1
00:00:03,490 --> 00:00:09,050
In this lesson you'll learn how to create a small network of virtual machines that will simulate a company

2
00:00:09,050 --> 00:00:10,110
network.

3
00:00:10,220 --> 00:00:16,790
You'll also learn how to configure S-sh key authentication and execute commands on remote systems via

4
00:00:16,850 --> 00:00:18,170
S-sh.

5
00:00:18,380 --> 00:00:23,390
Well we're going to do here is actually create three virtual machines we're going to name the first

6
00:00:23,390 --> 00:00:25,910
one ad men 0 1.

7
00:00:26,090 --> 00:00:30,360
The next one server's zero one and the third one server zero two.

8
00:00:30,550 --> 00:00:33,560
And I may call those 7:01 and server 2 to be brief.

9
00:00:33,560 --> 00:00:40,160
This type of set up is very common where you'll have one server acting as your main administration server

10
00:00:40,160 --> 00:00:43,020
that will act as the base of operations if you will.

11
00:00:43,280 --> 00:00:47,740
And then several other servers on your network that are used to do the work for the business.

12
00:00:47,750 --> 00:00:51,620
They could be web servers database servers or what have you.

13
00:00:51,620 --> 00:00:54,430
So here I'm on my local system on my terminal open.

14
00:00:54,590 --> 00:01:00,530
I'm going to go to shell class and I'm going to create a new directory for this project I'm going to

15
00:01:00,530 --> 00:01:03,800
create a directory called multi net.

16
00:01:03,920 --> 00:01:08,300
So we're going to be using multiple machines here on this miniature network so I'm just going to call

17
00:01:08,300 --> 00:01:11,900
this multi net change directory and there.

18
00:01:12,070 --> 00:01:22,090
And let's go ahead and initialiser vagrant project vagrant and it and then supply a box name.

19
00:01:22,100 --> 00:01:25,430
Now I just need to edit the bigger file and make some changes.

20
00:01:28,510 --> 00:01:34,990
Going to add some configuration right here below the config that VM box line and what I'm going to do

21
00:01:34,990 --> 00:01:44,760
is say config dot VM define and we're going to define our first server of admin or one and put that

22
00:01:44,760 --> 00:01:47,660
same name here in pipes

23
00:02:03,790 --> 00:02:11,270
give us an IP address and then close our statement for this particular host.

24
00:02:11,270 --> 00:02:14,020
So this will create one virtual machine.

25
00:02:14,020 --> 00:02:18,070
Now let's go ahead and create a standard for next to a virtual machine.

26
00:02:20,090 --> 00:02:22,130
We'll call this one server 0 1

27
00:02:31,640 --> 00:02:35,020
give it the host name of server a one

28
00:02:52,630 --> 00:02:55,590
then we're going to pretty much duplicate this.

29
00:02:55,600 --> 00:02:59,430
But make sure we change the ones to two here.

30
00:03:00,630 --> 00:03:04,830
And also make sure we change this IP address here.

31
00:03:04,860 --> 00:03:13,270
Hey So now we have these three stanzas for three different servers we have Admin a one server or one

32
00:03:13,570 --> 00:03:15,900
and server O2.

33
00:03:15,940 --> 00:03:19,600
So no we're going to do is run a vagrant up.

34
00:03:19,690 --> 00:03:24,640
Now when you're working with a vagrant multi machine set up like this when you run a command it runs

35
00:03:24,640 --> 00:03:30,640
that command against all the systems unless you specify which one of the virtual machines that you're

36
00:03:30,640 --> 00:03:31,750
working with.

37
00:03:31,750 --> 00:03:37,360
So if we run vagrant up it's going to bring up all three of those systems if we run vagrant of admin

38
00:03:37,360 --> 00:03:41,050
or one it's only going to bring up that system for example.

39
00:03:41,110 --> 00:03:45,720
So go ahead and re-invigorate up and let vigorish create all three of those systems.

40
00:03:46,870 --> 00:03:52,090
By the way this is going to take an extra few minutes since we're creating three servers here at once

41
00:04:23,590 --> 00:04:29,800
Ok now that the vigorish up command has been executed we should have three running virtual machines

42
00:04:30,000 --> 00:04:33,900
and we can check that with vagrant status.

43
00:04:34,090 --> 00:04:39,970
If you get an error you Rannveig run up or if you run vagrant status and not all three of your virtual

44
00:04:39,970 --> 00:04:44,390
machines are running you need to check the contents of your vagrant file.

45
00:04:44,650 --> 00:04:49,330
And let me just jump in the vigor for a really quick and talk about a couple of things that I've seen

46
00:04:49,330 --> 00:04:53,370
in the past some little gotchas if you will and how to get around those.

47
00:04:53,380 --> 00:04:55,930
So let's look at our vagrant file here.

48
00:04:57,590 --> 00:05:03,980
And one thing I've seen happen is for example on the IP address line I've seen people accidentally forget

49
00:05:04,400 --> 00:05:06,120
the closing double quote.

50
00:05:06,140 --> 00:05:10,580
So that is a common mistake I see people miss a comma here.

51
00:05:10,610 --> 00:05:12,470
That is a mistake I've seen before.

52
00:05:12,470 --> 00:05:19,040
I've also seen some students do this that they use capital IP instead of lower case IP.

53
00:05:19,130 --> 00:05:22,490
So every little thing you see here every little bit of syntax.

54
00:05:22,490 --> 00:05:29,270
It's not like salt and pepper or some seasoning it is exact and specific and has to be exactly this

55
00:05:29,270 --> 00:05:29,960
way.

56
00:05:29,960 --> 00:05:32,210
It's not therefore a random purpose.

57
00:05:32,210 --> 00:05:38,000
Also another thing I've seen here when someone gets to this third stanza maybe they did like I did and

58
00:05:38,000 --> 00:05:41,920
they copied the first one but they forget to change this.

59
00:05:42,230 --> 00:05:46,860
So they have this situation where they're really trying to define server too.

60
00:05:46,880 --> 00:05:51,170
But in the code block here they're referencing something that does not correspond to that.

61
00:05:51,170 --> 00:05:53,800
So it needs to be the same here as well.

62
00:05:53,990 --> 00:06:00,140
And I've also seen this happen which is people leave off this first bit of information here just use

63
00:06:00,140 --> 00:06:04,940
VM hostname and so on like that and so that is also not going to work.

64
00:06:04,940 --> 00:06:10,760
So again if you run a vagrant status and all three of your machines are up or the vagrant up command

65
00:06:10,760 --> 00:06:14,550
isn't complete successfully These are some things that you can check.

66
00:06:15,200 --> 00:06:17,530
So I jump out of here right now.

67
00:06:17,690 --> 00:06:20,900
And now what I do is run vagrant S-sh.

68
00:06:20,960 --> 00:06:26,780
Now in the past we've just been working with one system and when we run vagrant S-sh we get connected

69
00:06:26,780 --> 00:06:28,520
to that one virtual machine.

70
00:06:28,520 --> 00:06:33,350
Well since we have three virtual machines we run vigor and S-sh vagrant doesn't know which one we're

71
00:06:33,350 --> 00:06:34,510
trying to connect to.

72
00:06:34,670 --> 00:06:39,060
So we have to be very specific and tell it which machine we're going to connect to.

73
00:06:39,200 --> 00:06:43,790
And so what we're going to do is connect here to admen one our administration server and start working

74
00:06:43,790 --> 00:06:44,240
there.

75
00:06:44,240 --> 00:06:51,130
So I'm just going to type in vigor and S-sh admin 0 1 now that we're in this virtual machine I'm going

76
00:06:51,130 --> 00:06:56,560
to see if I can ping those other virtual machines on the network here just to see if they're responding

77
00:06:56,590 --> 00:07:04,490
on our network networks to peeing dash C-3 that means send a count of three packets to ten nine eight

78
00:07:04,580 --> 00:07:05,990
dot 11.

79
00:07:06,100 --> 00:07:10,090
Sure enough are getting responses and that worked to do it to 12.

80
00:07:11,510 --> 00:07:14,400
OK three packets transmitted no packet loss.

81
00:07:14,450 --> 00:07:15,230
That looks good.

82
00:07:15,230 --> 00:07:22,080
So this particular admen virtual machine can communicate over the network to server one and server two.

83
00:07:22,250 --> 00:07:28,570
Now when attempting to resolve a name to an IP address for example if we want to pinging server 0 1

84
00:07:28,880 --> 00:07:36,020
what happens is that the host file is checked first of by default and if no entry is found there then

85
00:07:36,020 --> 00:07:37,760
DNS is queried.

86
00:07:37,760 --> 00:07:41,600
Since the main point of this class is shell scripting we're not going to spend the time to set up a

87
00:07:41,600 --> 00:07:45,110
DNS server for our three little virtual machines here.

88
00:07:45,110 --> 00:07:50,950
We're just going to add our two servers to the hosts file so we can talk to them by name.

89
00:07:50,990 --> 00:07:56,810
Now if we look at the ETSI hosts file you can see that the format of the file is an IP address followed

90
00:07:56,810 --> 00:08:03,230
by a name and then any other additional names that you want to access those systems by.

91
00:08:03,230 --> 00:08:09,230
Since I'm a normal user I'm going to actually use a command called T in conjunction with Sea-Doo to

92
00:08:09,230 --> 00:08:10,720
append some lines to.

93
00:08:10,730 --> 00:08:17,510
So let's look at the command really quick and the command reads from standard input and writes to standard

94
00:08:17,510 --> 00:08:22,510
output and files it pretty much passes anything that it receives out the other direction.

95
00:08:22,550 --> 00:08:28,570
And so what's useful about this is the Dash 8 option which allows you to append to existing files instead

96
00:08:28,580 --> 00:08:29,860
of overwriting.

97
00:08:29,870 --> 00:08:34,550
So how this comes in useful in our situation is that we're going to open to an existing file of ETSI

98
00:08:34,550 --> 00:08:35,330
hosts.

99
00:08:35,330 --> 00:08:37,460
And so we're going to use the Dash 8 option.

100
00:08:37,460 --> 00:08:42,340
Now if you don't append to a file it just overwrites the file it clobbers it if you will.

101
00:08:42,350 --> 00:08:47,720
So the reason why this is important is again where a normal user and what we want to do is do something

102
00:08:47,720 --> 00:08:58,920
like this we're going to echo this 10 9 eight 11 Cerebro one because that's the IP addresses are 1 and

103
00:08:58,920 --> 00:09:03,420
we want to send that to the bottom of the hosts file.

104
00:09:03,420 --> 00:09:08,190
So what happens here is when we execute the command t sends that to standard output and it also appends

105
00:09:08,190 --> 00:09:10,330
it to the hosts file.

106
00:09:10,530 --> 00:09:14,310
So let's do the same thing again here with our server to

107
00:09:18,460 --> 00:09:25,700
now if we can host we can see those two entries are at the bottom of the hosts file.

108
00:09:26,570 --> 00:09:31,310
If you're trying to append some data to a file you may think oh I can just run Sea-Doo echo but it may

109
00:09:31,310 --> 00:09:33,570
not do what you expect it to do.

110
00:09:33,590 --> 00:09:41,340
So let's just try it out really quick on the Sudoku echo test and then try to append that to ETSI hosts.

111
00:09:41,350 --> 00:09:46,150
And it says it's the host permission denied and I get people saying hey I ran that with root permissions.

112
00:09:46,340 --> 00:09:49,150
Why can't I update the host.

113
00:09:49,370 --> 00:09:55,970
Well what happens is you're actually executing the echo command as root with sudo there but the redirection

114
00:09:55,970 --> 00:10:02,870
takes place as you're a normal user and that is why you cannot append to a file so sure you're running

115
00:10:02,870 --> 00:10:07,820
the echo command as root but you're not doing the redirection as root.

116
00:10:07,880 --> 00:10:11,420
So that's why you can use sudo in the way we did there.

117
00:10:11,480 --> 00:10:18,380
Pipe that output to suit you Tiede cache and then that way you can do things like a pin data to files

118
00:10:18,590 --> 00:10:23,080
on the command line without an editor and also without switching to the root user.

119
00:10:23,220 --> 00:10:28,070
OK so that's maybe an interesting aside maybe it was totally boring to you but hopefully you got a little

120
00:10:28,070 --> 00:10:29,290
something out of that.

121
00:10:29,690 --> 00:10:30,710
OK so let's move on.

122
00:10:30,710 --> 00:10:32,950
So now we have entries in the host file.

123
00:10:33,110 --> 00:10:38,990
So in theory that means we can communicate to those systems by name so we can do this paying their C-3

124
00:10:39,320 --> 00:10:47,470
server 0 1 and you can see 10 9 8 not 11 is the IP address that it's communicating with.

125
00:10:47,510 --> 00:10:52,190
And of course that is what is in the ANSI hosts file and that does correspond to server 1.

126
00:10:52,370 --> 00:10:53,630
And we can do the same thing here.

127
00:10:53,640 --> 00:11:00,880
Let's just send one packet to server 2 and sure enough it sends it to 10 that 9.8 dot 12.

128
00:11:00,980 --> 00:11:06,850
As I said earlier we're going to be using this a virtual machine as our main administration server will

129
00:11:06,860 --> 00:11:12,370
be running commands from here that will execute on the other virtual machines on the network.

130
00:11:12,620 --> 00:11:16,440
So I want to S-sh into those other two systems without a password.

131
00:11:16,580 --> 00:11:20,480
And the first thing we need to do is create an S-sh key pair.

132
00:11:20,600 --> 00:11:21,790
If we would like to do that.

133
00:11:21,800 --> 00:11:28,550
So we'll just run S-sh dash region to generate a key and we're just going to accept the default here.

134
00:11:28,550 --> 00:11:30,800
Sure that's a fine place for the key.

135
00:11:30,800 --> 00:11:32,900
We're not going to use a passphrase.

136
00:11:32,930 --> 00:11:39,170
And what this will allow us to do is S-sh without being prompted for a password every time we want to

137
00:11:39,170 --> 00:11:40,870
connect to a server.

138
00:11:40,910 --> 00:11:45,000
So just hit in a couple of times and now R-KY has created.

139
00:11:45,140 --> 00:11:50,360
So the next step is to put the public key on the remote system and there's a handy command that will

140
00:11:50,360 --> 00:11:51,050
help you do that.

141
00:11:51,090 --> 00:11:54,060
It's called S-sh dash copy dash I.D..

142
00:11:54,260 --> 00:12:03,670
So we're going to say to copy I.D. to server 0 1 here we're connecting as the vigourous user over this

143
00:12:03,700 --> 00:12:08,190
age to server 0 1 and it's saying hey here's the fingerprint of that hose.

144
00:12:08,210 --> 00:12:09,470
Do you accept it.

145
00:12:09,470 --> 00:12:12,140
And do you think it's where are you trying to go.

146
00:12:12,140 --> 00:12:17,570
We in theory we could check this key on the other side and confirm but you're were on a test system

147
00:12:17,570 --> 00:12:18,680
I'm sure this is going to be safe.

148
00:12:18,680 --> 00:12:20,250
So we'll just hit yes here.

149
00:12:20,540 --> 00:12:27,490
So here is prompting us for vagrants password and the password for vagrant is vagrant.

150
00:12:27,540 --> 00:12:30,720
It says it added the key over there so let's check it out.

151
00:12:30,720 --> 00:12:37,530
S-sh server 0 1 and you can see that our prompt changed to server 0 1.

152
00:12:37,590 --> 00:12:41,080
So we're on the other V.M. over S-sh.

153
00:12:41,220 --> 00:12:48,140
So now I'm just going to exit out with exit and if I wanted to for example run a command over their

154
00:12:48,140 --> 00:12:54,580
own server or one I could do this S-sh server 0 1 and then specify the command.

155
00:12:54,590 --> 00:13:02,600
So let's run the hostname command over on server 1 So what happens is we connect to server 0 1 then

156
00:13:02,600 --> 00:13:08,420
execute the command and then we're disconnected and we're back to our initial system so it's like we

157
00:13:08,420 --> 00:13:13,260
never connected over there but we really did it was just wasn't an interactive log in.

158
00:13:13,430 --> 00:13:15,620
So we need to do the same thing with server too.

159
00:13:15,620 --> 00:13:22,700
So S-sh copy ID server to accept the key and our password.

160
00:13:22,850 --> 00:13:24,030
And we should be good to go.

161
00:13:24,030 --> 00:13:25,250
It's just test really quick.

162
00:13:25,270 --> 00:13:27,900
S-sh server 0 2.

163
00:13:28,160 --> 00:13:34,300
All right we get the server to prompt where over on that virtual machine and I'll just type exit here.

164
00:13:34,340 --> 00:13:36,710
So now this allows us to do things like this.

165
00:13:36,710 --> 00:13:39,650
Let's create a little for loop right here on the command line.

166
00:13:39,650 --> 00:13:52,280
So I'm going to do 4 in and a 1 and 2 do S-sh 2 server 0 in and then run a command over their host name

167
00:13:52,760 --> 00:13:53,970
and done.

168
00:13:54,020 --> 00:13:59,060
So sure enough what happens in this little simple for loop is the first time around in is assigned the

169
00:13:59,060 --> 00:14:00,400
value of 1.

170
00:14:00,440 --> 00:14:04,310
And of course server zero dollar sign and evaluates to several one.

171
00:14:04,520 --> 00:14:08,970
And then so that's when we S-sh a server or one run the hostname command.

172
00:14:09,110 --> 00:14:14,600
Then the next time around the loop end is set to 2 and we S-sh the server zero in which is actually

173
00:14:14,600 --> 00:14:21,530
server 0 to execute the hostname and then our loop is complete again like a demonstrated above you can

174
00:14:21,530 --> 00:14:27,220
just S-sh into any server and run a command without having to start an interactive shell.

175
00:14:27,260 --> 00:14:32,810
If you supply the command on the S-sh command line there that command to supply gets executed on the

176
00:14:32,810 --> 00:14:37,500
remote system and then you disconnect from the remote system and the output is displayed.

177
00:14:37,880 --> 00:14:40,670
OK so this allows us to do some things like this.

178
00:14:40,670 --> 00:14:52,900
Let's change into our shared folder a vagrant and create a file here called servers.

179
00:14:52,910 --> 00:14:59,210
Notice I used a single redirect operator that created a new file or the first line there if there was

180
00:14:59,210 --> 00:15:04,280
a service while it existed it would have been overwritten and the second time I used double or greater

181
00:15:04,280 --> 00:15:06,040
than signs which appends.

182
00:15:06,050 --> 00:15:09,070
So I added server O2 to the server's file.

183
00:15:09,170 --> 00:15:11,630
So let's check the contents of that really quickly.

184
00:15:11,660 --> 00:15:14,180
Sure enough that file only contains two lines.

185
00:15:14,180 --> 00:15:16,670
Server 0 1 and server 0 2.

186
00:15:16,670 --> 00:15:22,680
So then we can do some things like this for server and servers.

187
00:15:23,150 --> 00:15:30,410
And so remember back that the dollar sign parenthesis command closing parenthesis syntax means take

188
00:15:30,410 --> 00:15:36,650
the output of that command in those parentheses and return it or substitute the output of that command

189
00:15:36,650 --> 00:15:38,390
for the command itself.

190
00:15:38,390 --> 00:15:43,760
So what's going to happen is this statement is really going to read for server and server all one server

191
00:15:43,780 --> 00:15:44,690
O2.

192
00:15:45,080 --> 00:15:56,310
So then we'll do this we'll do it S-sh server run the hostname command again we'll run a socket command

193
00:15:56,580 --> 00:16:00,970
on that server and we'll just do an uptime.

194
00:16:01,140 --> 00:16:07,050
The first we see the hostname output for server one then we see the uptime output for server 1 the loop

195
00:16:07,050 --> 00:16:10,310
repeats and we get the same output for server 2.

196
00:16:10,470 --> 00:16:17,010
By the way if you want to make sure that everything you specify after the host and an S-sh command gets

197
00:16:17,010 --> 00:16:21,170
executed on the remote host put it in quotation marks.

198
00:16:21,210 --> 00:16:30,000
So if we were to do this S-sh server 0 1 hostname semi-colon hostname what's going to happen is the

199
00:16:30,000 --> 00:16:37,220
semi-colon is going to be interpreted as the command separator which it is and the host the first hostname

200
00:16:37,230 --> 00:16:43,860
is going to get executed on server a one via S-sh and then its going to terminate that command because

201
00:16:43,860 --> 00:16:46,380
the colon is a command separator.

202
00:16:46,380 --> 00:16:51,200
Then the second hostname on this command line will actually execute on the local host.

203
00:16:51,210 --> 00:16:53,850
So let's hit enter to prove that here.

204
00:16:54,000 --> 00:17:00,080
Sure enough SSA server one hostname evaluates to several one and then hostname command itself returns

205
00:17:00,120 --> 00:17:04,000
admin Odon because it gets executed on the local host.

206
00:17:04,020 --> 00:17:08,910
So if you want to make sure that everything that occurs on that command line happens on the remote system

207
00:17:09,150 --> 00:17:11,250
you need to put it in quotes.

208
00:17:11,250 --> 00:17:12,060
So let's do this

209
00:17:15,080 --> 00:17:22,150
here what happens is the hostname semi colon hostname command or command group everything in quotes

210
00:17:22,150 --> 00:17:28,570
there gets executed on the remote system on server 0 1 and this particular example.

211
00:17:28,870 --> 00:17:34,930
So whether you're doing a semi colons or pipes or whatever if you want to make that happen on the remote

212
00:17:34,930 --> 00:17:36,960
system just enclose it in quotes.

213
00:17:37,120 --> 00:17:39,460
Of course normal expansion rules apply.

214
00:17:39,460 --> 00:17:44,080
So if you want variables to be expanded You need to use double quotes like this so let's say we're going

215
00:17:44,080 --> 00:17:50,050
to use variables for commands will have command one variable b hostname and the command to variable

216
00:17:50,050 --> 00:17:51,070
b up time.

217
00:17:52,020 --> 00:17:55,110
Now what we can do is this is the same server O.

218
00:17:55,200 --> 00:18:01,800
And then use double quotes because we want Siham do you want to be expanded to hostname and CMT to be

219
00:18:01,800 --> 00:18:10,620
expanded to uptime the command to view the running processes or the process table is p s and a couple

220
00:18:10,620 --> 00:18:18,240
of options that I end up using often our P.S. space dashi E-F which shows every process the dashi and

221
00:18:18,240 --> 00:18:23,460
the dash f represents the full listing so it shows a full listing of every process.

222
00:18:23,460 --> 00:18:26,970
So let's take the output of the command and pipe it to head.

223
00:18:27,030 --> 00:18:35,400
So let's do this S-sh server 0 1 run Stashie half pipe that to head Desch 3 only look at the first couple

224
00:18:35,400 --> 00:18:38,280
of processes here and hit enter.

225
00:18:38,310 --> 00:18:39,740
So it happened with that command.

226
00:18:39,800 --> 00:18:42,680
Is that E-F pipe head dash 3.

227
00:18:42,870 --> 00:18:45,190
All was executed on server 1.

228
00:18:45,210 --> 00:18:46,980
Now we'll get the same output if we do this

229
00:18:49,740 --> 00:18:58,070
USCF had dashed 3 but the difference is this time is that the head command is actually executed on this

230
00:18:58,160 --> 00:19:00,440
server and not the remote server.

231
00:19:00,500 --> 00:19:03,200
In this instance there isn't a difference.

232
00:19:03,260 --> 00:19:05,370
But again it's something to be aware of.

233
00:19:06,180 --> 00:19:11,430
Another thing to keep in mind is that S-sh will exit the exit status of the remote command that was

234
00:19:11,430 --> 00:19:18,250
executed or with 255 if an error occurred with S-sh itself and of course how do I know this well.

235
00:19:18,270 --> 00:19:21,270
I read the man page so let me pull it up for you really quick.

236
00:19:21,270 --> 00:19:22,710
DOUMANIS H.

237
00:19:22,850 --> 00:19:25,490
I'm looking for exit status here.

238
00:19:25,530 --> 00:19:31,960
So here it is S-sh exits with the exit status or the remote command or to 5:5 if an error occurred.

239
00:19:31,980 --> 00:19:33,630
Let me get out of here with queue.

240
00:19:33,900 --> 00:19:40,740
So let's do something like this let's make S-sh error out by giving it a server that doesn't exist.

241
00:19:42,880 --> 00:19:46,100
Here it says it cannot resolve hostname server 0 3.

242
00:19:46,100 --> 00:19:51,310
And if we check the exit status of the S-sh command we get 255.

243
00:19:51,320 --> 00:19:57,680
So if you're writing a script you can check for exit status to 5:5 to distinguish an SS H.E. error from

244
00:19:57,680 --> 00:20:03,930
an error that's coming from a remote command that was just passed on by S-sh.

245
00:20:03,950 --> 00:20:10,940
So if we do this S-sh server go to that exists run up time and then check the exit status we get a zero

246
00:20:11,210 --> 00:20:15,250
which was actually the exit status returned by the UP TIME command.

247
00:20:15,500 --> 00:20:20,630
OK here's yet another important little thing to know when you're executing these remote commands with

248
00:20:20,630 --> 00:20:29,510
S-sh it's actually more accurate to say that S-sh exits with the exit status of the last command executed

249
00:20:29,510 --> 00:20:31,370
remotely or 255.

250
00:20:31,580 --> 00:20:35,950
If an error occurred with S-sh So let me give you a couple of examples.

251
00:20:35,990 --> 00:20:41,210
So there is a command called true that always returns true or an exit of zero.

252
00:20:41,510 --> 00:20:48,200
And there is also a counterpart to that which is called false which always returns 1 which is a nonsuccess

253
00:20:48,200 --> 00:20:50,660
or a false here on the command line.

254
00:20:50,660 --> 00:21:00,350
So if we do this S-sh server 0 1 will execute false and we'll pipe that true which doesn't do anything

255
00:21:00,350 --> 00:21:04,140
practically but it's just to show us about these exit satirises.

256
00:21:04,550 --> 00:21:12,320
So if we do that and then we do this Ecko dollar sign questionmark we get a return value of zero and

257
00:21:12,320 --> 00:21:17,060
that's because the last command that was executed to return to zero exit status.

258
00:21:17,060 --> 00:21:20,580
So let's see this is a state server 0 1.

259
00:21:20,690 --> 00:21:21,510
True.

260
00:21:21,800 --> 00:21:23,000
False.

261
00:21:23,000 --> 00:21:27,710
And then when we look at that exit status we get an exit status of one because the false command returned

262
00:21:27,710 --> 00:21:29,830
the exit status of one.

263
00:21:29,870 --> 00:21:35,120
Let's say you want any non zero exit status has to be returned.

264
00:21:35,120 --> 00:21:48,760
If you are using a pipe on the remote system so the way to accomplish that is to use this.

265
00:21:48,790 --> 00:21:53,860
So when we check the exit status here we get an exit status of one because that occurred during the

266
00:21:53,860 --> 00:21:54,940
pipeline.

267
00:21:54,940 --> 00:22:01,570
Now let's look at this let's look at the Help for set up that less because there's a lot of information

268
00:22:01,570 --> 00:22:05,080
here is going to go down the pipe here.

269
00:22:05,080 --> 00:22:11,590
So if we turn on this pipe fill option the return value of a pipeline is the exit status of the last

270
00:22:11,590 --> 00:22:20,090
command to exit with a non zero exit status or zero if no command exited with a non-zero exit status.

271
00:22:20,320 --> 00:22:25,870
So this is something to keep in mind if you want to make sure that every command in a pipeline was successful

272
00:22:25,870 --> 00:22:32,270
when using S-sh Okay enough about executing commands on remote systems.

273
00:22:32,280 --> 00:22:38,570
Let's read a simple script that checks to see if our servers are reachable via pinging or not.

274
00:22:38,580 --> 00:22:47,710
So in the name this multi net demo one goes without saying we start with the ship being add a little

275
00:22:47,710 --> 00:22:49,240
comment to our script here

276
00:23:02,790 --> 00:23:07,920
so we're going to use a file that contains a list of our hosts here and we just created that command

277
00:23:07,920 --> 00:23:08,500
line.

278
00:23:08,610 --> 00:23:15,140
I we'll just use that and let's put a check in here to make sure that it exists before we try to loop

279
00:23:15,140 --> 00:23:15,780
through it.

280
00:23:19,970 --> 00:23:26,030
In computer speak this says if not exists server file then do something.

281
00:23:26,210 --> 00:23:31,010
Another way to say that is if the file doesn't exist then do something in the thing we're going to do

282
00:23:31,010 --> 00:23:38,450
here is say cannot open a server file for whatever reason and we are going to exit

283
00:23:44,520 --> 00:23:50,750
and go back up here and actually put this in quotation marks.

284
00:23:50,890 --> 00:23:55,080
So the next step here is just a loop through that file so we'll do a for loop.

285
00:24:10,590 --> 00:24:12,740
This time let's use a count of 1.

286
00:24:12,740 --> 00:24:17,310
I'm kind of impatient if it can ping and one will consider it up.

287
00:24:17,580 --> 00:24:22,830
And if we don't get a response with one packet we'll be rather impatient and just assume it's down.

288
00:24:23,580 --> 00:24:25,490
Ping generates some output as we know.

289
00:24:25,500 --> 00:24:30,750
I'm just going to send all this output to dev null because I really don't care about the output.

290
00:24:30,750 --> 00:24:36,210
What I care about is really the return status I want to know if that command succeeded or failed and

291
00:24:36,210 --> 00:24:37,800
of course you know how to check that with this

292
00:24:44,810 --> 00:24:48,500
if the status is not zero then something went wrong.

293
00:24:49,130 --> 00:24:52,000
So we're just going to consider the server down.

294
00:24:52,130 --> 00:24:56,490
Now in the real world if you can't ping a server that doesn't necessarily mean it's down.

295
00:24:56,570 --> 00:25:00,990
It could mean that it's using a firewall that's preventing you from pinging it.

296
00:25:01,020 --> 00:25:04,190
It could mean a lot of different things it doesn't necessarily mean the servers down.

297
00:25:04,190 --> 00:25:09,230
But this simplistic example we're going to assume that it's down or at least that's what we're going

298
00:25:09,230 --> 00:25:10,540
to report anyway.

299
00:25:17,200 --> 00:25:22,730
OK that will finish up our for loop by the way I checked the exit status and said not equals zero then

300
00:25:22,880 --> 00:25:28,010
down you could have done the exact opposite you could have said if the exit status equals zero then

301
00:25:28,010 --> 00:25:29,120
the server was up.

302
00:25:29,150 --> 00:25:30,250
Else it was down.

303
00:25:30,350 --> 00:25:31,710
So you can do that anyway.

304
00:25:31,730 --> 00:25:34,070
That makes sense in your own mind.

305
00:25:34,160 --> 00:25:40,820
That's why I've chosen to do so I'm going to save my changes add some execute permissions on this and

306
00:25:40,820 --> 00:25:43,370
then run this script.

307
00:25:43,440 --> 00:25:46,590
So it says server 1 is up and server 2 is up.

308
00:25:46,590 --> 00:25:47,670
Now let's stop.

309
00:25:47,670 --> 00:25:52,980
One of the servers make it go down and not be available over the network and then try our script again.

310
00:25:53,190 --> 00:25:56,760
There's a few different ways to do this but I'm just going to exit out of admin 1.

311
00:25:56,940 --> 00:26:02,040
Now I'm back on my local machine on my physical computer I'm not in a virtual machine here.

312
00:26:02,070 --> 00:26:06,860
And then what I'm going to do is just halt the server O2.

313
00:26:07,280 --> 00:26:12,410
And by the way if you just run vagrant halt it's going to halt all the systems here that are defined

314
00:26:12,770 --> 00:26:14,290
not just server O2.

315
00:26:14,300 --> 00:26:15,810
So I had to specify that.

316
00:26:16,040 --> 00:26:18,410
So now I'm going to S-sh back into admin A-one

317
00:26:24,330 --> 00:26:28,450
to the vagrant folder and execute our demo script here.

318
00:26:28,600 --> 00:26:31,590
So server wine came up right away.

319
00:26:31,600 --> 00:26:38,470
It's waiting on server to and the ping is going to time out and get a non zero exit status.

320
00:26:38,550 --> 00:26:42,250
And our script reports that server 2 is down.

321
00:26:42,600 --> 00:26:46,200
I have just a couple of notes here before we wrap things up.

322
00:26:46,260 --> 00:26:53,790
First this relationship that we set up between these systems with the S-sh authentication it's a one

323
00:26:53,790 --> 00:26:55,320
way relationship.

324
00:26:55,440 --> 00:27:03,070
We can S-sh into server 0 1 and server 0 2 from admin 0 1 but not the other way around.

325
00:27:03,090 --> 00:27:09,330
You could set it up that way but it's just a common practice to have these one way relationships so

326
00:27:09,330 --> 00:27:15,690
that you can designate an administration server to all your admin work from of course you can set things

327
00:27:15,690 --> 00:27:21,110
up to go the other way but you'll have to do all the steps we did like an HOA centuries generate keys

328
00:27:21,120 --> 00:27:25,770
copy the public keys to where you want to log into and so on.

329
00:27:25,770 --> 00:27:29,970
Also I want to point out a critical distinction when using Sudoku.

330
00:27:30,090 --> 00:27:32,690
Let's look at this command as the same server.

331
00:27:32,700 --> 00:27:41,550
0 1 Sea-Doo ID the S-sh command is executed as the current user and in our case that current user is

332
00:27:41,560 --> 00:27:47,690
vagrant we are then connected to server 0 1 as the vagrant user.

333
00:27:47,690 --> 00:27:54,870
And if we execute the command sudo ID then is being executed as the vagrant user and this particular

334
00:27:54,870 --> 00:28:00,930
example the command sudo ID is executed as the vagrant user on the server.

335
00:28:00,930 --> 00:28:08,220
0 1 virtual machine of course using Sea-Doo gives us root privileges and so our ID that we get back

336
00:28:08,490 --> 00:28:10,700
is the route ID here.

337
00:28:10,710 --> 00:28:19,350
Now if we do this command SU to S-sh server 0 1 ID if we were to actually use this particular command

338
00:28:19,890 --> 00:28:28,010
it would execute S-sh as the root user on our local system and we are running sudi S-sh locally then

339
00:28:28,010 --> 00:28:33,510
we are connecting to server 0 1 as the root user and then executing the uptime command on the remote

340
00:28:33,510 --> 00:28:36,870
system so let me hit enter here and see what happens.

341
00:28:36,870 --> 00:28:43,050
So here its asking us about do you trust the server's key and we can say yes and then you may notice

342
00:28:43,050 --> 00:28:49,830
here at the bottom of your screen we have root at server 0 1 again we're executing pseudo S-sh on the

343
00:28:49,830 --> 00:28:54,980
local system which makes us root first then we're connecting to server old one.

344
00:28:54,990 --> 00:28:58,610
So it's as if we're running S-sh several one as the user.

345
00:28:58,650 --> 00:29:05,130
So here if we want to continue this process we need to enter the root password for server 1 which happens

346
00:29:05,130 --> 00:29:07,310
to be vagrant.

347
00:29:07,430 --> 00:29:11,210
So we get the same output as we did running the command the other way.

348
00:29:11,210 --> 00:29:14,750
But I just want to make sure that you get the distinction running.

349
00:29:14,820 --> 00:29:18,840
To S-sh means we're connecting as root to server 0 1.

350
00:29:19,070 --> 00:29:24,950
And to do that we have to give root's password for server 0 1 if you want to do this without a password

351
00:29:25,220 --> 00:29:31,360
then you have to generate S-sh keys for the root user and copy the public key to the destination server

352
00:29:31,400 --> 00:29:33,610
like we did before with the vagrant user.

353
00:29:33,620 --> 00:29:37,710
Now some Linux systems are configured such that route log into aren't allowed.

354
00:29:37,730 --> 00:29:44,150
So you have to connect as a normal user and then run you inside the virtual machine instead of connecting

355
00:29:44,150 --> 00:29:44,930
as root.

356
00:29:44,930 --> 00:29:48,850
Anyway I wanted to point out this is very subtle but very important difference.

357
00:29:49,190 --> 00:29:55,130
And with that that brings us to the end of this lesson and now we have a private network of three virtual

358
00:29:55,130 --> 00:29:57,830
machines configured in running.

359
00:29:57,860 --> 00:30:02,600
If you followed along and built your own private network with me here today that's great and if not

360
00:30:02,600 --> 00:30:07,640
we'll that's fine too because you'll get a chance to do that in the exercise that follows.