SSH批量部署服务
1.1在NFS上作为中心分发服务器将私钥分发到其他服务器上
1.1.1NFS部署
1 [root@nfs-server ~]# useradd zhurui 2 [root@nfs-server ~]# echo 123456|passwd --stdin zhurui 3 Changing password for user zhurui. 4 passwd: all authentication tokens updated successfully. 5 创建密码对: 6 [root@nfs-server ~]# su - zhurui ##切换到zhurui用户下,以后批量分发都在当前用户下,安全考虑 7 [zhurui@nfs-server ~]$ ssh-keygen -t dsa ##ssh-keygen是生成秘钥的工具,-t参数指建立秘钥的类型,这里建立dsa类型秘钥(还有一种类型的秘钥为RSA,两者加密算法有区别) 8 Generating public/private dsa key pair. 9 Enter file in which to save the key (/home/zhurui/.ssh/id_dsa): 10 Created directory '/home/zhurui/.ssh'. 11 Enter passphrase (empty for no passphrase): 12 Enter same passphrase again: 13 Your identification has been saved in /home/zhurui/.ssh/id_dsa. 14 Your public key has been saved in /home/zhurui/.ssh/id_dsa.pub. 15 The key fingerprint is: 16 6f:65:c4:a6:fb:32:45:0c:85:c3:bc:87:8f:a4:ae:bc zhurui@nfs-server 17 The key's randomart image is: 18 +--[ DSA 1024]----+ 19 | o o. | 20 | *. | 21 | *+ | 22 | +++ | 23 | So.=o | 24 | ...+o | 25 | . +. | 26 | . ..o. | 27 | Eo o. | 28 +-----------------+ 29 [zhurui@nfs-server ~]$ 30 [zhurui@nfs-server ~]$ ls -l .ssh/ 31 total 8 32 -rw-------. 1 zhurui zhurui 672 Mar 5 04:23 id_dsa ##私钥 33 -rw-r--r--. 1 zhurui zhurui 607 Mar 5 04:23 id_dsa.pub ##公钥 34 将公钥分发给web-lamp01服务器 35 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.12 ##将公钥分发给1.12服务器 36 The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established. 37 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5. 38 Are you sure you want to continue connecting (yes/no)? yes 39 Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts. 40 Nasty PTR record "192.168.1.12" is set up for 192.168.1.12, ignoring 41 zhurui@192.168.1.12's password: 42 Permission denied, please try again. 43 zhurui@192.168.1.12's password: 44 Now try logging into the machine, with "ssh 'zhurui@192.168.1.12'", and check in: 45 46 .ssh/authorized_keys 47 48 to make sure we haven't added extra keys that you weren't expecting. 49 50 [zhurui@nfs-server ~]$
1.1.2 web-lnmp02客户端分发部署
1 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.13 ##将公钥分发到1.13服务器 2 The authenticity of host '192.168.1.13 (192.168.1.13)' can't be established. 3 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5. 4 Are you sure you want to continue connecting (yes/no)? yes 5 Warning: Permanently added '192.168.1.13' (RSA) to the list of known hosts. 6 Nasty PTR record "192.168.1.13" is set up for 192.168.1.13, ignoring 7 zhurui@192.168.1.13's password: 8 Now try logging into the machine, with "ssh 'zhurui@192.168.1.13'", and check in: 9 10 .ssh/authorized_keys 11 12 to make sure we haven't added extra keys that you weren't expecting. 13 14 [zhurui@nfs-server ~]$
1.1.3 rsync-backup客户端分发部署
1 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.17 2 The authenticity of host '192.168.1.17 (192.168.1.17)' can't be established. 3 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5. 4 Are you sure you want to continue connecting (yes/no)? yes 5 Warning: Permanently added '192.168.1.17' (RSA) to the list of known hosts. 6 zhurui@192.168.1.17's password: 7 Now try logging into the machine, with "ssh 'zhurui@192.168.1.17'", and check in: 8 9 .ssh/authorized_keys 10 11 to make sure we haven't added extra keys that you weren't expecting. 12 13 [zhurui@nfs-server ~]$
2.1在NFS上测试
2.1.1 通过ssh命令在当前机器上查看web-lamp01的IP地址
1 [zhurui@nfs-server ~]$ ssh -P22 zhurui@192.168.1.12 /sbin/ifconfig eth0 2 eth0 Link encap:Ethernet HWaddr 00:0C:29:49:CE:B3 3 inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0 4 inet6 addr: fe80::20c:29ff:fe49:ceb3/64 Scope:Link 5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 6 RX packets:7701 errors:0 dropped:0 overruns:0 frame:0 7 TX packets:4795 errors:0 dropped:0 overruns:0 carrier:0 8 collisions:0 txqueuelen:1000 9 RX bytes:4806676 (4.5 MiB) TX bytes:484902 (473.5 KiB) 10 注:在命令执行过程中,跳过输入密码的步骤 11 接着分发文件测试: 12 [zhurui@nfs-server ~]$ cp /etc/hosts 13 hosts hosts.allow hosts.deny 14 [zhurui@nfs-server ~]$ cp /etc/hosts . 15 [zhurui@nfs-server ~]$ ll 16 [zhurui@nfs-server ~]$ scp -P22 hosts zhurui@192.168.1.12:~ ##将当前目录下hosts文件分发到1.12家目录下 17 hosts 100% 243 0.2KB/s 00:00 18 [zhurui@nfs-server ~]$ 19 20 检查1.12上zhurui家目录下有无hosts文件 21 [root@lamp01 zhurui]# cat /home/zhurui/hosts 22 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 23 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 24 192.168.1.11 nfs-server 25 192.168.1.17 backup 26 192.168.1.12 lamp01 27 192.168.1.13 lnmp02 28 [root@lamp01 zhurui]# 29 通过脚本分发: 30 [zhurui@nfs-server ~]$ sh fenfa.sh 31 hosts 100% 257 0.3KB/s 00:00 32 hosts 100% 257 0.3KB/s 00:00 33 hosts 100% 257 0.3KB/s 00:00 34
批量管理脚本:
1 #!/bin/sh 2 . /etc/init.d/functions 3 if [ $# -ne 1 ] 4 then 5 echo "USAGE:$0 USAGE|COMMAND" 6 exit 1 7 fi 8 for n in 12 13 17 9 do 10 ssh -p22 zhurui@192.168.1.$n $1 11 done 12 13 ~
批量分发脚本:
1 #!/bin/sh 2 . /etc/init.d/functions 3 4 for n in 12 13 17 5 do 6 scp -P22 $1 zhurui@192.168.1.$n:~ &>/dev/null 7 if [ $? -eq 0 ] 8 then 9 action "fenfa $1 ok" /bin/true 10 else 11 action "fenfa $1 ok" /bin/false 12 fi 13 done 14 15 ~
利用分发脚本分发hosts文件
1 [zhurui@nfs-server ~]$ sh fenfa.sh hosts 2 fenfa hosts ok [ OK ] 3 fenfa hosts ok [ OK ] 4 fenfa hosts ok [ OK ] 5 [zhurui@nfs-server ~]$
优化后的分发脚本
1 #!/bin/sh 2 . /etc/init.d/functions 3 if [ $# -ne 1 ] 4 then 5 echo "USAGE:$0 {FILENAME|DIRNAME}" 6 exit 1 7 fi 8 for n in 12 13 17 9 do 10 scp -P22 -r $1 zhurui@192.168.1.$n:~ &>/dev/null 11 if [ $? -eq 0 ] 12 then 13 action "fenfa $1 ok" /bin/true 14 else 15 action "fenfa $1 ok" /bin/false 16 fi 17 done