OPS - add pubkey to the server with script

use env

在OPS的过程中,会面临一种状况,我们的中控机的pubkey如何添加到所有服务器.

Hadoop提交的用户账户依赖于入口机或者调度系统的Slave节点里面的user account,如何设置大量这些user允许jenkins远程访问. 而且这些user account可能特别多.

本篇blog提供了一个简单的思路.

command

# 在Hadoop的client里面,就是需要将pubkey放入文件的服务器里,采用ROOT账户.
# 每台,服务器里面采用allow方式禁止远程登录
./addkey.sh useraccount jenkins@jenkinsServerName jenkinsip aRsyncServer

script following

#!/bin/bash

#set -x
#IFS=$'\n'
# add key for identify username

# get the username
name=$1;echo "Your target name is: $name"

# jenkins@jenkinsServerName
keyname=$2

# jenkinsip
keyip=$3

# XXX::d/server/key.XX.XX
keyfile=$4

echo $name
echo $keyname
echo $keyip
echo $keyfile
#exit 0

#homedir="123"

# get the workdir
#for line in `cat /etc/passwd`
#cat /etc/passwd | while read line
for line in $(cat /etc/passwd)
do
#echo $line
nameinfile=`echo $line | awk -F: '{print $1}'`
homeinfile=`echo $line | awk -F: '{print $6}'`
#echo -n $nameinfile " "
#echo -n $homeinfile " "
if [[ $name = $nameinfile ]];then
homedir="$homeinfile"
break
fi
done
echo "homedir: $homedir"

# get the authorized_keys
if [[ -n $homedir ]];then
if [[ $name = "root" ]];then
targetDir="$homedir/.ssh/"
targetFile="authorized_keys2"
else
targetDir="$homedir/.ssh/"
targetFile="authorized_keys"
fi
fi
echo "TargetDir: $targetDir"
echo "TargetFile: $targetFile"

if [ -n $targetDir -a -n $targetFile ];then
#if [ -n $targetDir -a -n $abc ];then
echo "都存在"
fi

# insert key
timeNow=`date +%Y%m%d%H%M%S`
# 准备目录
#if [ -d $targetDir ];then
#    echo "targetDir exist."
#else
mkdir $targetDir
chown $name $targetDir
chmod 700 $targetDir
touch $targetDir/$targetFile
chown $name $targetDir/$targetFile
chmod 600 $targetDir/$targetFile
#fi

rsync -avzP $keyfile /tmp/pubkey.txt
cd $targetDir && touch $targetFile &&  cp $targetFile $targetFile.bak${timeNow} && sed -i "/$keyname/d" $targetFile && cat /tmp/pubkey.txt >> $targetFile

# 确保有services_hosts_allow
cd /etc && touch hosts.allow && cp hosts.allow hosts.allow.bak${timeNow} && chattr -i -a hosts.allow && sed -i '/services_hosts_allow/d' hosts.allow && echo 'sshd:/etc/services_hosts_allow' >> hosts.allow

# insert src ip
cd /etc
touch services_hosts_allow
if [ -f "services_hosts_allow" ]
then
echo "发现目标文件"
targetAllowFile="services_hosts_allow"
targetAllowLine="sshd:$keyip"
cd /etc && cp $targetAllowFile $targetAllowFile.bak${timeNow} && touch $targetAllowFile && chattr -i -a $targetAllowFile ; sed -i "/$targetAllowLine/d" $targetAllowFile; echo $targetAllowLine >> $targetAllowFile
else
targetAllowFile="hosts.allow"
targetAllowLine="sshd:$keyip"
cd /etc && cp $targetAllowFile $targetAllowFile.bak${timeNow} && touch $targetAllowFile && chattr -i -a $targetAllowFile && sed -i "/$targetAllowLine/d" $targetAllowFile; echo $targetAllowLine >> $targetAllowFile
fi