#!/usr/bin/env python # tsshbatch.py - Non-Interactive ssh Connection # Copyright (c) 2011-2013 TundraWare Inc. # Permission Hereby Granted For Unrestricted Personal Or Commercial Use # See "tsshbatch-license.txt" For Licensing Details # # For Updates See: http://www.tundraware.com/Software/tsshbatch # A tip of the hat for some of the ideas in the program goes to: # # http://jessenoller.com/2009/02/05/ssh-programming-with-paramiko-completely-different/ ##### # Program Housekeeping ##### PROGNAME = "tsshbatch.py" BASENAME = PROGNAME.split(".py")[0] PROGENV = BASENAME.upper() RCSID = "$Id: tsshbatch.py,v 1.139 2013/10/20 22:59:21 tundra Exp $" VERSION = RCSID.split()[2] CPRT = "(c)" DATE = "2011-2013" OWNER = "TundraWare Inc." RIGHTS = "All Rights Reserved." COPYRIGHT = "Copyright %s %s, %s %s" % (CPRT, DATE, OWNER, RIGHTS) PROGVER = PROGNAME + " " + VERSION + (" - %s" % COPYRIGHT) HOMEPAGE = "http://www.tundraware.com/Software/%s\n" % BASENAME ##### # Suppress Deprecation Warnings # Required in some older environments where paramiko version # is behind the python libs version. ##### import warnings warnings.filterwarnings("ignore", "", DeprecationWarning) ##### # Imports ##### import getopt import getpass import os import paramiko import shlex import socket import sys ##### # Constants And Literals ##### COMMENT = "#" FAILURE = "FAILURE: %s" INDENTWIDTH = 8 OPTIONSLIST = "H:Nehkn:p:v" PADWIDTH = 30 SEPERATOR = " ---> " SUCCESS = "SUCCESS" SUDO = 'sudo' SUDOPROMPT = 'READINGSUDOPW' SUDOARGS = '-S -p %s' % SUDOPROMPT TRAILER = ": " USAGE = \ PROGVER + "\n" +\ HOMEPAGE + "\n\n" +\ "Usage: tsshbatch.py [-Nehkv] [-n name] [-p pw] [-H 'host host ..' | serverlistfile] command arg arg arg \n" +\ " where,\n" +\ "\n" +\ " -H '...' List of targeted hosts passed as a single argument\n" +\ " -N Force prompting for username\n" +\ " -e Don't report remote host stderr output\n" +\ " -h Display help\n" +\ " -k Use key exchange-based authentication\n" +\ " -n name Specify login name\n" +\ " -p pw Specify login password\n" +\ " -v Display extended program version information\n" ##### # Error Messages ##### eBADARG = "Invalid command line: %s!" eBADFILE = "Cannot open '%s'!" eBADSUDO = "sudo Failed, Check Password Or Command! sudo Error Report: %s" eFXERROR = "File Transfer Error While Attempting %s: %s" eNOCONNECT = "Cannot Connect: %s" eNOLOGIN = "Cannot Login! (Login/Password Bad?)" ##### # Prompts ##### pPASS = "Password: " pSUDO = "%s Password: " % SUDO pUSER = "Username (%s): " ##### # Print Message(s) To stderr ##### def PrintStderr(msg, TERMINATOR="\n"): sys.stderr.write(msg + TERMINATOR) # End of 'PrintStderr()' ##### # Print Message(s) To stdout ##### def PrintStdout(msg, TERMINATOR="\n"): sys.stdout.write(msg + TERMINATOR) # End of 'PrintStdout()' ##### # Display An Error Message And Exit ##### def ErrorExit(msg): PrintStderr(msg) sys.exit(1) # End Of 'ErrorExit()' ##### # Tranfer Files To A Host ##### def HostFileTransfer(host, user, pw, filelist): ssh = paramiko.SSHClient() # Connect and run the command, reporting results as we go try: ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if KEYEXCHANGE: ssh.connect(host) else: ssh.connect(host, username=user, password=pw) sftp = ssh.open_sftp() for srcfile in filelist: for destfile in filelist[srcfile]: sftp.put(srcfile, destfile) sftp.close() except: attempted = "%s -> %s:%s" % (srcfile, host, destfile) ErrorExit(eFXERROR % (attempted, sys.exc_info()[1][1])) ssh.close() # End of 'HostFileTransfer()' def HostCommand(host, user, pw, command): ssh = paramiko.SSHClient() # Connect and run the command, reporting results as we go try: ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if KEYEXCHANGE: ssh.connect(host) else: ssh.connect(host, username=user, password=pw) # If this is a sudo run, force password to be read # from stdin thereby avoiding fiddling around with ptys. if command.startswith(SUDO): command = command.replace(SUDO, "%s %s" % (SUDO, SUDOARGS), 1) # Run the command stdin, stdout, stderr = ssh.exec_command(command) # If doing a sudo command, send the password if command.startswith(SUDO): stdin.write("%s\n" % pw) stdin.flush() # If all we see on stderr at this point is our original # prompt, then then the sudo promotion worked. A bad # password or bad command will generate additional noise # from sudo telling us to try again or that there was a # command error. sudonoise = stderr.readline().split(SUDOPROMPT) if len(sudonoise) > 1: # sudo had problems sudonoise = sudonoise[1].strip() else: # sudo OK sudonoise = "" if sudonoise: PrintReport([host, FAILURE % (eBADSUDO % sudonoise)], HANDLER=PrintStderr) ssh.close() return PrintReport([host + " (stdout)", SUCCESS] + stdout.readlines()) if REPORTERR: PrintReport([host + " (stderr)", ""] + stderr.readlines(), HANDLER=PrintStderr) # Catch authentication problems explicitly except paramiko.AuthenticationException: PrintReport([host, FAILURE % eNOLOGIN], HANDLER=PrintStderr) # Everything else is some kind of connection problem except: PrintReport([host, FAILURE % (eNOCONNECT % sys.exc_info()[1].message)], HANDLER=PrintStderr) ssh.close() # End of 'HostCommand()' ##### # Print Report ##### # Expects input as [host, success/failure message, result1, result2, ...] # Uses print handler to stdout by default but can be overriden at call # time to invoke any arbitrary handler function. def PrintReport(results, HANDLER=PrintStdout): HANDLER(SEPERATOR + results[0] + TRAILER + (PADWIDTH - len(results[0])) * " " + results[1]) for r in results[2:]: # Command Results HANDLER(INDENTWIDTH * " " + r.strip()) # End of 'PrintReport()' # ---------------------- Program Entry Point ---------------------- # ##### # Process Any Options User Set In The Environment Or On Command Line ##### # Options that can be overriden by user HOSTS = "" # List of hosts to target KEYEXCHANGE = False # Do key exchange-based auth? PROMPTUSERNAME = False # Don't use $USER, prompt for username PWORD = "" # Password REPORTERR = True # Report stderr output from remote host UNAME = "" # Login name # Place To Keep File Transfer Requests File_Transfer_List ={} # Handle any options set in the environment OPTIONS = sys.argv[1:] envopt = os.getenv(PROGENV) if envopt: OPTIONS = shlex.split(envopt) + OPTIONS # Combine them with those given on the command line # This allows the command line to override defaults # set in the environment try: opts, args = getopt.getopt(OPTIONS, OPTIONSLIST) except getopt.GetoptError, (errmsg, badarg): ErrorExit(eBADARG % errmsg) for opt, val in opts: if opt == "-H": HOSTS = val.split() if opt == "-N": PROMPTUSERNAME = True if opt == "-e": REPORTERR = False if opt == "-h": PrintStdout(USAGE) sys.exit() if opt == "-k": KEYEXCHANGE = True if opt == "-n": UNAME = val if opt == "-p": PWORD = val if opt == "-v": PrintStdout(RCSID) sys.exit() ##### # Go Do The Requested Work ##### # Precedence of authentication credential sources: # # 1) Key exchange # 2) Command Line/$TSSHBATCH env variable sets name and/or password # 3) Forced prompting for name via -N # 4) Name picked up from $USER (Default behavior) if not KEYEXCHANGE: # Preset commandline and/or program option variable username takes precedence if not UNAME: current_user = os.getenv("USER") # By default, use $USER as the login name and don't prompt for it if not PROMPTUSERNAME: UNAME = current_user # Interactive prompting using $USER as default else: UNAME = raw_input(pUSER % current_user) if not UNAME: # User just hit return - wants default UNAME = current_user # Preset commandline and/or program option variable password takes precedence if not PWORD: PWORD = getpass.getpass(pPASS) # Host list and command parsing # Get the list of hosts if not specified on command line. # The assumption is that the first argument is the file # containing the list of targeted hosts and the remaining # arguments form the command. if not HOSTS: try: f = open(args[0]) HOSTS = f.readlines() f.close() except: ErrorExit(eBADFILE % sys.argv[1]) CMD = " ".join(args[1:]) # If hosts were passed on the command line, all the arguments # are understood to form the command. else: CMD = " ".join(args[0:]) # If user want 'sudo' execution, they MUST provide a password because # key exchange-based authentication is not part of sudo. If the # password has not been set by some other means (interactive, command # line or environment variable), ask for it here. CMD = CMD.strip() if CMD.startswith(SUDO) and not PWORD: PWORD = getpass.getpass(pSUDO) # Iterate over the list of hosts, executing the command. # Accomodate commenting out hosts in a list. for host in HOSTS: host = host.split(COMMENT)[0].strip() if host: if File_Transfer_List: HostFileTransfer(host, UNAME, PWORD, File_Transfer_List) if CMD: HostCommand(host, UNAME, PWORD, CMD)