful for example if you make backup and want to add the hostname
into a filename.
Remember that the commands are passed to a Perl program (massadmin) so if you
have special Perl characters like $ or other you need to escape them.
For example a call to a perl command to replace some string into a file must be
written like that:
massadmin -h remotehost -p "root:admpasswd" \
-e "SSH::perl -p -i -e 's/cn\: ([^\\s]+) (.*)/cn\: \$2 \$1/' ldap-add.ldiff"
This command revert the first and last name in a LDAP ldiff file.
The normal perl command line substitution call would be:
perl -p -i -e 's/cn: ([^\s]+) (.*)/cn: $2 $1/' ldap-add.ldiff
Please always test your massadmin command before running it on mass hosts.
The authentication on remote servers can be defined at 3 different levels. Here
are how they are used by massadmin in the order they will be executed.
- Command line level
- The command line configuration file support a per command authentication
level. If you defined authent at this level, it will override all other
authentication method. Or more precisely this will be the first tried, if
it failed the 2 other authentication level will be tried.
- Hostname level
- The hostname definition allow a per host authentication level. If you
defined authent at this level, it will override the global login/password
- Global level
- In the login/password server list configuration directive you can defined
a set of authentication users and password that will be tried on each
remote servers in the order they are written.
In this example:
./massadmin -h "remotesrv.mydom:root:mdpadm" -p "admin:pass1,root:pass2" \
-e 'SSH:root;myadmpass:/usr/sbin/ether-wake 00\:25\:44\:DA\:43\:BF |:exit:'
The first authentication that will be tried is the one given in the SSH command,
'root;myadmpass'. If it fail or is not defined, this will be the one given in
the remote server definition, 'root:mdpadm' and if it fail or is not defined
here, massadmin will try each authentication defined in the -p command line
option, 'admin:pass1' first and if it fail 'root:pass2'.
Gilles DAROLD <email@example.com>
Copyright 2002-2010 Gilles Darold. All rights reserved.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 3 of the License, or any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
Street, Fifth Floor, Boston, MA 02110-1301 USA
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
IO::Tty Net::Telnet Net::Ping Expect Proc::Queue