ssh秘钥认证
基于口令的安全验证
[[email protected] ~]# ssh 10.0.0.41 hostname [email protected]‘s password: backup [[email protected] ~]# ssh 10.0.0.41 whoami [email protected]‘s password: root [[email protected] ~]# ssh [email protected] whoami [email protected]‘s password: oldboy
view
1.生成钥匙和锁头
[[email protected] ~]# hostname m01 [[email protected] ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 29:37:1b:e1:9f:0a:ab:77:a0:fc:60:41:2d:bc:85:dd [email protected] The key‘s randomart image is: +--[ DSA 1024]----+ | | | . + . | | = + E | | . + . o | | o . S | | ..o = . | | .o.... o | | .o..o.. | | .+o.. | +-----------------+
view
2.把锁头发送到 backup 和 nfs01上
发送到 backup [[email protected] ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub [email protected] The authenticity of host ‘172.16.1.41 (172.16.1.41)‘ can‘t be established. RSA key fingerprint is ac:0f:aa:d2:5b:ff:cf:ac:f0:76:37:a6:be:31:b9:f9. Are you sure you want to continue connecting (yes/no)? y Please type ‘yes‘ or ‘no‘: yes Warning: Permanently added ‘172.16.1.41‘ (RSA) to the list of known hosts. [email protected]‘s password: Now try logging into the machine, with "ssh ‘[email protected]‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. [[email protected] ~]# ssh 10.0.0.41 hostname backup ? ? #nfs01 [[email protected] ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub [email protected] The authenticity of host ‘172.16.1.31 (172.16.1.31)‘ can‘t be established. RSA key fingerprint is ac:0f:aa:d2:5b:ff:cf:ac:f0:76:37:a6:be:31:b9:f9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘172.16.1.31‘ (RSA) to the list of known hosts. [email protected]‘s password: Now try logging into the machine, with "ssh ‘[email protected]‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. [[email protected] ~]# ssh 172.16.1.31 hostname nfs01
view
3.把锁头发送到 backup 和 nfs01上 - 免密码
yum install sshpass -y #sshpass 给ssh类提供密码 [[email protected] ~]# sshpass -p123456 ssh 172.16.1.41 hostname backup sshpass -p123456 ssh -o StrictHostKeyChecking=no 172.16.1.41 hostname backup
view
非交互式创建 钥匙锁头
[[email protected] ~]# ssh-keygen -t dsa -P ‘‘ -f ~/.ssh/id_dsa Generating public/private dsa key pair. /root/.ssh/id_dsa already exists. Overwrite (y/n)? y Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: e0:8d:9b:00:99:fe:fc:67:be:65:8c:b0:b1:cc:fc:8c [email protected] The key‘s randomart image is: +--[ DSA 1024]----+ | | | o | | + . | | . . . + | | . . = S | | o = B o | | o O . + | | . +oo | | E+=. | +-----------------+
view
非交互式 分发公钥
[[email protected] ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected]" Now try logging into the machine, with "ssh ‘-o StrictHostKeyChecking=no [email protected]‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. ? ? [[email protected] ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected]" Now try logging into the machine, with "ssh ‘-o StrictHostKeyChecking=no [email protected]‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. ? ? [[email protected] ~]# ssh 172.16.1.41 hostname backup [[email protected] ~]# ssh 172.16.1.31 hostname nfs01
view
ansible部署
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo ? #m01 yum install ansible -y yum install libselinux-python -y ? #backup nfs01 yum install libselinux-python -y [[email protected] ~]# tree /etc/ansible/ /etc/ansible/ ├── ansible.cfg #ansible的配置文件 ├── hosts #ansible管理了 哪些服务器 服务器列表 └── roles 1 directory, 2 files [[email protected] ~]# cat /etc/ansible/hosts [oldboy] 172.16.1.31 172.16.1.41 ? ansible oldboy -m command -a "hostname" ansible oldboy -m command -a "yum install cowsay -y"
install
测试:复制文件
[[email protected] ~]# ansible oldboy -m copy -a "src=/etc/hosts dest=/tmp owner=oldboy mode=0755"
172.16.1.41 | SUCCESS => {
"changed": true,
"checksum": "bc07bb4d3a780f4fd8cae94ec7bff04edb1a5a4e",
"dest": "/tmp/hosts",
"gid": 0,
"group": "root",
"md5sum": "55ee21bf1168f9be70abd35bf29d8e4a",
"mode": "0755",
"owner": "oldboy",
"size": 364,
"src": "/root/.ansible/tmp/ansible-tmp-1517744820.18-259504826638509/source",
"state": "file",
"uid": 500
}
172.16.1.31 | SUCCESS => {
"changed": true,
"checksum": "bc07bb4d3a780f4fd8cae94ec7bff04edb1a5a4e",
"dest": "/tmp/hosts",
"gid": 0,
"group": "root",
"md5sum": "55ee21bf1168f9be70abd35bf29d8e4a",
"mode": "0755",
"owner": "oldboy",
"size": 364,
"src": "/root/.ansible/tmp/ansible-tmp-1517744820.17-14642605512978/source",
"state": "file",
"uid": 500
}
?
?
[[email protected] ~]# ansible oldboy -m command -a "ls -l /tmp/hosts"
172.16.1.31 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 oldboy root 364 Feb 4 19:47 /tmp/hosts
172.16.1.41 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 oldboy root 364 Feb 4 19:47 /tmp/hosts
install
ansible oldboy -m copy -a "src=/etc/hosts dest=/tmp backup=yes" ansible-doc -l|wc -l ansible-doc -s copy # 查看文档 ansible oldboy -m copy -a "src=/server/scripts/yum-htop.sh dest=/server/scripts/ " ansible oldboy -m shell -a "/bin/sh /server/scripts/yum-htop.sh" ansible oldboy -m script -a "/server/scripts/yum.sh"
view
定时任务
[[email protected] scripts]# ansible oldboy -m cron -a "name=‘restart network‘ minute=00 hour=00 job=‘ /etc/init.d/network restart >/dev/null 2>&1‘"
172.16.1.31 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"restart network"
]
}
172.16.1.41 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"restart network"
]
}
?
[[email protected] scripts]# ansible oldboy -a "crontab -l"
172.16.1.41 | SUCCESS | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
#check & send result lee at 2017-01-01
00 03 * * * /bin/sh /server/scripts/check.sh >/dev/null 2>&1
#Ansible: restart network
00 00 * * * /etc/init.d/network restart >/dev/null 2>&1
172.16.1.31 | SUCCESS | rc=0 >>
#time sync by lidao at 2017-03-08
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
#Ansible: restart network
00 00 * * * /etc/init.d/network restart >/dev/null 2>&1
?
mkdir -p /server/playbook
?
[[email protected] playbook]# cat ifconfig.yml
- hosts: oldboy
tasks:
- command: ifconfig
- shell: ifconfig >/tmp/ip.log
?
?
ansible-playbook -C ifconfig.yml
ansible-playbook ifconfig.yml
[[email protected] ~]# ansible oldboy -m cron -a "name=‘restart network‘ minute=00 hour=00 job=‘/etc/init.d/network restart >/dev/null 2>&1‘"
172.16.1.41 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"restart network"
]
}
172.16.1.31 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"restart network"
]
}
?
?
?
?
?
[[email protected] ~]# ansible oldboy -m cron -a "name=‘restart network‘ state=absent "
172.16.1.31 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
172.16.1.41 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
?
view
简单例子1:批量执行命令
把所有服务器的ip地址追加到/tmp/ip.log中
[[email protected] playbook]# cat print-ip.yml - hosts: all tasks: - name: get ip address shell: ifconfig eth0 |awk -F "[ :]+" ‘NR==2{print $4}‘ >>/tmp/ip.log ansible-playbook -C print-ip.yml ansible-playbook print-ip.yml ansible all -a "tail -1 /tmp/ip.log" ? ansible oldboy -m cron -a ‘name="restart network" minute=00 hour=00 job="/etc/init.d/network restart >/dev/null 2>&1" state=present‘ ? ? [[email protected] playbook]# cat add-cron.yml - hosts: oldboy tasks: - name: add restart network cron cron: name="restart network" minute=00 hour=00 job="/etc/init.d/network restart >/dev/null 2>&1" state=present ? ? playbook添加定时任务 [[email protected] playbook]# ansible oldboy -a "crontab -l" 172.16.1.41 | SUCCESS | rc=0 >> #time sync by lidao at 2017-03-08 */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1 #check & send result lee at 2017-01-01 00 03 * * * /bin/sh /server/scripts/check.sh >/dev/null 2>&1 172.16.1.31 | SUCCESS | rc=0 >> #time sync by lidao at 2017-03-08 */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1
view
2.playbook添加定时任务
不支持tab
- hosts: oldboy tasks: - name: add restart network cron cron: name="restart network" minute=00 hour=00 job="/etc/init.d/network restart >/dev/null 2>&1" state=present - hosts: oldboy tasks: - name: add restart network cron cron: name: restart network minute: 00 hour: 00 job: /etc/init.d/network restart >/dev/null 2>&1 state: present
两种书写格式
例3:对同一台机器配置多个任务
重启网络 service
安装软件 yum
显示时间信息到文件 date
[[email protected] playbook]# cat manage.yml - hosts: all tasks: - name: restart network service: #服务 name: network #服务器名 state: restarted #状态 - name: install tree nmap lrzsz iftop htop iotop nc shell: yum install -y tree nmap lrzsz iftop htop iotop nc - name: print date to file shell: date +%F >>/tmp/date.log
view
?
[[email protected] playbook]# cat hosts.yml
- hosts: 172.16.1.41
tasks:
- name: mkdir
shell: mkdir -p /oldboy/backup
- hosts: 172.16.1.31
tasks:
- name: find
shell: find /etc -type f -name "*.conf" >>/tmp/name.log
ansible安装rsync服务器
nfs服务器
配置sersync数据同步
如何使用pssh (pssh pscp prsync)
view
原文地址:https://www.cnblogs.com/wenyule/p/9857982.html
时间: 2024-11-04 06:42:52