linux 批量管理工具介紹,實現對一萬台伺服器的同時改密碼

火星人 @ 2014-03-03 , reply:0


linux 批量管理工具介紹,實現對一萬台伺服器的同時改密碼

linux 批量管理工具介紹,實現對一萬台伺服器的同時改密碼





如果你有以下需求,本文章或許會對你有所幫助:
1. 網路里LINUX伺服器較多,缺乏統一管理的工具。
2. 系統經常需要更改,如果定期更改所有伺服器密碼、批量更新特定文件等。
3. 需實時獲得所有伺服器的運行信息,例如,需立刻查看每台服務上裝分別裝了多少根內存條該怎麼辦,難道一台台登錄 上去看?當然一般的系統監控軟體是不會收集伺服器有多少條內存條這樣的信息的。
4. 如果想往所有伺服器上放一個文件,怎麼辦?
5. 想在所有伺服器上啟動一個服務或執行一個腳本怎麼辦?

大家在讀下文時如有不理解的地方或其它問題,可以隨時聯繫我,大家互相交流,共同成長,我的qq群:29215534
############################################

做Linux系統管理以來,由於維護過比較大的網路,例如在飛信做支持的時候,面對上千台的伺服器,有時候可能要對每台機子打一個補丁,或者是修改一個文件,如果只有10台伺服器,那一一修改也就罷了,但是如果讓你一台一台的登錄1000台伺服器只是為了去改一個文件,那一定痛苦死,並且效率低下,沒有任何技術含量,如果一直做這種工作,那被稱為IT民工也不能怪別人了,因為我一直想找一個可以批量管理的工具,後來發現了兩種方式可以實現:

1.    通過SSH密鑰認證,這樣登錄到遠程機器上后就不需要輸入密碼了,這樣就可以通過腳本去批量登錄到遠程伺服器並且修改你想要文件或操作等,但是這有一個缺點,就是這個在管理端的私鑰你一定要保存好,萬一管理伺服器系統重裝或其它原因導致私鑰丟失,那你就沒辦法登錄遠程機器了。還有,如果需要管理的機器更改了IP,那你還得重新把公鑰COPY到那台機子上,這樣管理起來可能不是那麼靈活。

2.    通過expect 工具進行批量管理,expect工具很強大,可以實現互動式管理,比如如果你想改密碼,輸入passwd命令后,系統會提示你輸入New Password: ,如果使用普通腳本的話,那你是沒辦法進行互動式的。但是expect就可以做到檢測系統的返回值並且根據返回的提示來自動交互,如下例:
#!/usr/bin/expect -fset ipaddress #設置命令行參數
set passwd   #參數1 為password
set ipaddress #參數 0 為IP 地址
set timeout 1000
spawn ssh root@$ipaddress
expect {
        "yes/no" { send "yes\r";exp_continue }
        "Password:" { send "$passwd\r" }    #自動輸入密碼
}
expect "hknp"

send "/etc/init.d/heartbeat stop \r"  #停止一個程序

expect "hknp"

send "exit\r"   #退出系統

expect eof
exit以上腳本通過命令: expect ha-switch.exp 192.168.193.133 『123DDFD』執行 ,其中123DDFD 就是133這台機子的root密碼,如果你的一百台機子都是一樣的密碼,你就可以寫個簡單的批量腳本來登錄所有的機子並停止一個程序,如下:
#!/bin/bash

for i in $(seq 100 200);

do

  IP = "192.168.193.$i"

  expect  ha-switch.exp $IP '123DDFD'

done這樣此腳本就會調用ha-switch.exp腳本並登錄到192.168.193.100-200的機器上分別執行"/etc/init.d/heartbeat stop 命令了。

很強大吧,但使通過我使用的經驗,我覺得expect 有個缺點就是有慢,因為它是一台一台的去登錄 然後執行命令,因為有的時候由於DNS解析或什麼原因 ,通過SSH登錄到一台機子時可能需要等待30s才能登錄進去,假如1000台機子的話那就需要50分鐘才能完成在所有機器上的操作,對於要求在1分鐘內實現數千台機器執行相同操作的需要來講這顯然達不到要求。



以上兩種方法各有利弊,我個人建議在50-100台的小網路中可以考慮使用SSH認證或expect的方法。但是想像一下,如果我有一萬台機器 ,分別處於全國各地不同的網路中,要求我在1分鐘內更改所有機器的root密碼,顯然以上兩種方法均是做不到的,當然有這樣大型網路的公司中國也並不多見,但是從技術的角度上來講這還是有一定挑戰性的,由於在網上一直找不到這樣的工具,我就自己索性寫了一個,經過多天的努力,終於將這個批量管理工具寫完了,此工具是用的Python寫的,基於socket server的模式,即需要在所有的需要管理的伺服器上啟動一個客戶端(可能好多朋友不太喜歡這種還需要裝客戶端的東東),客戶端會開啟一個埠,你的管理伺服器就是通過此埠與被管理端通信,然後對被管理端進行操作,你可以遠程修改密碼,查看系統信息,內存情況等操作,操作結果會在你的管理端實現顯示出來(這也是我比較喜歡的地方,就跟在本地操作命令一樣)。並且還可以向遠程伺服器批量COPY文件,下面我就把這個工具在使用過程中的一些截圖列出來:



bjnppb01:~/scripts/python_scripts/Remote_management_tool/Remote_management_tool_v1.3 # python RMT_server.py

##################################################################################
#       RMT(Remote Management tool)                                              #
#                                                                                #
#       Version 1.3,2011-01-21                                                   #
#       Author:Alex Li                                                           #
#       Email:lijie3721@126.com,QQ:317828332                                     #
##################################################################################

please slect the following menu:
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:0  #列出所有伺服器列表
192.168.193.133
192.168.193.134
192.168.193.135
192.168.193.136
192.168.193.137
192.168.193.138
192.168.193.140
192.168.193.141
192.168.193.142

please slect the following menu: #
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:1 #掃描所有伺服器列表上的客戶端的狀態
192.168.193.133  down
192.168.193.134  down
192.168.193.135  running
192.168.193.136  down
192.168.193.137  running
192.168.193.138  running
192.168.193.140  down
192.168.193.141  down
192.168.193.142  down
please slect the following menu:   
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:2   #登錄到某台機器
Please enter the remote server IP: 192.168.193.135 #輸入IP地址
You have successfully login to the remote server, now you can run most of the system command in this mode ,but do not suggest
you to run the command such as top,tail -f,because right now I haven't find a way to support the continuous data output

Please input the command:uname -a #輸入的命令
Received log from /root/Remote_management_tool/192.168.193.135.log
##########################################################
Linux bjnpif02 2.6.16.60-0.54.5-smp #1 SMP Fri Sep 4 01:28:03 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux   #顯示的結果
####################################################################################
Please input the command:ls  #輸入的命令
Received log from /root/Remote_management_tool/192.168.193.135.log
########################################################## #顯示的結果

1900000
Desktop
Documents
RMT_client.py
Remote_management_tool
autoinst.xml
bin
nohup.out
ntp-client
script
vmware
####################################################################################
Please input the command:exit
please slect the following menu:
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:3
please slect the following menu:
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:4 #上傳伺服器列表

Please enter the full path of your file: ls
No such file,please make sure you inputed the right file.
Please enter the full path of your file: /tmp.^H
No such file,please make sure you inputed the right file.
Please enter the full path of your file: /tmp/list   
192.168.193.3
192.32.34.24
Adding uploaded list to Server list.########################## done.
please slect the following menu:
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:5  #同時在多台遠程伺服器上執行命令並返回結果
It might will takes a few minutes to scan all the avialiable servers......
The fllowing servers are avaliable:  #可以進行遠程操作的列表
192.168.193.135   
192.168.193.137
192.168.193.138
please input your command: uname -a #輸入命令
Received log from /root/Remote_management_tool/192.168.193.135.log

Linux bjnpif02 2.6.16.60-0.54.5-smp #1 SMP Fri Sep 4 01:28:03 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux  #每台設備返回的結果
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.137.log

Linux bjnpbo01 2.6.16.60-0.54.5-smp #1 SMP Fri Sep 4 01:28:03 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux #每台設備返回的結果
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.138.log

Linux bjnpbo02 2.6.16.60-0.54.5-smp #1 SMP Fri Sep 4 01:28:03 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
####################################################################################
please input your command: i^H
Received log from /root/Remote_management_tool/192.168.193.135.log

sh: : command not found
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.137.log

sh: : command not found
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.138.log

sh: : command not found
####################################################################################
please input your command: ls  #輸入的命令
Received log from /root/Remote_management_tool/192.168.193.135.log  #每台設備返回的結果
  
1900000
Desktop
Documents
RMT_client.py
Remote_management_tool
autoinst.xml
bin
nohup.out
ntp-client
script
vmware####################################################################################
Received log from /root/Remote_management_tool/192.168.193.137.log   #每台設備返回的結果

1900000
Desktop
Documents
RMT_client.py
Remote_management_tool
a
autoinst.xml
bin
etc
jdk-6u17-linux-amd64.rpm
jdk1.6.0_17
netperf-2.4.5
netperf-2.4.5.tar.gz
nohup.out
ntp-client
opt
sbin
sun-javadb-client-10.4.2-1.1.i386.rpm
sun-javadb-common-10.4.2-1.1.i386.rpm
sun-javadb-core-10.4.2-1.1.i386.rpm
sun-javadb-demo-10.4.2-1.1.i386.rpm
sun-javadb-docs-10.4.2-1.1.i386.rpm
sun-javadb-javadoc-10.4.2-1.1.i386.rpm
usr
workspace
####################################################################################
Received log from /root/Remote_management_tool/192.168.193.138.log  #每台設備返回的結果

1900000
Desktop
Documents
RMT_client.py
Remote_management_tool
autoinst.xml
bin
nohup.out
ntp-client
####################################################################################
please input your command: exit
please slect the following menu:
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:6  #批量更改多台伺服器密碼

                        Please use the follow method to change password on remote server:
                                 use command: echo "your password"|passwd your_user --stdin
                                 For example ,if you want to change oracle user's password to '123456', then you need run


                                        echo "123456"|passwd oracle --stdin


please slect the following menu:  
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:7  #批量往多台伺服器上拷文件
Please enter the file name which you wanted to copy to remote servers:/tmp/list  #文件名
192.168.193.133

Connection refused by the remote server 192.168.193.133   #連接失敗
,please make sure you IP is allowed by the remote server.
192.168.193.134

Connection refused by the remote server 192.168.193.134
,please make sure you IP is allowed by the remote server.
192.168.193.135     #COPY成功

192.168.193.136

Connection refused by the remote server 192.168.193.136
,please make sure you IP is allowed by the remote server.
192.168.193.137   #COPY成功


192.168.193.138  #COPY成功

192.168.193.140

Connection refused by the remote server 192.168.193.140
,please make sure you IP is allowed by the remote server.
192.168.193.141

Connection refused by the remote server 192.168.193.141
,please make sure you IP is allowed by the remote server.
192.168.193.142

Connection refused by the remote server 192.168.193.142
,please make sure you IP is allowed by the remote server.
192.168.193.3

Connection refused by the remote server 192.168.193.3
,please make sure you IP is allowed by the remote server.
192.32.34.24

Connection refused by the remote server 192.32.34.24
,please make sure you IP is allowed by the remote server.  
File list has successfully copied into /root/Remote_management_tool/recieved_files directory of above remote servers.

please slect the following menu:
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:8  #批量部署客戶端到多台伺服器上
This function is for you to install client application on mutiple servers , to achieve this, please follow the following step:

        1 Fill your IP address and password of remote server in to password.txt under expect_tool directory
        2 Make you have the access right to /root directory on remote server,the client file RMT_client.py will be copied into /root/ directory on all the   remote servers which you assigned in password.txt


Do you want install the client on mutiple servers? (yes/no) :y
Starting to install RMT_client.py on remote servers...
Checking for the remote server list...
Going to install on the following servers:
192.168.193.137
192.168.193.135
spawn scp -rp ../RMT_client.py 192.168.193.137:/root/
Password:
RMT_client.py                                                                                                              100% 1983     1.9KB/s   00:00   
spawn ssh root@192.168.193.137
Password:
Last login: Fri Jan 21 16:06:20 2011 from 192.168.193.132
bjnpbo01:~ # nohup python /root/RMT_client.py  &
17704
bjnpbo01:~ # exit
logout
nohup: appending output to `nohup.out'
Connection to 192.168.193.137 closed.
spawn scp -rp ../RMT_client.py 192.168.193.135:/root/
Password:
RMT_client.py                                                                                                              100% 1983     1.9KB/s   00:00   
spawn ssh root@192.168.193.135
Password:
nohup python /root/RMT_client.py  &
exit
Last login: Fri Jan 21 15:49:57 2011 from 192.168.193.132
bjnpif02:~ # nohup python /root/RMT_client.py  &
17759
bjnpif02:~ # exit
logout
nohup: appending output to `nohup.out'
Connection to 192.168.193.135 closed.
please slect the following menu:
                0 list servers
                1 Scan agent status
                2 login to remote server
                3 Reboot all the remote servers(does't support)
                4 Upload server list
                5 excute command on all the aviliable servers
                6 change password for all the servers
                7 copy scripts to remote servers
                8 install the client application on all the remote servers
                9 exit
Please enter the slected number:9

這樣就可以輕鬆的管理所有的機器了,考慮到第一次運行時需要在所有的機器上安裝客戶端,建議使用expect工具來一次批量安裝,這樣就可以一勞永逸
《解決方案》

太強大了,謝謝分享
《解決方案》

貌似是轉載別人的吧,一模一樣呢




[火星人 via ] linux 批量管理工具介紹,實現對一萬台伺服器的同時改密碼已經有344次圍觀

http://www.coctec.com/docs/service/show-post-2284.html