데이터 엔지니어( 실습 정리 )
ssh-keygen 자동화 스크립트
세용용용용
2024. 7. 1. 13:05
수정일 : 24-07-01(앤서블 설치 스크립트 추가)
0. /data/work/system_download.txt
[server_ip]|192.168.56.10|192.168.56.11|192.168.56.12|192.168.56.13|192.168.56.14사전 준비
- 각 서버 sudo passwd root
- 각 서버 apt-get update -y
- 각 서버 apt-get install expect -y
- ansible
IT 자동화 도구로, 서버 설정, 애플리케이션 배포, 설정 관리 및 기타 IT 작업을 자동화하는 데 사용
0. expect 설치 및 앤서블 설치(/data/work/ssh_keygen_auto_zero.sh)
#!/usr/bin/bash
ip_file="/data/work/system_download.txt"
ip_array=($(cat ${ip_file} | grep server_ip | awk -F '|' '{for(i=2; i<=NF; i++) print $i}'))
len_array=${#ip_array[@]}
# 모든 ip 돌며 root 비번 설정
for ((i=0; i<len_array; i++));
do
current_ip=${ip_array[$i]}
echo "작업중 서버 ${current_ip}"
sudo /usr/bin/expect << EOD
spawn ssh ${current_ip} "apt update -y"
expect {
"*yes/no*" {
send "yes\r"
exp_continue
}
"*assword:" {
send "nds1101\r"
exp_continue
}
eof
}
EOD
sleep 2
sudo /usr/bin/expect << EOD
spawn ssh ${current_ip} "apt install ansible -y"
expect {
"*yes/no*" {
send "yes\r"
exp_continue
}
"*assword:" {
send "nds1101\r"
exp_continue
}
eof
}
EOD
sleep 2
done1. ssh-keygen 배포(/data/work/ssh_keygen_auto_first.sh)
#!/usr/bin/bash
ip_file="/data/work/system_download.txt"
ip_array=($(cat ${ip_file} | grep server_ip | awk -F '|' '{for(i=2; i<=NF; i++) print $i}'))
len_array=${#ip_array[@]}
# ip 돌며 키젠 받기
for ((i=0; i<len_array; i++));
do
current_ip=${ip_array[$i]}
sudo /usr/bin/expect << EOD
spawn ssh ${current_ip} "ssh-keygen -t rsa -b 2048 -N '' -f /root/.ssh/id_rsa"
expect {
"*yes/no*" {
send "yes\r"
exp_continue
}
"*assword:" {
send "nds1101\r"
exp_continue
}
"*Overwrite*" {
send "y\r"
exp_continue
}
eof
}
EOD
sleep 2
done
2. /etc/hosts 스크립트(/data/work/hosts_set_auto.sh)
#!/usr/bin/bash
ip_file="/data/work/system_download.txt"
ip_array=($(cat ${ip_file} | grep server_ip | awk -F '|' '{for(i=2; i<=NF; i++) print $i}'))
len_array=${#ip_array[@]}
# /etc/hosts 빈 파일 만들기
truncate -s 0 /etc/hosts
# ip를 돌며 /etc/hosts 만들기
for ((i=0; i<len_array; i++)); do
current_ip=${ip_array[$i]}
echo "작업중 ip ${current_ip}"
etc_host_name=$(expect -c "
spawn ssh ${current_ip} \"hostname\"
expect \"*password*\"
send \"nds1101\r\"
expect eof
" | tail -n 1)
cleaned_ip_host=$(echo -e ${current_ip} ${etc_host_name} | sed 's/\r//g')
echo ${cleaned_ip_host} >> /etc/hosts
sleep 2
done
echo "127.0.0.1 localhost" >> /etc/hosts
# /etc/hosts 파일 각 서버로 scp
for ((si=1; si<len_array; si++)); do
ssh_ip=${ip_array[$si]}
echo $ssh_ip
sudo /usr/bin/expect << EOD
spawn scp /etc/hosts ${ssh_ip}:/etc/hosts
expect "*password*"
send "nds1101\r"
sleep 2
expect eof
EOD
done
3. ssh_keygen 스크립트 (/data/work/ssh_keygen_auto_second.sh)
#!/usr/bin/bash
ip_file="/data/work/system_download.txt"
ssh_home="/root/.ssh"
ip_array=($(cat ${ip_file} | grep server_ip | awk -F '|' '{for(i=2; i<=NF; i++) print $i}'))
len_array=${#ip_array[@]}
rs_id=$(cat ${ssh_home}/id_rsa.pub)
echo ${rs_id} >> ${ssh_home}/authorized_keys
dt_ip=${ip_array[0]}
echo $dt_ip
for ((i=1; i<len_array; i++));
do
sudo /usr/bin/expect << EOD
spawn scp ${ssh_home}/authorized_keys root@${ip_array[$i]}:${ssh_home}/authorized_keys
expect {
"*yes/no*" {
send "yes\r"
exp_continue
}
"*assword:" {
send "nds1101\r"
exp_continue
}
"*Overwrite*" {
send "y\r"
exp_continue
}
eof
}
EOD
done
3. authorized_keys 만들기(/data/work/ssh_keygen_auto_three.sh)
#!/usr/bin/bash
ip_file="/data/work/system_download.txt"
ssh_home="/root/.ssh"
ip_array=($(cat ${ip_file} | grep server_ip | awk -F '|' '{for(i=2; i<=NF; i++) print $i}'))
len_array=${#ip_array[@]}
# 현재 ip와 다음ip 출력
for ((i=1; i<len_array; i++));
do
current_ip=${ip_array[$i]}
if (( i < len_array - 1 )); then
next_ip=${ip_array[$i+1]}
else
next_ip='no_field'
fi
sudo /usr/bin/expect << EOD
spawn ssh ${current_ip} "cat ${ssh_home}/id_rsa.pub >> ${ssh_home}/authorized_keys"
expect {
"*yes/no*" {
send "yes\r"
exp_continue
}
"*assword:" {
send "nds1101\r"
exp_continue
}
"*Overwrite*" {
send "y\r"
exp_continue
}
eof
}
EOD
sleep 2
sudo /usr/bin/expect << EOD
spawn scp root@${current_ip}:${ssh_home}/authorized_keys root@${next_ip}:${ssh_home}/authorized_keys
expect {
"*yes/no*" {
send "yes\r"
exp_continue
}
"*assword:" {
send "nds1101\r"
exp_continue
}
"*Overwrite*" {
send "y\r"
exp_continue
}
eof
}
EOD
sleep 2
done
4. authorized_keys 모든서버 복사 (/data/work/ssh_keygen_auto_four.sh)
#!/usr/bin/bash
ip_file="/data/work/system_download.txt"
ssh_home="/root/.ssh"
ip_array=($(cat ${ip_file} | grep server_ip | awk -F '|' '{for(i=2; i<=NF; i++) print $i}'))
len_array=${#ip_array[@]}
source_ip=${ip_array[-1]}
echo $source_ip
for ((i=${len_array}-2; i>=0; i--));
do
dest_ip=${ip_array[$i]}
echo $dest_ip
sudo /usr/bin/expect << EOD
spawn scp root@${source_ip}:${ssh_home}/authorized_keys root@${dest_ip}:${ssh_home}/authorized_keys
expect {
"*yes/no*" {
send "yes\r"
exp_continue
}
"*assword:" {
send "nds1101\r"
exp_continue
}
"*Overwrite*" {
send "y\r"
exp_continue
}
eof
}
EOD
sleep 2
done
5. 최종 proc (/data/work/ssh_keygen_auto_proc.sh)
#!/usr/bin/bash
echo "[`date`] Time_Stamp : ssh-keygen auto Start...."
echo "[`date`] Time_Stamp : ansible 설치 Start...."
/data/work/ssh_keygen_auto_zero.sh
echo "[`date`] Time_Stamp : ansible 설치 End...."; echo "";
echo "[`date`] Time_Stamp : ssh-keygen 배포 Start...."
/data/work/ssh_keygen_auto_first.sh
echo "[`date`] Time_Stamp : ssh-keygen 배포 End...."; echo "";
echo "[`date`] Time_Stamp : /etc/hosts 만들기 Start...."
/data/work/hosts_set_auto.sh
echo "[`date`] Time_Stamp : /etc/hosts 만들기 End...."; echo "";
echo "[`date`] Time_Stamp : ssh-keygen scp_rsa_id Start...."
/data/work/ssh_keygen_auto_second.sh
echo "[`date`] Time_Stamp : ssh-keygen scp_rsa_id End...."; echo "";
echo "[`date`] Time_Stamp : authorized_keys 만들기 Start...."
/data/work/ssh_keygen_auto_three.sh
echo "[`date`] Time_Stamp : authorized_keys 만들기 End...."; echo "";
echo "[`date`] Time_Stamp : authorized_keys 모든서버 배포 Start...."
/data/work/ssh_keygen_auto_four.sh
echo "[`date`] Time_Stamp : authorized_keys 모든서버 배포 End...."; echo "";
echo "[`date`] Time_Stamp : ssh-keygen auto End...."
6. ansible 설치 확인
#!/usr/bin/bash
ip_file="/data/work/system_download.txt"
ip_array=($(cat ${ip_file} | grep server_ip | awk -F '|' '{for(i=2; i<=NF; i++) print $i}'))
len_array=${#ip_array[@]}
# 현재 ip와 다음ip 출력
for ((i=0; i<len_array; i++));
do
current_ip=${ip_array[$i]}
echo "------ansible check ${current_ip}------------"
ssh ${current_ip} "ansible --version"
echo "--------------------------------------"; echo"";
done