TweetFollow Us on Twitter

Mac in the Shell: Mass Remote Management with dshell

Volume Number: 24 (2008)
Issue Number: 01
Column Tag: Mac in the Shell

Mac in the Shell: Mass Remote Management with dshell

Or, mass remote management without ARD

by Edward Marczak

Introduction

A feature article this month covers methods to manage an army of Macs post-deployment. In other words, after they've been imaged and rolled out to the masses. The products and methods listed there are certainly applicable and appropriate for many situations. I'm going to describe yet another method that comes in handy in other situations. dsh, the distributed shell, can run a command over groups of machines that you specify. It performs this magic over ssh, so, you can affect machines over LAN or WAN links, near or far. Since OS X and other machines have ssh in their base distribution, you can command across platforms. This article explains how you, too, can send out commands to all or a group of your Macs - simultaneously - with a single press of the return key.

Getting the Goods

While there are many nice apps in the base distribution of OS X, dsh is not one of them. dsh is an agentless controlling app, so fortunately, you only need to retrieve, compile and install on one host, or any admin station that you need. You'll need a compiler on some station to compile the program - typically meaning having Apple's developer tools installed.

Two downloads are needed to get us going. Visit this page:

http://www.netfort.gr.jp/~dancer/software/downloads/list.cgi

and retrieve the latest versions of dsh and libdshconfig. As of this writing, they are:

http://www.netfort.gr.jp/~dancer/software/downloads/dsh-0.25.9.tar.gz

http://www.netfort.gr.jp/~dancer/software/downloads/libdshconfig-0.20.9.tar.gz

It's easy to take care of everything while in terminal: just use curl to download the files needed (use "curl -O http://.."), tar to unpack (tar xzvf filename) and then it's simple to compile. Both pieces of code compile cleanly in OS X 10.4 and 10.5, and install in /usr/local by default. Enter the libdshconfig directory that you just unpacked, and simply enter the following commands (your entries in bold):

$ ./configure
checking for a BSD-compatible install... /usr/bin/install -c
[output snipped]
config.status: creating Makefile
config.status: creating config.h
config.status: executing depfiles commands
$ make
make  all-am
[output snipped]
creating libdshconfig.la
(cd .libs && rm -f libdshconfig.la && ln -s ../libdshconfig.la libdshconfig.la)
$ sudo make install
Password:
/bin/sh ./mkinstalldirs /usr/local/lib
[output snipped]
 /usr/bin/install -c -m 644 libdshconfig.h /usr/local/include/libdshconfig.h

Next, we need to do the same for dsh itself. Change into the dsh directory you unpacked, and repeat the same process that you just went through for libdshconfig (configure, make, sudo make install). The entire process should take you less than 5 minutes. Literally.

While you can alter the install directory, I recommend that you leave the default values, and have the binaries and config files installed under /usr/local. I'll be referencing that as the install location throughout this article.

You can verify installation by typing "/usr/local/bin/dsh". You should be told, "dsh: no machine specified", and dsh would be right.

The configuration

Now that we have dsh installed on our administrative machine, how do we use it? Fortunately, under Leopard, /usr/local is a 'blessed' location, and is already in our $MANPATH. If you're using 10.4, you'll need to add "/usr/local/share/man" to $MANPATH and export it, or re-source your init file. dsh comes with some short-but-useful man pages. First, we'll need to update the configuration file.

If you left each application take the default values during their configure stage, and I recommend that you do, you'll find the main config file at /usr/local/etc/dsh.conf. We need to make one change to this file. So, whip out your favorite text editor, and change the line that reads:

remoteshell =rsh

to read:

remoteshell =ssh

(If you're daring, this can be achieved in one line with sed: sudo sed -i .back s/rsh/ssh/ dsh.conf). You may also want to change the "waitshell" value from "1" to "0". With a setting of 1, dsh will block execution until the previous machine has returned. As I said, you may want to change this. It's really applicable for very large rollouts. There's a man page available for the configuration file accessible with "man dsh.conf".

Determining the Target Machines

Before we continue, we need to take a step back and plan things out a bit. We need to determine which machines we're going to be targeting. Since we've chosen ssh as the remote mechanism, each machine that we're going to want to control needs ssh enabled. Now a days, this is the default for most platforms and distributions. That said, unless we want to enter our password each time we make a dsh run, we're going to want to create a public key and install it on any machine that we want to administer. Also, we also need a list of computers for dsh. This list basically tells dsh, "hey - run this command on all of these machines."

ssh was covered extensively in this column in the October 2007 issue, but, as a quick refresher, here's the sequence of creating a public key for ssh's use:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/admin/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/admin/.ssh/id_rsa.
Your public key has been saved in /Users/admin/.ssh/id_rsa.pub.
The key fingerprint is:
6e:4b:ca:45:2d:c7:3d:14:d2:34:1e:ad:45:a5:fc:8e admin@machine-name.local

In this sequence, you simply press enter when asked for the passphrase and to verify. Notice that the output tells you that "your public key has been saved in...". Change directory to ~/.ssh. We need to copy the contents of the newly generated id_rsa.pub file to each machine that we're going to manage. Fortunately, this is a one-time step.

Easiest instructions to write: ssh to the machine you're going to target, using the admin-level account that you'll be running remote commands with:

ssh admin@remote.example.com

Once in, run this command:

ssh user@my.machine.com "cat ~/.ssh/id_rsa.pub" >> ~/.ssh/authorized_keys

where 'user' is the user account that you just had generate the key for, and "my.machine.com" is the machine where that user id resides - likely the machine you're on right now. Once done, type exit, and then try to ssh again. This time, you should not be asked for a password, but rather, simply receive a remote shell.

In the event that you cannot ssh back to your machine, you can always manually copy your key to the remote machine and add its contents to the ~/.ssh/authorized_keys file on the target account. For more about ssh, creating ssh keys and troubleshooting, see my ssh article in the October 200 issue of MacTech Magazine.

While you are accessing each remote machine, you need to keep a list of the account that you're accessing it with, and its fully qualified domain name (FQDN) or IP address. Once complete, take this list and enter it into /usr/local/etc/machines.list in this format:

/usr/local/etc/machines.list
nyadmin@ny.radiotope.com
caadmin@ca.radiotope.com
fladmin@fl.radiotope.com
azadmin@az.radiotope.com

Now comes the fun part!

Spreading the Joy

Let's start with a easy one: viewing the uptime statistics on all of the machines we've identified. This is as easy as:

$ dsh -a uptime 16:38 up 14 days, 9:27, 2 users, load averages: 0.19 0.13 0.16 16:38 up 59 days, 7:09, 1 user, load averages: 0.02 0.02 0.00 13:42 up 93 days, 3:25, 2 users, load averages: 0.02 0.02 0.00 1:39PM up 213 days, 4:01, 0 users, load averages: 0.12, 0.08, 0.04

It's a complete coincidence that those are in order of uptime! However, that raises the question: what order are they in? The "-M" switch will prepend the machine name before its output. Let's see that in action:

$ dsh -M -a uptime
nyadmin@ny.radiotope.com: 16:41  up 14 days,  9:30, 2 users, load averages: 0.47 0.27 0.21
fladmin@fl.radiotope.com: 16:41  up 59 days,  7:12, 1 user, load averages: 0.00 0.00 0.00
azadmin@az.radiotope.com: 13:45  up 93 days,  3:28, 2 users, load averages: 0.01 0.02 0.00
caadmin@ca.radiotope.com:  1:42PM  up 213 days,  4:04, 0 users, load averages: 0.04, 0.07, 0.04

There, that's a little better. The "-a" switch tells dsh to run the command against all machines that we've defined.

If you opted to not use a waitshell - your config file still has the line "waitshell =1" - you can override this at runtime using the "-c" switch. Also, if there's a machine that you have not added to your machines.list file, but want to use it ad-hoc, use the "-m" switch. Combining all of these options would look like this:

$ dsh -M -c -m txadmin@tx.radiotope.com -a 'last | head -1'
fladmin@fl.radiotope.com: fladmin  ttyp0    192.168.70.108   Thu Nov 29 15:22 - 15:22  (00:00)
caadmin@caadmin.radiotope.com: caadmin  ttyp1    192.168.70.108   Thu Nov 29 15:09 - 15:09  (00:00)
nyadmin@ny.radiotope.com: nyadmin  ttyp2    192.168.70.108   Thu Nov 29 12:29 - 12:29  (00:00)
Password:
txadmin@tx.radiotope.com: root      ttys000  w1.z2.nyc-ny.example.net Thu Nov 29 09:29 - 09:35  (00:05)
fladmin@fl.radiotope.com: fladmin          ttyp0    10.0.2.3       Thu Nov 29 13:37 - 13:37  (00:00)

In one fell swoop, this runs the command "last | head -1" on all machine defined in our machines.list file and additionally on "tx.radiotope.com". You'll see the "Password:" prompt in the output above as tx.radiotope.com wasn't preconfigured and is using password authentication. Once the (correct) password is entered, it happily gives us the output we're looking for, just like the other machines.

Final Tips

dsh is useful enough already, but how can we make our lives even easier? First, you may not always want to run all commands on all machines. There are two ways around this. One way is to use a group file. Simply create a file using the same format as machines.list and store it in /usr/local/etc/group/groupname. So, let's say we wanted to target all of our West Coast servers. We could create /usr/local/etc/group/west_coast and add to it:

/usr/local/etc/group/west_coast
waadmin@wa.radiotope.com
caadmin@ca.radiotope.com
oradmin@or.radiotope.com

Now, we can run commands against just this group:

$ dsh -M -g west_coast w

This will give us "who" (w) information from each server in the "west_coast" group.

Also, you can specify full server lists in an ad-hoc fashion. Create a file using the machines.list format, and specify it with the "-f" switch.

Nicely, if a machine definition ends up in multiple files, specifying it multiple times will be reduced to a single invocation.

The real magic here is that all input to dsh are simple text files. Decisions can be made, results grabbed from a database, files created on the fly and commands send to appropriate groups of machines. Think about how you could group machines: by location, by service (web, directory services), by class (PPC, dual-proc), by use (administrative, development), etc.

In Conclusion...

Despite the subhead, I don't believe dsh is meant to replace ARD. However, for server management, it may fit into your workflow better and can reach out to machines that ARD can't touch (think Linux or BSD servers...even Windows, with the right software and mindset). This can give you some incredible control over armies of machines. You have all the power of a shell on the remote machine. You can be very creative and powerful with this!

Until I found dshell, I used to do something similar by using a for loop to execute commands across machines:

for i in `cat servers.txt`; do
ssh root@$i softwareupdate -i -a
done

However, dsh has been thought out much more than the "for-loop-solution" and is much more extendible.

Don't run dsh in your production environment until you read the man page, which details some other options for limiting how many remote machines are accessed at any given time. (Look for the -N and -F options, specifically).

Media of the month: Walt Whitman, The Complete Poems. Start the year off with some poetry - especially if it's not your usual fare. Walt Whitman doesn't do it for you? Check out James Joyce or Emily Dickenson - there are amazing gems in that timeless writing.

Happy New Year!


Ed Marczak is the owner of Radiotope, a technology solution provider. He is also a husband, father and avid wearer of pants. tail -f /dev/brain at http://www.radiotope.com/writing

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Opera 51.0.2830.34 - High-performance We...
Opera is a fast and secure browser trusted by millions of users. With the intuitive interface, Speed Dial and visual bookmarks for organizing favorite sites, news feature with fresh, relevant content... Read more
ffWorks 1.0.6 - Convert multimedia files...
ffWorks (was iFFmpeg), focused on simplicity, brings a fresh approach to the use of FFmpeg, allowing you to create ultra-high-quality movies without the need to write a single line of code on the... Read more
Adobe Photoshop CC 2018 19.1.1 - Profess...
Photoshop CC 2018 is available as part of Adobe Creative Cloud for as little as $19.99/month (or $9.99/month if you're a previous Photoshop customer). Adobe Photoshop CC 2018, the industry standard... Read more
Google Chrome 64.0.3282.167 - Modern and...
Google Chrome is a Web browser by Google, created to be a modern platform for Web pages and applications. It utilizes very fast loading of Web pages and has a V8 engine, which is a custom built... Read more
Adobe Acrobat Reader 18.011.20035 - View...
Adobe Acrobat Reader allows users to view PDF documents. You may not know what a PDF file is, but you've probably come across one at some point. PDF files are used by companies and even the IRS to... Read more
Adobe Acrobat 18.011.20035 - Powerful PD...
Acrobat DC is available only as a part of Adobe Creative Cloud, and can only be installed and/or updated through Adobe's Creative Cloud app. Adobe Acrobat DC with Adobe Document Cloud services is... Read more
Yummy FTP Pro 2.0 - $29.99
Yummy FTP Pro is an advanced Mac file transfer app which provides a full-featured professional toolkit combined with blazing speeds and impeccable reliability, so whether you want to transfer a few... Read more
WebSnapperPro 2.0.5 - $20.00
WebSnapperPro lets you capture full web pages exactly as they appear in your browser, with a single mouse click, without the need to "stitch" or cut-and-paste. Save the page as an image file or as... Read more
Cocktail 11.3.1 - General maintenance an...
Cocktail is a general purpose utility for macOS that lets you clean, repair and optimize your Mac. It is a powerful digital toolset that helps hundreds of thousands of Mac users around the world get... Read more
Fantastical 2.4.6 - Create calendar even...
Fantastical 2 is the Mac calendar you'll actually enjoy using. Creating an event with Fantastical is quick, easy, and fun: Open Fantastical with a single click or keystroke Type in your event... Read more

Latest Forum Discussions

See All

Our top 5 characters from casual RPG Cre...
Creature Quest definitely lives up to its name with a host of collectible creatures based on fantasy tales and world mythologies. To celebrate Creature Quest’s first birthday, we’re going to lay out what we think are the five best characters in the... | Read more »
Around the Empire: What have you missed...
Did you know that Steel Media has a whole swathe of other sites dedicated to all aspects of mobile gaming? Sure you'll get the very best iPhone news, reviews, and opinions right here at 148Apps, but we don't want you missing out on a single piece... | Read more »
All the best games on sale for iPhone an...
Oh hi there, and welcome to our round-up of the best games that are currently on sale for iPhone and iPad. You thought I didn't see you there, did you, skulking behind the bushes? Trust me though, the bushes aren't where the best deals are. The... | Read more »
The Battle of Polytopia Guide - How to H...
A new update just released for The Battle of Polytopia (formerly Super Tribes), which introduces online multiplayer. For all the fans of Midjiwan’s lite take on Civilization, this is certainly welcome news, but playing online isn’t as easy and... | Read more »
Here are the very best mobile games to p...
It's Valentine's Day! Did you get loads of cards and chocolates and other tacky, simple expressions of human affection? Did you send out tat because you find it almost impossible to express emotion unless there's a section dedicated to it at your... | Read more »
Florence (Games)
Florence 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: Florence is an interactive storybook from the award-winning lead designer of Monument Valley about the heart-racing highs and... | Read more »
Purrfect Date (Games)
Purrfect Date 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: Cats are a lil’ like marmite. Either you absolutely head-over-heels love’ em, or… nahhh, who are we kidding?! Everyone... | Read more »
More monsters to collect and evolve in C...
A laid-back mix of RPG and TCG, Creature Quest is all about building your deck, evolving your creatures and winning in battle. It’s the creation of VC Mobile, set up by Might and Magic producer Jon Van Caneghem. There are elements of that classic... | Read more »
Check out this awesome hands-on with the...
Well, PlayerUnknown's Battlegrounds has come out on mobile. This isn't a clone, this isn't a riff on the battleroyale mechanics of the game, it's the official mobile port by Tencent. But there's a little bit of a hitch. [Read more] | Read more »
Hostage Negotiator (Entertainment)
Hostage Negotiator 1.1.0 Device: iOS Universal Category: Entertainment Price: $3.99, Version: 1.1.0 (iTunes) Description: Official app of the board game by AJ Porfirio and Van Ryder Games. In Hostage Negotiator, you play the part of... | Read more »

Price Scanner via MacPrices.net

B&H offers $200 discount on Silver 15″ Ma...
B&H Photo has Silver 15″ Apple MacBook Pros on sale for $200 off MSRP. Shipping is free, and B&H charges sales tax for NY & NJ residents only: – 15″ 2.8GHz Touch Bar MacBook Pro Silver (... Read more
12″ Apple iPad Pro Sale of the Year! Models u...
B&H Photo has 12″ #iPad Pros on sale for up to $150 off MSRP. Shipping is free, and B&H charges sales tax in NY & NJ only: – 12″ 64GB WiFi iPad Pro: $719 $80 off MSRP – 12″ 256GB WiFi... Read more
Deals on 32GB 9″ iPads: Up to $50 off MSRP, s...
B&H Photo has 2017 9.7″ 32GB iPads on sale for $299 including free shipping plus NY & NJ sales tax only. Their price is $30 off MSRP, and it’s currently the lowest price available for these... Read more
15″ 2.2GHz Retina MacBook Pro available for o...
Apple has Certified Refurbished 15″ 2.2GHz Retina MacBook Pros available for $1699. That’s $300 off MSRP for this model, and it’s the lowest price available for a 15″ MacBook Pro currently offered by... Read more
13″ 3.1GHz/256GB Silver Touch Bar MacBook Pro...
Amazon has the Silver 13″ 3.1GHz/256GB Touch Bar MacBook Pro (MPXX2LL/A) on sale for $1649.99 including free shipping. Their price is $150 off MSRP, and it’s the lowest price available for a new 13″... Read more
Saturday Sale: Amazon offers 13″ 1.8GHz/256GB...
Amazon has the 13″ 1.8GHz/256B Apple MacBook Air on sale today for $250 off MSRP including free shipping: – 13″ 1.8GHz/256GB MacBook Air (MQD42LL/A): $949.99, $250 off MSRP Their price is the lowest... Read more
Roundup of Apple Certified Refurbished 12″ Ma...
Apple has Certified Refurbished 2017 12″ Retina MacBooks available for $200-$240 off the cost of new models. Apple will include a standard one-year warranty with each MacBook, and shipping is free.... Read more
Apple offers Certified Refurbished 10″ and 12...
Apple is now offering Certified Refurbished 2017 10″ and 12″ iPad Pros for $100-$190 off MSRP, depending on the model. An Apple one-year warranty is included with each model, and shipping is free: –... Read more
Apple Canada offers Certified Refurbished Mac...
 Canadian shoppers can save up to $560 on the purchase of a 2017 current-generation MacBook Pro, MacBook, or MacBook Air with Certified Refurbished models at Apple Canada. Apple’s refurbished prices... Read more
Sale! 13″ MacBook Airs for up to $180 off MSR...
B&H Photo has 13″ MacBook Airs on sale for $50-$120 off MSRP. Shipping is free, and B&H charges sales tax for NY & NJ residents only: – 13″ 1.8GHz/128GB MacBook Air (MQD32LL/A): $899, $... Read more

Jobs Board

*Apple* Retail - Multiple Positions - Apple,...
Job Description:SalesSpecialist - Retail Customer Service and SalesTransform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
*Apple* Retail - Multiple Positions - Apple,...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
*Apple* Retail - Multiple Positions - Apple,...
Job Description:SalesSpecialist - Retail Customer Service and SalesTransform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
*Apple* Retail - Multiple Positions - Apple,...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
*Apple* Solutions Consultant - Apple (United...
# Apple Solutions Consultant Job Number: 113501424 Norman, Oklahoma, United States Posted: 15-Feb-2018 Weekly Hours: 40.00 **Job Summary** Are you passionate about Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.