I've decided I like the idea of an hourly cron job 'polling' a folder in my HTTP repository for an update script... to give me Windows Active Directory-like replication.

Thanks.

Hello,

The big question is what do you want this script to perform? If it is to integrate users with AD, there is a better way that does not require a polling script to update user directories and other items.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

SearchVMware Blog: http://itknowledgeexchange.techtarget.com/virtualization-pro/

Blue Gears Blogs - http://www.itworld.com/ and http://www.networkworld.com/community/haletky

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

I want the ability to replicate any changes (especially to configuration files) to all hosts, so that I don't need to update each host separately. The reference to AD was only to suggest a similarity in the replication process - using a cron job it can be automated and can replcate at any interval, depending on how often the cron job is set to run.

a for loop in a cmd file will serve to iterate thru the systems.

plink is a great way to access the esx systems from windows.

ssh key exchange will allow access without prompting or entering passwords in the script.

Hello,

I want the ability to replicate any changes (especially to configuration files) to all hosts, so that I don't need to update each host separately. The reference to AD was only to suggest a similarity in the replication process - using a cron job it can be automated and can replcate at any interval, depending on how often the cron job is set to run.

If the configuration files are not VMware ESX configuration files but something belonging to an agent then I would suggest copying the file directly from a master host to other hosts using ssh and expect script that calls sudo, this way the action of the copy is logged for each host. You can setup sudo to allow a specific account to not require a password, which is not recommended, or you can embed a password for this user in the expect script, or setup the outer script to ask for the password once and use it for every host.

If it is an ESX configuration then you will want to use sudo to run the appropriate command.

Note expect would need to be installed on every host. Note the following uses the first argument as the password and all other arguments as the command and options to run.

#!/usr/bin/expect --
set pass [lindex $argv 0]
set timeout 5

spawn /usr/bin/sudo [lrange $argv 1 end]
expect "Password: {send "$pass\r"; exp_continue
sleep 1

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

SearchVMware Blog: http://itknowledgeexchange.techtarget.com/virtualization-pro/

Blue Gears Blogs - http://www.itworld.com/ and http://www.networkworld.com/community/haletky

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

I went for the plink option and it's working nicely. Can someone tell me if it's possible to redirect the output to a folder on the Windows server? The following runs as a test but doesn't output anything to c:\temp:

@echo off

set file=hostlist.txt

FOR /F %%i IN (%file%) DO (

plink %%i -l root -i id_rsa.ppk "ls -asl /tmp" &> c:\temp\%%i.log

)

Any suggestions for a more elegant way of logging are welcome!

Hello,

Please note that allowing direct login through root does lower your overall security stance. In addition, you loose quite a bit of auditing capability. To mitigate this you would need to build some form of auditing into your script.

In addition, you can use /etc/hosts.allow, /etc/hosts.deny to limit access to ssh from specific workstations. or use pam_access to limit access as 'root' from specific groups of users, hosts, and time of day.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll

Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

Just wanted to update the information about PowerScripter - it is now being developed by Devfarm Software and has been rebranded as PowerVI.  You can get more information at: http://powerwf.com/products/powerscripter.aspx