目前在企业网络中越来越多的出现Linux服务器,而如何方便高效的管理大量的Linux服务器是系统管理员非常关心的一个问题。现在有大量的开源管理工具,可以实现这样的管理工具,现在给大家介绍一个通过命令行有效地管理大量Linux的工具---dsh。
dsh是专为在远程系统上运行Shell命令设计的,通过dsh可以简化对大量计算机的操作。dsh命令语法如下:
dsh [-m machinename | -a | -g groupname] [-f machinefile] [-M] [-q] [--wait-shell]--commandline
dsh官网
~dancer/software/dsh.html.en
一.安装脚本
==========================================================
#!/bin/bash
wget ~dancer/software/downloads/libdshconfig-0.20.9.tar.gz
tar zxvf libdshconfig-0.20.9.tar.gz
cd libdshconfig-0.20.9
./configure
make && make install
wget ~dancer/software/downloads/dsh-0.25.9.tar.gz
tar zxvf dsh-0.25.9.tar.gz
cd dsh-0.25.9
./configure
make && make install
ln -s /usr/local/lib/libdshconfig.so.1 /lib/
==========================================================
[root@httpd2 ~]# which dsh
/usr/local/bin/dsh
二.参数说明
[root@httpd2 ~]# dsh -h
Distributed Shell / Dancer's shell version 0.25.9
Copyright 2001-2005 Junichi Uekawa,
distributed under the terms and conditions of GPL version 2
-v --verbose Verbose output 详细模式输出
-q --quiet Quiet 安静模式输出
-M --show-machine-names Prepend the host name on output 显示结果前面显示被控制主机的hostname
-H --hide-machine-names Do not prepend host name on output 不显示主机名(default)
-i --duplicate-input Duplicate input given to dsh
-b --bufsize Change buffer size used in input duplication
-m --machine [machinename] Execute on machine 主机名
-n --num-topology How to divide the machines
-a --all Execute on all machines 主机列表,默认列表在/root/.dsh/machines.list
-g --group [groupname] Execute on group member 指定主机名组,主机名组在/root/.dsh/group/
-f --file [file] Use the file as list of machines 选择主机列表
-r --remoteshell [shellname] Execute using shell (rsh/ssh) 指定远程工具,默认为rsh,采用544端口,用的时候指定为ssh
-o --remoteshellopt [option] Option to give to shell
-h --help Give out this message
-w --wait-shell Sequentially execute shell 在默认情况下,dsh并行地运行命令.但如果希望顺序地运行命令需指定-w
-c --concurrent-shell Execute shell concurrently
-F --forklimit [fork limit] Concurrent with limit on number
-V --version Give out version information
-- 在此符号之前的是dsh的命令参数,在些符号之后的是要在被控制主机上执行的命令
三.应用分析
编写被控制主机列表
# cat /root/.dsh/machines.list
192.168.0.29
192.168.0.31
192.168.0.33
编写被控制组主机列表
# cat /root/.dsh/group/ha
192.168.0.29
192.168.0.31
例子:
现在批量控制服务器,还是要输入密码的
[root@httpd2 ~]# dsh -M -r ssh -a -q -- df -h 控制主机
192.168.0.29: Address 192.168.0.29 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.0.29's password:
192.168.0.29: Filesystem Size Used Avail Use% Mounted on
192.168.0.29: /dev/sda3 143G 16G 119G 12% /
192.168.0.29: /dev/sda1 190M 11M 170M 7% /boot
192.168.0.29: tmpfs 1.5G 0 1.5G 0% /dev/shm
192.168.0.31: Address 192.168.0.31 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.0.31's password:
192.168.0.31: Filesystem Size Used Avail Use% Mounted on
192.168.0.31: /dev/sda3 71G 47G 21G 70% /
192.168.0.31: /dev/sda1 190M 11M 170M 7% /boot
192.168.0.31: tmpfs 1.3G 0 1.3G 0% /dev/shm
192.168.0.33: Address 192.168.0.33 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.0.33's password:
192.168.0.33: Filesystem Size Used Avail Use% Mounted on
192.168.0.33: /dev/sda3 143G 3.2G 132G 3% /
192.168.0.33: /dev/sda1 190M 11M 170M 7% /boot
192.168.0.33: tmpfs 501M 0 501M 0% /dev/shm
192.168.0.33: /dev/sdb1 917G 74G 797G 9% /file_server
192.168.0.33: /file_server/targtime/OperateSystem/Linux/RHEL-5.3.iso
192.168.0.33: 2.9G 2.9G 0 100% /mnt
[root@httpd2 group]# dsh -r ssh -g ha -- df -h 控制组
Address 192.168.0.29 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.0.29's password:
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 143G 16G 119G 12% /
/dev/sda1 190M 11M 170M 7% /boot
tmpfs 1.5G 0 1.5G 0% /dev/shm
Address 192.168.0.31 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.0.31's password:
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 71G 47G 21G 70% /
/dev/sda1 190M 11M 170M 7% /boot
tmpfs 1.3G 0 1.3G 0% /dev/shm
==========================================================
四.SSH的无密码登录
实现原理
使用一种被称为"公私钥"认证的方式来进行ssh登录. "公私钥"认证方式简单的解释是首先在客户端上创建一对公私钥 (公钥文件~/.ssh/id_rsa.pub; 私钥文件:~/.ssh/id_rsa)然后把公钥放到服务器上(~/.ssh/authorized_keys), 自己保留好私钥当ssh登录时,ssh程序会发送私钥去和服务器上的公钥做匹配.如果匹配成功就可以登录了
1.生成公私钥
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): 为了达到无密码登录,这里不输入任何的东西,如果输入了数据,则登录的时候就要输入现在的数据
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
8c:87:51:0c:05:e4:4a:6c:74:5f:eb:01:70:47:ea:ab root@httpd2.com
2.将生成的公钥发送到要控制的服务器的/root/.ssh/下
# scp /root/.ssh/id_rsa.pub 192.168.0.29:/root/.ssh/authorized_keys
Address 192.168.0.29 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.0.29's password:
id_rsa.pub 100% 397 0.4KB/s 00:00
3.实验无密码登录
# ssh 192.168.0.29
Address 192.168.0.29 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Last login: Thu Apr 14 15:07:40 2011 from 192.168.2.90
==========================================================
五.再次dsh访问已经添加了无密码访问的机器,不用输入密码了
# dsh -r ssh -g ha -- df -h
Address 192.168.0.29 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 143G 16G 119G 12% /
/dev/sda1 190M 11M 170M 7% /boot
tmpfs 1.5G 0 1.5G 0% /dev/shm
Address 192.168.0.31 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 71G 47G 21G 70% /
/dev/sda1 190M 11M 170M 7% /boot
tmpfs 1.3G 0 1.3G 0% /dev/shm
本文参考:
