项目里用到需要做个Shell Script小程序用来在不同的服务器之间传输TXT文件。
总共有三个服务器:App Server,Web Server,External Server[External Server对外开放FTP]
目的:将App Server产生的TXT文件通过Web Server传输到External Server
这些服务器之间设置了防火墙,关闭了大多数的端口。考虑到这点,在App Server传文件到Web Server使用scp[Secure Copy]来传输到Web Server。而Web Server到External Server则用它开放的FTP来传输。
本来的做法:所有的文件传输都在Web Server上做,但是这样是有漏洞的。如果Web Server被黑了,那么App Server就被暴露,很危险。
改进的做法:先将TXT文件传输由App Server传输到Web Server,再由App Server调用Web Server上的Shell Script通过FTP传输文件给External Server。这样可以避免上面的问题。
具体实现如下:
#!/bin/sh # # Note: this file is put on App Server # # YPS: 1. copy file from App Server to Web Server # 2. run sh file in Web Server # 1) send file to External Server # 2) send mail for noticing # Author: Johnny.L # Date: 2008-11-17 # # If enter parament if [ -z $1 ]; then echo "If there is no date selected by user. System will default it to today's date." else echo "Date entered by user is: $1" fi # If YPS List is exist if [ -f $APP_SERVER_YPS_LIST_DIR/$YPS_LIST_NAME ]; then echo "$YPS_LIST_NAME is already exist in the specified folder!" echo echo "Transferring file from Application server to Web server..." echo # Send YPS List to Web Server scp $APP_SERVER_YPS_LIST_DIR/$YPS_LIST_NAME $WEB_SERVER:$WEB_SERVER_YPS_LIST_DIR/ # If send YPS List successfully if `ssh $WEB_SERVER 'ls "'$WEB_SERVER_YPS_LIST_DIR/$YPS_LIST_NAME'" >/dev/null'`; then echo echo "File transferred successfully!" echo echo "Run Web server Shell Script..." # Sent successfully then run Web Server sh file to # send YPS List to Yellow Page Server # and send email to notice somebody ssh $WEB_SERVER sh $WEB_SERVER_SS $1 else echo "File transfer to Web server failed!" fi else echo "$YPS_LIST_NAME is NOT exist in Application server or Web server!" echo "1. Date entered by user is XXX. Please ensure the date is correct." echo "2. Please check Application server's scheduler, if the TXT file generated successfully." fi exit 0
#!/bin/sh # # Note: this file is put on Web Server # # YPS: 1. send file to External Server via ftp # 2. send mail for noticing # Author: Johnny.L # Date: 2008-11-17 # # If enter parament if [ -z $1 ]; then echo "If there is no date selected by user. System will default it to today's date." else echo "Date entered by user is: $1" fi # If YPS List is exist if [ -f $WEB_SERVER_YPS_LIST_DIR/$YPS_LIST_NAME ]; then echo echo "$YPS_LIST_NAME is already exist in the specified folder!" # Go to Web Server YPS LIST Folder cd $WEB_SERVER_YPS_LIST_DIR echo echo "Transferring file to FTP server..." # ftp YPS List to Yellow Page Server echo put $YPS_LIST_NAME | ftp -v $YELLOW_PAGE_SERVER >> $YPS_LOG_FILE else echo echo "$YPS_LIST_NAME is NOT exist in Application server or Web server!" echo "1. Date entered by user is $1. Please ensure the date is correct." echo "2. System may encountered problem when try to transfer file from Application server to Web server, OR, the mentioned file is NOT exist in Application server." fi # Send an email using mailx mailx -s "$SUBJECT" -a "$YPS_LOG_FILE" -c "$CCTO" "$EMAIL" < "$ABS_PATH"/"$MAIL_TEMPLETE" echo echo "Sending email..." sleep 1 echo echo "Email has been sent to $EMAIL." echo "and Cc to $CCTO." echo echo "Email sent successfully!" echo
第一个程序块是在App Server中的,它会调用第二个程序块,第二个在Web Server中。
当然,这之前还要解决login without password的问题,不管是scp或者ftp都存在这样的问题。
解决如下:
1. SSH/SCP login without password:
a. 用dsa加密,生成一个key...
ssh-keygen -t dsa
b. 拷贝生成的key文件id_dsa.pub去需要ssh的机器上面,不过下面的一句话拷贝好像有时行,有时不行。如果不行,得自己拷贝id_rsa.pub到要登录的~/.ssh/目录下
ssh johnny.lv@192.168.1.122 "echo `cat ~/.ssh/id_dsa.pub` >> ~/.ssh/authorized_keys"
2. FTP login without password:
a. 用vi打开/新建一个名为.netrc的文件
vi .netrc
b. 放置以下内容:
machine 192.168.1.192
login developer
password 123456
OK...完成...