Hi all, I need to restart a service on a few elasticsearch nodes. I'm trying to do it with pssh. I'm getting this error when I try to do that: pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" [1] 17:01:50 [FAILURE] bluethundr at es2.example.com Exited with error code 1 [2] 17:01:51 [FAILURE] bluethundr at es3.example.com Exited with error code 1 [3] 17:01:51 [FAILURE] bluethundr at es1.example.com Exited with error code 1 I have to sudo up from my user account as root logins are disallowed. However a simple 'echo hello' command that doesn't require sudo works fine: #pssh -h es_list "/bin/echo hello" [1] 17:00:40 [SUCCESS] bluethundr at es1.example.com [2] 17:00:41 [SUCCESS] bluethundr at es3.example.com [3] 17:00:41 [SUCCESS] bluethundr at es2.example.com What am I doing wrong? Thanks, Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
On Sat, Oct 31, 2015 at 5:04 PM, Tim Dunphy <bluethundr at gmail.com> wrote:> Hi all, > > I need to restart a service on a few elasticsearch nodes. I'm trying to do > it with pssh. > > I'm getting this error when I try to do that: > > pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" > [1] 17:01:50 [FAILURE] bluethundr at es2.example.com Exited with error code 1 > [2] 17:01:51 [FAILURE] bluethundr at es3.example.com Exited with error code 1 > [3] 17:01:51 [FAILURE] bluethundr at es1.example.com Exited with error code 1 > > I have to sudo up from my user account as root logins are disallowed. > > However a simple 'echo hello' command that doesn't require sudo works fine: > > #pssh -h es_list "/bin/echo hello" > [1] 17:00:40 [SUCCESS] bluethundr at es1.example.com > [2] 17:00:41 [SUCCESS] bluethundr at es3.example.com > [3] 17:00:41 [SUCCESS] bluethundr at es2.example.com > > What am I doing wrong? > > Thanks, > Tim > >Have you tried running the command from a conventional login? sudo -S expects a password from stdin, where is that being supplied?
> > Have you tried running the command from a conventional login? > sudo -S > expects a password from stdin, where is that being supplied?Yep! That works fine. #ssh -qt bluethundr at es1.example.com "/bin/sudo -S /bin/systemctl restart elasticsearch" #ssh -qt bluethundr at es1.example.com "/bin/echo $?" 0 And the user has 'NOPASSWD' access. Any ideas? Thanks, Tim On Sat, Oct 31, 2015 at 5:09 PM, Tony Schreiner <anthony.schreiner at bc.edu> wrote:> On Sat, Oct 31, 2015 at 5:04 PM, Tim Dunphy <bluethundr at gmail.com> wrote: > > > Hi all, > > > > I need to restart a service on a few elasticsearch nodes. I'm trying to > do > > it with pssh. > > > > I'm getting this error when I try to do that: > > > > pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" > > [1] 17:01:50 [FAILURE] bluethundr at es2.example.com Exited with error > code 1 > > [2] 17:01:51 [FAILURE] bluethundr at es3.example.com Exited with error > code 1 > > [3] 17:01:51 [FAILURE] bluethundr at es1.example.com Exited with error > code 1 > > > > I have to sudo up from my user account as root logins are disallowed. > > > > However a simple 'echo hello' command that doesn't require sudo works > fine: > > > > #pssh -h es_list "/bin/echo hello" > > [1] 17:00:40 [SUCCESS] bluethundr at es1.example.com > > [2] 17:00:41 [SUCCESS] bluethundr at es3.example.com > > [3] 17:00:41 [SUCCESS] bluethundr at es2.example.com > > > > What am I doing wrong? > > > > Thanks, > > Tim > > > > > Have you tried running the command from a conventional login? > > sudo -S > expects a password from stdin, where is that being supplied? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
On 10/31/2015 02:04 PM, Tim Dunphy wrote:> pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch"The default configuration prohibits use if input echo can't be disabled. That means no "-S". I modify that for users where necessary: /etc/sudoers.d/myuser: Defaults:myuser !requiretty, visiblepw
> > What does the sudo log say?This is all the secure logs say about the ssh session: [root at logs:~] #tail -f /var/log/secure Oct 31 19:15:20 logs sshd[24407]: Accepted publickey for bluethundr from 47.18.111.100 port 47469 ssh2: RSA ae:62:1f:de:54:89:af:2c:10:16:0e:fd:8d:7e:81:06 Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session opened for user bluethundr by (uid=0) Oct 31 19:15:21 logs sshd[24410]: Received disconnect from 47.18.111.100: 11: disconnected by user Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session closed for user bluethundr No change in the logs after making the suggested change to disable tty: [root at logs:~] #cat /etc/sudoers.d/bluethundr Defaults:myuser !requiretty, visiblepw Got the same exact message! Anything else I can try? Thanks On Sat, Oct 31, 2015 at 5:34 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote:> On 10/31/2015 02:04 PM, Tim Dunphy wrote: > >> pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" >> > > The default configuration prohibits use if input echo can't be disabled. > That means no "-S". > > I modify that for users where necessary: > > /etc/sudoers.d/myuser: > Defaults:myuser !requiretty, visiblepw > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B