ssh+rsync批量管理,批量分发

现在我简单架设了一个7台服务器的集群集体如下,架设集群的过程我就省略了…

[nfs存储一台]
192.168.42.10
[负载均衡2台]
192.168.42.40
192.168.42.41
[web服务器2台]
192.168.42.30
192.168.42.31
[备份1台]
192.168.42.20
[mysql 1台]
192.168.42.50

我现在需要批量管理这些服务器,刚开始用xshell一台,一台登录管理,觉得非常痛苦,后来为了方便学到了ssh+rsync 批量管理,现将技术分享一下:

具体思路 : 我用 nfs 存储做分发机,因为集群的所有的host文件,配置文件都需要统一,所以不可能一台一台复制,我是先将nfs的配置,做好,通过ssh+rsync技术实现批量管理,批量分发,其中涉及到三个主要脚本:exe_commond.sh(以root身份执行命令)fenfa.sh(以magedu身份执行命令),ip_hosts.sh(包含所有主机IP信息),为什么需要两个不同身份的脚本文件呢.听我详细介绍其中的奥秘:

1.我现在用xshell连接 分发机一台机器即可.因为像添加用户,设置密码,等超级权限还是得root去做 所有的集群root账号密码是一样的.因此一个脚本即可管理所有机器.

脚本代码:

#!/bin/bash

# 脚本用来批量创建集群用户,删除用户,分发公钥,执行命令等.
# 执行命令需要输入root密码,一次即可
# 命令参数: "commond" #要执行的命令
# 分发公钥参数: "fenfa" #即可
# email:626612631@qq.com
# function: remote dis ssh key.
# version:1.1
. /etc/init.d/functions

COMMOND=$1
SCRIPT_DIR="$( cd "$( dirname "$0"  )" && pwd  )"
IP_HOSTS_FILE="ip_hosts.sh"
MANUSER="magedu"
MANUSERPASS="123456"


[ $# -ne 1 ] && echo "Parameter is a command or str {fenfa}" && exit 2

declare -a IP_ARR

if [ ! -e ${SCRIPT_DIR}/${IP_HOSTS_FILE} ]; then
    echo -e  "current path missing \033[31m ${IP_HOSTS_FILE} \033[0m file"
    exit 2
fi

IP_ARR=(`grep -v -E "(^#)|(^$)" ${SCRIPT_DIR}/${IP_HOSTS_FILE} 2>/dev/null`)
if [ ${#IP_ARR[@]} -lt 0 ];then
   echo -e  "error reading file, please confirm IP format"
   exit 2
fi

function show_success(){
  action "Command execution" /bin/true
}

function exe_commond(){

 echo  -n  "please inut root passwd. " 
 read  -s  password
 echo " "

 for ip in ${IP_ARR[@]};do
    /usr/bin/expect -c "
    set timeout -1
    spawn /usr/bin/ssh root@${ip} ${COMMOND} 
    expect {
        \"*yes/no\" { send \"yes\r\"; exp_continue }
        \"*password:\" { send \"${password}\r\" }
    }
    expect eof" >/dev/null 2>&1 ;
    if [ $? -eq 0 ];then
           action "$ip: execute command successfully"   /bin/true
         else
           action "$ip: execute command fail"    /bin/false
    fi

 done


}


if [ "${COMMOND}" != 'fenfa' ];then
 exe_commond
 show_success
 exit 0
fi

#分发公钥
USERNA=`/usr/bin/whoami`

if [ "${USERNA}"=='root' ];then

  cd /home/magedu

elif [ "${USERNA}"=="${MANUSER}" ];then
  cd ~
else

  echo "Please distribute with ${MANUSER}  user"
  exit 3
fi


for fip in ${IP_ARR[@]};do
    /usr/bin/expect -c "
    set timeout -1
    spawn /usr/bin/ssh-copy-id -i  .ssh/id_dsa.pub   ${MANUSER}@${fip}
    expect {
        \"*yes/no\" { send \"yes\r\"; exp_continue }
        \"*password:\" { send \"${MANUSERPASS}\r\" }
    }
    expect eof" >/dev/null 2>&1 ;
    if [ $? -eq 0 ];then
           action "$fip: execute command successfully" /bin/true
         else
           action "$fip: execute command fail" /bin/false
    fi

done

show_success

脚本执行示例:
批量添加用户 magedu 添加这个用户的目的是用这个用户进行与交互,毕竟root用户权限太大了,而且用户密码也需要在脚本中保存,因此不说,各位都知道

[root@nfs-server script]# bash exec_commond.sh  "useradd magedu"
please inut root passwd.  
192.168.42.40: execute command successfully                [  OK  ]
192.168.42.41: execute command successfully                [  OK  ]
192.168.42.30: execute command successfully                [  OK  ]
192.168.42.31: execute command successfully                [  OK  ]
192.168.42.20: execute command successfully                [  OK  ]
192.168.42.50: execute command successfully                [  OK  ]
Command execution

批量设置magedu密码 ==设置的密码必须要和脚本中设置的一样==

[root@nfs-server script]# bash exec_commond.sh  "echo 123456 | passwd --stdin magedu"
please inut root passwd.  
192.168.42.40: execute command successfully                [  OK  ]
192.168.42.41: execute command successfully                [  OK  ]
192.168.42.30: execute command successfully                [  OK  ]
192.168.42.31: execute command successfully                [  OK  ]
192.168.42.20: execute command successfully                [  OK  ]
192.168.42.50: execute command successfully                [  OK  ]
Command execution

nfs分发也需要一个magedu账号,后面批量分发需要分发机的magedu和其他机器的magedu对应,为什么不把ip放进去一起执行呢,就怕执行其他的命令,导致分发机出错

useradd magedu
echo 123456 | passwd --stdin magedu

上面的步骤都做完以后,我们接下来创建密钥对,创建秘钥对,需要分发机进去magedu家目录执行:
一路回车即可
或者

ssh-keygen  -t dsa -P '' -f ~/.ssh/id_dsa &>/dev/null

[magedu@nfs-server ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/magedu/.ssh/id_dsa): 
Created directory '/home/magedu/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/magedu/.ssh/id_dsa.
Your public key has been saved in /home/magedu/.ssh/id_dsa.pub.
The key fingerprint is:
f2:18:c8:c0:db:bb:4c:38:77:4c:96:a4:6d:b4:dd:2d magedu@nfs-server
The key's randomart image is:
+--[ DSA 1024]----+
|                 |
| .               |
|  o   o          |
|   = * + . .     |
|  . = X S E .    |
|   . * =   .     |
|  o + + .        |
|   = o           |
|    o            |
+-----------------+

秘钥对创建完成以后,我们需要对所有机器分发公钥,目的就是为了分发机的magedu连接其他机器不需要再输入密码,自动完成分发任务

bash /script/exec_commond.sh "fenfa"
please inut root passwd.  
192.168.42.40: execute command successfully                [  OK  ]
192.168.42.41: execute command successfully                [  OK  ]
192.168.42.30: execute command successfully                [  OK  ]
192.168.42.31: execute command successfully                [  OK  ]
192.168.42.20: execute command successfully                [  OK  ]
192.168.42.50: execute command successfully                [  OK  ]
Command execution

至此分发公钥的任务完成了,现在我们就在分发机的magedu家目录下,创建文件a.txt
,利用分发脚本fenfa.sh分发a.txt试试

上脚本:

#!/bin/bash
# 用来分发文件和移动文件(rsync)
# email:626612631@qq.com
# function: remote dis ssh key.
# version:1.1
. /etc/init.d/functions

FILEPATH=$1
COMMOND=$2
SCRIPT_DIR="$( cd "$( dirname "$0"  )" && pwd  )"
IP_HOSTS_FILE="ip_hosts.sh"
MANUSER="magedu"

if [ "${FILEPATH}" == "--commond" ];then
   if [ $# -eq 1 ];then
        echo "Please enter a command to execute." 
        exit 2
   fi
else
   if [ ! -f ${FILEPATH} ]; then
          echo "File or directory does not exist". && exit 2
   fi
fi


if [ ! -e ${SCRIPT_DIR}/${IP_HOSTS_FILE} ]; then
    echo -e  "current path missing \033[31m ${IP_HOSTS_FILE} \033[0m file"
    exit 2
fi

IP_ARR=(`grep -v -E "(^#)|(^$)" ${SCRIPT_DIR}/${IP_HOSTS_FILE} 2>/dev/null`)
if [ ${#IP_ARR[@]} -lt 0 ];then
   echo -e  "error reading file, please confirm IP format"
   exit 2
fi

function  exec_fenfa(){
    expect -c "
    set timeout -1
    spawn $1
    expect {
        \"*yes/no\" { send \"yes\r\"; exp_continue }
    }
    expect eof" >/dev/null 2>&1;
    if [ $? -eq 0 ];then
           action "$2 is fenfa successfully" /bin/true
         else
           action "$2 is fenfa  fail" /bin/false
    fi

}

for ip in ${IP_ARR[@]};do
   if [ "${FILEPATH}" != "--commond" ];then
        #scp -r ${FILEPATH}  ${MANUSER}@${ip}:~  

        exec_fenfa  "scp -r ${FILEPATH}  ${MANUSER}@${ip}:~"  $ip  

   else
      #远程sudo 加-t  
      if [[ "${COMMOND}" =~ "sudo" ]]; then
        exec_fenfa  "ssh -t ${MANUSER}@${ip} ${COMMOND}" $ip
      else
        exec_fenfa  "ssh ${MANUSER}@${ip} ${COMMOND}"  $ip
      fi

   fi
done

示例:分发a.tx,连上其中一台的家目录,你就会看到文件已经在上面了

[magedu@nfs-server ~]$ bash /script/fenfa.sh a.txt
a.txt                              100%    0     0.0KB/s   00:00    
a.txt                              100%    0     0.0KB/s   00:00    
a.txt                              100%    0     0.0KB/s   00:00    
a.txt                              100%    0     0.0KB/s   00:00    
a.txt                              100%    0     0.0KB/s   00:00    
a.txt                              100%    0     0.0KB/s   00:00

但是有一点,如果我先把hosts文件分发到其他机器magedu的家目录下,但是需要把hosts文件copy到/etc/目录下,你会发现没有权限,更何况我们还需要远程将hosts文件拷贝到/etc/目录下,这个问题我采用rsync的功能,rsync具有本地复制的功能,而我们的其他机器没有装rsync怎么办呢,不着急,用下面的方法
so easy

bash /script/exec_commond.sh "yum install rsync -y" 

please inut root passwd.  

192.168.42.40: execute command successfully                [  OK  ]
192.168.42.41: execute command successfully                [  OK  ]
192.168.42.30: execute command successfully                [  OK  ]
192.168.42.31: execute command successfully                [  OK  ]
192.168.42.20: execute command successfully                [  OK  ]
192.168.42.50: execute command successfully                [  OK  ]
Command execution

然而我们装了rsync也不具备root权限,执行rsync /home/magedu/a.txt /etc/失败,那怎么办呢,别着急,有办法 利用sudo提权,怎么提权呢

bash /script/exec_commond.sh "echo 'magedu  ALL=(ALL)  NOPASSWD: /bin/rsync'>>/etc/sudoers"

please inut root passwd.  

192.168.42.40: execute command successfully                [  OK  ]
192.168.42.41: execute command successfully                [  OK  ]
192.168.42.30: execute command successfully                [  OK  ]
192.168.42.31: execute command successfully                [  OK  ]
192.168.42.20: execute command successfully                [  OK  ]
192.168.42.50: execute command successfully                [  OK  ]
Command execution

至此我们的工作都做完了.执行

[magedu@nfs-server ~]$ bash /script/fenfa.sh --commond "sudo rsync /home/magedu/a.txt /etc/"
192.168.42.40: execute command successfully [  OK  ]
192.168.42.41: execute command successfully [  OK  ]
192.168.42.30: execute command successfully [  OK  ]
192.168.42.31: execute command successfully [  OK  ]
192.168.42.20: execute command successfully [  OK  ]
192.168.42.50: execute command successfully [  OK  ]

完了以后,连接其他的服务器进去/etc/查看

[magedu@nginx-lib-1 etc]$ ls | grep a.txt
a.txt

注意一个问题ssh连接慢: 快速更改方法

sed -ir '13 iPort 52113\nPermitRootLogin no\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no' sshd_config

文件顺利的被拷贝到/etc/目录下,后面分发其他文件是不是也很容易了呀,当然我写的脚本也有不完善的地方,自己根据自己的情况完善即可.