Batch distribution and execution of script keys
Label (Space Separation): Linux Service Architecture - Chen Siqi
This teaching note is a summary of my study and work career, which is the first draft (there are many imperfections), the original work, allowed to be reproduced, when reproduced, please be sure to indicate the original source of the article, author information and this statement in the form of hyperlinks. Otherwise, legal liability will be pursued. http://www.cnblogs.com/chensiqiqi/
[TOC]
[Business case]
The company has eight new servers and plans to form a small-scale cluster architecture. One server is used as a batch management server, and the other seven servers are needed for business architecture. Now it's up to you to take charge of the early configuration of the server.
Requirements are as follows:
- [x] Password-free key authentication is required when ssh from the management server connects to any other server, requiring batch distribution. (scripts for bulk distribution)
- [x] Because there is no DNS parsing server, each server needs to parse the server address of hosts. Therefore, batch distribution of / etc/hosts files is needed (ansible realizes batch distribution of files)
- [x] Simple optimization (server optimization script) and yum repository (epel.repo source) are needed in the initial stage of the new server. (ansible implements batch distribution and execution of scripts)
Environmental preparation
operating system
[root@m01 ~]# cat /etc/redhat-release CentOS release 6.8 (Final)
Kernel version
[root@m01 ~]# uname -r 2.6.32-642.el6.x86_64
Host network parameter settings:
| host name | NIC eth0 | NIC eth1 | purpose |
|---|---|---|---|
| lb01 | 10.0.0.5/24 | 172.16.1.5/24 | A1-nginx Load Balancing Server 01 |
| lb02 | 10.0.0.6/24 | 172.16.1.6/24 | A2-nginx Load Balancing Server 02 |
| web02 | 10.0.0.7/24 | 172.16.1.7/24 | B1-apache web server |
| web01 | 10.0.0.8/24 | 172.16.1.8/24 | B2-nginx web server |
| db01 | 10.0.0.51/24 | 172.16.1.51/24 | C3-mysql database server |
| nfs01 | 10.0.0.31/24 | 172.16.1.31/24 | C1-NFS Storage Server |
| backup | 10.0.0.41/24 | 172.16.1.41/24 | C2-rsync Storage Server |
| m01 | 10.0.0.61/24 | 172.16.1.61/24 | X-Management Server |
First, start deploying batch distribution of ssh keys
Step 1: Start installing sshpass interactive-free tools and mass distribution of SSH-key
Download epel source and update yum repository
[root@m01 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo [root@m01 ~]# yum -y clean all [root@m01 ~]# yum makecache
Install the sshpass tool
[root@m01 ~]# yum -y install sshpass
Step 2: Create a key-pair file
Create key pairs without interaction
[root@m01 ~]# ssh-keygen -t dsa -f ~/.ssh/id_dsa -P "" Generating public/private dsa key pair. Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 4d:01:91:98:be:02:89:ab:ce:63:4f:81:e3:ab:0b:f8 root@m01 The key's randomart image is: +--[ DSA 1024]----+ | oo+. | | o . . | | . . . . | |. + . o | | + o .S . | |+ . o . | |+. . . | |++o | |*=E. | +-----------------+ [root@m01 ~]# ls ~/.ssh/ authorized_keys id_dsa id_dsa.pub known_hosts //Instructions: ssh-keygen:Generate key pair commands -t: Cryptographic Encryption Type of Specified Key Pairs( rsaļ¼dsa Two kinds) -f: Specified key pair file generation path contains file name -P(Uppercase: The password for the specified key pair
Step 3: Distribution of public keys in a hands-off manner
[root@m01~] # sshpass-p "ssh login password" ssh-copy-id-i ~/.ssh/id_dsa.pub "-o Strict Host Key Checking = no root@172.16.1.31" Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no root@172.16.1.31'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@m01 ~]# Instructions: sshpass: Delivery-free tool for ssh connection services - p: Specify the password for login ssh-copy-id: a tool for automatically distributing public keys - i: Specify a public key path - o StrictHostKeyChecking=no: Do not write to each other's host information (the first ssh connection will be recorded in the know_hosts file)
Step 4: Testing ssh key authentication
[root@m01 ~]# ssh root@172.16.1.31 #Successful test, password-free ssh connection Last login: Tue Mar 14 21:49:58 2017 from 172.16.1.1 [root@nfs01 ~]#
Step 5: Write batch distribution script for ssh key pair
#!/bin/bash # author:Mr.chen # 2017-3-14 # description:SSH Key Batch Distribution User=root passWord=##LinuxLogin password function YumBuild(){ echo "Installing epel source yum Warehouse, please wait a moment...." cd /etc/yum.repos.d/ &&\ [ -d bak ] || mkdir bak [ `find ./*.* -type f | wc -l` -gt 0 ] && find ./*.* -type f | xargs -i mv {} bak/ wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo &>/dev/null yum -y clean all &>/dev/null yum makecache &>/dev/null } echo "Network connection testing under way,Please wait a moment...." ping www.baidu.com -c2 >/dev/null ||(echo "Can't be connected with the Outer Network, the script environment must be connected with the Outer Network!" && exit) [ $# -eq 0 ] && echo "No parameters! The format is: sh $0 Parameter 1...n" && exit rpm -q sshpass &>/dev/null || yum -y install sshpass &>/dev/null if [ $? -gt 0 ];then YumBuild yum -y install sshpass &>/dev/null || (echo "sshpass build error!" && exit) fi [ -d ~/.ssh ] || mkdir ~/.ssh;chmod 700 ~/.ssh echo "Creating key pairs...." rm -rf ~/.ssh/id_dsa ~/.ssh/id_dsa.pub ssh-keygen -t dsa -f ~/.ssh/id_dsa -P "" &>/dev/null for ip in $* do ping $ip -c1 &>/dev/null if [ $? -gt 0 ];then echo "$ipUnable ping Please check the network" continue fi sshpass -p "$passWord" ssh-copy-id -i ~/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no ${User}@$ip" &>/dev/null echo "$ip Key Distribution Successful" done
Special tips:
The content of the script is only for exploring ideas!
If you want to learn shell or programming well, it's no use just looking at it.
1. Learning (Basic)
2. Look (train of thought)
3. Imitation (Writing)
4. Exercise (after class)
Bear in mind...
Step 6: script distribution testing
[root@m01 yum.repos.d]# sh /server/scripts/ssh_key.sh 172.16.1.5 172.16.1.6 172.16.1.7 172.16.1.8 172.16.1.51 172.16.1.31 172.16.1.41 172.16.1.61 Network connection testing is under way. Please wait a moment. Creating a key pair... 172.16.1.5 Can't ping please check the network 172.16.1.6 Can't ping please check the network 172.16.1.7 Key Distribution Successful 172.16.1.8 Key Distribution Successful 172.16.1.51 Can not ping please check the network 172.16.1.31 Key Distribution Successful 172.16.1.41 Key Distribution Successful 172.16.1.61 Key Distribution Successful Remarks: Deliberately less than 3 sets, the script test succeeded.
2. Start deploying ansible automation tools and distributing files in batches
Step 1: Install the ansible tool
Need epel.repo source
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum -y install ansible
Step 2: Configure the host group
Configure / etc/ansible/hosts file
[root@m01 ~]# tail -8 /etc/ansible/hosts [chensiqi] 172.16.1.31 172.16.1.41 172.16.1.51 172.16.1.5 172.16.1.6 172.16.1.7 172.16.1.8
Since password-free key authentication has been configured, the host mapping file of / etc/ansible/hosts can be added to the IP address of the managed host.
Step 3: Anible batch management test
[root@m01 ~]# ansible chensiqi -m command -a "w" 172.16.1.6 | SUCCESS | rc=0 >> 08:47:40 up 12 min, 1 user, load average: 0.00, 0.01, 0.01 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 m01 08:47 0.00s 0.27s 0.01s /bin/sh -c /usr 172.16.1.41 | SUCCESS | rc=0 >> 22:48:28 up 1 day, 3:37, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 - Sat03 1:15m 0.15s 0.15s -bash root pts/0 m01 22:48 1.00s 0.33s 0.00s /bin/sh -c /usr 172.16.1.51 | SUCCESS | rc=0 >> 08:47:41 up 13 min, 1 user, load average: 0.08, 0.03, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 m01 08:47 1.00s 0.29s 0.00s /bin/sh -c /usr 172.16.1.31 | SUCCESS | rc=0 >> 10:27:47 up 15:47, 2 users, load average: 0.16, 0.05, 0.06 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 - Mon20 20:56m 0.15s 0.15s -bash root pts/0 m01 10:27 0.00s 0.26s 0.00s /bin/sh -c /usr 172.16.1.5 | SUCCESS | rc=0 >> 08:47:41 up 12 min, 1 user, load average: 0.00, 0.01, 0.03 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 m01 08:47 0.00s 0.20s 0.00s /bin/sh -c /usr 172.16.1.7 | SUCCESS | rc=0 >> 21:03:00 up 10:03, 2 users, load average: 0.05, 0.05, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 - 11:00 2:03m 0.14s 0.14s -bash root pts/0 m01 21:02 1.00s 0.18s 0.00s /bin/sh -c /usr 172.16.1.8 | SUCCESS | rc=0 >> 10:27:48 up 14:31, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 - Sat09 20:03m 0.10s 0.10s -bash root pts/0 m01 10:27 1.00s 0.16s 0.00s /bin/sh -c /usr
Step 4: Batch distribution of / etc/hosts files
[root@m01 ~]# ansible chensiqi -m copy -a "src=/etc/hosts dest=/etc/hosts backup=yes" #backup=yes If the target file exists, do you backup the target file before overwriting
172.16.1.51 | SUCCESS => {
"changed": true,
"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "09bad48d0c62411850fd04b68f836335",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:net_conf_t:s0",
"size": 294,
"src": "/root/.ansible/tmp/ansible-tmp-1489446564.45-249855699288208/source",
"state": "file",
"uid": 0
}
172.16.1.31 | SUCCESS => {
"changed": true,
"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "09bad48d0c62411850fd04b68f836335",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:net_conf_t:s0",
"size": 294,
"src": "/root/.ansible/tmp/ansible-tmp-1489446564.26-6373581674916/source",
"state": "file",
"uid": 0
}
172.16.1.41 | SUCCESS => {
"changed": true,
"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "09bad48d0c62411850fd04b68f836335",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:net_conf_t:s0",
"size": 294,
"src": "/root/.ansible/tmp/ansible-tmp-1489446564.37-90309519963188/source",
"state": "file",
"uid": 0
}
172.16.1.5 | SUCCESS => {
"changed": true,
"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "09bad48d0c62411850fd04b68f836335",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:net_conf_t:s0",
"size": 294,
"src": "/root/.ansible/tmp/ansible-tmp-1489446564.91-218095487370821/source",
"state": "file",
"uid": 0
}
172.16.1.6 | SUCCESS => {
"changed": true,
"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "09bad48d0c62411850fd04b68f836335",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:net_conf_t:s0",
"size": 294,
"src": "/root/.ansible/tmp/ansible-tmp-1489446564.92-48667872204035/source",
"state": "file",
"uid": 0
}
172.16.1.8 | SUCCESS => {
"changed": true,
"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "09bad48d0c62411850fd04b68f836335",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:net_conf_t:s0",
"size": 294,
"src": "/root/.ansible/tmp/ansible-tmp-1489446566.37-188264096277764/source",
"state": "file",
"uid": 0
}
172.16.1.7 | SUCCESS => {
"changed": true,
"checksum": "dba0126bf49ea8d4cdc476828f9edb37085c6afe",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "09bad48d0c62411850fd04b68f836335",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:net_conf_t:s0",
"size": 294,
"src": "/root/.ansible/tmp/ansible-tmp-1489446566.39-64165112131501/source",
"state": "file",
"uid": 0
}
Special tips:
If there is a file in the target path and the target file is exactly the same as the file you want to copy, it will also cause the copy function of ansilbe to fail.
3. Write server initial optimization scripts (service optimization + automatic installation of epel source yum repository), and use ansible to distribute and execute scripts in batches
Step 1: Write server initial service optimization + epel source yum warehouse build script
#!/bin/bash # author: Mr.chen # 2017-3-15 # description: Server initial optimization script + epel source yum warehouse building function ServerSystemOptimize(){ echo "The script starts trying to optimize the server as necessary....." && sleep 2 /etc/init.d/iptables stop &>/dev/null && echo "The firewall is closed!" && sleep 1 setenforce 0 &>/dev/null && echo "SElinux Closed!" || echo "SElinux Not opened!" chkconfig iptables off && echo "Firewall has cancelled boot-up!"&& sleep 1 sed -i '7 s/enforcing/disabled/g' /etc/selinux/config && echo "SElinux The boot has been cancelled!"&& sleep 1 A=`awk '/id:/ {print NR,$0}' /etc/inittab | awk '{print $1}'` sed -i "$A s/5/3/g" /etc/inittab && echo "Linux The start-up level has been set to 3 permanently!" && sleep 1 chkconfig --list | egrep -v "rsyslog|network|crond|sysstat|sshd" | awk '{print "chkconfig",$1,"off"}' | bash &>/dev/null && echo "The script is closed Linux Start-up of unnecessary services!" && sleep 1 } function YumBuild(){ echo "Installing epel source yum Warehouse, please wait a moment...." cd /etc/yum.repos.d/ &&\ [ -d bak ] || mkdir bak [ `find ./*.* -type f | wc -l` -gt 0 ] && find ./*.* -type f | xargs -i mv {} /etc/yum.repos.d/bak/ wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo &>/dev/null yum -y clean all &>/dev/null yum makecache &>/dev/null } echo "The script is running a network connection test,Please wait a moment...." ping www.baidu.com -c2 &>/dev/null ||(echo "Can't connect with the extranet, or DNS Parsing is problematic, the script environment must be connected to the external network!" && exit) YumBuild ServerSystemOptimize
Step 2: Local test script functionality
[root@m01 ~]# sh /server/scripts/server_uptimize.sh The script is testing the network connection, please wait a moment. The epel source yum warehouse is being installed. Please wait a moment. The *********************** script began to try to optimize the server as necessary... ************************************************************ The firewall is closed! SElinux is off! Firewall has cancelled boot-up! SElinux has cancelled boot-up! Linux Startup Run Level has been permanently set to 3! The script has turned off the boot-up of unnecessary Linux services!
Step 3: Batch distribution of scripts with ansible
[root@m01 ~]# ansible chensiqi -m copy -a "src=/server/scripts/server_uptimize.sh dest=/server/scripts/ backup=yes"
172.16.1.6 | SUCCESS => {
"changed": true,
"checksum": "9d508da8cce8830722ac38ad274361601d33f43e",
"dest": "/server/scripts/server_uptimize.sh",
"gid": 0,
"group": "root",
"md5sum": "efeaffe8266992c190c1055241458259",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:default_t:s0",
"size": 1600,
"src": "/root/.ansible/tmp/ansible-tmp-1489449184.22-105813674245985/source",
"state": "file",
"uid": 0
}
172.16.1.5 | SUCCESS => {
"changed": true,
"checksum": "9d508da8cce8830722ac38ad274361601d33f43e",
"dest": "/server/scripts/server_uptimize.sh",
"gid": 0,
"group": "root",
"md5sum": "efeaffe8266992c190c1055241458259",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:default_t:s0",
"size": 1600,
"src": "/root/.ansible/tmp/ansible-tmp-1489449184.22-102726815232979/source",
"state": "file",
"uid": 0
}
172.16.1.51 | SUCCESS => {
"changed": true,
"checksum": "9d508da8cce8830722ac38ad274361601d33f43e",
"dest": "/server/scripts/server_uptimize.sh",
"gid": 0,
"group": "root",
"md5sum": "efeaffe8266992c190c1055241458259",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:default_t:s0",
"size": 1600,
"src": "/root/.ansible/tmp/ansible-tmp-1489449184.26-180721242166387/source",
"state": "file",
"uid": 0
}
172.16.1.41 | SUCCESS => {
"changed": false,
"checksum": "9d508da8cce8830722ac38ad274361601d33f43e",
"dest": "/server/scripts/server_uptimize.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/server/scripts/server_uptimize.sh",
"secontext": "system_u:object_r:default_t:s0",
"size": 1600,
"state": "file",
"uid": 0
}
172.16.1.31 | SUCCESS => {
"changed": false,
"checksum": "9d508da8cce8830722ac38ad274361601d33f43e",
"dest": "/server/scripts/server_uptimize.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/server/scripts/server_uptimize.sh",
"secontext": "system_u:object_r:default_t:s0",
"size": 1600,
"state": "file",
"uid": 0
}
172.16.1.8 | SUCCESS => {
"changed": false,
"checksum": "9d508da8cce8830722ac38ad274361601d33f43e",
"dest": "/server/scripts/server_uptimize.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/server/scripts/server_uptimize.sh",
"secontext": "system_u:object_r:default_t:s0",
"size": 1600,
"state": "file",
"uid": 0
}
172.16.1.7 | SUCCESS => {
"changed": false,
"checksum": "9d508da8cce8830722ac38ad274361601d33f43e",
"dest": "/server/scripts/server_uptimize.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/server/scripts/server_uptimize.sh",
"secontext": "system_u:object_r:default_t:s0",
"size": 1600,
"state": "file",
"uid": 0
}
Step 4: Using ansible to execute scripts in batches
[root@m01 ~]# ansible chensiqi -m shell -a "sh /server/scripts/server_uptimize.sh" 172.16.1.5 | SUCCESS | rc=0 >> The script is testing the network connection, please wait a moment. The epel source yum warehouse is being installed. Please wait a moment. The *********************** script began to try to optimize the server as necessary... ************************************************************ The firewall is closed! SElinux is off! Firewall has cancelled boot-up! SElinux has cancelled boot-up! Linux Startup Run Level has been permanently set to 3! The script has turned off the boot-up of unnecessary Linux services! 172.16.1.6 | SUCCESS | rc=0 >> The script is testing the network connection, please wait a moment. The epel source yum warehouse is being installed. Please wait a moment. The *********************** script began to try to optimize the server as necessary... ************************************************************ The firewall is closed! SElinux is off! Firewall has cancelled boot-up! SElinux has cancelled boot-up! Linux Startup Run Level has been permanently set to 3! The script has turned off the boot-up of unnecessary Linux services! 172.16.1.31 | SUCCESS | rc=0 >> The script is testing the network connection, please wait a moment. The epel source yum warehouse is being installed. Please wait a moment. The *********************** script began to try to optimize the server as necessary... ************************************************************ The firewall is closed! SElinux is off! Firewall has cancelled boot-up! SElinux has cancelled boot-up! Linux Startup Run Level has been permanently set to 3! The script has turned off the boot-up of unnecessary Linux services! 172.16.1.41 | SUCCESS | rc=0 >> The script is testing the network connection, please wait a moment. The epel source yum warehouse is being installed. Please wait a moment. The *********************** script began to try to optimize the server as necessary... ************************************************************ The firewall is closed! SElinux is off! Firewall has cancelled boot-up! SElinux has cancelled boot-up! Linux Startup Run Level has been permanently set to 3! The script has turned off the boot-up of unnecessary Linux services! 172.16.1.51 | SUCCESS | rc=0 >> The script is testing the network connection, please wait a moment. The epel source yum warehouse is being installed. Please wait a moment. The *********************** script began to try to optimize the server as necessary... ************************************************************ The firewall is closed! SElinux is off! Firewall has cancelled boot-up! SElinux has cancelled boot-up! Linux Startup Run Level has been permanently set to 3! The script has turned off the boot-up of unnecessary Linux services! 172.16.1.8 | SUCCESS | rc=0 >> The script is testing the network connection, please wait a moment. The epel source yum warehouse is being installed. Please wait a moment. The *********************** script began to try to optimize the server as necessary... ************************************************************ The firewall is closed! SElinux is off! Firewall has cancelled boot-up! SElinux has cancelled boot-up! Linux Startup Run Level has been permanently set to 3! The script has turned off the boot-up of unnecessary Linux services! 172.16.1.7 | SUCCESS | rc=0 >> The script is testing the network connection, please wait a moment. The epel source yum warehouse is being installed. Please wait a moment. The *********************** script began to try to optimize the server as necessary... ************************************************************ The firewall is closed! SElinux is off! Firewall has cancelled boot-up! SElinux has cancelled boot-up! Linux Startup Run Level has been permanently set to 3! The script has turned off the boot-up of unnecessary Linux services!