Use Pssh To Restart A Service
Hi all,
I need to restart a service on a few elasticsearch nodes. I’m trying to do it with pssh.
I’m getting this error when I try to do that:
pssh -h es_list “/bin/sudo -S /bin/systemctl restart elasticsearch”
[1] 17:01:50 [FAILURE] bluethundr@es2.example.com Exited with error code 1
[2] 17:01:51 [FAILURE] bluethundr@es3.example.com Exited with error code 1
[3] 17:01:51 [FAILURE] bluethundr@es1.example.com Exited with error code 1
I have to sudo up from my user account as root logins are disallowed.
However a simple ‘echo hello’ command that doesn’t require sudo works fine:
#pssh -h es_list “/bin/echo hello”
[1] 17:00:40 [SUCCESS] bluethundr@es1.example.com
[2] 17:00:41 [SUCCESS] bluethundr@es3.example.com
[3] 17:00:41 [SUCCESS] bluethundr@es2.example.com
What am I doing wrong?
Thanks, Tim
10 thoughts on - Use Pssh To Restart A Service
Have you tried running the command from a conventional login?
sudo -S
expects a password from stdin, where is that being supplied?
Yep! That works fine.
#ssh -qt bluethundr@es1.example.com “/bin/sudo -S /bin/systemctl restart elasticsearch”
#ssh -qt bluethundr@es1.example.com “/bin/echo $?”
0
And the user has ‘NOPASSWD’ access.
Any ideas?
Thanks, Tim
Tim,
What does the sudo log say?
The default configuration prohibits use if input echo can’t be disabled. That means no “-S”.
I modify that for users where necessary:
/etc/sudoers.d/myuser:
Defaults:myuser !requiretty, visiblepw
This is all the secure logs say about the SSH session:
[root@logs:~] #tail -f /var/log/secure Oct 31 19:15:20 logs sshd[24407]: Accepted publickey for bluethundr from
47.18.111.100 port 47469 ssh2: RSA
ae:62:1f:de:54:89:af:2c:10:16:0e:fd:8d:7e:81:06
Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session opened for user bluethundr by (uid=0)
Oct 31 19:15:21 logs sshd[24410]: Received disconnect from 47.18.111.100:
11: disconnected by user Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session closed for user bluethundr
No change in the logs after making the suggested change to disable tty:
[root@logs:~] #cat /etc/sudoers.d/bluethundr Defaults:myuser !requiretty, visiblepw
Got the same exact message!
Anything else I can try?
Thanks
Can you try:
‘sh -c “/bin/sudo -S /bin/systemctl restart elasticsearch”‘
Or perhaps without the single quotes, as well.
I think you need to double-check your sudoers file. Use the ‘-i’
argument to pssh to get more information.
# cat /etc/sudoers.d/gordon gordon ALL=(ALL) NOPASSWD: ALL
$ pssh -h t -i sudo echo true
[1] 16:02:12 [FAILURE] MYHOST Exited with error code 1
Stderr: sudo: sorry, you must have a tty to run sudo
# cat /etc/sudoers.d/gordon Defaults:gordon !requiretty, visiblepw gordon ALL=(ALL) NOPASSWD: ALL
$ pssh -h t -i sudo echo true
[1] 16:02:30 [SUCCESS] MYHOST
true
Hey Gordon,
Sorry, man my bad! Disabling the tty requirement for my sudo user does indeed work. I had a type-o in the sudoers file, and when I corrected it, my sudo command via pssh started working!
#pssh -i -h es_list “/bin/sudo /bin/systemctl restart elasticsearch; sleep
10”
[1] 20:31:32 [SUCCESS] bluethundr@es3.jokefire.com Stderr: sudo: sorry, you must have a tty to run sudo
[2] 20:31:32 [SUCCESS] bluethundr@es2.jokefire.com
[3] 20:31:32 [SUCCESS] bluethundr@es1.jokefire.com
I’m still getting the ‘sorry you must have a tty to run sudo’ message coming from one of the nodes. But the command succeeds so it’s no big deal!
Odd tho that one node would be barking about that, considering my sudoers is distributed via puppet.
Anyway, it’s all good as far as I’m concerned. At least this works! I’ll check that 3rd node and see if there’s any difference to the sudoers file I
guess.
Thanks for your help!
Tim
This is why it is paramount to use visudo command as opposed editing the /etc/sudoers file directly! The visudo command will check the edited temporary sudoers file syntax before committing to /etc!
ak.
Ok! Makes sense! I’ll make sure I do that from now on!
Thanks!!
Tim