[21:33 root@m01 ~]# vim /server/scripts/fenfa_pub.sh
#!/bin/bash
for ip in 31 41
do
ssh-copy-id -i ~/.ssh/id_dsa.pub 172.16.1.$ip
done
2.第一次分发公钥的时候需要输入密码
sshpass -p 123456 ssh-copy-id -p22 -i ~/.ssh/id_dsa.pub 10.0.0.41 -o StrictHostKeyChecking=no
3.第一次分发公钥的时候需要输入确认信息
sssh-copy-id -p22 -i ~/.ssh/id_dsa.pub 10.0.0.41 -o StrictHostKeyChecking=no
ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && cat >> .ssh/authorized_keys
$@ 脚本所有参数
umask 权限是077
mkdir -p .ssh
cat >> .ssh/authorized_keys
删除之前的秘钥对,创建新环境
[09:35 root@m01 ~]# rm -rf .ssh/id_dsa .ssh/id_dsa.pub
4.创建指定的秘钥
-t 指定秘钥类型 dsa rsa
-f 指定私钥的位置
-P 命令行中指定密码
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ‘’
[09:35 root@m01 ~]# ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
Generating public/private dsa key pair.
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:kIna+Ce3UvZoIPzuIiOvKOaQwysKPlAeCTCC6zo+DRk root@m01
The key's randomart image is:
+---[DSA 1024]----+
|\* |
|+. . o |
| o .. + |
|.E++ . |
|.+=.. S |
|o=+.. o |
|B.ooo+oo |
|&=o.o+o.. |
|%@++oo. |
+----[SHA256]-----+
5.免密交互
sshpass -p 123456 ssh -o StrictHostKeyChecking=no 172.16.1.31 hostname
6.免密分发秘钥
sshpass -p123456 ssh-copy-id -o StrictHostKeyChecking=no 172.16.1.7
7.可以依次给其他主机分发秘钥
[09:57 root@m01 ~]# ssh 172.16.1.31 hostname
nfs01
[09:57 root@m01 ~]# ssh 172.16.1.41 hostname
backup
[09:57 root@m01 ~]# ssh 172.16.1.7 hostname
web01
8.sshpass为ssh 提供密码
非交互式 sshpass需要安装
[19:14 root@m01 ~]# sshpass -p123456 ssh 172.16.1.7 hostname
web01
9.for 循环语句
for 循环的格式:
for 变量 in 列表
do
命令
done
for ip in 7 41
do
echo 172.16.1.$ip
done
[15:05 root@m01 ~]# for ip in 7 41; do echo 172.16.1.$ip; done
172.16.1.7
172.16.1.41
通过for 循环和sshpass 批量分发公钥
10.写一个for循环脚本
[10:04 root@m01 ~]# vim /server/scripts/for.sh
#!/bin/bash
for ip in {1..7}
do
echo 172.16.1$ip
done
执行一下:
[10:05 root@m01 ~]# sh /server/scripts/for.sh
172.16.11
172.16.12
172.16.13
172.16.14
172.16.15
172.16.16
172.16.17
11.用for循环语句批量分发秘钥
直接执行命令:
for ip in 7 41 31; do sshpass -p123456 ssh-copy-id -o StrictHostKeyChecking=no 172.16.1.$ip; done
或写脚本文件:
[10:11 root@m01 ~]# vim /server/scripts/fenfa.sh
#!/bin/bash
for ip in 7 41 31
do
sshpass -p123456 ssh-copy-id -o StrictHostKeyChecking=no 172.16.1.$ip
done
二、※创建一个脚本※
非交互式创建秘钥
非交互式分发秘钥
[10:43 root@m01 ~]# vim /server/scripts/fenfa.sh
#!/bin/bash
#make key pair \\创建秘钥
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
#fenfa public key \\分发秘钥
for ip in 7 41 31
do
sshpass -p123456 ssh-copy-id -o StrictHostKeyChecking=no 172.16.1.$ip
done
1.检查一下批量分发秘钥是否可以免密
[11:25 root@m01 ~]# ssh 172.16.1.7 hostname
web01
[11:25 root@m01 ~]# ssh 172.16.1.41 hostname
backup
[11:25 root@m01 ~]# ssh 172.16.1.31 hostname
nfs01
2.脚本书写流程:
1.第一步m01安装ansible
2.第二步创建公钥私钥
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
3.第三步推送公钥
sshpass -p123456 ssh-copy-id -f -i ~/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no" 172.16.1.41
4.第四部执行命令
ansible oldboy -m shell -a "w;df -h;free -h"
ansible /etc/ansible/hosts里设置的 主机组 -m 模块名 -a "命令"
扩展:脚本中添加一些其他的要求
三、☆※ ansible 批量管理 ※☆
不理解—先看图
安装ansible
yum install -y ansible
1.※ 查看ansible下配置文件
[11:53 root@m01 ~]# rpm -ql ansible|grep -v /usr/
/etc/ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts
/etc/ansible/roles
2.编辑主机清单/etc/ansible/hosts
在管理端配置好秘钥认证
[11:54 root@m01 ~]# ssh 172.16.1.41 hostname
backup
[11:56 root@m01 ~]# vim /etc/ansible/hosts
......
[oldboy]
172.16.1.7
172.16.1.41
172.16.1.31
[11:58 root@m01 ~]# tail -4 /etc/ansible/hosts
[oldboy]
172.16.1.7
172.16.1.41
172.16.1.31
3.ping 检查所有客户端是否存活
-m ping 检测添加的oldboy模块中的主机通不通
[11:58 root@m01 ~]# ansible oldboy -m ping
172.16.1.41 | SUCCESS => {
"ansible\_facts": {
"discovered\_interpreter\_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong" \\pong表示通了
}
172.16.1.31 | SUCCESS => {
"ansible\_facts": {
"discovered\_interpreter\_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong" \\pong表示通了
}
172.16.1.7 | SUCCESS => {
"ansible\_facts": {
"discovered\_interpreter\_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong" \\pong表示通了
}
4.执行指定命令
command命令模式(只能执行简单命令 不支持 特殊符号)
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,涵盖了95%以上运维知识点,真正体系化! 详情docs.qq.com/doc/DSmdCdUNwcEJDTXFK
