> > What does the sudo log say?This is all the secure logs say about the ssh session: [root at logs:~] #tail -f /var/log/secure Oct 31 19:15:20 logs sshd[24407]: Accepted publickey for bluethundr from 47.18.111.100 port 47469 ssh2: RSA ae:62:1f:de:54:89:af:2c:10:16:0e:fd:8d:7e:81:06 Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session opened for user bluethundr by (uid=0) Oct 31 19:15:21 logs sshd[24410]: Received disconnect from 47.18.111.100: 11: disconnected by user Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session closed for user bluethundr No change in the logs after making the suggested change to disable tty: [root at logs:~] #cat /etc/sudoers.d/bluethundr Defaults:myuser !requiretty, visiblepw Got the same exact message! Anything else I can try? Thanks On Sat, Oct 31, 2015 at 5:34 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote:> On 10/31/2015 02:04 PM, Tim Dunphy wrote: > >> pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" >> > > The default configuration prohibits use if input echo can't be disabled. > That means no "-S". > > I modify that for users where necessary: > > /etc/sudoers.d/myuser: > Defaults:myuser !requiretty, visiblepw > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
Can you try: 'sh -c "/bin/sudo -S /bin/systemctl restart elasticsearch"' Or perhaps without the single quotes, as well. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message -----> From: "Tim Dunphy" <bluethundr at gmail.com> > To: "CentOS mailing list" <centos at centos.org> > Sent: Saturday, 31 October, 2015 23:16:57 > Subject: Re: [CentOS] use pssh to restart a service>> >> What does the sudo log say? > > > This is all the secure logs say about the ssh session: > > [root at logs:~] #tail -f /var/log/secure > Oct 31 19:15:20 logs sshd[24407]: Accepted publickey for bluethundr from > 47.18.111.100 port 47469 ssh2: RSA > ae:62:1f:de:54:89:af:2c:10:16:0e:fd:8d:7e:81:06 > Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session opened > for user bluethundr by (uid=0) > Oct 31 19:15:21 logs sshd[24410]: Received disconnect from 47.18.111.100: > 11: disconnected by user > Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session closed > for user bluethundr > > No change in the logs after making the suggested change to disable tty: > > [root at logs:~] #cat /etc/sudoers.d/bluethundr > Defaults:myuser !requiretty, visiblepw > > Got the same exact message! > > Anything else I can try? > > Thanks > > On Sat, Oct 31, 2015 at 5:34 PM, Gordon Messmer <gordon.messmer at gmail.com> > wrote: > >> On 10/31/2015 02:04 PM, Tim Dunphy wrote: >> >>> pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" >>> >> >> The default configuration prohibits use if input echo can't be disabled. >> That means no "-S". >> >> I modify that for users where necessary: >> >> /etc/sudoers.d/myuser: >> Defaults:myuser !requiretty, visiblepw >> >> >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
On 10/31/2015 04:16 PM, Tim Dunphy wrote:> Got the same exact message! > > Anything else I can try?I think you need to double-check your sudoers file. Use the '-i' argument to pssh to get more information. # cat /etc/sudoers.d/gordon gordon ALL=(ALL) NOPASSWD: ALL $ pssh -h t -i sudo echo true [1] 16:02:12 [FAILURE] MYHOST Exited with error code 1 Stderr: sudo: sorry, you must have a tty to run sudo # cat /etc/sudoers.d/gordon Defaults:gordon !requiretty, visiblepw gordon ALL=(ALL) NOPASSWD: ALL $ pssh -h t -i sudo echo true [1] 16:02:30 [SUCCESS] MYHOST true
Hey Gordon, Sorry, man my bad! Disabling the tty requirement for my sudo user does indeed work. I had a type-o in the sudoers file, and when I corrected it, my sudo command via pssh started working! #pssh -i -h es_list "/bin/sudo /bin/systemctl restart elasticsearch; sleep 10" [1] 20:31:32 [SUCCESS] bluethundr at es3.jokefire.com Stderr: sudo: sorry, you must have a tty to run sudo [2] 20:31:32 [SUCCESS] bluethundr at es2.jokefire.com [3] 20:31:32 [SUCCESS] bluethundr at es1.jokefire.com I'm still getting the 'sorry you must have a tty to run sudo' message coming from one of the nodes. But the command succeeds so it's no big deal! Odd tho that one node would be barking about that, considering my sudoers is distributed via puppet. Anyway, it's all good as far as I'm concerned. At least this works! I'll check that 3rd node and see if there's any difference to the sudoers file I guess. Thanks for your help! Tim On Sun, Nov 1, 2015 at 7:06 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote:> On 10/31/2015 04:16 PM, Tim Dunphy wrote: > >> Got the same exact message! >> >> Anything else I can try? >> > > I think you need to double-check your sudoers file. Use the '-i' argument > to pssh to get more information. > > # cat /etc/sudoers.d/gordon > gordon ALL=(ALL) NOPASSWD: ALL > > $ pssh -h t -i sudo echo true > [1] 16:02:12 [FAILURE] MYHOST Exited with error code 1 > Stderr: sudo: sorry, you must have a tty to run sudo > > > > # cat /etc/sudoers.d/gordon > Defaults:gordon !requiretty, visiblepw > gordon ALL=(ALL) NOPASSWD: ALL > > $ pssh -h t -i sudo echo true > [1] 16:02:30 [SUCCESS] MYHOST > true > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B