Please prepare three Linux machines for A,b,c, and ask for the following:
1, with their own name of the user to complete a key to open more lock (A, key, B,c lock) password-Free login deployment Scenario
The use of the problem in the production environment, bulk distribution of data, batch release program code, batch control management.
Large batch management software Pupet/saltstack
2, under the premise of the 1 subject also with their own name of the user to complete a number of keys to open a lock (b,c key, A lock) password-free login
b--a
c--a
In a question we created a lock and key, So B and C to control a will first send the key to B and C, because a local lock is not normal, like A to B and c the same as the public key to send one more copy, the name of the lock is authorrized_keys. So b and C can login a without a password. The
sends the key to B and C
$SCP-P SSH/ID_DSA [Email protected]:~/.ssh
3, how to implement a batch distribution file from a specified directory to b,c, User's home directory (with 1 deployment results) to investigate SCP usage
$sh fenfa.sh
4, implement a specified directory file distribution to b,c any directory (without the root user you will)
execute commands on the client
#visduo Input 98GG jump to 98 rows
Root all= (All) all
Bichen all= (All) Nopasswd:/usr/bin/rsync
Join Bichen user
echo "Bichen all= ( All) Nopasswd:/usr/bin/rsync
Check Syntax
[[email protected] ~]# visudo-c
/etc/sudoers:parsed OK
In this case, bichen this user has root privileges on this machine to execute the rsync command, as long as sudo is right. The
or not the client, because SSH can connect to the client, so the direct execution of the command is also possible.
Edit the following face script on the dispenser, which means that the script name, $ $, represents the file to be sent, the path to the remote, which is copied to the remote user's home directory and copied to the corresponding path by using sudo to power the rsync. The &&\ after the SCP command indicates that this command executes successfully after the next command is executed. 102. The virtual machine does not boot, so the display fails.
5, how to quickly see the load of all the machines LOAD,CPU, memory information (with the help of issue 1) deployment results.
(Think about how to view and distribute data concurrently if the number of servers is large.)
[Email protected] ~]$ vim view_upload.sh
#!/bin/sh
If [$#-ne 1]
Then
echo "Usage:$0 COMMAND"
Exit 1
Fi
For N in 102 104
Do
echo ==========192.168.0. $n = = = =
ssh-p22 [email protected] $n $
Done
Check the memory, check the load
[Email protected] ~]$ sh view_upload.sh uptime
==========192.168.0.102====
Nasty PTR Record "192.168.0.102" is set up for 192.168.0.102, ignoring
10:18:50 up 5 min, 1 user, load average:0.00, 0.07, 0.04
==========192.168.0.104====
10:18:50 up 1:27, 1 user, Load average:0.00, 0.00, 0.00
[[Email protected] ~]$ sh view_upload.sh "free-m"
==========192.168.0.102====
Nasty PTR Record "192.168.0.102" is set up for 192.168.0.102, ignoring
Total used free shared buffers Cached
mem:980 331 649 1 39 110
-/+ buffers/cache:181 799
swap:1983 0 1983
==========192.168.0.104====
Total used free shared buffers Cached
mem:980 320 659 1 50 103
-/+ buffers/cache:166 814
swap:1983 0 1983
6, add the title: The realization of every minute to distribute the hosts file on all machines, and the distribution failed, no successful distribution of the machine information sent to the operator in the form of mail.
The first scenario: the client uses mail and the server uses Posfix
Start the Posfix service
[Email protected] ~]#/etc/init.d/postfix restart
Shutting down postfix: [OK]
starting postfix: [OK]
[[email protected] ~]# Lsof-i: 25
COMMAND PID USER FD TYPE DEVICE size/off NODE NAME
Master 3601 Root 12u IPv4 17870 0t0 TCP localhost:smtp (LISTEN)
Master 3601 Root 13u IPv6 17872 0t0 TCP localhost:smtp (LISTEN)
Client mail command, send message format
Mail-s "title" Mail address < file
Mail-s "Bichen" [email protected] </etc/hosts
echo "Body" |mail-s "bichen" [email protected]
e-mail, the results of the seizure of free mail will often not receive the delay, so to use the charges, or their own.
[Email protected] ~]# mail-s "Bichen" [email protected] </etc/hosts
[Email protected] ~]# MAILQ
Mail queue is empty
We distribute the hosts script to redirect the distribution result append to/tmp/true.log,/tmp/fail.log, if Fail.log
The content is not empty, indicating that there is a failure, the Fail.log sent to the mailbox, and finally emptied the log.
#!/bin/sh
. /etc/init.d/functions
If [$#-ne 2]
Then
echo "Usage:$0 FileName Remotedir"
Exit 1
Fi
For N in 102 104
Do
SCP-RP $ [email protected] $n: ~ &>/dev/null&&\
ssh-t [email protected] $n sudo rsync $ &>/dev/null
If [$?-eq 0]
Then
echo "Fenfa to $192.168.0. $n is OK" >>/tmp/true.log
Else
echo "Fenfa to $192.168.0. $n is False" >>/tmp/fail.log
Fi
Done
If [-S "/tmp/fail.log"]
Then
Mail-s "$ (date +%f\%T) FENFA host" [Email Protected]</tmp/fail.log
/tmp/true.log
/tmp/fail.log
Fi
Then do the timed tasks, all the scripts are placed in the/server/scripts
#Crontab-u bichen-e means to do timed tasks under Bichen users
#fenfa hosts by Yankefei at 20170807
-
-
-
-
- /bin/sh/server/scripts/fenf a_hosts.sh &>/dev/null
Configure mail to use external SMTP to send mail
You can use an external SMTP server by modifying the configuration file. You can reach an external SMTP server to send messages without using internal mail services such as SendMail
Modify/etc/mail.rc last line join
Set from=
smtp=
Username smtp-auth-password=
Smtp-auth=login
7, the implementation of every night at 00 o'clock time to back up the data on the b,c to a, and the results of the backup information in the form of mail to the operation and maintenance personnel. The directory you are prompted to back up to contain IP or hostname
Use SCP as a script for timed tasks
8, use expect no interactive bulk distribution key to B,c that is, the first step to establish a password-free authentication before the distribution of the key to achieve non-interactive batch publishing. (If the 1000 machine is the first to do no password authentication, you have to enter 1000 times Yes and 1000 times password).
(1) Install expect
[[email protected] ~]# yum Install expect
[[email protected] ~]# which expect
/usr /bin/expect
(2 creates the expect script defines the file variable, which is our public key.) Host IP. Two parameters
, send yes to send password)
[[[email protected] ~]$ vim fenfa_sshkey.exp
#!/usr/bin/expect
If {$argc!=2} {
Send_user "Usage:expect fenfa_sshkey.exp file host\n"
Exit
}
#define Var
Set file [lindex $argv 0]
Set host [lindex $ARGV 1]
Set Password "Yankefei"
#spawn scp/etc/hosts [Email protected]:/etc/hosts
#spawn scp-p222 $file [email protected] $host: $dir
#spawn ssh-copy-id-i $file "-P 222 [email protected] $host"
Spawn ssh-copy-id-i $file "-p [email protected] $host"
Expect {
"Yes/no" {send "yes\r"; Exp_continue}
"*password" {send "$password \ r"}
}
Expect EOF
#expect fenfa_sshkey.exp ~/.ssh id_dsa.pub 192.168.0.104
The above script Fenfa_sshkey.exp implements a human-free interaction, so also write a script to invoke this script to implement multiple non-human interactions.
#vi Fenfa_key
#!/bin/sh
. /etc/init.d/functions
For IP in 102 103 104
Do
#expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub $ip >/dev/null 2>&1
Expect Fenfa_sshkey.exp ~/.ssh/id_dsa.pub 192.168.0$ip
If [$?-eq 0];then
Antion "$ip"/bin/true
Antion "$ip"/bin/false
Fi
Done
Linux batch distribution must meet the questions, through the mail feedback results.