图解
一键配置免密登录
[root@master-61 /my_scripts]#cat mianmi.sh
#!/bin/bash
#1、管理机master61机器创建公私钥
echo "开始创建密钥对"
if [ -f /root/.ssh/id_rsa ]
then
echo "密钥对已存在,请检查"
else
ssh-keygen -f /root/.ssh/id_rsa -N '' > /tmp/xming_ssh.log 2>&1
fi
#2、发送公钥到目标机器
#在管理机下载sshpass服务,实现非交互式
yum install sshpass -y
echo "发送公钥中...分发的机器列表为{7,8,9,31,41}"
for ip in {7,8,9,31,41}
do
sshpass -p '222222' ssh-copy-id root@172.16.1.${ip} -o StrictHostKeyChecking=no > /tmp/xming_ssh.log 2>&1
echo "正在验证免密结果"
echo "远程获取主机名:$(ssh root@172.16.1.${ip} hostname)"
done
#3、远程修改目标机器端口号为22999
for ip in {7,8,9,31,41}
do
echo "正在修改172.16.1.${ip}的端口号"
ssh root@172.16.1.${ip} "sed -i '/Port 22/c Port 22999' /etc/ssh/sshd_config"
done
#4、远程修改目标机器的ssh配置文件,不允许密码登录,只能用密钥登录
for ip in {7,8,9,31,41}
do
echo "正修改允许公钥登录参数...当前操作的机器是172.16.1.${ip}"
ssh root@172.16.1.${ip} "sed -i '/PubkeyAuthentication/c PubkeyAuthentication yes' /etc/ssh/sshd_config"
echo "正修改禁止密码登录参数...当前操作的机器是172.16.1.${ip}"
ssh root@172.16.1.${ip} "sed -i '/PasswordAuthentication/c PasswordAuthentication no' /etc/ssh/sshd_config "
done
#5、修改只监听内网地址172.16.1.xx
for ip in {7,8,9,31,41}
do
echo "正在修改监听地址...当前操作的机器是172.16.1.${ip}"
ssh root@172.16.1.${ip} "sed -i '/ListenAddress 0.0.0.0/c ListenAddress 172.16.1.${ip}' /etc/ssh/sshd_config "
done
#6、验证目标机器ssh的修改情况
for ip in {7,8,9,31,41}
do
echo "当前正在检查的机器172.16.1.${ip}"
ssh root@172.16.1.${ip} "grep -E '^(Port|PasswordAuthentication|PubkeyAuthentication|ListenAddress)' /etc/ssh/sshd_config"
done
echo '============批量修改目标机器sshd配置文件已完成==========='
重启sshd服务
[root@master-61 /my_scripts]#cat ssh_restart.sh
#!/bin/bash
#批量重启目标机器的ssh服务
for ip in {7,8,9,31,41}
do
echo "正在重启sshd服务...当前机器是172.16.1.${ip}"
ssh root@172.16.1.${ip} "systemctl restart sshd"
done
服务脚本
nfs-31机器
nfs服务脚本
[root@master-61 /my_scripts]#cat my_nfs31.sh
#!/bin/bash
#1、定义PATH变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2、下载nfs服务
yum install nfs-utils rpcbind -y
yum install rsync -y
#3、启动服务
systemctl start rpcbind
systemctl start nfs-server
#4、设置开机自启
systemctl is-enabled nfs
systemctl enable rpcbind nfs
#5、创建挂载目录/my_nfs_nginx
mkdir -p /my_nfs_nginx
#6、创建用户
useradd www -u 666 -M -s /sbin/nologin
#7、修改nfs配置文件
cat > /etc/exports <<EOF
/my_nfs_nginx 172.16.1.7/24(rw,sync,all_squash,anonuid=666,anongid=666)
EOF
#8、更新nfs配置文件
exportfs -r
#9、修改共享文件/my_nfs_nginx的属主属组
chown -R www:www /my_nfs_nginx
lsyncd服务
[root@master-61 /my_scripts]#cat my_nfs_lsyncd.sh
#!/bin/bash
#1、下载lsyncd服务
yum install lsyncd -y
#2、拷贝一下原来的配置文件
cp /etc/lsyncd.conf{,.ori}
#3、修改lsyncd配置文件
cat >/etc/lsyncd.conf <<EOF
settings {
logfile ="/var/log/lsyncd/lsyncd.log",
statusFile ="/var/log/lsyncd/lsyncd.status",
inotifyMode = "CloseWrite",
maxProcesses = 8,
}
sync {
default.rsync,
source = "/my_nfs_nginx",
target = "rsync_xming@172.16.1.41::tantan",
delete= true,
exclude = {".*"},
delay=1,
rsync = {
binary = "/usr/bin/rsync",
archive = true,
compress = true,
verbose = true,
password_file="/etc/rsync.pwd",
_extra={"--bwlimit=200"}
}
}
EOF
#4、将密码放入密码文件
echo "111111" > /etc/rsync.pwd
#5、修改密码文件权限,拒绝其他人访问
chmod 600 /etc/rsync.pwd
#6、启动lsyncd服务
systemctl start lsyncd
rsync-41机器脚本
[root@master-61 /my_scripts]#cat my_rsync41.sh
#!/bin/bash
#1、定义PATH变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2、下载rsync服务
yum install rsync -y
#3、修改rsync配置文件
cat > /etc/rsyncd.conf << EOF
uid = xming
gid = xming
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_xming
secrets file = /etc/rsync.pwd
log file = /var/log/rsyncd.log
####################################
[tantan]
comment = yuchaoit.cn about rsync
path = /tantan
[momo]
path = /momo
EOF
#4、创建用户及数据目录
useradd -u 2222 -M -s /sbin/nologin xming
mkdir /tantan
mkdir /momo
#5、修改数据目录属主属主
chown -R xming:xming /tantan
chown -R xming:xming /momo
#6、创建用户密码文件及授权
echo "rsync_xming:111111" > /etc/rsync.pwd
chmod 600 /etc/rsync.pwd
#7、启动rsyncd服务
systemctl start rsyncd
web服务器
[root@master-61 /my_scripts]#cat my_web.sh
#!/bin/bash
#1、定义PATH变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2、下载nginx服务
yum install nginx -y
#3、创建配置文件
cat > /etc/nginx/nginx.conf << EOF
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 81;
server_name localhost;
location / {
root html;
index index.html;
}
}
}
EOF
#4、启动服务
systemctl start nginx
#5、挂载到共享目录/my_nfs_nginx
yum install nfs-utils -y
mount -t nfs 172.16.1.31:/my_nfs_nginx /usr/share/nginx/html
master-61执行不同服务脚本总脚本
[root@master-61 /my_scripts]#cat my_zong.sh
#!/bin/bash
#1、定义PATH变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2、执行mianmi.sh脚本,让跳板机61机器可以免密登录目标机器
bash /my_scripts/mianmi.sh
#3、执行重新启动sshd服务脚本
bash /my_scripts/ssh_restart.sh
#4、设置别名,加到全局变量
cat >> /etc/profile << EOF
alias sshweb7='ssh root@172.16.1.7 -p 22999'
alias sshweb8='ssh root@172.16.1.8 -p 22999'
alias sshweb9='ssh root@172.16.1.9 -p 22999'
alias sshnfs31='ssh root@172.16.1.31 -p 22999'
alias sshrsync41='ssh root@172.16.1.41 -p 22999'
EOF
#5、重新加载全局变量
source /etc/profile
#6、看一下别名是否加入
alias
#7、将脚本my_rsync41.sh发送到41机器并远程执行它
scp -P 22999 /my_scripts/my_rsync41.sh root@172.16.1.41:/opt/my_rsync41.sh
ssh root@172.16.1.41 -p 22999 "bash /opt/my_rsync41.sh"
ssh root@172.16.1.41 -p 22999 "echo '===============rsyncf服务部署完成================='"
echo "================41机器完成环境部署======================="
#8、将脚本my_nfs31.sh与my_nfs_lsyncd.sh发送到31机器并远程执行
scp -P 22999 /my_scripts/my_nfs31.sh root@172.16.1.31:/opt/my_nfs31.sh
scp -P 22999 /my_scripts/my_nfs_lsyncd.sh root@172.16.1.31:/opt/my_nfs_lsyncd.sh
ssh root@172.16.1.31 -p 22999 "bash /opt/my_nfs31.sh"
ssh root@172.16.1.31 -p 22999 "echo '==================31机器nfs服务部署完成==================='"
ssh root@172.16.1.31 -p 22999 "bash /opt/my_nfs_lsyncd.sh"
ssh root@172.16.1.31 -p 22999 "echo '=================31机器lsyncd服务部署完成===================='"
echo "================31机器完成环境部署======================"
#9、将脚本my_web.sh发送到7,8,9机器上,并远程执行
for web_ip in {7,8,9}
do
scp -P 22999 /my_scripts/my_web.sh root@172.16.1.${web_ip}:/opt/my_web.sh
echo "172.16.1.${web_ip} 机器已发送完毕"
done
echo "=============脚本my_web.sh已发送给web机器=============="
for web_ip in {7,8,9}
do
ssh -p 22999 root@172.16.1.${web_ip} "bash /opt/my_web.sh"
echo "172.16.1.${web_ip} 机器脚本执行完成"
done
echo "=================3台web机器脚本执行完成================"
测试脚本
1、先在61要机器创建html文件
[root@master-61 /my_scripts]#cat index.html
<meta charset=utf-8>
人生无常,大肠包小肠!!!!
hhh
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
人生无常,大肠包小肠!!!!
hhh
<img src='章鱼哥.jpg'>
<img src='章鱼哥.jpg'>
2、创建测试脚本
[root@master-61 /my_scripts]#cat my_test.sh
#!/bin/bash
#1、将html文件发送到31机器的共享文件/my_nfs_nginx
scp -P 22999 /my_scripts/index.html root@172.16.1.31:/my_nfs_nginx
#2、验证看是否实时备份和共享
ssh -p 22999 root@172.16.1.31 "ls -l /my_nfs_nginx"
ssh -p 22999 root@172.16.1.41 "ls -l /tantan"
for web_ip in {7,8,9}
do
ssh -p 22999 root@172.16.1.${web_ip} "ls -l /usr/share/nginx/html"
done
#3、在web9下载图片
ssh -p 22999 root@172.16.1.9 "wget -O /usr/share/nginx/html/章鱼哥.jpg https://www.tanmizhi.com/img/allimg/04/39-2204111I240-50.jpg"