2. 程式人生 > >Web集群之SSH批量管理

Web集群之SSH批量管理

阿新 發佈:2018-11-08
gre linux i++ save only ffffff code ref 圖片

1、什麽是SSH批量管理
在管理機產生公鑰和私鑰,然後把自己的公鑰推送給需要被管理的服務器,然後就可以通過scp和ssh命令,無需輸入密碼即可管理

技術分享圖片
鎖=公鑰,鑰匙=私鑰

企業裏實現ssh方案:
1)直接root ssh key。
條件:系統允許root使用ssh
2)sudo提權來實現沒有權限用戶拷貝

實驗環境:

hostname ip 描述
m01 172.16.1.61 管理機
web01 172.16.1.7 被管理
nfs 172.16.1.31 被管理
backup 172.16.1.41 被管理

所有機器系統環境統一

[root@m01 /]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core) 
[root@m01 /]# uname -r
3.10.0-862.el7.x86_64

1.1 所有的服務器創建普通用戶及密碼

useradd xiaoli
echo "123456" |passwd --stdin xiaoli
id xiaoli
su - xiaoli  #<==統一切換到xiaoli用戶

1.2 m01產生密鑰
#使用xiaoli用戶來創建私鑰,並且分發公鑰

[xiaoli@m01 ~]$ ssh-keygen -t dsa   #<==生成私鑰(一路回車)
Generating public/private dsa key pair.
Enter file in which to save the key (/home/xiaoli/.ssh/id_dsa): 
Created directory ‘/home/xiaoli/.ssh‘. #<==私鑰存放的目錄
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/xiaoli/.ssh/id_dsa.
Your public key has been saved in /home/xiaoli/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:/UtUhhM++KSQH9OgJyP+MCRz+LhdYfRt/r6384aVLzU xiaoli@m01
The key‘s randomart image is:
+---[DSA 1024]----+
|        . . .    |
|     . . + * o   |
|    + + O * X o  |
|     O o O O =   |
|    . = S + +   .|
|     o =   o . Eo|
|    . . .   o .+o|
|           . oo.+|
|            . o*=|
+----[SHA256]-----+

[xiaoli@m01 ~]$ pwd
/home/xiaoli
[xiaoli@m01 ~]$ ls .ssh/
id_dsa  id_dsa.pub
[xiaoli@m01 ~]$ ll .ssh/
total 8
-rw------- 1 xiaoli xiaoli 672 Nov  5 20:57 id_dsa #<==私鑰
-rw-r--r-- 1 xiaoli xiaoli 600 Nov  5 20:57 id_dsa.pub  #<==公鑰

1.3 管理機分發公鑰給客戶端
管理機推送公鑰給backup

[xiaoli@m01 ~]$ ssh-copy-id -i .ssh/id_dsa.pub [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_dsa.pub"
The authenticity of host ‘172.16.1.41 (172.16.1.41)‘ can‘t be established.
ECDSA key fingerprint is SHA256:9mwPu7qxdn4iuw1GFz5nXmBdpXKRoj0D8dhDo6sp9XQ.
ECDSA key fingerprint is MD5:d2:35:47:86:60:b5:97:16:3f:26:4c:91:78:3a:02:2a.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]‘s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘[email protected]‘"
and check to make sure that only the key(s) you wanted were added.
#backup上查看是否收到公鑰
[xiaoli@backup ~]$ ls .ssh/authorized_keys 
.ssh/authorized_key

#配置文件默認就是.ssh/authorized_key這個文件名,是由/etc/ssh/sshd_config這個配置文件所定義

[root@backup backup]$ grep authorized_keys /etc/ssh/sshd_config |egrep -v "^#"   
AuthorizedKeysFile      .ssh/authorized_keys

管理機推送公鑰給nfs

[xiaoli@m01 ~]$ ssh-copy-id -i .ssh/id_dsa.pub [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_dsa.pub"
The authenticity of host ‘172.16.1.31 (172.16.1.31)‘ can‘t be established.
ECDSA key fingerprint is SHA256:9mwPu7qxdn4iuw1GFz5nXmBdpXKRoj0D8dhDo6sp9XQ.
ECDSA key fingerprint is MD5:d2:35:47:86:60:b5:97:16:3f:26:4c:91:78:3a:02:2a.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]‘s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘[email protected]‘"
and check to make sure that only the key(s) you wanted were added.

#nfs上查看是否收到公鑰
[xiaoli@nfs ~]$ ls -l .ssh/
total 4
-rw------- 1 xiaoli xiaoli 600 Nov  5 21:16 authorized_keys

管理機推送公鑰給web01

[xiaoli@m01 ~]$ ssh-copy-id -i .ssh/id_dsa.pub [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_dsa.pub"
The authenticity of host ‘172.16.1.7 (172.16.1.7)‘ can‘t be established.
ECDSA key fingerprint is SHA256:9mwPu7qxdn4iuw1GFz5nXmBdpXKRoj0D8dhDo6sp9XQ.
ECDSA key fingerprint is MD5:d2:35:47:86:60:b5:97:16:3f:26:4c:91:78:3a:02:2a.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]‘s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘[email protected]‘"
and check to make sure that only the key(s) you wanted were added.

#web01查看是否收到公鑰
[xiaoli@web01 ~]$ ls -l .ssh/
total 4
-rw------- 1 xiaoli xiaoli 600 Nov  5 21:20 authorized_keys

1.4 管理機實現批量獲取參數
單獨查看某一臺客戶端IP地址,如果端口號為22,就不需要加-p

[xiaoli@m01 ~]$ ssh [email protected] /sbin/ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.31  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::7ef6:6b6b:fba4:c66c  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::f15a:916:1ee7:65e9  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:20:de:ec  txqueuelen 1000  (Ethernet)
        RX packets 68059  bytes 50182137 (47.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 32722  bytes 6712416 (6.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
#我們可以發現這時執行ssh就不需要輸入密碼

創建腳本查看三臺客戶端的IP地址

[xiaoli@m01 ~]$ mkdir seripts
[xiaoli@m01 ~]$ cd seripts
[xiaoli@m01 seripts]$ cat view_ip.sh   
#!/bin/sh
User=xiaoli
Ip=(
172.16.1.7
172.16.1.31
172.16.1.41
)
for ((i=0;i<${#Ip[*]};i++))
do
        ssh ${User}@${Ip[$i]} /sbin/ifconfig ens33
done

#執行腳本
[xiaoli@m01 seripts]$ sh view_ip.sh 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.7  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::7ef6:6b6b:fba4:c66c  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::b85a:6444:fdc7:90ef  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::f15a:916:1ee7:65e9  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:32:88:be  txqueuelen 1000  (Ethernet)
        RX packets 11633  bytes 2805754 (2.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6003  bytes 1047269 (1022.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.31  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::7ef6:6b6b:fba4:c66c  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::f15a:916:1ee7:65e9  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:20:de:ec  txqueuelen 1000  (Ethernet)
        RX packets 68065  bytes 50182545 (47.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 32726  bytes 6712704 (6.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.41  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::7ef6:6b6b:fba4:c66c  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::b85a:6444:fdc7:90ef  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::f15a:916:1ee7:65e9  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:21:a4:2a  txqueuelen 1000  (Ethernet)
        RX packets 123357  bytes 15582283 (14.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 130534  bytes 11862139 (11.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
上面結果為成功標誌!連接所有機器,不提示密碼直接可以操作

1.5 scp實現批量下發文件

每臺服務器root權限下實施sudo
#切換到root用戶,給xiaoli用戶賦予有rsync的命令執行權限
echo "xiaoli ALL=(ALL) NOPASSWD:/usr/bin/rsync ">>/etc/sudoers
visudo -c

將/etc/hosts文件拷貝到家目錄(xiaoli),並修改hosts文件內容

[xiaoli@m01 ~]$ cp /etc/hosts .

[xiaoli@m01 ~]$ tail -5  hosts
172.16.1.7 web01
172.16.1.41 backup
172.16.1.31 nfs
172.16.1.51 m01
################2018-11-5################

使用腳本批量分發hosts文件

[xiaoli@m01 ~]$  cat seripts/fenfa_file.sh 
#!/bin/sh
User=xiaoli
Ip=(
172.16.1.7
172.16.1.31
172.16.1.41
)
for ((i=0;i<${#Ip[*]};i++)) 
do
 scp ~/hosts ${User}@${Ip[$i]}:~
 ssh -t ${User}@${Ip[$i]} sudo rsync ~/hosts /etc/hosts 
done
#運行批量分發腳本
[xiaoli@m01 seripts]$ sh  fenfa_file.sh
hosts                                                                     100%  268   245.5KB/s   00:00    
Connection to 172.16.1.7 closed.
hosts                                                                     100%  268    47.6KB/s   00:00    
Connection to 172.16.1.31 closed.
hosts                                                                     100%  268   295.1KB/s   00:00    
Connection to 172.16.1.41 closed.

客戶端查看結果

#以backup客戶端為例展示結果:
[xiaoli@backup ~]$ tail -5 /etc/hosts
172.16.1.7 web01
172.16.1.41 backup
172.16.1.31 nfs
172.16.1.51 m01
################2018-11-5################

擴展:使用rsync通道模式,實現增量、加密

[xiaoli@m01 ~]$ rsync -avz hosts -e ‘ssh -p 22‘ [email protected]
sending incremental file list
hosts

sent 214 bytes  received 35 bytes  498.00 bytes/sec
total size is 268  speedup is 1.08

Web集群之SSH批量管理

相關推薦

WebSSH批量管理

gre linux i++ save only ffffff code ref 圖片 1、什麽是SSH批量管理在管理機產生公鑰和私鑰,然後把自己的公鑰推送給需要被管理的服務器,然後就可以通過scp和ssh命令,無需輸入密碼即可管理 鎖=公鑰,鑰匙=私鑰 企業裏實現ssh方案

Web叢集SSH批量管理

1、什麼是SSH批量管理在管理機產生公鑰和私鑰,然後把自己的公鑰推送給需要被管理的伺服器,然後就可以通過scp和ssh命令,無需輸入密碼即可管理 鎖=公鑰,鑰匙=私鑰 企業裡實現ssh方案:1)直接root ssh key。條件:系統允許root使用ssh2)sudo提權來實現沒有許可權使用者拷貝

WEB小型架構圖

web 集群架構 linux運維 話不多說,直接上圖WEB集群之小型架構圖

WebNFS(網絡文件系統)

訪問共享 卸載 文件路徑 nta 匹配 work status ext 後臺 1、什麽是NFSNFS(Network File System)網絡文件系統它的主要功能是通過網絡(一般是局域網)讓不同主機系統之間共享文件或目錄NFS客戶端(應用服務器,例如web)可以掛載(m

Web全網備份腳本

module ucc creat eat awk ron ech pass 日誌 需求:實現指定目錄或文件定時打包到本地的/backup目錄以本機IP命名的目錄下,並且對打包的文件做md5哈希,然後將哈希的結果寫入到當前目錄下md5.log文件中,然後將打包的文件推送到ba

web網站企業級Nginx Web服務優化詳解(二)

監牢模式 優雅顯示 防盜鏈 非法解析 12 配置Nginx gzip壓縮實現性能優化 100k ---- 1s 90k 100k ---- 5s 10k gzip on; gzip_min_length 1k; gzip_buffers

Mongodb副本

only sim post ims mongob sta art 機制 wid 上篇咱們遺留了幾個問題 1主節點是否能自己主動切換連接?眼下須要手動切換 2主節點讀寫壓力過大怎樣解決 3從節點每一個上面的數據都是對數據庫全量拷

LVS十種調度算法及負載均衡-理論

不同 是把 標記 iptables 針對 能夠 hash 比例 ssi 一、LVS概念 LVS(Linux Virtual Server):linux 虛擬服務器 LVS是個負載均衡設備,它不提供任何服務,用戶請求到這裏的時候,它是將客戶需求轉發至後端真正提供服

Linux系統Oracle 12cR2 RAC安裝與維護管理(12.2)專題

oracle教程 oracle培訓 oracle數據庫教程 oracle工程師培訓 oracle數據庫培訓 風哥Linux系統Oracle 12cR2 RAC集群安裝與維護管理(12.2)專題包括內容:Oracle數據庫12cR2(項目實戰之一):在Windows上安裝Oracle12.2

web中經常使用的session同步解決方式及對照

mem pro 操作 資源 white 也有 分布式 ntc popu 隨著站點的功能越來越多,用戶量越來越龐大,單節點模式已經嚴重不能支撐整個系統的正常運作,輕則用戶頁面訪問時間越來越慢。重則就會導致整個系統癱瘓。這時候 就須要優化或調整眼下的架構,大部分人

Redis優化系統參數

結果 一行 root shell 針對 isa cnblogs som 訪問控制 1.最大打開文件數量 (1)編輯資源限制文件,針對redis用戶做資源訪問控制,在文件尾加入最後兩行,   sudo vim /etc/security/limits.conf (2) su

Redis配置文件詳解(待完善)

enable ice local ise bare config 停止 databases end 運維Redis集群的核心任務就是配置文件Redis.conf 命令行將現使用的Redis配置參數導出到 redis.conf.bak文件 grep ‘^[^#]‘ /etc

mysql主從配置(windows和linux版)

p s class 本地 -h 路徑 數據庫容災 主從機 混合 二進制文件 起因   由於網站進一步開發運行的需求,要求主機7*24小時運行正常,同時要求能夠防止數據庫災難。考慮到後期的開發程度和業務量,準備向高可用系統進行改變,同時通過負載均衡提高網絡性能。於是第一步就

ssh批量管理分發項目實戰介紹與實踐

linuxssh認證類型:基於口令的安全驗證,批量管理?expect,pssh,sshpassm01機器(鑰匙)私鑰被管理機器(鎖)公鑰 m01nfs01backupweb011、在上面4臺機器上面操作:創建用戶及密碼useradd oldgirlecho 123456|passwd --stdin

Hadoopvsftpd設置

匿名用戶訪問 集群 table time 最小化安裝 get 手動 服務 logs 1、centos最小化安裝很有可能沒裝vsftpd(這麽說是因為,非最小化安裝有可能裝了的) chkconfig –list | grep vsftpd 沒有任何反應 yum –y inst

OleansConsul再解釋

復制 .com src baidu 配置文件 源碼 技術分享 png text Oleans集群之Consul再解釋 由於上周發文章的時候,我正要打算出門,所以就把寫好的全部發出去了,有點倉促,雖然寫了主線,但是這裏還是需要再次解釋一下. 我看到Orleans已經升級到了1

Nginx+Keepalived搭建高可用負載平衡WEB

集群 nginx+keepalived Nginx+Keepalived搭建高可用負載平衡WEB 集群 1.1環境規劃: Nginx_master:192.168.5.129Nginx_backup:192.168.5.131Tomcat:192.168.5.132 端口:8080,9080 操作系統

web時代

反向代理 enable lvs pad 優化 balance 七層 1-1 image 隨著業務的不斷增加,我們的單臺服務器承受不住需求,那麽我們就需要對此進行伸縮,有兩種維度,一種是縱向的也就是增大該臺服務器的硬件,再者就是加新服務器與之前的機器組成集群對外提供服務,我們

corosync+pacemaker+crmsh的高可用web的實現

corosync pacemaker crmsh httpd網絡規劃:node1:eth0:172.16.31.10/16node2: eth0: 172.16.31.11/16nfs: eth0: 172.16.31.12/15註:nfs在提供NFS服務的同時是一臺NTP服務器,可以讓node1和nod

heartbeat v2版CRM的高可用web的實現

heartbeat heartbeat v2 crm on上篇文章:heartbeat v1版CRM的高可用集群的實現集群架構圖 : 主節點(172.16.31.10)客戶端(172.16.31.12) Vitual IP(172.16.3