Linux云计算学习笔记day38
2019-05-28 本文已影响0人
我要笑
@
ssh "$@" "
exec sh -c '
cd ;
umask 077 ;
mkdir -p .ssh &&
cat >> .ssh/authorized_keys || exit 1 ; if type restore
con >/dev/null 2>&1 ;
then restorecon -F .ssh .ssh/authorized_keys ;
fi'"
sshpass -p123456 ssh 172.16.1.7 hostname
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
-t 指定秘钥类型 das rsa
-f 指定私钥位置
-P 指定密码短语
sshpass -p 123456 ssh -oStrictHostKeyChecking=no 172.16.1.7 hostname
web01
sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no 172.16.1.7
for循环
格式:
for 变量 in 列表(清单)
do
命令
done
for ip in 7 41 {1..6}
do
echo 172.16.1.$ip
done
批量分发秘钥到 172.16.1.7 和172.16.1.41 写出for循环
创建秘钥 :
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
[root@m01 ~]# vim /server/scripts/fenfa.sh
#!/bin/bash
#make key pair
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
#fenfa public key
for ip in 7 41 31
do
sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no 172.16.1.$ip
done
for ip in 7 41 31 ;
do
sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no 172.16.1.$ip
sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no 172.16.1.$ip
sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no 172.16.1.$ip
sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no 172.16.1.$ip
done
/etc/ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts
/etc/ansible/roles
[root@m01 ~]# tail -3 /etc/ansible/hosts
[oldboy]
172.16.1.7
172.16.1.41
[root@m01 ~]# ansible oldboy -m ping
172.16.1.41 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.1.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@m01 ~]# ansible oldboy -m command -a 'hostname '
172.16.1.41 | CHANGED | rc=0 >>
backup
172.16.1.7 | CHANGED | rc=0 >>
web01
[root@m01 ~]# ansible oldboy -a 'hostname '
172.16.1.41 | CHANGED | rc=0 >>
backup
172.16.1.7 | CHANGED | rc=0 >>
web01
[root@m01 ~]# ansible 172.16.1.7 -a 'hostname '
172.16.1.7 | CHANGED | rc=0 >>
web01
[root@m01 ~]# ansible all -a 'hostname '
172.16.1.7 | CHANGED | rc=0 >>
web01
172.16.1.41 | CHANGED | rc=0 >>
backup
[root@m01 ~]# #ansible all -m copy -a 'src=/etc/hostname dest=/tmp/'
[root@m01 ~]#
[root@m01 ~]#
[root@m01 ~]# ansible all -a 'cat /tmp/hostname '
172.16.1.7 | CHANGED | rc=0 >>
m01
172.16.1.41 | CHANGED | rc=0 >>
m01
ansible-doc -s copy
https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
scipt 模块
[root@m01 ~]# #ansible all -m script -a "/server/scripts/yum.sh"
[root@m01 ~]# ansible all -a 'rpm -qa ipvsadm'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'. If you need to use command because
yum, dnf or zypper is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
172.16.1.41 | CHANGED | rc=0 >>
ipvsadm-1.27-7.el7.x86_64
172.16.1.7 | CHANGED | rc=0 >>
ipvsadm-1.27-7.el7.x86_64
yum模块
ansible all -m yum -a 'name=sl state=present'
file模块
[root@m01 ~]# #ansible all -m file -a 'path=/tmp/a/b/c/d/e/f/g state=directory '
[root@m01 ~]# #ansible all -m file -a 'path=/tmp/a/b/c/d/e/f/g/oldboy.txt state=touch '
[root@m01 ~]# ansible all -a 'tree /tmp/ '
caiav 创建用户指定uid和gid 1111,不创建家目录也不允许登陆
groupadd -g 1111 caiav
useradd -u 1111 -g caiav -s /sbin/nologin -M caiav
ansible all -m group -a 'name=caiav gid=1111 state=present'
ansible all -m user -a 'name=caiav uid=1111 group=caiav shell=/sbin/nologin create_home=no '