- 論壇徽章:
- 0
|
本帖最后由 liuanhuaming330 于 2011-12-03 15:21 編輯
大家在讀下文時如有不理解的地方或其它問題,可以隨時聯(lián)系我����,大家互相交流,共同成長�,本文摘自北大青鳥
做Linux系統(tǒng)管理以來,由于維護過比較大的網(wǎng)絡(luò)���,例如在飛信做支持的時候�,面對上千臺的服務(wù)器����,有時候可能要對每臺機子打一個補丁,或者是修改一個文件����,如果只有10臺服務(wù)器,那一一修改也就罷了����,但是如果讓你一臺一臺的登錄1000臺服務(wù)器只是為了去改一個文件,那一定痛苦死,并且效率低下���,沒有任何技術(shù)含量,如果一直做這種工作�,那被稱為IT民工也不能怪別人了,因為我一直想找一個可以批量管理的工具����,后來發(fā)現(xiàn)了兩種方式可以實現(xiàn):
1. 通過SSH密鑰認證,這樣登錄到遠程機器上后就不需要輸入密碼了�,這樣就可以通過腳本去批量登錄到遠程服務(wù)器并且修改你想要文件或操作等,但是這有一個缺點��,就是這個在管理端的私鑰你一定要保存好����,萬一管理服務(wù)器系統(tǒng)重裝或其它原因?qū)е滤借丟失,那你就沒辦法登錄遠程機器了����。還有,如果需要管理的機器更改了IP��,那你還得重新把公鑰COPY到那臺機子上��,這樣管理起來可能不是那么靈活。
2. 通過expect 工具進行批量管理���,expect工具很強大�,可以實現(xiàn)交互式管理��,比如如果你想改密碼��,輸入passwd命令后�,系統(tǒng)會提示你輸入New Password: ,如果使用普通腳本的話,那你是沒辦法進行交互式的��。但是expect就可以做到檢測系統(tǒng)的返回值并且根據(jù)返回的提示來自動交互�����,如下例:
#!/usr/bin/expect -fset ipaddress [lindex $argv 0] #設(shè)置命令行參數(shù)
set passwd [lindex $argv 1] #參數(shù)1 為password
set ipaddress [lindex $argv 0] #參數(shù) 0 為IP 地址
set timeout 1000
spawn ssh root@$ipaddress
expect {
"yes/no" { send "yes\r";exp_continue }
"Password:" { send "$passwd\r" } #自動輸入密碼
}
expect "hknp"
send "/etc/init.d/heartbeat stop \r" #停止一個程序
expect "hknp"
send "exit\r" #退出系統(tǒng)
expect eof
exit
以上腳本通過命令: expect ha-switch.exp 192.168.193.133 ‘123DDFD’執(zhí)行 �,其中123DDFD 就是133這臺機子的root密碼,如果你的一百臺機子都是一樣的密碼�,你就可以寫個簡單的批量腳本來登錄所有的機子并停止一個程序,如下:
#��!/bin/bash
for i in $(seq 100 200);
do
IP = "192.168.193.$i"
expect ha-switch.exp $IP '123DDFD'
done
這樣此腳本就會調(diào)用ha-switch.exp腳本并登錄到192.168.193.100-200的機器上分別執(zhí)行"/etc/init.d/heartbeat stop 命令了����。
很強大吧,但使通過我使用的經(jīng)驗,我覺得expect 有個缺點就是有慢����,因為它是一臺一臺的去登錄 然后執(zhí)行命令,因為有的時候由于DNS解析或什么原因 ���,通過SSH登錄到一臺機子時可能需要等待30s才能登錄進去,假如1000臺機子的話那就需要50分鐘才能完成在所有機器上的操作���,對于要求在1分鐘內(nèi)實現(xiàn)數(shù)千臺機器執(zhí)行相同操作的需要來講這顯然達不到要求�。
以上兩種方法各有利弊���,我個人建議在50-100臺的小網(wǎng)絡(luò)中可以考慮使用SSH認證或expect的方法�。但是想像一下�����,如果我有一萬臺機器 ���,分別處于全國各地不同的網(wǎng)絡(luò)中��,要求我在1分鐘內(nèi)更改所有機器的root密碼����,顯然以上兩種方法均是做不到的,當然有這樣大型網(wǎng)絡(luò)的公司中國也并不多見�����,但是從技術(shù)的角度上來講這還是有一定挑戰(zhàn)性的����,由于在網(wǎng)上一直找不到這樣的工具,我就自己索性寫了一個���,經(jīng)過多天的努力�,終于將這個批量管理工具寫完了��,此工具是用的Python寫的��,基于socket server的模式�,即需要在所有的需要管理的服務(wù)器上啟動一個客戶端(可能好多朋友不太喜歡這種還需要裝客戶端的東東),客戶端會開啟一個端口����,你的管理服務(wù)器就是通過此端口與被管理端通信,然后對被管理端進行操作�����,你可以遠程修改密碼,查看系統(tǒng)信息�,內(nèi)存情況等操作,操作結(jié)果會在你的管理端實現(xiàn)顯示出來(這也是我比較喜歡的地方��,就跟在本地操作命令一樣)����。并且還可以向遠程服務(wù)器批量COPY文件,下面我就把這個工具在使用過程中的一些截圖列出來:
bjnppb01:~/scripts/python_scripts/Remote_management_tool/Remote_management_tool_v1.3 # python RMT_server.py
##################################################################################
# RMT(Remote Management tool) #
# #
# Version 1.3,2011-01-21 #
# Author:Alex Li #
# Email:lijie3721@126.com,QQ:317828332 #
##################################################################################
please slect the following menu:
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:0 #列出所有服務(wù)器列表
192.168.193.133
192.168.193.134
192.168.193.135
192.168.193.136
192.168.193.137
192.168.193.138
192.168.193.140
192.168.193.141
192.168.193.142
please slect the following menu: #
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:1 #掃描所有服務(wù)器列表上的客戶端的狀態(tài)
192.168.193.133 down
192.168.193.134 down
192.168.193.135 running
192.168.193.136 down
192.168.193.137 running
192.168.193.138 running
192.168.193.140 down
192.168.193.141 down
192.168.193.142 down
please slect the following menu:
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:2 #登錄到某臺機器
Please enter the remote server IP: 192.168.193.135 #輸入IP地址
You have successfully login to the remote server, now you can run most of the system command in this mode ,but do not suggest
you to run the command such as top,tail -f,because right now I haven't find a way to support the continuous data output
Please input the command:uname -a #輸入的命令
Received log from /root/Remote_management_tool/192.168.193.135.log
##########################################################
Linux bjnpif02 2.6.16.60-0.54.5-smp #1 SMP Fri Sep 4 01:28:03 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux #顯示的結(jié)果
####################################################################################
Please input the command:ls #輸入的命令
Received log from /root/Remote_management_tool/192.168.193.135.log
########################################################## #顯示的結(jié)果
1900000
Desktop
Documents
RMT_client.py
Remote_management_tool
autoinst.xml
bin
nohup.out
ntp-client
script
vmware
####################################################################################
Please input the command:exit
please slect the following menu:
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:3
please slect the following menu:
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:4 #上傳服務(wù)器列表
Please enter the full path of your file: ls
No such file,please make sure you inputed the right file.
Please enter the full path of your file: /tmp.^H
No such file,please make sure you inputed the right file.
Please enter the full path of your file: /tmp/list
192.168.193.3
192.32.34.24
Adding uploaded list to Server list.########################## done.
please slect the following menu:
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:5 #同時在多臺遠程服務(wù)器上執(zhí)行命令并返回結(jié)果
It might will takes a few minutes to scan all the avialiable servers......
The fllowing servers are avaliable: #可以進行遠程操作的列表
192.168.193.135
192.168.193.137
192.168.193.138
please input your command: uname -a #輸入命令
Received log from /root/Remote_management_tool/192.168.193.135.log
Linux bjnpif02 2.6.16.60-0.54.5-smp #1 SMP Fri Sep 4 01:28:03 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux #每臺設(shè)備返回的結(jié)果
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.137.log
Linux bjnpbo01 2.6.16.60-0.54.5-smp #1 SMP Fri Sep 4 01:28:03 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux #每臺設(shè)備返回的結(jié)果
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.138.log
Linux bjnpbo02 2.6.16.60-0.54.5-smp #1 SMP Fri Sep 4 01:28:03 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
####################################################################################
please input your command: i^H
Received log from /root/Remote_management_tool/192.168.193.135.log
sh: : command not found
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.137.log
sh: : command not found
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.138.log
sh: : command not found
####################################################################################
please input your command: ls #輸入的命令
Received log from /root/Remote_management_tool/192.168.193.135.log #每臺設(shè)備返回的結(jié)果
1900000
Desktop
Documents
RMT_client.py
Remote_management_tool
autoinst.xml
bin
nohup.out
ntp-client
script
vmware####################################################################################
Received log from /root/Remote_management_tool/192.168.193.137.log #每臺設(shè)備返回的結(jié)果
1900000
Desktop
Documents
RMT_client.py
Remote_management_tool
a
autoinst.xml
bin
etc
jdk-6u17-linux-amd64.rpm
jdk1.6.0_17
netperf-2.4.5
netperf-2.4.5.tar.gz
nohup.out
ntp-client
opt
sbin
sun-javadb-client-10.4.2-1.1.i386.rpm
sun-javadb-common-10.4.2-1.1.i386.rpm
sun-javadb-core-10.4.2-1.1.i386.rpm
sun-javadb-demo-10.4.2-1.1.i386.rpm
sun-javadb-docs-10.4.2-1.1.i386.rpm
sun-javadb-javadoc-10.4.2-1.1.i386.rpm
usr
workspace
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.138.log #每臺設(shè)備返回的結(jié)果
1900000
Desktop
Documents
RMT_client.py
Remote_management_tool
autoinst.xml
bin
nohup.out
ntp-client
####################################################################################
please input your command: exit
please slect the following menu:
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:6 #批量更改多臺服務(wù)器密碼
Please use the follow method to change password on remote server:
use command: echo "your password"|passwd your_user --stdin
For example ,if you want to change oracle user's password to '123456', then you need run
echo "123456"|passwd oracle --stdin
please slect the following menu:
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:7 #批量往多臺服務(wù)器上拷文件
Please enter the file name which you wanted to copy to remote servers:/tmp/list #文件名
192.168.193.133
Connection refused by the remote server 192.168.193.133 #連接失敗
,please make sure you IP is allowed by the remote server.
192.168.193.134
Connection refused by the remote server 192.168.193.134
,please make sure you IP is allowed by the remote server.
192.168.193.135 #COPY成功
192.168.193.136
Connection refused by the remote server 192.168.193.136
,please make sure you IP is allowed by the remote server.
192.168.193.137 #COPY成功
192.168.193.138 #COPY成功
192.168.193.140
Connection refused by the remote server 192.168.193.140
,please make sure you IP is allowed by the remote server.
192.168.193.141
Connection refused by the remote server 192.168.193.141
,please make sure you IP is allowed by the remote server.
192.168.193.142
Connection refused by the remote server 192.168.193.142
,please make sure you IP is allowed by the remote server.
192.168.193.3
Connection refused by the remote server 192.168.193.3
,please make sure you IP is allowed by the remote server.
192.32.34.24
Connection refused by the remote server 192.32.34.24
,please make sure you IP is allowed by the remote server.
File list has successfully copied into /root/Remote_management_tool/recieved_files directory of above remote servers.
please slect the following menu:
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:8 #批量部署客戶端到多臺服務(wù)器上
This function is for you to install client application on mutiple servers , to achieve this, please follow the following step:
1 Fill your IP address and password of remote server in to password.txt under expect_tool directory
2 Make you have the access right to /root directory on remote server,the client file RMT_client.py will be copied into /root/ directory on all the remote servers which you assigned in password.txt
Do you want install the client on mutiple servers? (yes/no) :y
Starting to install RMT_client.py on remote servers...
Checking for the remote server list...
Going to install on the following servers:
192.168.193.137
192.168.193.135
spawn scp -rp ../RMT_client.py 192.168.193.137:/root/
Password:
RMT_client.py 100% 1983 1.9KB/s 00:00
spawn ssh root@192.168.193.137
Password:
Last login: Fri Jan 21 16:06:20 2011 from 192.168.193.132
bjnpbo01:~ # nohup python /root/RMT_client.py &
[1] 17704
bjnpbo01:~ # exit
logout
nohup: appending output to `nohup.out'
Connection to 192.168.193.137 closed.
spawn scp -rp ../RMT_client.py 192.168.193.135:/root/
Password:
RMT_client.py 100% 1983 1.9KB/s 00:00
spawn ssh root@192.168.193.135
Password:
nohup python /root/RMT_client.py &
exit
Last login: Fri Jan 21 15:49:57 2011 from 192.168.193.132
bjnpif02:~ # nohup python /root/RMT_client.py &
[1] 17759
bjnpif02:~ # exit
logout
nohup: appending output to `nohup.out'
Connection to 192.168.193.135 closed.
please slect the following menu:
0 list servers
1 Scan agent status
2 login to remote server
3 Reboot all the remote servers(does't support)
4 Upload server list
5 excute command on all the aviliable servers
6 change password for all the servers
7 copy scripts to remote servers
8 install the client application on all the remote servers
9 exit
Please enter the slected number:9 |
|
免費注冊
發(fā)表于 2011-12-03 15:18
