Thursday, January 06, 2011

Linux: pssh

Have you ever needed to run a bunch of shell commands over ssh on a bunch of servers? I know there are probably a ton of tools out there to do this, but when I asked my operations buddy Geoff which he preferred, he told me to try out pssh (aka parallel-ssh). I tried it, and I was pleased to discover it was easy to setup and easy to use.

It's a Python package. Make sure you have setuptools installed (on Ubuntu, use "sudo apt-get install python-setuptools"). Then run "sudo easy_install pssh". It creates the following binaries in /usr/local/bin: prsync, pssh, pnuke, pslurp, pscp, and pssh-askpass.

It's best if you install your ssh key on each system. I have a shell script called ssh-installkey to do that:
# Install my ssh key on a remote system.

[ -n "$1" ] || {
echo "usage: ssh-installkey username@host" >&2
return 1
ssh $1 "mkdir -p -m 700 .ssh"
ssh $1 "cat >> ~/.ssh/authorized_keys2" < ~/.ssh/
ssh $1 "chmod 600 ~/.ssh/authorized_keys2"
Unfortunately, you'll have to run this script manually for each of the servers, which involves typing in your password a bunch of times. However, once you have your ssh key installed, your life will be much more pleasant.

To use pssh, you should create a hosts file with the hosts that you want to control. It's a simple file with one host per line. If you need to specify a username, you can use the format username@host, just like ssh.

Now, you can try out pssh, "pssh -h hosts.txt -i ls". The "-i" tells pssh to output the results from each server "inline" (which looks nice). If you don't care about the output of the command (for instance, if you're compiling something), you can just leave out the -i.

There are a couple of gotchas to be aware of. First of all, each command starts with a fresh login. That means using "cd" in one command doesn't help at all for the next command. I tend to use commands like "cd dir && do_something" when running pssh. Secondly, if your command takes a long time to run, pass "-t -1" to turn off timeouts.

Lastly, you'll need to do some more work if you want to use sudo. By default, sudo won't run if you don't have a tty, which you won't if you're using pssh. To fix this, you'll have to manually log into each server and edit /etc/sudoers. Comment out the line that says "Defaults requiretty". Once you do that, you'll be able to use sudo with pssh.

I was able to use pssh to control a cluster of 10 EC2 instances in order to install ZeroMQ. (In real life, I'd add ZeroMQ to the AMI so that it was already installed on each server, but using pssh helped me get something up quickly so that I could experiment.)


Anonymous said...

Why don't you just use "ssh-copy-id -i ~/.ssh/ user@server" to copy the public key?

ΤΖΩΤΖΙΟΥ said...

Totally agree with Anonymous; avoid re-inventing the wheel and specifying version specific filenames (i.e authorized_keys2 instead of authorized_keys).

David Björkevik said...

I haven't used pssh myself, but from your description it seems a lot more involved than cssh. Have you tried it?

Anonymous said...

What about Fabric?

Shannon -jj Behrens said...

> Why don't you just use "ssh-copy-id -i ~/.ssh/ user@server" to copy the public key?

Uh, because I didn't know about that. Thanks!

Shannon -jj Behrens said...

> I haven't used pssh myself, but from your description it seems a lot more involved than cssh. Have you tried it?

I haven't used it. How is cssh simpler?

Shannon -jj Behrens said...

> What about Fabric?

I think of Fabric as a good, long-term, non-interactive solution, whereas I think of pssh as a good, short-term, interactive solution. Am I wrong?

Anonymous said...

I ran into this issue, but if you search through bug reports for sudo, you will run across:

The author states that you can use -x to pass args to ssh.

pssh -h hosts -o foo -x "-t -t" 'sudo uptime'

Does what you want.

Shannon -jj Behrens said...


taylor said...

ssh-copy-id is not available everywhere.

Andrew said...

If you have the same password on each of the machines, you can use the "-A" option in pssh to manually enter the password. Using the "-A" with pssh or pscp makes it easy to blast out keys.

Shannon -jj Behrens said...

Great tip! Thanks!

Anonymous said...

A forked pssh that includes options to run arbitrary scripts rather than specifying each command individually, as well as running with sudo (assuming you have passwordless sudo permissions on the remote server)

Shannon Behrens said...

Cool :)