System Upgrade Manager is a PHP application that will allow sysadmins to monitor and upgrade multiple remote Unix/Linux machines
Version: 0.5.1System Upgrade Manager is a PHP application that will allow sysadmins to monitor and upgrade multiple remote Unix/Linux machines.
Operating System: Linux
A while ago I was in the middle of trying to figure out how to keep track of package updates on all of my servers. I have around 300 servers of various platforms (Debian, Redhat, Solaris) and periodically I'd have to shell around and figure out which machines needed updates and which didn't.
I then decided that a neat thing to have was a way to do this from one central location. So with my limited html/php skills, I have whipped up a web-based System Package Manager, "sysmgr", where I can see all of my servers and an indication as to which ones need updates.
Here are some key features of "System Upgrade Manager":
Â· Ability to check RHES 3 servers
Â· Create an authentication/login page
Â· A PHP installer method.
Â· Sun Solaris upgrade support
Â· cron-based update
Â· support for apt-get based distros
Setting up communication between apache and the remote servers:
Configuring the Directories
First, we are going to setup some directories. Let's assume that your super private admin-only password protected, Apache DENY protected website resides at: /var/www (referred to as DOCUMENT ROOT throughout this tutorial) where nobody can access it except you on your internal network's IP address and you have to use a 24 character length password to get into.
NOTE: This directory does not have to be in the DOCUMENT ROOT but is does need to be somewhere that the apache user can get to it. My system is not on an internet-facing system. Not that that was an excuse, but I felt it was adequite for what I needed to do.
First, we need to create a "working directory". This is where Apache will create its virtual environment for SSH. Essentially, this is going to be the same as the user directory of a standard system user, however we are not going to create a user for this. Go ahead and make a directory under your DOCUMENT ROOT named ssh
Remember this directory because later on, you will be using it to to define some values in the live_update.php file
Now that we have our working directory setup, you need to generate a private and public key pair for SSH.
Creating the Private / Public SSH Key Pair
The key pair is basically a method of authenticating with a remote server using a key exchange. In other words, you do not have to type a password on the remote machine to login via SSH.
First, we need to generate the keys. So, login to your system as the user that the web server runs as, which is typically "apache", you only need to run this command:
ssh-keygen -t dsa -f ~/.ssh/id_dsa
WHEN PROMPTED FOR A PASSWORD, HIT ENTER TWICE. DO NOT ENTER A PASSWORD!
Now, let's assumed your username was 'apache' when you ran that command. In your HOME Directory, under a special directory named '.ssh', you will see two newly created files:
This is your identity file, or your private key.
This is your public key file that you will install into the remote user's profile to authenticate against your local private key.
Now that you have those two files generated, you are ready to install the public key.
Installing the Pubilc Key on the Remote System
The next step is to install the public key into a profile of the user that resides on the remote system. You do this by running this command:
cat ~USER/.ssh/id_dsa.pub | ssh REMOTE_USER@REMOTE_HOST 'sh -c "cat - >>~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"'
In the previous command USER is the local username such as 'apache' and the REMOTE_USER is the username on the remote machine and the REMOTE_HOST is the host name or the IP address of the remote machine.
For example, if I wanted to install this on machine "jupiter" under a user named 'foo', I would run:
cat ~sysmgr/.ssh/id_dsa.pub | ssh root@jupiter 'sh -c "cat - >>~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"'
When you run this command for the first time, you will need to enter the remote root password because you have no keys installed yet, so there's nothing to authenticate against. I have chosen root because I am going to want the ability to actually perform the upgrades from the browser, which was the whole point of this application anyways.
After your key is installed, PLEASE test it out! You want to make sure this works as advertised before you start pulling your hair out in PHP wondering why it does not work!. All you have to do is try to SSH into the remote box with the user.
If you are logged in without a password, then your key pair works and you're ready to start trying to SSH with PHP.
If the Key Pair Does Not Work
If it does not work, there are a few reasons why. The most common problem is that the remote user has never tried to SSH out of the box before. Therefore, there is no '.ssh' profile for that user. Simply login on that box as that user and try to SSH to another system. After that, repeat the key installation again and try to see if that works.
The other possiblity is that the SSH daemon configuration file is not properly configured for key authentication and you'll need to enable that!
What's New in This Release:
Â· This release fixes a DB insert statement that caused a problem adding servers.