现在我简单架设了一个7台服务器的集群集体如下,架设集群的过程我就省略了…
[nfs存储一台]
192.168.42.10
[负载均衡2台]
192.168.42.40
192.168.42.41
[web服务器2台]
192.168.42.30
192.168.42.31
[备份1台]
192.168.42.20
[mysql 1台]
192.168.42.50
我现在需要批量管理这些服务器,刚开始用xshell一台,一台登录管理,觉得非常痛苦,后来为了方便学到了ssh+rsync 批量管理,现将技术分享一下:
具体思路 : 我用 nfs 存储做分发机,因为集群的所有的host文件,配置文件都需要统一,所以不可能一台一台复制,我是先将nfs的配置,做好,通过ssh+rsync技术实现批量管理,批量分发,其中涉及到三个主要脚本:exe_commond.sh(以root身份执行命令)fenfa.sh(以magedu身份执行命令),ip_hosts.sh(包含所有主机IP信息),为什么需要两个不同身份的脚本文件呢.听我详细介绍其中的奥秘:
1.我现在用xshell连接 分发机一台机器即可.因为像添加用户,设置密码,等超级权限还是得root去做 所有的集群root账号密码是一样的.因此一个脚本即可管理所有机器.
脚本代码:
#!/bin/bash
# 脚本用来批量创建集群用户,删除用户,分发公钥,执行命令等.
# 执行命令需要输入root密码,一次即可
# 命令参数: "commond" #要执行的命令
# 分发公钥参数: "fenfa" #即可
# email:626612631@qq.com
# function: remote dis ssh key.
# version:1.1
. /etc/init.d/functions
COMMOND=$1
SCRIPT_DIR="$( cd "$( dirname "$0" )" && pwd )"
IP_HOSTS_FILE="ip_hosts.sh"
MANUSER="magedu"
MANUSERPASS="123456"
[ $# -ne 1 ] && echo "Parameter is a command or str {fenfa}" && exit 2
declare -a IP_ARR
if [ ! -e ${SCRIPT_DIR}/${IP_HOSTS_FILE} ]; then
echo -e "current path missing \033[31m ${IP_HOSTS_FILE} \033[0m file"
exit 2
fi
IP_ARR=(`grep -v -E "(^#)|(^$)" ${SCRIPT_DIR}/${IP_HOSTS_FILE} 2>/dev/null`)
if [ ${#IP_ARR[@]} -lt 0 ];then
echo -e "error reading file, please confirm IP format"
exit 2
fi
function show_success(){
action "Command execution" /bin/true
}
function exe_commond(){
echo -n "please inut root passwd. "
read -s password
echo " "
for ip in ${IP_ARR[@]};do
/usr/bin/expect -c "
set timeout -1
spawn /usr/bin/ssh root@${ip} ${COMMOND}
expect {
\"*yes/no\" { send \"yes\r\"; exp_continue }
\"*password:\" { send \"${password}\r\" }
}
expect eof" >/dev/null 2>&1 ;
if [ $? -eq 0 ];then
action "$ip: execute command successfully" /bin/true
else
action "$ip: execute command fail" /bin/false
fi
done
}
if [ "${COMMOND}" != 'fenfa' ];then
exe_commond
show_success
exit 0
fi
#分发公钥
USERNA=`/usr/bin/whoami`
if [ "${USERNA}"=='root' ];then
cd /home/magedu
elif [ "${USERNA}"=="${MANUSER}" ];then
cd ~
else
echo "Please distribute with ${MANUSER} user"
exit 3
fi
for fip in ${IP_ARR[@]};do
/usr/bin/expect -c "
set timeout -1
spawn /usr/bin/ssh-copy-id -i .ssh/id_dsa.pub ${MANUSER}@${fip}
expect {
\"*yes/no\" { send \"yes\r\"; exp_continue }
\"*password:\" { send \"${MANUSERPASS}\r\" }
}
expect eof" >/dev/null 2>&1 ;
if [ $? -eq 0 ];then
action "$fip: execute command successfully" /bin/true
else
action "$fip: execute command fail" /bin/false
fi
done
show_success
脚本执行示例:
批量添加用户 magedu 添加这个用户的目的是用这个用户进行与交互,毕竟root用户权限太大了,而且用户密码也需要在脚本中保存,因此不说,各位都知道
[root@nfs-server script]# bash exec_commond.sh "useradd magedu" please inut root passwd. 192.168.42.40: execute command successfully [ OK ] 192.168.42.41: execute command successfully [ OK ] 192.168.42.30: execute command successfully [ OK ] 192.168.42.31: execute command successfully [ OK ] 192.168.42.20: execute command successfully [ OK ] 192.168.42.50: execute command successfully [ OK ] Command execution
批量设置magedu密码 ==设置的密码必须要和脚本中设置的一样==
[root@nfs-server script]# bash exec_commond.sh "echo 123456 | passwd --stdin magedu" please inut root passwd. 192.168.42.40: execute command successfully [ OK ] 192.168.42.41: execute command successfully [ OK ] 192.168.42.30: execute command successfully [ OK ] 192.168.42.31: execute command successfully [ OK ] 192.168.42.20: execute command successfully [ OK ] 192.168.42.50: execute command successfully [ OK ] Command execution
nfs分发也需要一个magedu账号,后面批量分发需要分发机的magedu和其他机器的magedu对应,为什么不把ip放进去一起执行呢,就怕执行其他的命令,导致分发机出错
useradd magedu echo 123456 | passwd --stdin magedu
上面的步骤都做完以后,我们接下来创建密钥对,创建秘钥对,需要分发机进去magedu家目录执行:
一路回车即可
或者
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa &>/dev/null
[magedu@nfs-server ~]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/magedu/.ssh/id_dsa): Created directory '/home/magedu/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/magedu/.ssh/id_dsa. Your public key has been saved in /home/magedu/.ssh/id_dsa.pub. The key fingerprint is: f2:18:c8:c0:db:bb:4c:38:77:4c:96:a4:6d:b4:dd:2d magedu@nfs-server The key's randomart image is: +--[ DSA 1024]----+ | | | . | | o o | | = * + . . | | . = X S E . | | . * = . | | o + + . | | = o | | o | +-----------------+
秘钥对创建完成以后,我们需要对所有机器分发公钥,目的就是为了分发机的magedu连接其他机器不需要再输入密码,自动完成分发任务
bash /script/exec_commond.sh "fenfa" please inut root passwd. 192.168.42.40: execute command successfully [ OK ] 192.168.42.41: execute command successfully [ OK ] 192.168.42.30: execute command successfully [ OK ] 192.168.42.31: execute command successfully [ OK ] 192.168.42.20: execute command successfully [ OK ] 192.168.42.50: execute command successfully [ OK ] Command execution
至此分发公钥的任务完成了,现在我们就在分发机的magedu家目录下,创建文件a.txt
,利用分发脚本fenfa.sh分发a.txt试试
上脚本:
#!/bin/bash
# 用来分发文件和移动文件(rsync)
# email:626612631@qq.com
# function: remote dis ssh key.
# version:1.1
. /etc/init.d/functions
FILEPATH=$1
COMMOND=$2
SCRIPT_DIR="$( cd "$( dirname "$0" )" && pwd )"
IP_HOSTS_FILE="ip_hosts.sh"
MANUSER="magedu"
if [ "${FILEPATH}" == "--commond" ];then
if [ $# -eq 1 ];then
echo "Please enter a command to execute."
exit 2
fi
else
if [ ! -f ${FILEPATH} ]; then
echo "File or directory does not exist". && exit 2
fi
fi
if [ ! -e ${SCRIPT_DIR}/${IP_HOSTS_FILE} ]; then
echo -e "current path missing \033[31m ${IP_HOSTS_FILE} \033[0m file"
exit 2
fi
IP_ARR=(`grep -v -E "(^#)|(^$)" ${SCRIPT_DIR}/${IP_HOSTS_FILE} 2>/dev/null`)
if [ ${#IP_ARR[@]} -lt 0 ];then
echo -e "error reading file, please confirm IP format"
exit 2
fi
function exec_fenfa(){
expect -c "
set timeout -1
spawn $1
expect {
\"*yes/no\" { send \"yes\r\"; exp_continue }
}
expect eof" >/dev/null 2>&1;
if [ $? -eq 0 ];then
action "$2 is fenfa successfully" /bin/true
else
action "$2 is fenfa fail" /bin/false
fi
}
for ip in ${IP_ARR[@]};do
if [ "${FILEPATH}" != "--commond" ];then
#scp -r ${FILEPATH} ${MANUSER}@${ip}:~
exec_fenfa "scp -r ${FILEPATH} ${MANUSER}@${ip}:~" $ip
else
#远程sudo 加-t
if [[ "${COMMOND}" =~ "sudo" ]]; then
exec_fenfa "ssh -t ${MANUSER}@${ip} ${COMMOND}" $ip
else
exec_fenfa "ssh ${MANUSER}@${ip} ${COMMOND}" $ip
fi
fi
done
示例:分发a.tx,连上其中一台的家目录,你就会看到文件已经在上面了
[magedu@nfs-server ~]$ bash /script/fenfa.sh a.txt a.txt 100% 0 0.0KB/s 00:00 a.txt 100% 0 0.0KB/s 00:00 a.txt 100% 0 0.0KB/s 00:00 a.txt 100% 0 0.0KB/s 00:00 a.txt 100% 0 0.0KB/s 00:00 a.txt 100% 0 0.0KB/s 00:00
但是有一点,如果我先把hosts文件分发到其他机器magedu的家目录下,但是需要把hosts文件copy到/etc/目录下,你会发现没有权限,更何况我们还需要远程将hosts文件拷贝到/etc/目录下,这个问题我采用rsync的功能,rsync具有本地复制的功能,而我们的其他机器没有装rsync怎么办呢,不着急,用下面的方法
so easy
bash /script/exec_commond.sh "yum install rsync -y" please inut root passwd. 192.168.42.40: execute command successfully [ OK ] 192.168.42.41: execute command successfully [ OK ] 192.168.42.30: execute command successfully [ OK ] 192.168.42.31: execute command successfully [ OK ] 192.168.42.20: execute command successfully [ OK ] 192.168.42.50: execute command successfully [ OK ] Command execution
然而我们装了rsync也不具备root权限,执行rsync /home/magedu/a.txt /etc/失败,那怎么办呢,别着急,有办法 利用sudo提权,怎么提权呢
bash /script/exec_commond.sh "echo 'magedu ALL=(ALL) NOPASSWD: /bin/rsync'>>/etc/sudoers" please inut root passwd. 192.168.42.40: execute command successfully [ OK ] 192.168.42.41: execute command successfully [ OK ] 192.168.42.30: execute command successfully [ OK ] 192.168.42.31: execute command successfully [ OK ] 192.168.42.20: execute command successfully [ OK ] 192.168.42.50: execute command successfully [ OK ] Command execution
至此我们的工作都做完了.执行
[magedu@nfs-server ~]$ bash /script/fenfa.sh --commond "sudo rsync /home/magedu/a.txt /etc/" 192.168.42.40: execute command successfully [ OK ] 192.168.42.41: execute command successfully [ OK ] 192.168.42.30: execute command successfully [ OK ] 192.168.42.31: execute command successfully [ OK ] 192.168.42.20: execute command successfully [ OK ] 192.168.42.50: execute command successfully [ OK ]
完了以后,连接其他的服务器进去/etc/查看
[magedu@nginx-lib-1 etc]$ ls | grep a.txt a.txt
注意一个问题ssh连接慢: 快速更改方法
sed -ir '13 iPort 52113\nPermitRootLogin no\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no' sshd_config
文件顺利的被拷贝到/etc/目录下,后面分发其他文件是不是也很容易了呀,当然我写的脚本也有不完善的地方,自己根据自己的情况完善即可.
原创文章,作者:srayban,如若转载,请注明出处:http://www.178linux.com/73880
评论列表(1条)
主要介绍了ssh+rsync对主机的批量管理,内容写的很详细也比较超前,排版也非常好,继续努力