nfs与秘钥认证及ansible

nfs网络文件系统

存储用户文字图片等

1.服务端 nfs 和客户端 backup都执行

yum install -y nfs-utils rpcbind

2.nfs01 服务端 启动

[root@nfs01 ~]# systemctl start rpcbind.service

rpcinfo 查看服务端 rpc注册信息

[root@nfs01 ~]# rpcinfo -p 172.16.1.31 
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
[root@nfs01 ~]# systemctl start nfs
[root@nfs01 ~]# rpcinfo -p 172.16.1.31 
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  40871  status
    100024    1   tcp  45792  status
    100005    1   udp  20048  mountd
    100005    1   tcp  20048  mountd
    100005    2   udp  20048  mountd
    100005    2   tcp  20048  mountd
    100005    3   udp  20048  mountd
    100005    3   tcp  20048  mountd
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100227    3   udp   2049  nfs_acl
    100021    1   udp  43184  nlockmgr
    100021    3   udp  43184  nlockmgr
    100021    4   udp  43184  nlockmgr
    100021    1   tcp  45464  nlockmgr
    100021    3   tcp  45464  nlockmgr
    100021    4   tcp  45464  nlockmgr

showmount 显示nfs共享的目录

[root@nfs01 ~]# showmount -e 172.16.1.31
Export list for 172.16.1.31:

nfs配置文件
[root@nfs01 ~]# ll /etc/exports
-rw-r--r--. 1 root root 0 Jun 7 2013 /etc/exports

3.修改配置文件

[root@nfs01 ~]# cat  /etc/exports
#share /data
/data   172.16.1.0/24(rw,sync)

4.创建共享目录并修改用户

[root@nfs01 ~]# mkdir -p /data
[root@nfs01 ~]# chown nfsnobody.nfsnobody /data/

5.平滑重启nfs服务并查看挂载列表

[root@nfs01 ~]# systemctl reload nfs 
[root@nfs01 ~]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data 172.16.1.0/24

6.客户端进行挂载 backup(web01) 进行挂载

mkdir -p /app/uploads
把nfs挂载到 web01或backup的 /app/uploads目录

注意:nfs配置文件说明
/etc/exports

share /data

/data #要共享的目录 10.0.0.0/24 #同网段服务器 (rw,sync)

sersync实时备份

批量管理

xshell
ssh秘钥认证
pssh
ansible

ssh密钥认证

1.生成秘钥对
[root@m01 ~]# ssh-keygen  -t dsa 
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:BeZUGU9/fkZ2ImnZndlmlxRnQ+iWVyghFlmlzGx6nXY root@m01
The key's randomart image is:
+---[DSA 1024]----+
|        +.**+o+*+|
|       + ooB.BooO|
|        . . &.=+%|
|         . + * @o|
|        S . o = E|
|           . . o.|
|                 |
|                 |
|                 |
+----[SHA256]-----+
[root@m01 ~]# ll /root/.ssh/
total 8
-rw------- 1 root root 672 Jan 20 16:41 id_dsa
-rw-r--r-- 1 root root 598 Jan 20 16:41 id_dsa.pub
2.发出公钥
#把公钥发出去 
[root@m01 ~]# ssh-copy-id  -i /root/.ssh/id_dsa.pub   root@172.16.1.41
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
The authenticity of host '172.16.1.41 (172.16.1.41)' can't be established.
ECDSA key fingerprint is SHA256:qI7TJf59/RPaLxO+x7DZN88pU7WFjuZ2yYpPKvJmicg.
ECDSA key fingerprint is MD5:af:2a:5a:5e:f9:d1:83:1e:e6:17:bc:a8:6d:0b:c4:e5.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.41's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@172.16.1.41'"
and check to make sure that only the key(s) you wanted were added.

3.使用sshpass工具批量创建并分发
下载sshpass
yum install -y sshpass

[10:43 root@m01 ~]# vim  /server/scripts/fenfa.sh
#!/bin/bash
#make key pair  \\创建秘钥
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
#fenfa public key  \\分发秘钥
for ip in 7 41 31
do
 sshpass -p123456   ssh-copy-id -o StrictHostKeyChecking=no 172.16.1.$ip
done

命令说明:
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
ssh-keygen:生成密钥对命令
-t:指定密钥对的密码加密类型(rsa,dsa两种)
-f:指定密钥对文件的生成路径包含文件名
-P(大写):指定密钥对的密码
sshpass -p123456 ssh-copy-id -o StrictHostKeyChecking=no 172.16.1.$ip
sshpass:专为ssh连接服务的免交户工具
-p :指定登录的密码
ssh-copy-id:自动分发公钥的工具
-i:指定公钥路径
-o StrictHostKeyChecking=no :不进行对方主机信息的写入(第一次ssh连接会在know_hosts文件里记录)

ansible 批量管理工具

[root@m01 ~]# rpm -ql ansible|head
/etc/ansible #安装目录
/etc/ansible/ansible.cfg #配置文件(可修改端口号)
/etc/ansible/hosts #管理列表

cat /etc/ansible/hosts
## db-[99:101]-node.example.com
[gcy] #可分组写入要控制的服务器的ip
172.16.1.7
172.16.1.31
172.16.1.41

测试是否可连通

[root@m01 ~]# ansible gcy -m  ping
172.16.1.31 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.16.1.41 | SUCCESS => {
    "changed": false, 
    "ping": "pong"

/etc/ansible/roles

command模块 执行些简单的命令 (默认的模块)无法解析特殊符号
指定命令模块使用命令

[root@m01 ~]# ansible oldboy -m command -a "hostname"
172.16.1.31 | CHANGED | rc=0 >>
nfs01

172.16.1.41 | CHANGED | rc=0 >>
backup

shell模块 类似commad模块但可以解析特殊符号

[root@m01 ~]# ansible gcy -m shell -a "hostname >>hostname.txt"
172.16.1.41 | CHANGED | rc=0 >>
172.16.1.31 | CHANGED | rc=0 >>

copy模块
把本地文件复制到管理的服务器上
格式:ansible 组或ip -m(module) copy -a(使用命令时的参数) "src(从哪个位置来的)=所要传输复制的内容 dest(到哪个位置去)=所要放置的目录"

[root@m01 ~]# ansible gcy -m copy -a "src=hostname.txt dest=/root"
172.16.1.41 | CHANGED => {
    "changed": true, 
    "checksum": "a84ec8c5eb8c58dce565b78d981a852d7c73c3f5", 
    "dest": "/root/hostname.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "785c47968ae9a7d01a8e397aa318fe77", 
    "mode": "0644", 
    "owner": "root", 
    "size": 9, 
    "src": "/root/.ansible/tmp/ansible-tmp-1560045173.67-19416520751018/source", 
    "state": "file", 
    "uid": 0
}
172.16.1.31 | CHANGED => {
    "changed": true, 
    "checksum": "a84ec8c5eb8c58dce565b78d981a852d7c73c3f5", 
    "dest": "/root/hostname.txt", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "785c47968ae9a7d01a8e397aa318fe77", 
    "mode": "0644", 
    "owner": "root", 
    "size": 9, 
    "src": "/root/.ansible/tmp/ansible-tmp-1560045173.65-253992318364824/source", 
    "state": "file", 
    "uid": 0
}

scirpt模块 相当于copy+shell模块,可直接把本地脚本传输到要远程的服务器上并直接执行脚本

[root@m01 ~]# ansible gcy -m script -a "/server/scripts/yum.sh"

cron 定时任务模块
每天晚上12点整 打包备份 /etc目录到 /tmp下面
crontab -e === vi /var/spool/cron/root
正常时写:00 00 * * * tar zcf /tmp/etc.tar.gz /etc >/dev/null 2>&1
使用ansible写定时任务的格式:

ansible all -m cron  -a 'name="backup etc" minute=00 hour=00  job="tar zcf /tmp/etc.tar.gz /etc >/dev/null  2>&1" state=present'

ansible下的playbook剧本

注意剧本的格式

[root@m01 ansible]# cat  01-show.yml
---
  - hosts: all
    tasks:
      - name: show hostname
        command: hostname

[root@m01 ansible]# ansible-playbook 01-show.yml 执行剧本命令

定时任务剧本

[root@m01 ansible]# cat  02-cron.yml
---
  - hosts: all
    tasks:
      - name: add cron
        cron: name="backup etc" minute=00 hour=00  job="tar zcf /tmp/etc.tar.gz /etc >/dev/null  2>&1" state=present
剧本中使用变量
[root@m01 ansible]# cat  03-touch.yml
---
  - hosts: all
    vars:
      file: oldboy.txt
      dir:  /root/
    tasks:
      - name: touch file
        file: path={{dir}}/{{file}} state=touch
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
【社区内容提示】社区部分内容疑似由AI辅助生成,浏览时请结合常识与多方信息审慎甄别。
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

相关阅读更多精彩内容

友情链接更多精彩内容