I'll try to keep this from getting too religious: There is no way that root ssh access is going to fly in my environment (even with forced commands), which means I'd be looking at piecing together something that uses ssh and sudo to accomplish this. This has the obvious drawback of now being dependent on the accounts of the user being in good standing on all of the servers we're trying to access. For myself, this will not be an issue, but if this is something that I'm looking at handing off to junior admins or an operations team, this may be a very different story.
For these reasons, I'd like to keep this stuff in the application's own protocol(s) if possible. ~Paul On Feb 22, 2010, at 2:50 PM, Travis wrote: > On Mon, Feb 22, 2010 at 6:16 AM, Paul DiSciasio <the...@bytemonkey.net> wrote: > >> So what I'm looking for is something that allows my clients to run in >> dry-run mode most of the time (reporting back to me which things need to >> be changed, but not taking any action), and then let me send a message to >> them when it's time to actually execute the changes. >> >> It seems that the best I might be able to do is leave my regular agent >> running in dry-run mode all the time, but then ssh into the servers in >> question one by one and execute the agent in active mode when I want to >> make the changes, but that is obviously cumbersome and has a number of >> drawbacks. > > I wouldn't classify it as cumbersome. You can use a tool like pdsh to fan out > your ssh sessions and make this occur in a near real-time fashion. > > It's more or less described here: > > https://trac.mcs.anl.gov/projects/bcfg2/wiki/AgentWithSSH > > What draw backs do you perceive it to have? > > Travis > -- > Travis Campbell > hcoy...@ghostar.org _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
