SSH批量部署服务
1.1在NFS上作为中心分发服务器将私钥分发到其他服务器上
1.1.1NFS部署
1 [root@nfs-server ~]# useradd zhurui
2 [root@nfs-server ~]# echo 123456|passwd --stdin zhurui
3 Changing password for user zhurui.
4 passwd: all authentication tokens updated successfully.
5 创建密码对:
6 [root@nfs-server ~]# su - zhurui ##切换到zhurui用户下,以后批量分发都在当前用户下,安全考虑
7 [zhurui@nfs-server ~]$ ssh-keygen -t dsa ##ssh-keygen是生成秘钥的工具,-t参数指建立秘钥的类型,这里建立dsa类型秘钥(还有一种类型的秘钥为RSA,两者加密算法有区别)
8 Generating public/private dsa key pair.
9 Enter file in which to save the key (/home/zhurui/.ssh/id_dsa):
10 Created directory '/home/zhurui/.ssh'.
11 Enter passphrase (empty for no passphrase):
12 Enter same passphrase again:
13 Your identification has been saved in /home/zhurui/.ssh/id_dsa.
14 Your public key has been saved in /home/zhurui/.ssh/id_dsa.pub.
15 The key fingerprint is:
16 6f:65:c4:a6:fb:32:45:0c:85:c3:bc:87:8f:a4:ae:bc zhurui@nfs-server
17 The key's randomart image is:
18 +--[ DSA 1024]----+
19 | o o. |
20 | *. |
21 | *+ |
22 | +++ |
23 | So.=o |
24 | ...+o |
25 | . +. |
26 | . ..o. |
27 | Eo o. |
28 +-----------------+
29 [zhurui@nfs-server ~]$
30 [zhurui@nfs-server ~]$ ls -l .ssh/
31 total 8
32 -rw-------. 1 zhurui zhurui 672 Mar 5 04:23 id_dsa ##私钥
33 -rw-r--r--. 1 zhurui zhurui 607 Mar 5 04:23 id_dsa.pub ##公钥
34 将公钥分发给web-lamp01服务器
35 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.12 ##将公钥分发给1.12服务器
36 The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established.
37 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
38 Are you sure you want to continue connecting (yes/no)? yes
39 Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts.
40 Nasty PTR record "192.168.1.12" is set up for 192.168.1.12, ignoring
41 zhurui@192.168.1.12's password:
42 Permission denied, please try again.
43 zhurui@192.168.1.12's password:
44 Now try logging into the machine, with "ssh 'zhurui@192.168.1.12'", and check in:
45
46 .ssh/authorized_keys
47
48 to make sure we haven't added extra keys that you weren't expecting.
49
50 [zhurui@nfs-server ~]$
1.1.2 web-lnmp02客户端分发部署
--------------------------------------------------------------------
注:如果你对python感兴趣,我这有个学习Python基地,里面有很多学习资料,感兴趣的+Q群:895817687
--------------------------------------------------------------------
1 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.13 ##将公钥分发到1.13服务器
2 The authenticity of host '192.168.1.13 (192.168.1.13)' can't be established.
3 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
4 Are you sure you want to continue connecting (yes/no)? yes
5 Warning: Permanently added '192.168.1.13' (RSA) to the list of known hosts.
6 Nasty PTR record "192.168.1.13" is set up for 192.168.1.13, ignoring
7 zhurui@192.168.1.13's password:
8 Now try logging into the machine, with "ssh 'zhurui@192.168.1.13'", and check in:
9
10 .ssh/authorized_keys
11
12 to make sure we haven't added extra keys that you weren't expecting.
13
14 [zhurui@nfs-server ~]$
1.1.3 rsync-backup客户端分发部署
1 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.17
2 The authenticity of host '192.168.1.17 (192.168.1.17)' can't be established.
3 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
4 Are you sure you want to continue connecting (yes/no)? yes
5 Warning: Permanently added '192.168.1.17' (RSA) to the list of known hosts.
6 zhurui@192.168.1.17's password:
7 Now try logging into the machine, with "ssh 'zhurui@192.168.1.17'", and check in:
8
9 .ssh/authorized_keys
10
11 to make sure we haven't added extra keys that you weren't expecting.
12
13 [zhurui@nfs-server ~]$
2.1在NFS上测试
2.1.1 通过ssh命令在当前机器上查看web-lamp01的IP地址
1 [zhurui@nfs-server ~]$ ssh -P22 zhurui@192.168.1.12 /sbin/ifconfig eth0
2 eth0 Link encap:Ethernet HWaddr 00:0C:29:49:CE:B3
3 inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
4 inet6 addr: fe80::20c:29ff:fe49:ceb3/64 Scope:Link
5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
6 RX packets:7701 errors:0 dropped:0 overruns:0 frame:0
7 TX packets:4795 errors:0 dropped:0 overruns:0 carrier:0
8 collisions:0 txqueuelen:1000
9 RX bytes:4806676 (4.5 MiB) TX bytes:484902 (473.5 KiB)
10 注:在命令执行过程中,跳过输入密码的步骤
11 接着分发文件测试:
12 [zhurui@nfs-server ~]$ cp /etc/hosts
13 hosts hosts.allow hosts.deny
14 [zhurui@nfs-server ~]$ cp /etc/hosts .
15 [zhurui@nfs-server ~]$ ll
16 [zhurui@nfs-server ~]$ scp -P22 hosts zhurui@192.168.1.12:~ ##将当前目录下hosts文件分发到1.12家目录下
17 hosts 100% 243 0.2KB/s 00:00
18 [zhurui@nfs-server ~]$
19
20 检查1.12上zhurui家目录下有无hosts文件
21 [root@lamp01 zhurui]# cat /home/zhurui/hosts
22 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
23 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
24 192.168.1.11 nfs-server
25 192.168.1.17 backup
26 192.168.1.12 lamp01
27 192.168.1.13 lnmp02
28 [root@lamp01 zhurui]#
29 通过脚本分发:
30 [zhurui@nfs-server ~]$ sh fenfa.sh
31 hosts 100% 257 0.3KB/s 00:00
32 hosts 100% 257 0.3KB/s 00:00
33 hosts 100% 257 0.3KB/s 00:00
34
批量管理脚本:
1 #!/bin/sh
2 . /etc/init.d/functions
3 if [ $# -ne 1 ]
4 then
5 echo "USAGE:$0 USAGE|COMMAND"
6 exit 1
7 fi
8 for n in 12 13 17
9 do
10 ssh -p22 zhurui@192.168.1.$n $1
11 done
12
13 ~
批量分发脚本:
1 #!/bin/sh
2 . /etc/init.d/functions
3
4 for n in 12 13 17
5 do
6 scp -P22 $1 zhurui@192.168.1.$n:~ &>/dev/null
7 if [ $? -eq 0 ]
8 then
9 action "fenfa $1 ok" /bin/true
10 else
11 action "fenfa $1 ok" /bin/false
12 fi
13 done
14
15 ~
利用分发脚本分发hosts文件
1 [zhurui@nfs-server ~]$ sh fenfa.sh hosts
2 fenfa hosts ok [ OK ]
3 fenfa hosts ok [ OK ]
4 fenfa hosts ok [ OK ]
5 [zhurui@nfs-server ~]$
优化后的分发脚本
1 #!/bin/sh
2 . /etc/init.d/functions
3 if [ $# -ne 1 ]
4 then
5 echo "USAGE:$0 {FILENAME|DIRNAME}"
6 exit 1
7 fi
8 for n in 12 13 17
9 do
10 scp -P22 -r $1 zhurui@192.168.1.$n:~ &>/dev/null
11 if [ $? -eq 0 ]
12 then
13 action "fenfa $1 ok" /bin/true
14 else
15 action "fenfa $1 ok" /bin/false
16 fi
17 done