-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
149 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,127 @@ | ||
| #!/bin/bash | ||
| ## 2016-06-06 | ||
| ## http://www.aqzt.com | ||
| ##email: [email protected] | ||
| ##robert yu | ||
| ##centos 6 | ||
|
|
||
| #安装Ansible,安装EPEL第三方yum源 | ||
| rpm -Uvh epel-release-6-8.noarch.rpm | ||
| yum install ansible -y | ||
|
|
||
| ##添加环境变量以便vi能正常显示中文注释. | ||
| vi /etc/profile | ||
| ##添加: | ||
| export LC_ALL=en_US.UTF-8 | ||
| export LANG=en_US.UTF-8 | ||
| export LANGUAGE=en_US.UTF-8 | ||
| source /etc/profile | ||
|
|
||
| ##修改主机及组配置 | ||
| cd /etc/ansible | ||
| cp hosts hosts.bak | ||
| cat /dev/null > hosts | ||
| vi /etc/ansible/hosts | ||
| ##添加: | ||
| [webservers] | ||
| 192.168.142.136 | ||
| 192.168.142.139 | ||
| [nginx] | ||
| 192.168.142.137 | ||
| 192.168.142.138 | ||
|
|
||
| ##yum -y install openssh-clients | ||
| ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected] | ||
| ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected] | ||
|
|
||
| ##ansible使用及基本语法ping | ||
| ansible all -m ping | ||
| ansible webservers -m ping | ||
|
|
||
| ##重启webservers组所有SSH服务. | ||
| ansible webservers -m service -a "name=sshd state=restarted" | ||
|
|
||
| ##command: 执行远程主机SHELL命令: | ||
| ansible webservers -m command -a "free -m" | ||
| ansible webservers -m command -a "df -h" | ||
| #检查Ansible节点的运行时间(uptime) | ||
| ansible -m command -a "uptime" 'webservers' | ||
| #检查节点的内核版本 | ||
| ansible -m command -a "uname -r" 'webservers' | ||
| #重定向输出到文件中 | ||
| ansible -m command -a "df -Th" 'webservers' > /tmp/command-output.txt | ||
| ansible -m command -a "cat /tmp/command-output.txt" 'webservers' | ||
|
|
||
| ##远程执行MASTER本地SHELL脚本.(类似scp+shell) | ||
| echo "df -h" > ~/test.sh | ||
| ansible webservers -m script -a "~/test.sh" | ||
|
|
||
| ##copy模块 | ||
| ##实现主控端向目标主机拷贝文件, 类似scp功能. | ||
| ##该实例实现~/test.sh文件至webservers组目标主机/tmp下, 并更新文件owner和group | ||
| ansible webservers -m copy -a "src=~/test.sh dest=/tmp/ owner=root group=root mode=0755" | ||
| ansible all -m copy -a "src=/root/cacti.sql dest=/opt/" | ||
|
|
||
| ##stat模块 | ||
| ##获取远程文件状态信息, 包括atime, ctime, mtime, md5, uid, gid等信息. | ||
| ansible webservers -m stat -a "path=/etc/sysctl.conf" | ||
| ansible webservers -m stat -a "path=/etc/resolv.conf" | ||
|
|
||
| ##get_url模块 | ||
| ##实现在远程主机下载指定URL到本地. | ||
| ansible webservers -m get_url -a "url=http://www.baidu.com dest=/tmp/index.html mode=0400 force=yes" | ||
|
|
||
| ##yum模块 | ||
| ##Linux包管理平台操作, 常见都会有yum和apt, 此处会调用yum管理模式 | ||
| ansible webservers -m yum -a "name=curl state=latest" | ||
| ansible webservers -m yum -a "name=nmap state=latest" | ||
| ansible all -m yum -a "state=present name=httpd" | ||
|
|
||
| ##cron模块 | ||
| ##远程主机crontab配置 | ||
| ansible webservers -m cron -a "name='check dir' hour='5,2' job='ls -alh > /dev/null'" | ||
| ansible all -m cron -a 'name="custom job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate time.windows.com"' | ||
|
|
||
| ##service模块 | ||
| ##远程主机系统服务管理 | ||
| ansible webservers -m service -a "name=crond state=stopped" | ||
| ansible webservers -m service -a "name=crond state=restarted" | ||
| ansible webservers -m service -a "name=crond state=reloaded" | ||
|
|
||
| ##user服务模块 | ||
| ##远程主机系统用户管理 | ||
| ##添加用户: | ||
| ansible webservers -m user -a "name=johnd comment='John Doe'" | ||
| ansible webservers -m user -a "name=test comment='test'" | ||
|
|
||
| ##yum install python-pip | ||
| ##pip install passlib | ||
| ##python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())" | ||
| ##添加一有密码的用户,用户test1密码123123 | ||
| ansible webservers -m user -a 'name=test1 password="$6$rounds=656000$sn1Fn.0CnGR1zfka$UNmvy4M6k83/pdro07EjUdtTiuwDzj5lF0v3lPUmsPNXzGBOupf7JWXno/GkHRVkripaxrhWGovqxb6nBf8480"' | ||
| #检查是否添加正常 | ||
| ansible -m command -a "grep johnd /etc/passwd" 'webservers' | ||
| ##删除用户: | ||
| ansible webservers -m user -a "name=johnd state=absent remove=yes" | ||
|
|
||
| ##模块file,可以修改用户与权限 | ||
| ansible webservers -m file -a "dest=/tmp/test.sh mode=755 owner=test group=test" | ||
|
|
||
| ##synchronize模块: | ||
| ##delete=yes 使两边的内容一样(即以推送方为主) | ||
| ##compress=yes 开启压缩,默认为开启 | ||
| ##--exclude=.git 忽略同步.git结尾的文件 | ||
| ##将主控方/root/a目录推送到指定节点的/tmp目录下 | ||
| ansible 10.1.1.113 -m synchronize -a 'src=/root/a dest=/tmp/ compress=yes' | ||
|
|
||
| ##将10.1.1.113节点的/tmp/a目录拉取到主控节点的/root目录下 | ||
| ansible 10.1.1.113 -m synchronize -a 'mode=pull src=/tmp/a dest=/root/' | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,7 +5,12 @@ | |
| ##robert yu | ||
| ##centos 6 | ||
|
|
||
| #ssh无密码认证 | ||
| #ssh无密码认证 RSA | ||
| ssh-keygen -t rsa | ||
| cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys | ||
| chmod 600 ~/.ssh/authorized_keys | ||
|
|
||
| #ssh无密码认证 DSA | ||
| ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa | ||
| cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys | ||
| chmod 600 ~/.ssh/authorized_keys | ||
|
|
@@ -18,8 +23,9 @@ ssh -v localhost | |
|
|
||
| #拷贝本地生产的key到远程服务器端(两种方法) | ||
| #1 | ||
| cat ~/.ssh/id_rsa.pub | ssh 远程用户名@远程服务器ip 'cat - >> ~/.ssh/authorized_keys' | ||
| scp ~/.ssh/id_rsa.pub username@远程机器IP:/userhome/.ssh/authorized_keys | ||
| cat ~/.ssh/id_dsa.pub | ssh 远程用户名@远程服务器ip 'cat - >> ~/.ssh/authorized_keys' | ||
| scp ~/.ssh/id_dsa.pub username@远程机器IP:/userhome/.ssh/authorized_keys | ||
| ssh-copy-id -i /root/.ssh/id_dsa.pub [email protected] | ||
|
|
||
| #2 | ||
| scp ~/.ssh/id_dsa.pub [email protected]:/home/test/ | ||
|
|
@@ -28,4 +34,16 @@ cat /home/test/id_dsa.pub >> ~/.ssh/authorized_keys | |
| chmod 600 ~/.ssh/authorized_keys | ||
|
|
||
|
|
||
|
|
||
| ##ssh密钥分发脚本 | ||
| #!/bin/sh | ||
| read -p "输入远端服务器IP: " ip | ||
| ##ssh-copy-id -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa.pub root@$ip | ||
| ssh-copy-id -i ~/.ssh/id_rsa.pub root@$ip | ||
| ssh root@$ip 'sed -i "s/^#RSAAuthentication\ yes/RSAAuthentication\ yes/g" /etc/ssh/sshd_config' | ||
| ssh root@$ip 'sed -i "s/^#PubkeyAuthentication\ yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config' | ||
| ssh root@$ip 'sed -i "s/^#PermitRootLogin\ yes/PermitRootLogin\ yes/g" /etc/ssh/sshd_config' | ||
| ssh root@$ip 'service sshd restart' | ||
| hostname=`ssh root@${ip} 'hostname'` | ||
| echo "添加主机名和IP到本地/etc/hosts文件中" | ||
| echo "$ip $hostname" >> /etc/hosts | ||
| echo "远端主机主机名称为$hostname, 请查看 /etc/hosts 确保该主机名和IP添加到主机列表文件中" | ||