【转】 SSH无密码登录-多节点自动化部署SHELL篇

字数 26631阅读 8815评论 0赞 1

来源：http://f.dataguru.cn/thread-19920-1-1.html

在多个节点上手动配置SSH无密码登陆是个很闹心，又容易出错的事儿。如果有毅力的话，一台一台的配置，肯定是可以的，而且
可以提高打字的速度。但是如果在成千上万台集群节点上这么干的话，估计得把人给累死啦

所以这种吃力不讨好的活儿硬逼着同学们赶紧想办法让机器帮着我们干点活儿。

终于经过长时间的失败，再失败，嘿嘿，现在大家看到的应该是可行的方案啦。
希望可以节省大家的体力，当然也算抛砖引玉，希望大家可以有集思广益，搞出更多更好的方案，耶 ~

本解决方法主要包括两个脚本： sshpass.sh和ssh4slaves。
OS: CentOS 6.3 64 bit
大家需要在每个节点上提前装好"expect"工具，我们主要靠这个兄弟干活儿......, 具体脚本里面有说明

1. sshpass.sh

#!/bin/bash
# Name : sshpass.sh
# Time : 17/09/2012
# Author : simplestone@dbinterest.com
# Purpose : For fast and easy setup of the SSH Passwordless access among all the nodes
# in a cluster.
# User : Any user you are performing the test! Better to settup a separate user from your
# working env to avoid troubles!!! "root" is used in this example, and you can change it
# via the export virable "USER=root"
# Attention: The test env is assuming that each $USER on each $HOST is usring the same password!
# And this likely makes sense as no body want to put more trouble on this.
# Usage : 1st, make sure the script has the execute permisison "chmod +x ssh_pass.sh"
# ./ssh_pass.sh password
# : 2nd, ensure the "ssh4slaves.sh" script is with ssh_pass.sh for all nodes setup!!!
# : 3rd, "expect" has to be installed on all the nodes for the SSH config
export FILELOC="/root"
export SLAVESFILE="$FILELOC/sshslaves"
export HOSTS=`cat $FILELOC/sshhosts`
export SLAVES=`cat $FILELOC/sshslaves`
export SSH4SLAVESCRIPT="$FILELOC/ssh4slaves.sh"
export MASTER=hdp01
export USER=root
export PASSWD=$1
export SSHLOC="$FILELOC/.ssh/"
export RSAFILE="$FILELOC/.ssh/id_rsa"
export RSAPUBFILE="$FILELOC/.ssh/id_rsa.pub"
export AUTHFILE="$FILELOC/.ssh/authorized_keys"
export EXPECTCHK=`rpm -qa expect | wc -l`
#
if [ $EXPECTCHK != 1 ]
then
echo ''
echo "########################################################################################"
echo "Please install the "expect" package first on all nodes to allow the script to run!!!"
echo "yum -y install expect"
echo "########################################################################################"
else
if [ -e $RSAFILE ]
then
echo "########################################################################################"
echo "Attention: This is for TEST ONLY, please fully test it before applying it to PROD"
echo "environment!!! OR you might get in trouble!!!"
echo ''
echo "BETTER TO HAVE A NEW USER FOR THE TEST TO AVOID DESTROYING YOUR ENVIRONMENT!"
echo ''
echo "Please manually delete the ssh related file on each host before executing the script!!!"
echo ''
for host in $HOSTS
do
echo "Please run command on $host: rm -rf $SSHLOC"
done
echo "########################################################################################"
else
# Just generate
for host in $HOSTS
do
if [ $host = "$MASTER" ]
then
echo ''
echo "###########################################################"
echo "Generating RSA keys for MASTER host $MASTER"
echo "###########################################################"
echo ''
expect -c "
set timeout 1
spawn ssh $USER@$host
expect "yes/no"
send -- "yesr"
expect "password:"
send -- "$PASSWDr"
expect "#"
send "ssh-keygen -t rsa -P '' -f $RSAFILEr"
expect "#"
send "ssh-copy-id -i $RSAPUBFILE $MASTERr"
expect "password:"
send -- "$PASSWDr"
expect eof
"
else
echo ''
echo "###########################################################"
echo "Generating RSA keys for all OTHER hosts..."
echo "hostname is $host"
echo "###########################################################"
echo ''
expect -c "
set timeout 1
spawn ssh $USER@$host
expect "yes/no"
send -- "yesr"
expect "password:"
send -- "$PASSWDr"
expect "#"
send "ssh-keygen -t rsa -P '' -f $RSAFILEr"
expect "#"
send "ssh-copy-id -i $RSAPUBFILE $MASTERr"
expect "yes/no"
send -- "yesr"
expect "password:"
send -- "$PASSWDr"
expect eof
"
fi
done
###
for host in $SLAVES
do
echo ''
echo "############################################################################"
echo "Copying authorized_keys to host $host from the MASTER host $MASTER..."
echo "############################################################################"
echo ''
expect -c "
set timeout 1
spawn scp $AUTHFILE "$USER@$host:$SSHLOC"
expect "password:"
send -- $PASSWDr
expect eof
"
done
#
for host in $SLAVES
do
echo ''
echo "############################################################################"
echo "Distributing the $SLAVESFILE file to slave host $host..."
echo "############################################################################"
echo ''
scp $SLAVESFILE "$host:$FILELOC"
echo ''
echo "############################################################################"
echo "Distributing the $SSH4SLAVESCRIPT script to slave host $host..."
echo "############################################################################"
echo ''
scp $SSH4SLAVESCRIPT "$host:$FILELOC"
done
for host in $SLAVES
do
echo ''
echo "############################################################################"
echo "Working on the slaves node $host to ensure no prompt for the "yes/no" question..."
echo "############################################################################"
echo ''
ssh -q $USER@$host $SSH4SLAVESCRIPT
done
### Check whether the Passwordless ssh works ###
for host in $HOSTS
do
echo ''
echo "############################################################################"
echo "Check whether the Passwordless SSH works for $host..."
echo "############################################################################"
echo ''
ssh $host uname -a && date
done
fi
fi

复制代码

2.ssh4slaves

#!/bin/bash
# Name : ssh4slaves.sh
# Time : 17/09/2012
# Author : simplestone@dbinterest.com
# Purpose : For fast and easy setup of the SSH Passwordless access among all the slave nodes
# in a cluster. Mainly to ensure no prompt for "yes/no" again!!!
# User : Any user you are performing the test! Better to settup a separate user from your
# working env to avoid troubles!!! "root" is used in this example, and you can change it
# via the export virable "USER=root"
# Attention: The test env is assuming that each $USER on each $HOST is usring the same password!
# And this likely makes sense as no body want to put more trouble on this.
# Usage : This script is called by the main script "ssh_pass.sh"
# 1st, make sure the script has the execute permisison "chmod +x ssh4slaves.sh" before
# distributing it to other slaves node.
# 2nd, Remember to change variable "PASSWORD" before start the main script "sshpass.sh"
export FILELOC="/root"
export SLAVES=`cat $FILELOC/sshslaves`
export USER=root
export PASSWD=stonetest
for host in $SLAVES
do
echo ''
echo "Ensure ssh passwordless works among all slave nodes..."
echo ''
expect -c "
set timeout 1
spawn ssh $USER@$host
expect "yes/no"
send -- "yesr"
expect eof
"
done

复制代码

3. 其他配置

[root@hdp01 ~]# pwd
/root
[root@hdp01 ~]# cat sshhosts
hdp01
hdp02
hdp03
[root@hdp01 ~]# cat sshslaves
hdp02
hdp03
[root@hdp01 ~]# ls -lrth | tail -2
-rwxr-xr-x 1 root root 1.3K Sep 18 02:08 ssh4slaves.sh
-rwxr-xr-x 1 root root 6.5K Sep 18 02:11 ssh_pass.sh

复制代码

4. 测试输出

[root@hdp01 ~]# ./ssh_pass.sh stonetest
###########################################################
Generating RSA keys for MASTER host hdp01
###########################################################
spawn ssh root@hdp01
The authenticity of host 'hdp01 (192.168.1.121)' can't be established.
RSA key fingerprint is 23:fa:69:0b:a5:b0:c2:80:13:13:ba:2b:7d:b1:5b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hdp01,192.168.1.121' (RSA) to the list of known hosts.
root@hdp01's password:
Last login: Tue Sep 18 02:09:29 2012 from hdp02.dbinterest.local
[root@hdp01 ~]# ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
3a:c3:98:b3:e4:39:fa:fe:87:c6:22:90:16:57:4e:47 root@hdp01.dbinterest.local
The key's randomart image is:
+--[ RSA 2048]----+
| .E |
| o . |
| + . |
| . . . |
| .o S |
|o. + . |
|.. =.=. |
| .oo++o. |
| .=*=.. |
+-----------------+
[root@hdp01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub hdp01
root@hdp01's password:
Now try logging into the machine, with "ssh 'hdp01'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@hdp01 ~]#
###########################################################
Generating RSA keys for all OTHER hosts...
hostname is hdp02
###########################################################
spawn ssh root@hdp02
The authenticity of host 'hdp02 (192.168.1.122)' can't be established.
RSA key fingerprint is 23:fa:69:0b:a5:b0:c2:80:13:13:ba:2b:7d:b1:5b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hdp02,192.168.1.122' (RSA) to the list of known hosts.
root@hdp02's password:
Last login: Tue Sep 18 02:09:23 2012 from hdp02.dbinterest.local
[root@hdp02 ~]# ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a9:89:fe:40:8a:8e:21:55:da:3b:6b:68:4f:3e:8f:fc root@hdp02.dbinterest.local
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| + . |
| o o S |
| o o o o |
|+ ..* o |
|+.o=o= |
|.o oB=E |
+-----------------+
[root@hdp02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub hdp01
The authenticity of host 'hdp01 (192.168.1.121)' can't be established.
RSA key fingerprint is 23:fa:69:0b:a5:b0:c2:80:13:13:ba:2b:7d:b1:5b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hdp01,192.168.1.121' (RSA) to the list of known hosts.
root@hdp01's password:
Now try logging into the machine, with "ssh 'hdp01'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
###########################################################
Generating RSA keys for all OTHER hosts...
hostname is hdp03
###########################################################
spawn ssh root@hdp03
The authenticity of host 'hdp03 (192.168.1.123)' can't be established.
RSA key fingerprint is 23:fa:69:0b:a5:b0:c2:80:13:13:ba:2b:7d:b1:5b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hdp03,192.168.1.123' (RSA) to the list of known hosts.
root@hdp03's password:
Last login: Tue Sep 18 02:09:19 2012 from hdp02.dbinterest.local
[root@hdp03 ~]# ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a4:3d:dd:54:42:c0:45:ec:ed:ae:d6:bd:14:a0:9b:16 root@hdp03.dbinterest.local
The key's randomart image is:
+--[ RSA 2048]----+
| ..*= . |
| . .o |
| . ..o |
| + . oo o |
| . S .E.. . |
| . + . .|
| + o o |
| . . + .|
| ... ..|
+-----------------+
[root@hdp03 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub hdp01
The authenticity of host 'hdp01 (192.168.1.121)' can't be established.
RSA key fingerprint is 23:fa:69:0b:a5:b0:c2:80:13:13:ba:2b:7d:b1:5b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hdp01,192.168.1.121' (RSA) to the list of known hosts.
root@hdp01's password:
Now try logging into the machine, with "ssh 'hdp01'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@hdp03 ~]#
############################################################################
Copying authorized_keys to host hdp02 from the MASTER host hdp01...
############################################################################
spawn scp /root/.ssh/authorized_keys root@hdp02:/root/.ssh/
root@hdp02's password:
authorized_keys 100% 1227 1.2KB/s 00:00
############################################################################
Copying authorized_keys to host hdp03 from the MASTER host hdp01...
############################################################################
spawn scp /root/.ssh/authorized_keys root@hdp03:/root/.ssh/
root@hdp03's password:
authorized_keys 100% 1227 1.2KB/s 00:00
############################################################################
Distributing the /root/sshslaves file to slave host hdp02...
############################################################################
sshslaves 100% 12 0.0KB/s 00:00
############################################################################
Distributing the /root/ssh4slaves.sh script to slave host hdp02...
############################################################################
ssh4slaves.sh 100% 1277 1.3KB/s 00:00
############################################################################
Distributing the /root/sshslaves file to slave host hdp03...
############################################################################
sshslaves 100% 12 0.0KB/s 00:00
############################################################################
Distributing the /root/ssh4slaves.sh script to slave host hdp03...
############################################################################
ssh4slaves.sh 100% 1277 1.3KB/s 00:00
############################################################################
Working on the slaves node hdp02 to ensure no prompt for the yes/no question...
############################################################################
Ensure ssh passwordless works among all slave nodes...
spawn ssh root@hdp02
The authenticity of host 'hdp02 (192.168.1.122)' can't be established.
RSA key fingerprint is 23:fa:69:0b:a5:b0:c2:80:13:13:ba:2b:7d:b1:5b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hdp02,192.168.1.122' (RSA) to the list of known hosts.
Last login: Tue Sep 18 02:11:54 2012 from hdp01.dbinterest.local
[root@hdp02 ~]#
Ensure ssh passwordless works among all slave nodes...
spawn ssh root@hdp03
The authenticity of host 'hdp03 (192.168.1.123)' can't be established.
RSA key fingerprint is 23:fa:69:0b:a5:b0:c2:80:13:13:ba:2b:7d:b1:5b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hdp03,192.168.1.123' (RSA) to the list of known hosts.
Last login: Tue Sep 18 02:11:55 2012 from hdp01.dbinterest.local
[root@hdp03 ~]#
############################################################################
Working on the slaves node hdp03 to ensure no prompt for the yes/no question...
############################################################################
Ensure ssh passwordless works among all slave nodes...
spawn ssh root@hdp02
The authenticity of host 'hdp02 (192.168.1.122)' can't be established.
RSA key fingerprint is 23:fa:69:0b:a5:b0:c2:80:13:13:ba:2b:7d:b1:5b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hdp02,192.168.1.122' (RSA) to the list of known hosts.
Last login: Tue Sep 18 02:11:58 2012 from hdp02.dbinterest.local
[root@hdp02 ~]#
Ensure ssh passwordless works among all slave nodes...
spawn ssh root@hdp03
The authenticity of host 'hdp03 (192.168.1.123)' can't be established.
RSA key fingerprint is 23:fa:69:0b:a5:b0:c2:80:13:13:ba:2b:7d:b1:5b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hdp03,192.168.1.123' (RSA) to the list of known hosts.
Last login: Tue Sep 18 02:11:59 2012 from hdp02.dbinterest.local
############################################################################
Check whether the Passwordless SSH works for hdp01...
############################################################################
Linux hdp01.dbinterest.local 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Tue Sep 18 02:12:05 PDT 2012
############################################################################
Check whether the Passwordless SSH works for hdp02...
############################################################################
Linux hdp02.dbinterest.local 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Tue Sep 18 02:12:05 PDT 2012
############################################################################
Check whether the Passwordless SSH works for hdp03...
############################################################################
Linux hdp03.dbinterest.local 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Tue Sep 18 02:12:06 PDT 2012

复制代码

5. 其他节点测试

[root@hdp02 ~]#
[root@hdp02 ~]# ssh hdp02
Last login: Tue Sep 18 02:12:00 2012 from hdp03.dbinterest.local
[root@hdp02 ~]# exit
logout
Connection to hdp02 closed.
[root@hdp02 ~]# ssh hdp03
Last login: Tue Sep 18 02:12:02 2012 from hdp03.dbinterest.local
[root@hdp03 ~]# exit
logout
Connection to hdp03 closed.
[root@hdp02 ~]#
----------
[root@hdp03 ~]#
[root@hdp03 ~]# ssh hdp01
Last login: Tue Sep 18 02:12:22 2012 from hdp02.dbinterest.local
[root@hdp01 ~]# exit
logout
Connection to hdp01 closed.
[root@hdp03 ~]# ssh hdp02
Last login: Tue Sep 18 02:12:25 2012 from hdp02.dbinterest.local
[root@hdp02 ~]# exit
logout
Connection to hdp02 closed.
[root@hdp03 ~]# ssh hdp03
Last login: Tue Sep 18 02:12:30 2012 from hdp02.dbinterest.local
[root@hdp03 ~]# exit
logout
Connection to hdp03 closed.
[root@hdp03 ~]#

复制代码

sshconfig.zip

自动化

著作权归作者所有

如果觉得我的文章对您有用，请点赞。您的支持将鼓励我继续创作！

添加新评论0 条评论

Ctrl+Enter 发表

匿名评论

【转】 SSH无密码登录-多节点自动化部署SHELL篇

添加新评论0 条评论

作者其他文章

相关文章

相关资料