综合

ssh批量分发服务搭建

导读: 

inet addr:10.0.0.4 Bcast:10.0.0.255 Mask:255.255.255.0

[[email protected] ~]$ ssh -p22 [email protected] /sbin/ifconfigeth0|grep ‘inet addr‘

inet addr:10.0.0.5 Bcast:10.0.0.255 Mask:255.255.255.0

[[email protected] ~]$ ssh -p22 [email protected] /sbin/ifconfig eth0 | grep ‘inet addr‘|awk‘{print $2}‘|awk -F ‘:‘ ‘{print $2}‘

10.0.0.5

[[email protected] ~]$ ssh -p22 [email protected] /sbin/ifconfig eth0 | grep ‘inet addr‘|awk‘{print $2}‘|awk -F ‘:‘ ‘{print $2}‘

10.0.0.4

证明免密钥分发成功!

  1. 适用脚本分发文件

[[email protected] ~]$ sh fengfa.sh fengfa.sh

fengfa.sh 100% 120 0.1KB/s 00:00

fengfa.sh 100% 120 0.1KB/s 00:00

[[email protected] ~]$ cat fengfa.sh

if [ $# -ne 1 ]

then

echo "USAGE:/bin/sh $0 arg1"

exit 1

fi

for n in 4 5

do

scp -P22 -rp $1 [email protected]$n:~/

done

[[email protected] ~]$

  1. 适用脚本批量管理服务器

[[email protected] ~]$ sh guangli.sh /sbin/ifconfig

eth0 Link encap:Ethernet HWaddr00:0C:29:61:34:C0

inet addr:10.0.0.4 Bcast:10.0.0.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fe61:34c0/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RXpackets:146015 errors:0 dropped:0 overruns:0 frame:0

TXpackets:273645 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RXbytes:21283373 (20.2 MiB) TXbytes:16164642 (15.4 MiB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UPLOOPBACK RUNNING MTU:16436 Metric:1

RXpackets:131107 errors:0 dropped:0 overruns:0 frame:0

TXpackets:131107 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:5507564 (5.2 MiB) TX bytes:5507564(5.2 MiB)

eth0 Link encap:Ethernet HWaddr00:0C:29:04:9C:CB

inet addr:10.0.0.5 Bcast:10.0.0.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fe04:9ccb/64 Scope:Link

UPBROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RXpackets:3379 errors:0 dropped:0 overruns:0 frame:0

TXpackets:1738 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RXbytes:478398 (467.1 KiB) TX bytes:276437(269.9 KiB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UPLOOPBACK RUNNING MTU:16436 Metric:1

RXpackets:28 errors:0 dropped:0 overruns:0 frame:0

TXpackets:28 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RXbytes:4610 (4.5 KiB) TX bytes:4610 (4.5KiB)

[[email protected] ~]$ cat guangli.sh

if [ $# -ne 1 ]

then

echo "USAGE:/bin/sh $0 arg1"

exit 1

fi

for n in 4 5

do

ssh -p22 [email protected]$n $1

done

[[email protected] ~]$

5. sudo分发文件或目录到普通用户没有权限的目录下

步骤如下:

  1. 修改每个服务器的/etc/sudoers文件,让普通用户具有在所以目录复制的功能

  2. 先发文件到对方的家目录

  3. 使用特殊的ssh命令,格式为:用 ssh -t [email protected] “sudo 命令(记得要带参数-t

下面使用生产环境中最常用的例子作为实例,把hosts目录统一分发到所以服务器的/etc/hosts

  1. 所有服务器都切到root用户下。执行下面命令

echo ‘gao ALL=(ALL) NOPASSWD: /bin/cp‘>>/etc/sudoers

tail -5 /etc/sudoers

visudo –c

  1. A切换到gao(普通用户)下,把host文件分别发到B.C目录下。并使用ssh命令,把文件推到/etc/下面

[[email protected] ~]$ scp -P22 hosts [email protected]:~/

hosts 100% 219 0.2KB/s 00:00

[[email protected] ~]$ ssh -t -P22 [email protected] "sudo/bin/cp hosts /etc/"

Connection to 10.0.0.4 closed.

[[email protected] ~]$

[[email protected] ~]$ scp -P22 hosts [email protected]:~/

hosts 100% 219 0.2KB/s 00:00

[[email protected] ~]$ ssh -t -P22 [email protected] "sudo/bin/cp hosts /etc/"

Connection to 10.0.0.5 closed.

[[email protected] ~]$

上面的2可以用下面脚本实现

[[email protected] ~]$ vi tfengfa.sh

#!/bin/sh

file="$1"

remotedir="$2"

. /etc/init.d/functions

if [ $# -ne 2 ]

then

echo "USAGE:/bin/sh $0 file path"

exit 1

fi

for n in 4 5

do

scp-P22 -rp $file [email protected]$n:~/

ssh-t -p22 [email protected]$n "sudo /bin/cp ~/$file $remotedir "

if [$? -eq 0 ]

then

action "scp $file to $remotedir is ok" /bin/true

else

action "scp $file to $remotedir is fail" /bin/false

fi

done

[[email protected] ~]$ sh tfengfa.sh hosts /root/

hosts 100% 219 0.2KB/s 00:00

Connection to 10.0.0.4 closed.

scp hosts to /root/ is ok [ OK ]

hosts 100% 219 0.2KB/s 00:00

Connection to 10.0.0.5 closed.

scp hosts to /root/ is ok [ OK ]

[[email protected] ~]$

6. suid分发文件到特殊文件夹

  1. 在所有把rsync命令授权4755或者u+s

[[email protected] ~]# which rsync

/usr/bin/rsync

[[email protected] ~]# chmod u+s `which rsync`

[[email protected] ~]# ll `which rsync`

-rwsr-xr-x. 1 root root 415000 Oct 31 2013 /usr/bin/rsync

[[email protected] ~]#

[[email protected] ~]# chmod 4755 /usr/bin/rsync

[[email protected] ~]# ll /usr/bin/rsync

-rwsr-xr-x. 1 root root 415000 Oct 31 2013 /usr/bin/rsync

[[email protected] ~]#

[[email protected] ~]# chmod 4755 /usr/bin/rsync

[[email protected] ~]# ll /usr/bin/rsync

-rwsr-xr-x. 1 root root 415000 Oct 31 2013 /usr/bin/rsync

[[email protected] ~]#

  1. 把要分发的文件分发到服务器的家目录

[[email protected] ~]$ echo asdasdaf >gao.txt

[[email protected] ~]$ scp -P22 -rp gao.txt [email protected]:~/

gao.txt 100% 9 0.0KB/s 00:00

[[email protected] ~]$scp -P22 -rp gao.txt [email protected]:~/

gao.txt 100% 9 0.0KB/s 00:00

[[email protected] ~]$ ll

total 12

-rw-r--r--. 1 gao gao 120 Jul 20 14:22 fengfa.sh

-rw-rw-r--. 1 gao gao 9 Jul 20 18:59 gao.txt

-rw-r--r--. 1 gao gao 219 Jul 20 18:31 hosts

[[email protected] ~]$ cat gao.txt

asdasdaf

[[email protected] ~]$

[[email protected] ~]$ ll

total 88

-rw-r--r--. 1 gao gao 120 Jul 20 14:22 fengfa.sh

-rw-rw-r--. 1 gao gao 9 Jul 20 22:02 gao.txt

-rw-r--r--. 1 gao gao 219 Jul 20 18:31 hosts

-rwxr-xr-x. 1 gao gao 73936 May 10 2012 ifconfig

[[email protected] ~]$ cat gao.txt

asdasdaf

[[email protected] ~]$

  1. 直接用ssh/usr/bin/rsync命令把家目录中的文件分发到特殊目录了。

[[email protected] ~]$ ssh -p22 [email protected] "/usr/bin/rsync ~/gao.txt /root/"

[[email protected] ~]$

[[email protected] ~]# cat gao.txt

asdasdaf

[[email protected] ~]#

[[email protected] ~]$ ssh -p22 [email protected] "/usr/bin/rsync ~/gao.txt /root/"

[[email protected] ~]$

[[email protected] ~]# ls

anaconda-ks.cfg gao.txt hosts install.log install.log.syslog

[[email protected] ~]# cat gao.txt

asdasdaf

[[email protected] ~]#

  1. 脚本实现

[[email protected] ~]$ echo aaaaaaaaa>guo.txt

[[email protected] ~]$ sh tfengfa1.sh guo.txt /etc/

guo.txt 100% 10 0.0KB/s 00:00

Connection to 10.0.0.4 closed.

scp guo.txt to /etc/ is ok [ OK ]

guo.txt 100% 10 0.0KB/s 00:00

Connection to 10.0.0.5 closed.

scp guo.txt to /etc/ is ok [ OK ]

[[email protected] ~]$

[[email protected] ~]$

[[email protected] ~]$ cat tfengfa1.sh

#!/bin/sh

file="$1"

remotedir="$2"

. /etc/init.d/functions

if [ $# -ne 2 ]

then

echo "USAGE:/bin/sh $0 file path"

exit 1

fi

for n in 4 5

do

scp-P22 -rp $file ga[email protected]$n:~/

ssh-t -p22 [email protected]$n "/usr/bin/rsync ~/$file $remotedir "

if [$? -eq 0 ]

then

action "scp $file to $remotedir is ok" /bin/true

else

action "scp $file to $remotedir is fail" /bin/false

fi

done

[[email protected] ~]$

相关资讯

发表评论
网友评论0 条评论)
暂无评论