Run commands on multiple LPARs

Printable View

08-29-2008, 02:59 AM
unix

Run commands on multiple LPARs

Hello, again, Folks,

AIX newbie alert (old VMS guy trying to find his way around UN*X after
20 years away)...

Is there any software available for running a single command, even
something simple like "date" (to verify thet NTP is working as
expected), on multiple LPARs?

Since someone is bound to ask, yes, we have security set up so root can
ssh to another LPAR. So, yes, the "script it in a 'for ... do' loop"
idea works well, thanx much.

I'm looking for a way to avoid having "for ... do" variants for every
command I need to execute across an entire group of LPARs (multiple
HACMP clusters).

Any / all ideas are welcome, invited and requested.

David J Dachtera
08-29-2008, 04:24 AM
unix

Re: Run commands on multiple LPARs

On Aug 29, 12:59*pm, David J Dachtera <djesys...@spam.comcast.net>
wrote:[color=blue]
> Hello, again, Folks,
>
> AIX newbie alert (old VMS guy trying to find his way around UN*X after
> 20 years away)...
>
> Is there any software available for running a single command, even
> something simple like "date" (to verify thet NTP is working as
> expected), on multiple LPARs?
>
> Since someone is bound to ask, yes, we have security set up so root can
> ssh to another LPAR. So, yes, the "script it in a 'for ... do' loop"
> idea works well, thanx much.
>
> I'm looking for a way to avoid having "for ... do" variants for every
> command I need to execute across an entire group of LPARs (multiple
> HACMP clusters).
>
> Any / all ideas are welcome, invited and requested.
>
> David J Dachtera[/color]

Take a look at the dsh command.

$ man dsh

dsh(08/31/07) dsh(08/31/07)

dsh Command

Purpose

dsh - Concurrently runs commands on multiple nodes and
hardware devices.
.............................

$ which_fileset dsh
/opt/diagnostics/probes/dsh csm.diagnostics 1.4.0.0
/opt/csm/bin/dcp -> /opt/csm/bin/dsh csm.dsh 1.4.0.0
/opt/csm/bin/dsh csm.dsh 1.4.0.0
08-29-2008, 04:25 AM
unix

Re: Run commands on multiple LPARs

On Aug 29, 2:59 pm, David J Dachtera <djesys...@spam.comcast.net>
wrote:[color=blue]
> Hello, again, Folks,
>
> AIX newbie alert (old VMS guy trying to find his way around UN*X after
> 20 years away)...
>
> Is there any software available for running a single command, even
> something simple like "date" (to verify thet NTP is working as
> expected), on multiple LPARs?
>
> Since someone is bound to ask, yes, we have security set up so root can
> ssh to another LPAR. So, yes, the "script it in a 'for ... do' loop"
> idea works well, thanx much.
>
> I'm looking for a way to avoid having "for ... do" variants for every
> command I need to execute across an entire group of LPARs (multiple
> HACMP clusters).
>
> Any / all ideas are welcome, invited and requested.
>
> David J Dachtera[/color]

remote root access = stop the bus; we lock down the root user so it
can't be used via SSH and only allows root login to the console i.e.
via HMC. never, ever, ever allow remote root access. Ever. .rsh
and .rlogin are evil. NIM uses very dodgy network protocols like NFS
and TFTP but that's seemingly unavoidable; though once going NIM can
be setup to use "secure NIM"
SSH keys are the way I do remote access WITH MY OWN LOGIN. shared
users are another no NO.
what output are you after ?
I run a weekly AIX audit of all LPAR's and put this into a Subversion
repository and use that for reference.

HTH
HAND
08-30-2008, 08:39 AM
unix

Re: Run commands on multiple LPARs

On 29 Aug, 03:59, David J Dachtera <djesys...@spam.comcast.net> wrote:[color=blue]
> Hello, again, Folks,
>
> AIX newbie alert (old VMS guy trying to find his way around UN*X after
> 20 years away)...
>
> Is there any software available for running a single command, even
> something simple like "date" (to verify thet NTP is working as
> expected), on multiple LPARs?
>
> Since someone is bound to ask, yes, we have security set up so root can
> ssh to another LPAR. So, yes, the "script it in a 'for ... do' loop"
> idea works well, thanx much.
>
> I'm looking for a way to avoid having "for ... do" variants for every
> command I need to execute across an entire group of LPARs (multiple
> HACMP clusters).
>
> Any / all ideas are welcome, invited and requested.
>
> David J Dachtera[/color]

Have a look at Cluster Systems Management (CSM). It is an extra
package on top of AIX and I am not aware of the cost so I cant comment
on if its worth the price. From an admin point of view, it makes life
easier when you have to manage alot of machines, including dsh which
was mentioned before and what you are after. Check this link for more.

[url]http://publib.boulder.ibm.com/infocenter/clresctr/vxrx/index.jsp?topic=/com.ibm.cluster.csm.doc/csm_aix5l1321/am7ia101/am7ia10114.html[/url]

hth,
Duncan
08-30-2008, 09:44 AM
unix

Re: Run commands on multiple LPARs

Henry schrieb:[color=blue]
> On Aug 29, 2:59 pm, David J Dachtera <djesys...@spam.comcast.net>
> wrote:[color=green]
>> Hello, again, Folks,
>>
>> AIX newbie alert (old VMS guy trying to find his way around UN*X after
>> 20 years away)...
>>
>> Is there any software available for running a single command, even
>> something simple like "date" (to verify thet NTP is working as
>> expected), on multiple LPARs?
>>
>> Since someone is bound to ask, yes, we have security set up so root can
>> ssh to another LPAR. So, yes, the "script it in a 'for ... do' loop"
>> idea works well, thanx much.
>>
>> I'm looking for a way to avoid having "for ... do" variants for every
>> command I need to execute across an entire group of LPARs (multiple
>> HACMP clusters).
>>
>> Any / all ideas are welcome, invited and requested.
>>
>> David J Dachtera[/color]
>
> remote root access = stop the bus; we lock down the root user so it
> can't be used via SSH and only allows root login to the console i.e.
> via HMC. never, ever, ever allow remote root access. Ever. .rsh
> and .rlogin are evil. NIM uses very dodgy network protocols like NFS
> and TFTP but that's seemingly unavoidable; though once going NIM can
> be setup to use "secure NIM"
> SSH keys are the way I do remote access WITH MY OWN LOGIN. shared
> users are another no NO.
> what output are you after ?
> I run a weekly AIX audit of all LPAR's and put this into a Subversion
> repository and use that for reference.
>
> HTH
> HAND[/color]

Hi,

just a short remark. IMHO security has to be in balance with manageability.
There are ways to assure that only certain users from certain systems can access
root account via SSH.

e.g. see ssh_config file parameters:

AllowedAuthentications, AllowedUsers, AllowedGroups, PasswordAuthentication
(no), PermitRootLogin without-password,

Regards,
Uwe Auer
08-31-2008, 04:52 PM
unix

Re: Run commands on multiple LPARs

Hi,

from my linux box i use clusterssh it works Great!!
[url]http://clusterssh.wiki.sourceforge.net/Main+Page[/url]

I know there are others too:

Clusterm @ [url]http://sourceforge.net/projects/clusterm/[/url]

Omnitty @ [url]http://omnitty.sourceforge.net/[/url]

Tentakel @ [url]http://tentakel.biskalar.de/[/url]

hope it helps!

Ciao

On Aug 29, 4:59*am, David J Dachtera <djesys...@spam.comcast.net>
wrote:[color=blue]
> Hello, again, Folks,
>
> AIX newbie alert (old VMS guy trying to find his way around UN*X after
> 20 years away)...
>
> Is there any software available for running a single command, even
> something simple like "date" (to verify thet NTP is working as
> expected), on multiple LPARs?
>
> Since someone is bound to ask, yes, we have security set up so root can
> ssh to another LPAR. So, yes, the "script it in a 'for ... do' loop"
> idea works well, thanx much.
>
> I'm looking for a way to avoid having "for ... do" variants for every
> command I need to execute across an entire group of LPARs (multiple
> HACMP clusters).
>
> Any / all ideas are welcome, invited and requested.
>
> David J Dachtera[/color]