expect是交互性很强的脚本语言,可以帮助运维人员实现批量管理成千上百台服务器操作,是一款很实用的批量部署工具!
expect依赖于tcl,而linux系统里一般不自带安装tcl,所以需要手动安装
下载:expect-5.43.0.tar和tcl8.4.11-src.tar
下载地址:https://pan.baidu.com/s/1kVyeLt9
提取密码:af9p
将expect和tcl的软件包下载放到/usr/local/src目录下
(1)解压tcl,进入tcl解压目录,然后进入unix目录进行编译安装
[root@xw4 src]# tar -zvxf tcl8.4.11-src.tar.gz
[root@xw4 src]# cd tcl8.4.11/unix
[root@xw4 unix]# ./configure
[root@xw4 unix]# make && make install
(2)安装expect
[root@xw4 src]# tar -zvxf expect-5.43.0.tar.gz
[root@xw4 src]# cd expect-5.43.0
[root@xw4 expect-5.43.0]# ./configure --with-tclinclude=/usr/local/src/tcl8.4.11/generic --with-tclconfig=/usr/local/lib/
[root@xw4 expect-5.43.0]# make && make install
(3)安装完成后进行测试
[root@xw4 ~]# expect
expect1.1>
expect1.1>
----------------------------------------------------------------------------------------------------
下面结合shell脚本做简单测试:
例1:
从本机自动登录到远程机器192.168.1.200(端口是22,密码是:PASSWORD)
登录到远程机器后做以下几个操作:
1)useradd wangshibo
2)mkdir /opt/test
3) exit自动退出
[root@xw4 tmp]# cat test-ssh.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
#!/bin/bash
passwd
=
'PASSWORD'
/usr/local/bin/expect
<<-EOF
set
time
30
spawn
ssh
-p22 root@192.168.1.201
expect {
"*yes/no"
{ send
"yes\r"
; exp_continue }
"*password:"
{ send
"$passwd\r"
}
}
expect
"*#"
send
"useradd wangshibo\r"
expect
"*#"
send
"mkdir /opt/test\r"
expect
"*#"
send
"exit\r"
interact
expect eof
EOF
|
[root@xw4 tmp]# sh test.sh
spawn ssh -p22 root@192.168.1.201
root@192.168.1.201's password:
Last login: Fri Sep 23 16:21:20 2016 from 192.168.1.23
[root@vm-002 ~]# useradd wangshibo
[root@vm-002 ~]# mkdir /opt/test
上面的例子如果只是自动登陆,登陆机器后不做操作的脚本内容如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
shell脚本的写法:
[root@xw4 tmp]
# cat test.sh
#!/bin/bash
passwd
=
'PASSWORD'
/usr/local/bin/expect
<<-EOF
set
time
30
spawn
ssh
-p22 root@192.168.1.201
expect {
"*yes/no"
{ send
"yes\r"
; exp_continue }
"*password:"
{ send
"$passwd\r"
}
}
expect eof
EOF
[root@xw4 tmp]
# sh test.sh
expect脚本的写法:
[root@xw4 tmp]
# cat test
#!/bin/expect
set
timeout 30
spawn
ssh
-p22 root@192.168.1.201
expect
"*password:"
send
"PASSWORD\r"
interact
[root@xw4 tmp]
#./test
------------------------------------------------------
注意:spawn后面跟的是操作动作,比如登陆机器后执行uptime,即:
spawn
ssh
-p22 root@192.168.1.201
"uptime"
|
*******************************************************************************************************
例2:
我们在部署无密码访问时,手工建立ssh互信需要好几个步骤,并且中途人工交互(输入密码等),如果机器数目多,则很繁琐!
下面方法用于自动化生成authorized_keys,免去了手工数据.
方法: 利用expect编写sshkey.exp在远程主机上生成id_rsa,并重定向到本地.在利用noscp.exp.把文件复制到远程主机
为了节省自己的时间,可以写个expect自动化脚本,分享如下:
(1)
如上expect安装后的路径是:
[root@xw4 ~]# which expect
/usr/local/bin/expect
(2)
做个expect执行文件的软件
[root@xw4 ~]# ln -s /usr/local/bin/expect /usr/bin/expect
[root@xw4 ~]# ll /usr/bin/expect
(3)
编写expect脚本:
-----------------------------------------------------------------------------------
1)
[root@xw4 ~]# cat sshkey.exp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
#!/usr/bin/expect
#sshkey.exp
if
{$argc<3} {
puts stderr
"Usage: $argv0 host user passwd "
exit
1
}
set
host [ lindex $argv 0 ]
set
user [ lindex $argv 1 ]
set
pwd
[ lindex $argv 2 ]
set
timeout 30
#spawn ssh ${user}@${host} "rm -rf ~/.ssh/id_rsa*"
#
#expect {
# "*yes/no" { send "yes\r"; exp_continue }
# "*password:" { send "$pwd\r"; exp_continue }
#}
spawn
ssh
${user}@${host}
"ssh-keygen -t rsa"
#如果ssh端口是非22,比如22222,那么这一行的ssh后面添加"-p22222"
expect {
"*yes/no"
{ send
"yes\r"
; exp_continue }
"*password:"
{ send
"$pwd\r"
; exp_continue }
"Enter file in which to save the key*"
{ send
"\n\r"
; exp_continue }
"Overwrite*"
{ send
"y\n"
; exp_continue }
"Enter passphrase (empty for no passphrase):"
{ send
"\n\r"
; exp_continue }
"Enter same passphrase again:"
{ send
"\n\r"
}
}
spawn
ssh
${user}@${host}
"cat ~/.ssh/id_rsa.pub"
#如果ssh端口是非22,比如22222,那么这一行的ssh后面添加"-p22222"
expect {
"*yes/no"
{ send
"yes\r"
; exp_continue }
"*password:"
{ send
"$pwd\r"
}
}
expect eof
|
----------------------------------------------------------------------------------------------------
2)
[root@xw4 ~]# cat noscp.exp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
#!/usr/bin/expect
#noscp.exp
if
{$argc<4} {
puts stderr
"Usage: $argv0 localfile remotefile user passwd "
exit
1
}
set
localfile [ lindex $argv 0 ]
set
remotefile [ lindex $argv 1 ]
set
user [ lindex $argv 2 ]
set
pwd
[ lindex $argv 3 ]
set
timeout 30
spawn
scp
${localfile} ${user}@${remotefile}
#如果ssh端口是非22,那么这一行里面的scp后面添加"-P 22222"
expect {
"*yes/no"
{ send
"yes\r"
; exp_continue }
"*password:"
{ send
"$pwd\r"
}
}
expect eof
|
------------------------------------------------------------------------
[root@xw4 ~]# chmod 755 sshkey.exp
[root@xw4 ~]# chmod 755 noscp.exp
(4)
脚本说明
./sshkey.exp 主机名 用户名 密码 #在远程主机生成id_rsa
./noscp.exp 本地文件 远程路径 远程用户密码 #无密码拷贝文件
(5)验证:
[root@xw4 ~]# ./sshkey.exp 192.168.1.201 root PASSWORD |grep ssh-rsa >> ~/.ssh/authorized_keys
[root@xw4 ~]# ./noscp.exp ~/.ssh/authorized_keys 192.168.1.201:~/.ssh root PASSWORD
spawn scp /root/.ssh/authorized_keys root@192.168.1.201:~/.ssh
root@192.168.1.201's password:
authorized_keys
这样,就能无密码登陆了!
[root@xw4 ~]# ssh 192.168.1.201
Last login: Fri Sep 23 18:33:21 2016 from 192.168.1.7
[root@vm-002 ~]#
--------------------------------------------------------------------------
如果是多台机器的话,可以结合shell脚本进行批量执行
[root@xw4 ~]# cat /root/ip.list
192.168.1.100
192.168.1.101
192.168.1.102
192.168.1.103
192.168.1.104
......
......
[root@xw4 ~]# cat sshkey.sh
1
2
3
4
5
6
|
#!/bin/bash
for
ip
in
`
cat
/root/ip
.list`
do
/root/sshkey
.exp $ip root PASSWORD |
grep
ssh
-rsa >> ~/.
ssh
/authorized_keys
/root/noscp
.exp ~/.
ssh
/authorized_keys
$ip:~/.
ssh
root PASSWORD
done
|
[root@xw4 ~]# sh -x sshkey.sh
------------------------------------------------------------------
之前用过的一个简单的expect跳转脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
localhost:huan kevin$
cat
jump
#!/usr/bin/expect
set
timeout 30
spawn
/usr/bin/ssh
-p 2200 -l wangshibo 111.133.132.144
expect
"password:"
send
"shai3raesh2Uici\r"
interact
localhost:huan kevin$ .
/jump
spawn
/usr/bin/ssh
-p 2200 -l wangshibo 111.133.132.144
wangshibo@111.133.132.144's password:
Last login: Fri Oct 13 16:43:13 2017 from 210.12.101.146
Welcome to aliyun Elastic Compute Service!
[wangshibo@sh-sre-man01 ~]$
|