Here's a little script I was working on back in the college lab last month. I was facing a very trivial solaris administration problem. I've installed SXDE 1/08 on 120 systems in one of our biggest computer labs long back (more on how I did that later). Now I needed a way to do certain tasks on each of those systems like changing the boot order, changing the solaris GRUB splash image, setting the hostname for each system based on its current IP address, changing the wallpaper, setting permissions, creating user accounts, etc. This is basic post installation things that you do, but I needed to do it after a long time post their installation so I couldn't really use the smarter ways, like JumpStart installation scripts, Flash archive based installation, etc. I needed a way to "manage" or "administer" those 120 systems remotely over the network automatically.

So I went on with the little challenge to make a script (lan_exec.sh) which does the following:

1. Loops through a range of IP addresses (those which are assigned to the systems in that lab)
2. For each loop iteration, first it checks to see if the remote host is alive (ping)
3. Then it checks if the SSH port (22) is open using nmap (to detect if the remote host is running Solaris)
4. Once the checks are performed, another script is called with the IP address as an argument.

lan_exec.sh:

#!/bin/ksh

addr=172.16.74
si=128
ei=254
cmd=./exec.exp

i=${si}

while [ $i -le ${ei} ]
do

More:

	ip=$addr.$i
	#check to see if remote client is live (ping)
	result=`ping $ip 1`
	if [ "$result" = "$ip is alive" ]
	then
		echo "[$ip] is ALIVE.. \c"
		#check to see if port 22 (scp) is open
		port22=`nmap -sT -p22 $ip|grep open`
		if [ "$port22" != "" ]
		then
			echo "SSH port OPEN"
			#then execute operation to be performed on remote machine
			${cmd} $ip
			echo "Finished execution"
		else
			echo "SSH port CLOSED"
		fi
	else
		echo "[$ip] is DOWN"
	fi			
  i=`expr $i + 1`
done

The second script (exec.exp) is the big deal here. I wanted to be able to SSH into a remote system from a system who's public keys aren't stored on that system, and since it was a default untouched SXDE installation, root wasn't allowed to remote SSH login, so there was just no way I could SSH using root. I had to SSH using a previously created public account called "jiit". Now the problem was that I needed root permission on the shell to do some of the remote management tasks (like changing grub boot order, installation of apps, etc.). Since, there was no sudo installed, I had to su. Unfortunately, su doesn't accept passwords from standard input. There's just no way to do it (try it). I definitely wasn't going to enter the root password a 120 times, so I looked for a solution. A nifty little thing called "Expect" saved the day - a full blown scripting language for automating interactive command line applications! So I could actually emulate keystrokes in the remote shell to give su the root password (and much more!).

Here's what my expect script does:

1. scp my modified grub menu.lst to the remote host's desktop using the public "jiit" account.
2. Expect a set of responses from the scp command (first time it asks if we want to add this host's key, and further times it just says "Password:") and pass on the password accordingly.
3. Do the same for any other files that have to be copied (in my case, a modified grub splash image)
4. Run ssh to the remote system and input the password using expect
5. Run su and input password using expect !
6. Move the files copied to the Desktop in steps 2/3 to their respective places
7. Do other tasks, needed to be done as root (in my case, I changed the hostname according to current IP, etc.)

exec.exp:

#!/opt/csw/bin/expect
 
# Program to change boot order of a system

set ipaddr [lrange $argv 0 0]

puts "Copying boot file to remote system"

spawn /usr/bin/scp -r /boot/grub/menu.lst jiit@${ipaddr}:/export/home/jiit/Desktop/menu.lst

expect {

More:

	"(yes/no)? " {
		send "yes\r"
		expect "Password: "
		send "jiit\r"
	}
	"Password: " {
		send "jiit\r"
	}
	"password: " {
		send "jiit\r"
	}
}

expect "\$ "

spawn /usr/bin/scp -r /boot/grub/splash.xpm.gz jiit@${ipaddr}:/export/home/jiit/Desktop/splash.xpm.gz

expect "Password: "

send "jiit\r"

expect "\$ "

puts "Running SSH to remote system"
 
spawn ssh jiit@${ipaddr}

expect "Password:"
send "jiit\r"
 
expect "\$ "

send -- "\r"

expect "\$ "

send "su\r"

expect "Password: "

send "mypassisntthissimple\r"

expect "# "

send "rm /boot/grub/menu.lst\r"

expect "# "

send "rm /boot/grub/splash.xpm.gz\r"

expect "# "

send "mv /export/home/jiit/Desktop/menu.lst /boot/grub/menu.lst\r"

expect "# "

send "mv /export/home/jiit/Desktop/splash.xpm.gz /boot/grub/splash.xpm.gz\r"

expect "# "

puts "Setting hostname"

send "echo cl1-solaris-`echo \\`echo \"${ipaddr}\" | cut -c11-\\`` > /etc/nodename\r"

expect "# "

puts "Restarting System.."

send "reboot\r"

expect "# "

The above method (the 2 scripts) now allow me to remote manage all those 120 solaris machines without any hassles :)