Monday, October 19, 2009

UPS Scripts/Procedure : Shutdown a Linux server from Windows.

When running APC PowerChute on a windows server and executing a command script on some events like we saw previously, it can be necessary to shudown a linux server too.

  1. On your Windows server running PowerChute, create a folder (eg. C:\ShutdownScripts) and copy in it plink and puttygen that you can download here

    Puttygen will create ssh keys, and plink will execute a command on a remote machine using an ssh connection.

  2. Run puttygen and create a pair of ssh keys (public/private) using SSH-2 DSA / 1024 in the same folder. You will generate two files, sshkey.pub and sshkey.ppk.

  3. Create a batch file locally (shutdownLinuxServers.bat) and add commands like :
    cd C:\ShutdownScripts
    @plink -T powerchute@mylinuxserver1 -i sshkey.ppk sudo /sbin/shutdown -h -P now
    @plink -T powerchute@mylinuxserver2 -i sshkey.ppk sudo /sbin/shutdown -h -P now
    ....

    This will ssh to your linux servers with the powerchute account to halt and shut them down .

  4. On the linux server(s) side, you will need to create a user account able to shutdown the server.

  5. Create the powerchute account :
    useradd -m -d /home/powerchute -g users -s /bin/bash powerchute

  6. In the home folder of the user powerchute (/home/powerchute), create a subfolder .ssh (rights 700), and add it a blank file called authorized_keys (touch authorized_keys) (rights 644)

  7. Copy the content of your sshkey.pub in the file authorized_keys

  8. Append this command at the end of authorized_key, after the public key :
    from=myWindowsServer,command=sudo /sbin/shutdown -h -P now ssh-dss
    Where myWindowsServer is the DNS name or IP of your server running APC PowerChute.

    Your file authorized_key should look like this :
    ssh-dss AAAB3NzaC1kc3MAAACBAOEIj5Hm0ByaNObfUPhpboS0fONW9WqATYXjGi/wlmJipxBNo+//WooNdfeMN9bCqlbT7Z0eXfL+r4Xdmqp........svjduAB2mbQ== dsa-key-20091009 from=192.168.192.50,command=sudo /sbin/shutdown -h -P now ssh-dss

  9. Edit the sudoers file :
    > visudo

  10. Search for this block and comment the last line :
    # Defaults specification
    #
    # Disable "ssh hostname sudo ", because it will show the password in clear.
    # You have to run "ssh -t hostname sudo ".
    #
    # Defaults requiretty <-- commented

  11. Search for this block and add the last line :
    # User privilege specification
    root ALL=(ALL) ALL
    powerchute ALL = NOPASSWD: /sbin/shutdown

  12. On your Windows server, add C:\ShutdownScripts\shutdownLinuxServers.bat to your APC PowerChute script (C:\Program Files\APC\PowerChute Business Edition\agent\cmdfiles\default.cmd)

2 comments:

  1. What are the odds I could get some more detail on steps 10 & 11? What files am I editing here? I can't find the text you're referencing.

    ReplyDelete
  2. The file you are looking for is normally /etc/sudoers

    ReplyDelete