Requirement Description:
1) if there is no Marshall user on a node with hundreds of Linux servers, add the user and replace the second field in the/etc/shadow column. If the user exists, replace the second field character of/etc/shadow.
2) check whether there is a sudo command on the node server. If there is a sudo command, it means it exists. Otherwise, install the sudo command.
3) enables the Marshall user to execute all the commands with the root permission.
1. Set up the saltstack Service
1. install and configure the master on the saltstack server.
[[email protected] ~]# rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm[[email protected] ~]# yum install -y salt-master[[email protected] ~]# /etc/init.d/salt-master start[[email protected] ~]# chkconfig salt-master on[[email protected] ~]# chkconfig --list salt-mastersalt-master 0:off 1:off 2:on 3:on 4:on 5:on 6:off
2. Modify the default/etc/salt/Master configuration file and restart the salt-master service.
[[Email protected] ~] # Vim/etc/salt/masterinterface: 10.0.1.173 # publish_port: 4505 # Listening to the salt message publishing system Port ret_port: 4506 # port on which the salt client communicates with the server [[email protected] ~] #/Etc/init. d/salt-master restart must ensure that the two ports can communicate normally. If the iptables firewall is enabled, add the following two rules: -A input-M state -- state new-m tcp-p tcp -- dport1_5-J ACCEPT-A input-M state -- state new-m tcp-p tcp -- dport4506-J accept
3. install and configure the minion end of saltstack.
1) install the minion software package.
[[Email protected] ~] # Yum install-y salt-Minion [[email protected] ~] # Vim/etc/salt/minionmaster: 10.0.1.173 # enter the Master Ip address ID: vmware2 # minion client host name (identification character) master_port: 4506 # enable the port on which the salt client communicates with the server
2) Start or restart the minion service.
[[email protected] ~]# /etc/init.d/salt-minion restart
4. Configure Automatic Authentication
1) on the master side, open the note in the configuration file:
Auto_accept: True, set to auto accept.
[[Email protected] ~] # Vim/etc/salt/masterauto_accept: True restart the salt-master service. [[Email protected] ~] #/Etc/init. d/salt-master restart [[email protected] ~] # Salt-key-laccepted keys: vmware1vmware2unaccepted keys: rejected keys:
2) run the test.
[[email protected] ~]# salt ‘*‘ test.pingvmware2: True[[email protected] ~]# salt ‘*‘ cmd.run ‘date‘vmware2:Fri Aug 22 12:05:24 CST 2014
2. Write the shell script as needed and run it on the master to check the effect.
1. Write the shell script and debug it on the virtual machine.
[[email protected] ~]# cat add_user.sh #!/bin/bashPS=`awk -F ":" ‘/taokey/ {print $2}‘/etc/shadow`if id taokey &>/dev/null 2>&1thensed -i ‘/taokey/s#‘$PS‘#abcd#g‘/etc/shadowelseuseradd taokeysed -i ‘/taokey/s/!!/abcd/‘g/etc/shadowfiif [ -n `which sudo` ];then echo ‘sudoexist‘ &>/dev/null 2>&1else /usr/bin/yuminstall -y sudo echo"taokey ALL=(ALL) ALL">>/etc/sudoersfiNum=`grep taokey /etc/sudoers | wc -l`if [ "$Num" = "1" ]then echo"user is exist." >/dev/nullelse echo"taokey ALL=(ALL) ALL">>/etc/sudoersfi
2. Create the/srv/salt directory and put the debugged shell script add_user.sh under the/srv/salt directory.
[[email protected] ~]# mkdir -p /srv/salt[[email protected] ~]# cp add_user.sh /srv/salt/
3. Run the add_user.sh script with salt.
[[email protected] ~]# cd /srv/salt/[[email protected] salt]# lsadd_user.sh[[email protected] salt]# salt ‘*‘ cmd.scriptsalt://add_user.shvmware2: ---------- pid: 4960 retcode: 0 stderr: stdout:
Client before executing the Script: [[email protected] ~] # Cat/etc/shadow | grep taokey [[email protected] ~] # Client after execution: [email protected] ~] # Cat/etc/shadow | grep taokeytaokey: ABCD: 16304: 0: 99999: 7: [[email protected] ~] # Which sudo/usr/bin/sudo [[email protected] ~] # Tail/etc/sudoers # CDROM as root # % users all =/sbin/Mount/mnt/CDROM, /sbin/umount/mnt/CDROM # allows members of the Users Group to shutdown Thissystem # % users localhost =/sbin/shutdown-H now # Read drop-in files from/ ETC/sudoers. D (the # heredoes not mean a comment) # includedir/etc/sudoers. dtaokey all = (all) All
4. Perform online operations on the VM.
At this time, I can operate more than 100 servers in batches.
This article from the "years in the passage, the glory is still in" blog, please be sure to keep this source http://taokey.blog.51cto.com/4633273/1543473
Automatic O & M saltstack replacement string in batches