AIX Distributed Shell
advertisement
AIX Distributed Shell (dsh) The NOT new but often overlooked tool Mohammad Almasri 4000 Legato Road Suite 1100 Fairfax, VA 22033 Telephone 703.896.7620 IT-Solutions@five9group.com AIX Distributed Shell (dsh) - The NOT new but often overlooked tool By Mohammad Almasri If you are an AIX system administrator, chances are you have multiple LPARs to manage on daily basis. If you have a need to type the same command into several machines at once, you can login to each one with SSH and do it serially, or you can save yourself a lot of time and effort and use a tool like dsh. The dsh command runs commands concurrently on remote targets nodes (including Linux and the different flavors of UNIX), hardware devices, or both and returns the output back to your current terminal. Targets can be selected from multiple contexts. A context is a target database that contains node and device definitions. The dsh command issues a remote shell command for each target specified, and returns the output from all targets, formatted so that command results from all nodes can be managed. DSH is installed with AIX as part of the Cluster Systems Management (CSM) client file sets. These file sets are necessary to support dynamic LPAR (DLPAR) operations in a partitioned AIX environment. The actual dsh tool is installed as a symbolic link from /usr/bin/dsh to /opt/csm/bin/dsh, via the csm.dsh fileset NOTE: Starting with AIX 7.1, CSM is no longer supported or available. It has been replaced by Distributed Systems Management (DSM). Section 5.2 of the IBM AIX 7.1 Differences Guide Redbook provides details of the new DSM capabilities. To use dsh you must configure your user environment appropriately. This involves two steps. First, configure your SSH keys between the admin host and all of your remote hosts. While either rsh or ssh can be used to execute commands on remote nodes, from a security perspective, I recommend using ssh only. Many online tutorials explain the different ssh configuration options that allow you to execute commands on another host without being prompted for a password. Once you can execute a command on all your hosts without being prompted for a password, you're ready to configure dsh. Configuration DSH requires that these environment variables are set within your shell (normally ksh): $ env | egrep 'DSH|NODE_LIST' DSH_NODE_RSH=/usr/bin/ssh DSH_NODE_LIST=/home/user_name/aix Place these entries in your .kshrc file: 2 4000 Legato Road Suite 1100 Fairfax, VA 22033 Telephone 703.896.7620 IT-Solutions@five9group.com export DSH_NODE_RSH=/usr/bin/ssh export DSH_NODE_LIST=/home/user_name/aix export DSH_NODE_OPTS="-q" The DSH_NODE_RSH variable indicates which remote command executable to use when dsh is called. Set this to /usr/bin/ssh so that dsh will use the ssh command when connecting to remote hosts. The next variable is DSH_NODE_LIST. Known as the working collective, it points to a file that contains a list of all the hosts that you want to execute a command on: $ cat $DSH_NODE_LIST lpar1 lpar2 lpar3 lpar4 The final variable, DSH_NODE_OPTS, is optional. It specifies which options are passed to the remote command. Set this to "-q" so ssh runs as "ssh -q". This to suppress the ssh banner message. Using dsh and Related Tools From time to time you may need to execute commands on only some of your host systems. The "-w" flag allows you to list the specific nodes on which to execute a command: $ dsh –w lpar1,lpar2 date lpar1: Tue Sep 16 16:40:31 EET 2008 lpar2: Tue Sep 16 16:40:30 EET 2008 Other tools are included with dsh. Some you may find useful include dcp, dping and dshbak. The dcp command copies a file (or files) to multiple nodes in parallel. You will need to include the following variables in your .kshrc file first, so that dcp will use scp as the file transfer method. export DCP_NODE_RCP=/usr/bin/scp export DCP_NODE_OPTS="-q" The dping utility allows you to ping several hosts at once. It's useful for performing a quick "up or down" health check on several systems: $dping -n lpar1,lpar2,lpar3 lpar1: ping (alive) lpar2: ping (alive) lpar3: ping (alive) The dshbak utility formats dsh command output, showing the hostname and output from the command underneath: 3 4000 Legato Road Suite 1100 Fairfax, VA 22033 Telephone 703.896.7620 IT-Solutions@five9group.com $ dsh –w lpar1,lpar2 date | dshbak HOST: lpar1 ---------------Tue Sep 16 16:40:43 EET 2008 HOST: lpar2 ---------------Tue Sep 16 16:40:43 EET 2008 To view the current settings for your dsh environment, execute dsh with the "-q" flag: $ dsh -q DSH:DCP_DEVICE_OPTS= DSH:DCP_DEVICE_RCP= DSH:DCP_NODE_OPTS=-q DSH:DCP_NODE_RCP=/usr/bin/scp DSH:DSH_CONTEXT= DSH:DSH_DEVICE_LIST= DSH:DSH_DEVICE_OPTS= DSH:DSH_DEVICE_RCP= DSH:DSH_DEVICE_RSH= DSH:DSH_ENVIRONMENT= DSH:DSH_FANOUT= DSH:DSH_LOG= DSH:DSH_NODEGROUP_PATH= DSH: DSH_NODE_LIST=/home/user_name/aix DSH:DSH_NODE_OPTS=-q DSH:DSH_NODE_RCP= DSH:DSH_NODE_RSH=/usr/bin/ssh DSH:DSH_OUTPUT= DSH:DSH_PATH= DSH:DSH_REPORT= DSH:DSH_SYNTAX= DSH:DSH_TIMEOUT= DSH:RSYNC_RSH= DSH isn't a replacement for having a configuration management system or any of the other best practices when managing a number of machines. However, if you need to do something quickly outside of your usual toolset or process, dsh is indispensable. It can save a lot of time when doing tasks that need to be done on more than one machine, but like any power tool, it can cause a lot of damage if used haphazardly. Always make sure you have the correct target servers in your $DSH_NODE_LIST variable and I would recommend running a "read only" type of command, e.g. uptime before I execute any commands that will modify the system settings on the target clients. 4
