0

So I have 5 cloud machines running and my 1st one is set up as a apache server. My goal is for the users to click on the submit button on the webpage, it will run parallel-ssh on my 1st machine and launch a script on the other cloud machines. I have the webpage running, the script running and this is my attempt to launch parallel-ssh from index.php

So "master.txt" is on the 1st cloud machine that holds on the info about the other cloud machines. StrictHostKeyChecking is used to overlook the security checks. And the perl command is what will be launched on all the cloud machines. I know this question is fairly confusing but I'm new to both php and perl and I really need an answer for this project. Sorry, it's one big command but I had to break them into lines because it wouldn't display right on here.

Improve this question
4
  • yup i'm confused, what's the big picture here? what are you trying to achieve? Commented Jul 18, 2013 at 4:18
  • What is the output you are getting? Commented Jul 18, 2013 at 4:45
  • And I'm not getting output. If I put a print statement after the shell_exec statement, it would print it. So basically, I think it looks at the command and just ignores it. Commented Jul 18, 2013 at 4:47
  • i would consider the encoder service offered by amazon "Amazon Elastic Transcoder" Commented Jul 18, 2013 at 20:33

2 Answers 2

Reset to default
1

Maybe you'd have an easier time if you connected to each server through libssh2 or phpseclib and ran commands on each of the machines like that?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

This is a big command. Might I suggest this instead so it can be better understood. In the following code, I use escapeshellarg a lot to make sure all our shell arguments are properly escaped and are not open to attack. This also depends on whether or not your variables are trusted, but shouldn't hurt unless each argument variable is actually composed of multiple arguments or other not so common things.

<?php
$result = shell_exec(
    'parallel-ssh -h master.txt "-O StrictHostKeyChecking=no" ' . // SSH command
    '-t 5 ' . // 5 second timeout on each host
    '-l divx ' . // User
    '-i ' . // Inline mode used for troubleshooting.. Take this out once it works.
    '-P ' . // Print the output. This will only return it so it is stored in $result
    escapeshellarg(
        'perl /mnt/nas-storage/EncoderSetup/commTools/con.pl ' . // Executes a perl file
        escapeshellarg($input) . ' ' . // $input arg to perl command
        escapeshellarg($output) . ' ' . // $output arg to perl command
        escapeshellarg($intraperiod) . ' ' . // $intraperiod arg to perl command
        escapeshellarg($res) . ' ' . // $res arg to perl command
        escapeshellarg($qp) . ' ' . // $qp arg to perl command
        escapeshellarg($framerate) . ' ' . // $framerate arg to perl command
        escapeshellarg($startframe) . ' ' . // $startframe arg to perl command
        escapeshellarg($numgop) . ' ' . // $numgop arg to perl command
        escapeshellarg($enc) . ' ' . // $enc arg to perl command
        escapeshellarg($cfg) . ' ' . // $cfg arg to perl command
        escapeshellarg($sao) . ' ' . // $sao arg to perl command
        escapeshellarg($wafrosync) . ' ' . // $wafrosync arg to perl command
        escapeshellarg($amp) . ' ' . // $amp arg to perl command
        escapeshellarg($tmvp) . ' ' . // $tmvp arg to perl command
        escapeshellarg($transkp) . ' ' . // $transkp arg to perl command
        escapeshellarg($fasttranskp) . ' ' . // $fasttranskp arg to perl command
        escapeshellarg($goploc) // $goploc arg to perl command
    )
);
print $result;

This should work for you but there are some things to consider. First, execute it and print out the $result to see what the actual output is. If you get something like 

[FAILURE] server.hostname Exited with error code 255

Then it is possible that pssh is asking for a password for each host. I notices that you are using the -A option which asks for a password. You can't do that with shell_exec in php because then the script will hang and wait forever for a password. Instead, you need to setup SSH keys so that your first cloud server can ssh into the other cloud servers without a password. Setting up SSH public key based authentication actually is pretty easy. But not if you've never done it before. I'm sure there are plenty of posts on how to set that up. The procedure is basically:

  1. Generate a public and private key (No passphrase).

    • Type in this command at your first cloud server: ssh-keygen
    • Don't enter a passphrase when it asks you

  2. Copy the id_rsa.pub file to the ~/.ssh/authorized_keys file on each of the secondary cloud servers

  3. Make sure the .ssh folder has 700 permissions on each of the cloud servers

  4. Make sure the .ssh/authorized_keys file has 600 permissions on each of the cloud servers.

If all went as planned, you should be able to execute commands on each of the cloud servers from your main cloud server securely and without a password. Now, you can just run your command and it should work.... or at least give you output as to why it didn't so you can continue to troubleshoot.

Another concern is the user that shell_exec is run as. If you are running a web server on your main cloud server, then you will have to make sure that the current user (usually apache) has the id_rsa file in the .ssh folder wherever your apache home directory is (usually /var/www/). So you would put the id_rsa file in the /var/www/.ssh/ folder and make sure it is owned by apache. Also, make sure it is chmod 600 to protect it.

There are other security concerns like protecting your id_rsa file. Don't run any untrusted scripts on your server or use any virtual hosts with users that upload their own files for their own websites. The security concern comes into play because any script that is run as apache can easily access, and compromise your id_rsa file... yikes. Anyone who has access to this file will easily gain access to each of your cloud servers... so protecting it should not be taken lightly.

Improve this answer

3 Comments

Simply create it. Execute the following command as the user you want to run the perl script as # mkdir ~/.ssh
So there's no .ssh folder on the secondary cloud machines, I created it. On the first cloud machine, when i ran ssh-keygen, it created the .ssh folder under my home folder so I created another .ssh in /var/www and copied the id_rsa file over. Is that correct? Apparently it's still not showing me anything.
Well, in order to give you a more detailed answer (and a correct answer for your situation) I would need to know what user is executing the parallel-ssh command. Add this to your php script at the end... after the shell_exec and everything.... print get_current_user();

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.