cexec.1 (2012 03)
c
cexec(1) cexec(1)
-h | --help | -?
Displays commands and use information from cexec
and quits.
-l | --user user
Runs remote commands as another user, subject to authorization. When using remsh, the user
issuing the command must be authorized in the remote user’s /.rhosts. When using ssh, the
local cexec user must have performed a key exchange with the specified remote ssh user.
-R | --rcmd {ssh | rsh}
Set remote command transport option to the transport, either
ssh or rsh.
-r | --retry={all | fail | success} reportfile
cexec retries commands on the nodes on which they were targeted to run in the reportfile
specified.
retry=fail re-runs the command only on the failed nodes,
retry=all re-runs
the commands on all nodes,
-retry=success
re-runs the command on nodes where it suc-
cessfully ran earlier.
Report files can be renamed. When renamed, they do not need the .rpt file extension, but they
must be in the $HOME/.cexec/reports directory.
-report_loc
Displays the location of the reports that
cexec
generates. When this option is used, it
displays the command and the reports it generated. All reports are located in the
$HOME/.cexec/reports directory. The user cannot change the location of the reports.
-t | --timeout seconds
Sets the connect timeout in seconds.
-u | --ctime seconds
Sets a limit on the amount of time a remote command is allowed to execute. Default is no
limit.
-V | --version
Shows the version of
cexec.
ENVIRONMENT VARIABLES
When not running on a Serviceguard cluster, if no other node selection option is used, the
CFANOUT_HOSTS environment variable may be set to a filename from which a list of target hosts is
read. The file should contain a list of hosts, one per line.
NETWORKING FEATURES
cexec is based on the pdsh(1) command. pdsh supports remsh or the rsh protocol as a command
transport. remsh and its related utilities like rlogin(1) have well documented security shortcomings.
For unprivileged users to use the remsh transport of pdsh and cexec, the /opt/dsau/bin/pdsh pro-
gram must be owned by root and the SUID bit must be set, just like the /usr/bin/remsh program. As
shipped, the
pdsh binary is owned by user bin and the SUID bit is not set. Thus an unprivileged user
cannot use the "-R rsh" option until the system administrator explicitly enables it. The system adminis-
trator should only enable pdsh usage of remsh in environments where users and hosts are trusted. The
default ssh transport offers significantly better security. The csshsetup tool makes ssh as easy to
configure as the .rhosts file of remsh.
LIMITATIONS
cexec assumes a predefined security setup when using remsh and ssh transports. Neither transport
can prompt for a password. For remsh, the user’s /.rhosts must be appropriately configured. For ssh,a
public key distribution must be performed to all targeted hosts. For the ssh case, the csshsetup tool is
provided to make the ssh setup as simple as possible. For example, csshsetup makes it easy to set up
any node to any node trust relationships in a Serviceguard cluster for groups of managed systems.
For the ssh transport, the connect timeout is not adjustable.
Hostlist parsing assumes numerical part of hostname is at the end only, for example, specifying
remote[0-5]host will not work.
You cannot use interactive commands (commands that prompt for input or expect a tty to be present).
The number of nodes on which
cexec can simultaneously execute remote jobs is limited by the maximum
number of threads that can be created concurrently and the availability of reserved ports in rsh rcmd
modules.
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: March 2012