需求描述
集群机器众多,每台ssh连接后再启动服务较为繁琐,
所以想在一台机器上执行shell脚本来对其他机器上的服务启动。
1.第一步,需要所有的机器先设置免密登录
2.第二步,在其中一台机器A上设置对其他所有机器的免密ssh连接
3.第三步,在其中一台机器A上执行shell脚本
shell基础脚本
编写的脚本在放到服务器系统上运行时,需要先修改文件的执行权限:
chmod 755 host_allow.sh
参考链接:https://www.cnblogs.com/parent-absent-son/p/12163725.html
以启动zookeeper、supervisor服务的例子来编写脚本:
#!/bin/bash
echo "start zookeeper server..."
#hosts里已经安装zookeeper的主机名,必须已经在/etc/hosts文件中将ip地址和主机名对应加上了才能使用
hosts="master node1 node2 node3"
#用循环来分别执行zkServer.sh start的脚本
for host in $hosts
do
echo "--------$host--------"
#必须加上source /etc/profile ,否则会报找不到文件的错误
ssh $host "source /etc/profile; /home/hadoop/zookeeper-3.4.10/bin/zkServer.sh start"
done
#!/bin/bash
echo "start supervisor ..."
hosts="node1 node2 node3 node4 "
for host in $hosts
do
echo "--------$host--------"
#nohup是后台启动,>${STORM_HOME}/logs/supervisor.log 2>&1 &为了让输出的日志不在控制台显示
ssh $host "source /etc/profile; nohup storm supervisor >${STORM_HOME}/logs/supervisor.log 2>&1 &"
done
shell交互-expect
例如我将master对所有的slave都免密
其实就是重复步骤:
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
自身生成私钥和公钥
ssh-copy-id root@192.168.1.2
将公钥发送给所欲偶slave机器
其中需要和命令行交互:
输入yes和密码
那么设置shell脚本添加交互:
#!/bin/bash
echo "start....."
hosts=“xxx xxx”
password="xxxx"
for host in $hosts
do
echo "--------$host--------"
expect <<EOF
spawn ssh-copy-id root@$host
expect {
"yes/no" { send "yes\n"; exp_continue }
"password" { send "$password\n" }
}
expect eof
EOF
done
参考链接:
https://blog.csdn.net/inrgihc/article/details/105811186
如果需要互相免密的话:请参考:
https://www.cnblogs.com/cchilei/p/13023674.html
shell脚本遇到的问题总结
执行ssh-copy-id root@的错误
/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: The ECDSA host key for ceph-admin has changed,
ERROR: and the key for the corresponding IP address 192.168.0.10
ERROR: is unknown. This could either mean that
ERROR: DNS SPOOFING is happening or the IP address for the host
ERROR: and its host key have changed at the same time.
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: 6e:77:fc:47:14:4c:98:46:c8:c8:49:01:a8:fe:83:ee.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /home/dgb/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /home/dgb/.ssh/known_hosts:4
ERROR: ECDSA host key for ceph-admin has changed and you have requested strict checking.
ERROR: Host key verification failed.
原因是:已经/known_hosts里存在这个ip的信息了,需要删除后重新执行该命令
参考链接:
https://www.cnblogs.com/yj411511/p/11529968.html
免密登录
参考链接:
https://blog.csdn.net/jeikerxiao/article/details/84105529
https://blog.csdn.net/CrazyXinma/article/details/83029351
具体原理参考链接:
https://blog.csdn.net/u012946310/article/details/107975068
设置完免密登录需要重启ssh服务:
service sshd restart
免密登录常见问题
设置了免密,但是登录还是得输入密码,有可能是文件权限问题
参考链接:
https://blog.csdn.net/chengyuqiang/article/details/78432675