OPS - add pubkey to the server with script
2015-09-01 20:13
393 查看
use env
在OPS的过程中,会面临一种状况,我们的中控机的pubkey如何添加到所有服务器.Hadoop提交的用户账户依赖于入口机或者调度系统的Slave节点里面的user account,如何设置大量这些user允许jenkins远程访问. 而且这些user account可能特别多.
本篇blog提供了一个简单的思路.
command
# 在Hadoop的client里面,就是需要将pubkey放入文件的服务器里,采用ROOT账户. # 每台,服务器里面采用allow方式禁止远程登录 ./addkey.sh useraccount jenkins@jenkinsServerName jenkinsip aRsyncServer
script following
#!/bin/bash #set -x #IFS=$'\n' # add key for identify username # get the username name=$1;echo "Your target name is: $name" # jenkins@jenkinsServerName keyname=$2 # jenkinsip keyip=$3 # XXX::d/server/key.XX.XX keyfile=$4 echo $name echo $keyname echo $keyip echo $keyfile #exit 0 #homedir="123" # get the workdir #for line in `cat /etc/passwd` #cat /etc/passwd | while read line for line in $(cat /etc/passwd) do #echo $line nameinfile=`echo $line | awk -F: '{print $1}'` homeinfile=`echo $line | awk -F: '{print $6}'` #echo -n $nameinfile " " #echo -n $homeinfile " " if [[ $name = $nameinfile ]];then homedir="$homeinfile" break fi done echo "homedir: $homedir" # get the authorized_keys if [[ -n $homedir ]];then if [[ $name = "root" ]];then targetDir="$homedir/.ssh/" targetFile="authorized_keys2" else targetDir="$homedir/.ssh/" targetFile="authorized_keys" fi fi echo "TargetDir: $targetDir" echo "TargetFile: $targetFile" if [ -n $targetDir -a -n $targetFile ];then #if [ -n $targetDir -a -n $abc ];then echo "都存在" fi # insert key timeNow=`date +%Y%m%d%H%M%S` # 准备目录 #if [ -d $targetDir ];then # echo "targetDir exist." #else mkdir $targetDir chown $name $targetDir chmod 700 $targetDir touch $targetDir/$targetFile chown $name $targetDir/$targetFile chmod 600 $targetDir/$targetFile #fi rsync -avzP $keyfile /tmp/pubkey.txt cd $targetDir && touch $targetFile && cp $targetFile $targetFile.bak${timeNow} && sed -i "/$keyname/d" $targetFile && cat /tmp/pubkey.txt >> $targetFile # 确保有services_hosts_allow cd /etc && touch hosts.allow && cp hosts.allow hosts.allow.bak${timeNow} && chattr -i -a hosts.allow && sed -i '/services_hosts_allow/d' hosts.allow && echo 'sshd:/etc/services_hosts_allow' >> hosts.allow # insert src ip cd /etc touch services_hosts_allow if [ -f "services_hosts_allow" ] then echo "发现目标文件" targetAllowFile="services_hosts_allow" targetAllowLine="sshd:$keyip" cd /etc && cp $targetAllowFile $targetAllowFile.bak${timeNow} && touch $targetAllowFile && chattr -i -a $targetAllowFile ; sed -i "/$targetAllowLine/d" $targetAllowFile; echo $targetAllowLine >> $targetAllowFile else targetAllowFile="hosts.allow" targetAllowLine="sshd:$keyip" cd /etc && cp $targetAllowFile $targetAllowFile.bak${timeNow} && touch $targetAllowFile && chattr -i -a $targetAllowFile && sed -i "/$targetAllowLine/d" $targetAllowFile; echo $targetAllowLine >> $targetAllowFile fi
相关文章推荐
- Mac(10.10.4) 下安装idea+部署tomcat+maven
- logrotate机制及与监控结合测试
- 003-spark名词和架构介绍
- 用Python实现基本排序算法04——Shell排序
- Shell下不能使用Tab补全命令的原因
- Hadoop学习笔记(十八)---Hive内部表,外部表,分区表,桶表
- Linux下Tomcat的启动和停止(包括杀死tomcat进程)
- Hadoop学习3_在HADOOP集群中添加节点和删除节点
- Android基本架构
- Linux下gbk-utf8文件和目录下所有文件转码
- CentOS6.6源码编译升级GCC至4.8.2
- Awk中调用shell命令
- hadoop异常:虚拟机上搭建分布式集群org.apache.hadoop.ipc.Client: Retrying connect to server
- VIM配置笔记(cscope+NERDTree)
- php使用cookie显示用户上次访问网站日期的方法
- linux常用命令(17):whereis命令
- tomcat环境变量配置
- WordPress网站使用301转向实现网站迁移
- 软工之软件维护
- linux常用命令(16):which命令