In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
IT company enterprise batch distribution\ management solution:
1. A scheme for the most basic use of SSHKEY keys for small and medium-sized enterprises.
two。 Portal PUPPET (complex), required by large enterprises
3. SALTSTACK batch Management (lightweight)
Principles of operation and maintenance: simple, easy to use and efficient
Use SSHKEY scheme to realize password-free login principle:
The requestor has its own generated public key and private key, and the public key is distributed to each client, and the password-free login is realized when the requester connects these clients.
Key classification: DSA and RSA keys
Enter ssh-keygen-t dsa in nfs-server and enter all the way to generate a key pair.
Check the ~ / .ssh directory
Id_dsa is the private key. Id_dsa.pub is the public key.
Public key replication:
If the number is small, it can be satisfied directly with the following command. If there are hundreds, it is recommended to use expect.
Ssh-copy-id-I id_dsa.pub oldgirl@192.168.24.21
By default, port 22 of ssh is used for transmission. If it has been modified, you can add port-p to specify it, for example:
Some of the following functions can be implemented using password-free transfer of files, etc. Some scripts can be executed through this implementation
Do the same thing through a loop:
In which the hosts in the command sh fenfa.sh hosts is assigned to $1
Add, if there is no parameter ($#) to report an error message.
If the number of parameters $# is less than 1, prompt, where $0 represents the name of the script
Realize the effect
Summary of SSH batch distribution and management scheme:
1. Using root to do ssh key Verification
Advantages: simple and easy to use
Disadvantages: poor security, and can not disable root remote connection to this feature.
Enterprise applications: 80% of SMEs.
two。 Use ordinary users such as oldgirl to do it.
The idea is to first copy the files to the server user's home directory, and then sudo takes the right to copy the distributed files to the corresponding permissions directory.
Pros: safety. There is no need to stop the root remote connection feature.
Disadvantages: troublesome configuration
3. Just like scenario 2, except that instead of using sudo, you set suid to authorize fixed commands
Advantages: relative security
Disadvantages: complex, poor security. Anyone can handle commands with suid privileges.
In pursuit of simplicity, choose 1
In pursuit of security, choose 2.
The same function is relatively advanced: puppet,saltstack.
2 practical operation of the solution: #! / bin/sh
. / etc/init.d/functions
If [$#-ne 2]
Then
Echo "USAGE:$0 LOCALFILE REMOTEFILE"
Exit 1
Fi
For n in 21 25 32
Do
Scp-P22-r $1 oldgirl@192.168.24.$n:~ & > / dev/null & &
Ssh-t oldgirl@192.168.24.$n sudo rsync $1 $2 & > / dev/null
If [$?-eq 0]
Then
Action "fenfa $1 ok" / bin/true
Else
Action "fenfa $1 ok" / bin/false
Fi
Done
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.