http://greatdeer007.blog.163.com/blog/static/16366517420120531554960/
我们做运维的都知道,当手里所负责的服务器数量越来越多,100台,200台,甚至1000台的时候,免不了做许多重复的琐碎工作,特别是针对同一个集群下的相同类型的服务器,操作步骤等等都完全相同,虽然已经通过rsync将shell脚本放到每台服务器上再执行的方式来简化工作,但还是需要重复的进行登陆,况且很多时候只是想执行一条简单的口令,并查看结果。
因此,我了解了一些关于批量管理服务器方面的知识,在这方面比较知名的有Puppet和func,其中Puppet在全世界很多著名互联网公司都得到了应用。但要学习并部署好这样的系统还是需要一些时间的,而且还涉及到对每台服务器的更改,主要是软件的安装配置。
为了能够快速解决眼前的问题,我查询了一些expect脚本相关的资料,它可以用来处理交互式的命令,并且可以结合ssh密钥认证来实现批量分发管理sshkey服务
只要在分发服务器上部署expect就可以,比如ns3这是一台分发服务器
[root@ns3 scripts]# yum -y install expect
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.grandcloud.cn
* extras: mirrors.grandcloud.cn
* updates: mirrors.grandcloud.cn
base | 1.1 kB 00:00
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package expect.i386 0:5.43.0-8.el5 set to be updated
--> Processing Dependency: libtcl8.4.so for package: expect
---> Package expect.x86_64 0:5.43.0-8.el5 set to be updated
--> Running transaction check
---> Package tcl.i386 0:8.4.13-4.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================
Installing:
expect i386 5.43.0-8.el5 base 158 k
expect x86_64 5.43.0-8.el5 base 161 k
Installing for dependencies:
tcl i386 8.4.13-4.el5 base 956 k
Transaction Summary
====================================================================================================================================
Install 3 Package(s)
Upgrade 0 Package(s)
Total download size: 1.2 M
Downloading Packages:
(1/3): expect-5.43.0-8.el5.i386.rpm | 158 kB 00:00
(2/3): expect-5.43.0-8.el5.x86_64.rpm | 161 kB 00:00
(3/3): tcl-8.4.13-4.el5.i386.rpm | 956 kB 00:00
------------------------------------------------------------------------------------------------------------------------------------
Total 1.1 MB/s | 1.2 MB 00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : expect 1/3
Installing : tcl 2/3
Installing : expect 3/3
Installed:
expect.i386 0:5.43.0-8.el5 expect.x86_64 0:5.43.0-8.el5
Dependency Installed:
tcl.i386 0:8.4.13-4.el5
Complete!
——————————————————————————————————
接着,分别是三个脚本,也是只需要放在分发服务器上的,不过前提是你要再每台服务器上都
创建一个jerry账户,这个可以利用secureCRT的公共窗口来创建,很简单!以后一些运维人员
想要分发脚本或者文件就都可以用jerry这个用户去做操作了!当然,如果你的公司只有你一个系统管理员,也没有那么多的密码和用户权限管理要求,你也可以根据实际情况,直接把脚本中的jerry改成root,不过这样做的前提就是,所有生产环境的root密码必须相同。
fenfa_sshkey.exp
fenfa_sshkey.sh
iplist
用winscp等工具上传到/root/scripts/目录下
fefa_sshkey.exp脚本如下
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#!/usr/bin/expect
if { $argc != 2 } {
send_user "usage: expect scp-expect.exp file host \n"
exit
}
#define var
set file [lindex $argv 0]
set host [lindex $argv 1]
set password "123456"
#spawn ssh-copy-id -i $file "-p 12580 jerry@$host"
spawn ssh-copy-id -i $file "jerry@$host"
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
}
expect eof
exit -onexit {
send_user "Jerry say good bye to you!\n"
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
fenfa_sshkey.sh脚本
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#!/bin/bash
. /etc/init.d/functions
for ip in `cat iplist`
do
expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub $ip >/dev/null 2>&1
if [ $? -eq 0 ];then
action "$ip" /bin/true
else
action "$ip" /bin/false
fi
done
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
iplist 根据生产环境的实际去修改
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
测试时候,只要执行sh fenfa_sshkey.sh这个脚本就可以了
[root@ns3 scripts]# sh fenfa_sshkey.sh
[ OK ]1
[ OK ]2
[ OK ]4
[ OK ]1
[ OK ]0
[ OK ]2
[ OK ]0
[ OK ]2
这是我测试下来的结果,可以直接ssh jerry@IP,不需要输入密码 证明已经成功了!