联系:手机/微信(+86 17813235971) QQ(107644445)
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
dcli是Python脚本,可以实现在多节点中的之间非交换命令的执行,因为dcli执行需要通过ssh来实现,所以dcli也提供了ssh配置功能.本文通过dcli来完成多节点间的对等ssh配置
dcli整体描述
The dcli utility runs commands on multiple cells in parallel threads. However, it does not support an interactive session with a remote application on a cell. To use the dcli utility, copy the utility from the bin directory on a cell to a host computer from which central management can be performed. You can issue a command to be run on multiple cells, or use files that can be copied to cells and then run. The cells are referenced by their domain name or IP address. The dcli utility requires Python version 2.3 or later. You can determine the version of Python by running the python -V command. In addition, use of this tool assumes prior setup of SSH user-equivalence to a cell. You can use the dcli utility initially with the -k option to set up SSH user-equivalence to a cell.
dcli使用说明
[xifenfei@db1 ~]$ dcli Error: No command specified. usage: dcli [options] [command] options: --version show program's version number and exit -c CELLS comma-separated list of cells -d DESTFILE destination directory or file -f FILE file to be copied -g GROUPFILE file containing list of cells -h, --help show help message and exit -k push ssh key to cell's authorized_keys file -l USERID user to login as on remote cells (default: celladmin) -n abbreviate non-error output -r REGEXP abbreviate output lines matching a regular expression -s SSHOPTIONS string of options passed through to ssh --scp=SCPOPTIONS string of options passed through to scp if different from sshoptions -t list target cells -v print extra messages to stdout --vmstat=VMSTATOPS vmstat command options -x EXECFILE file to be copied and executed
服务器相关ip配置
[xifenfei@db1 ~]$ more xifenfei.txt 192.168.30.10 192.168.30.20 192.168.30.30 [xifenfei@db1 ~]$ more /etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.30.30 db1 192.168.30.10 cell1 192.168.30.20 cell2
操作系统用户
说明:dcli配置对等ssh不需要uid完全一样,不需要用户密码完全一样,因为是双向对等,需要用户名一致
[root@cell2 ~]# id xifenfei uid=8001(xifenfei) gid=8001(xifenfei) groups=8001(xifenfei) [root@cell1 ~]# id xifenfei uid=8001(xifenfei) gid=8001(xifenfei) groups=8001(xifenfei) [root@db1 ~]# id xifenfei uid=8001(xifenfei) gid=8001(xifenfei) groups=8001(xifenfei)
db1节点配置ssh
[xifenfei@db1 ~]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/xifenfei/.ssh/id_dsa): Created directory '/home/xifenfei/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xifenfei/.ssh/id_dsa. Your public key has been saved in /home/xifenfei/.ssh/id_dsa.pub. The key fingerprint is: 63:95:13:ba:4a:4c:13:93:67:7f:4f:e8:18:13:3c:4f xifenfei@db1 [xifenfei@db1 ~]$ dcli -k -g xifenfei.txt -l xifenfei The authenticity of host '192.168.30.10 (192.168.30.10)' can't be established. RSA key fingerprint is 1b:b6:91:11:58:89:b1:6a:c6:eb:72:df:68:d4:dd:5b. Are you sure you want to continue connecting (yes/no)? yes xifenfei@192.168.30.10's password: The authenticity of host '192.168.30.20 (192.168.30.20)' can't be established. RSA key fingerprint is 1b:b6:91:11:58:89:b1:6a:c6:eb:72:df:68:d4:dd:5b. Are you sure you want to continue connecting (yes/no)? yes xifenfei@192.168.30.20's password: The authenticity of host '192.168.30.30 (192.168.30.30)' can't be established. RSA key fingerprint is 54:ea:84:ae:38:24:07:31:9f:dd:8a:8b:4b:c2:a8:fe. Are you sure you want to continue connecting (yes/no)? yes xifenfei@192.168.30.30's password: 192.168.30.10: Warning: Permanently added '192.168.30.10' (RSA) to the list of known hosts. 192.168.30.10: ssh key added 192.168.30.20: Warning: Permanently added '192.168.30.20' (RSA) to the list of known hosts. 192.168.30.20: ssh key added 192.168.30.30: Warning: Permanently added '192.168.30.30' (RSA) to the list of known hosts. 192.168.30.30: ssh key added [xifenfei@db1 ~]$ for host in `cat xifenfei.txt` > do > scp /home/xifenfei/.ssh/id_dsa.pub ${host}:/home/xifenfei/.ssh/authorized_keys > done id_dsa.pub 100% 602 0.6KB/s 00:00 id_dsa.pub 100% 602 0.6KB/s 00:00 id_dsa.pub 100% 602 0.6KB/s 00:00 [xifenfei@db1 ~]$ dcli -g xifenfei.txt -l xifenfei "chmod -R 700 /home/xifenfei/.ssh" [xifenfei@db1 ~]$ dcli -g xifenfei.txt -l xifenfei "chown -R xifenfei /home/xifenfei/.ssh" [xifenfei@db1 ~]$ ssh 192.168.30.30 Last login: Tue Dec 25 07:45:17 2012 from 192.168.30.30 [xifenfei@db1 ~]$ ssh 192.168.30.20 Last login: Tue Dec 25 19:17:30 2012 from 192.168.30.10 [xifenfei@db1 ~]$ ssh 192.168.30.10 Last login: Tue Dec 25 20:17:20 2012 from 192.168.30.20 --ssh为单向,正向可以ssh成功,逆向需要输入密码 [xifenfei@db1 ~]$ ssh 192.168.30.10 xifenfei@192.168.30.10's password:
拷贝ip文件到其他节点
[xifenfei@db1 ~]$ for host in `cat xifenfei.txt` > do > scp /home/xifenfei/xifenfei.txt ${host}:/home/xifenfei/xifenfei.txt > done xifenfei.txt 100% 42 0.0KB/s 00:00 xifenfei.txt 100% 42 0.0KB/s 00:00 scp: /home/xifenfei/xifenfei.txt: Permission denied --自身节点不能拷贝
cell1节点配置
[xifenfei@cell1 ~]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/xifenfei/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xifenfei/.ssh/id_dsa. Your public key has been saved in /home/xifenfei/.ssh/id_dsa.pub. The key fingerprint is: f2:b6:88:5c:c6:97:5e:38:c2:df:f1:58:49:8a:8d:90 xifenfei@cell1 [xifenfei@cell1 ~]$ dcli -k -g xifenfei.txt -l xifenfei The authenticity of host '192.168.30.10 (192.168.30.10)' can't be established. RSA key fingerprint is 1b:b6:91:11:58:89:b1:6a:c6:eb:72:df:68:d4:dd:5b. Are you sure you want to continue connecting (yes/no)? yes xifenfei@192.168.30.10's password: xifenfei@192.168.30.20's password: xifenfei@192.168.30.30's password: 192.168.30.10: Warning: Permanently added '192.168.30.10' (RSA) to the list of known hosts. 192.168.30.10: ssh key added 192.168.30.20: ssh key added 192.168.30.30: ssh key added [xifenfei@cell1 ~]$ ssh 192.168.30.30 Last login: Tue Dec 25 07:48:24 2012 from 192.168.30.30 --cell1 to cell2 正向成功,逆向失败 [xifenfei@cell1 ~]$ ssh 192.168.30.20 Last login: Tue Dec 25 19:23:42 2012 from 192.168.30.30 [xifenfei@cell2 ~]$ ssh 192.168.30.10 xifenfei@192.168.30.10's password: --cell1和db1正逆向均可以ssh [xifenfei@cell1 ~]$ ssh 192.168.30.30 Last login: Tue Dec 25 20:24:15 2012 from 192.168.30.30 [xifenfei@db1 ~]$ ssh 192.168.30.10 Last login: Tue Dec 25 20:27:27 2012 from 192.168.30.10
cell2节点配置
[xifenfei@cell2 ~]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/xifenfei/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xifenfei/.ssh/id_dsa. Your public key has been saved in /home/xifenfei/.ssh/id_dsa.pub. The key fingerprint is: 87:80:02:e1:27:b8:d0:af:c0:5f:e0:f3:5e:95:29:cb xifenfei@cell2 [xifenfei@cell2 ~]$ dcli -k -g xifenfei.txt -l xifenfei The authenticity of host '192.168.30.10 (192.168.30.10)' can't be established. RSA key fingerprint is 1b:b6:91:11:58:89:b1:6a:c6:eb:72:df:68:d4:dd:5b. Are you sure you want to continue connecting (yes/no)? yes xifenfei@192.168.30.10's password: The authenticity of host '192.168.30.20 (192.168.30.20)' can't be established. RSA key fingerprint is 1b:b6:91:11:58:89:b1:6a:c6:eb:72:df:68:d4:dd:5b. Are you sure you want to continue connecting (yes/no)? yes xifenfei@192.168.30.20's password: The authenticity of host '192.168.30.30 (192.168.30.30)' can't be established. RSA key fingerprint is 54:ea:84:ae:38:24:07:31:9f:dd:8a:8b:4b:c2:a8:fe. Are you sure you want to continue connecting (yes/no)? yes xifenfei@192.168.30.30's password: 192.168.30.10: Warning: Permanently added '192.168.30.10' (RSA) to the list of known hosts. 192.168.30.10: ssh key added 192.168.30.20: Warning: Permanently added '192.168.30.20' (RSA) to the list of known hosts. 192.168.30.20: ssh key added 192.168.30.30: Warning: Permanently added '192.168.30.30' (RSA) to the list of known hosts. 192.168.30.30: ssh key added --ssh测试 [xifenfei@cell2 ~]$ ssh 192.168.30.10 Last login: Tue Dec 25 20:11:02 2012 from 192.168.30.30 [xifenfei@cell2 ~]$ ssh 192.168.30.30 Last login: Tue Dec 25 07:53:27 2012 from cell1 [xifenfei@cell2 ~]$ ssh 192.168.30.20 Last login: Tue Dec 25 19:30:16 2012 from 192.168.30.10
ssh等效性测试汇总
--db1节点 [xifenfei@db1 ~]$ ssh 192.168.30.10 Last login: Tue Dec 25 20:30:24 2012 from 192.168.30.20 [xifenfei@db1 ~]$ ssh 192.168.30.20 Last login: Tue Dec 25 19:33:07 2012 from 192.168.30.20 [xifenfei@db1 ~]$ ssh 192.168.30.30 Last login: Tue Dec 25 07:57:56 2012 from cell2 --cell1节点 [xifenfei@cell1 ~]$ ssh 192.168.30.20 Last login: Tue Dec 25 19:34:05 2012 from 192.168.30.30 [xifenfei@cell1 ~]$ ssh 192.168.30.30 Last login: Tue Dec 25 07:59:29 2012 from 192.168.30.30 [xifenfei@cell1 ~]$ ssh 192.168.30.10 Last login: Tue Dec 25 20:33:59 2012 from 192.168.30.30 --cell2节点 [xifenfei@cell2 ~]$ ssh 192.168.30.10 Last login: Tue Dec 25 20:35:42 2012 from 192.168.30.10 [xifenfei@cell2 ~]$ ssh 192.168.30.30 Last login: Tue Dec 25 08:00:56 2012 from cell1 [xifenfei@cell2 ~]$ ssh 192.168.30.20 Last login: Tue Dec 25 19:35:31 2012 from 192.168.30.10
到此证明三个节点之间的xifenfei用户的ssh等效配置完成,实现使用dcli完成多节点ssh等效配置
整体处理思路总结
1.确定需要配置ssh用户 --第一节点 2.编辑需要配置ssh等效连接ip列表 3.ssh-keygen -t dsa 4.dcli -k -g xifenfei.txt -l xifenfei 5. for host in `cat xifenfei.txt` do scp /home/xifenfei/.ssh/id_dsa.pub ${host}:/home/xifenfei/.ssh/authorized_keys done 6.dcli -g xifenfei.txt -l xifenfei "chmod -R 700 /home/xifenfei/.ssh" 7.dcli -g xifenfei.txt -l xifenfei "chown -R xifenfei /home/xifenfei/.ssh" 8. for host in `cat xifenfei.txt` do scp /home/xifenfei/xifenfei.txt ${host}:/home/xifenfei/xifenfei.txt done --其他节点 9. ssh-keygen -t dsa 10. dcli -k -g xifenfei.txt -l xifenfei
DCLI脚本是否可以传我一份
脚本如何获取??