跳转至

基础配置

配置hostname

在开始 SSH 配置前,必须确保所有节点都能解析彼此的主机名。可以单个节点创建,也可以创建好了复制到各节点 

#各节点
hostnamectl set-hostname mu01
hostnamectl set-hostname cu01
hostnamectl set-hostname cu02
hostnamectl set-hostname cu03
hostnamectl set-hostname cu04
hostnamectl set-hostname cu05

#all
echo 192.168.200.1 mu01 >> /etc/hosts
echo 192.168.200.2 cu01 >> /etc/hosts
echo 192.168.200.3 cu02 >> /etc/hosts
echo 192.168.200.4 cu03 >> /etc/hosts
echo 192.168.200.5 cu04 >> /etc/hosts
echo 192.168.200.6 cu05 >> /etc/hosts

root免密登录

#管理节点
apt update
apt install expect pdsh -y


# 将你所有的节点名字写入一个文件,pdsh 会读取这个文件
cat > /root/machines <<EOF
mu01
cu01
cu02
cu03
cu04
cu05
EOF
echo 'export PDSH_RCMD_TYPE=ssh' >> ~/.bashrc
echo 'export WCOLL=/root/machines' >> ~/.bashrc
source ~/.bashrc
一般情况下,厂家会创建一个具有sudo权限的账号(test),不会直接给 root账号配置密码,此时就需要利用test账号实现各节点root免密登录 
#!/bin/bash

# ================= 1. 全局配置 =================
HOSTS="mu01 cu01 cu02 cu03 cu04 cu05"

# 中转账号信息 (test)
export TEST_USER="test"
# 使用单引号包裹,防止 @ 被解析
export TEST_PASS='35axcxfv@ygfd'
# ==============================================

# 颜色定义
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'

# 检查依赖
if ! command -v expect &> /dev/null; then
    echo -e "${RED}Error: 请先安装 expect (yum install -y expect)${NC}"
    exit 1
fi

echo -e "${GREEN}=== 第一步:准备 Login 本机环境 ===${NC}"

# 1. 确保 /etc/hosts 包含所有节点 (简单的检查)
# 这里假设你已经配置好了 hosts,如果没有,脚本后面分发出去也是空的
if ! grep -q "node01" /etc/hosts; then
    echo -e "${RED}警告: /etc/hosts 似乎不完整。建议先编辑 /etc/hosts 加上所有节点 IP。${NC}"
    read -p "是否继续? (y/n) " -n 1 -r
    echo
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then exit 1; fi
fi

# 2. 生成 SSH 自动接受指纹配置 (Config)
mkdir -p /root/.ssh
cat > /root/.ssh/config <<EOF
Host *
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null
    LogLevel QUIET
EOF
chmod 600 /root/.ssh/config

# 3. 生成 RSA 密钥 (如果没有)
if [ ! -f /root/.ssh/id_rsa ]; then
    ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa >/dev/null 2>&1
fi

# 4. 完善 authorized_keys
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
# 去重
sort -u /root/.ssh/authorized_keys -o /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys /root/.ssh/id_rsa

echo -e "${GREEN}Login 节点准备完毕。${NC}"

# ================= 2. 制作安装包 =================
echo -e "${GREEN}=== 第二步:打包 SSH 密钥和 Hosts 文件 ===${NC}"

# 创建一个临时目录来打包,防止路径混乱
WORKDIR=$(mktemp -d)
cp -r /root/.ssh $WORKDIR/ssh_dir
cp /etc/hosts $WORKDIR/hosts_file

# 创建远程安装脚本 (remote_install.sh)
# 这个脚本将在目标机器上通过 sudo 执行
cat > $WORKDIR/install.sh << 'EOF_SCRIPT'
#!/bin/bash
set -e

# 1. 部署 Hosts
mv /tmp/cluster_payload/hosts_file /etc/hosts

# 2. 部署 SSH 目录
# 备份原有目录 (可选)
[ -d /root/.ssh ] && mv /root/.ssh /root/.ssh.bak.$(date +%s)

mv /tmp/cluster_payload/ssh_dir /root/.ssh

# 3. 修正权限 (至关重要)
chown -R root:root /root/.ssh
chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_rsa
chmod 600 /root/.ssh/authorized_keys
chmod 600 /root/.ssh/config
chmod 644 /root/.ssh/id_rsa.pub

# 4. 清理
rm -rf /tmp/cluster_payload
echo "SUCCESS"
EOF_SCRIPT

# 打包
cd $WORKDIR
tar czf /tmp/cluster_setup.tar.gz ssh_dir hosts_file install.sh
rm -rf $WORKDIR

echo -e "${GREEN}安装包制作完成: /tmp/cluster_setup.tar.gz${NC}"

# ================= 3. 循环分发 =================
echo -e "${GREEN}=== 第三步:开始全网分发 (利用 zhao 账号) ===${NC}"

for HOST in $HOSTS; do
    echo "--------------------------------------------------"
    echo "正在部署: $HOST"
    export CURRENT_HOST="$HOST"

    /usr/bin/expect << 'EOF_EXPECT'

    set timeout 30
    set user $env(TEST_USER)
    set pass $env(TEST_PASS)
    set host $env(CURRENT_HOST)

    # --- A. 上传安装包 ---
    spawn scp -o StrictHostKeyChecking=no /tmp/cluster_setup.tar.gz $user@$host:/tmp/
    expect {
        -re ".*yes/no.*" { send "yes\r"; exp_continue }
        -re ".*ssword.*" { send "$pass\r" }
    }
    expect eof

    # --- B. 远程解压并执行脚本 ---
    # 命令逻辑:创建临时目录 -> 解压 -> 执行安装脚本
    set cmd "mkdir -p /tmp/cluster_payload && tar xzf /tmp/cluster_setup.tar.gz -C /tmp/cluster_payload && sudo bash /tmp/cluster_payload/install.sh"

    spawn ssh -t -o StrictHostKeyChecking=no $user@$host $cmd
    expect {
        -re ".*yes/no.*" { send "yes\r"; exp_continue }

        # 匹配 sudo 密码 (可能出现多次)
        -re ".*ssword.*" { 
            sleep 0.2
            send "$pass\r"
            exp_continue 
        }

        "SUCCESS" { puts "✅ REMOTE_SCRIPT_DONE" }
    }
    expect eof
EOF_EXPECT

done

# 清理本地包
rm -f /tmp/cluster_setup.tar.gz
unset TEST_USER TEST_PASS CURRENT_HOST

echo "=================================================="
echo -e "${GREEN}所有操作结束。开始验证全网互通...${NC}"

# ================= 4. 最终验证 =================
# 验证逻辑:Login -> Node01 -> Node02
echo "测试链: Login -> Node01 -> Node02"
RESULT=$(ssh -o ConnectTimeout=5 root@node01 "ssh -o ConnectTimeout=5 root@node02 hostname" 2>/dev/null)

if [ "$RESULT" == "node02" ]; then
    echo -e "${GREEN}🎉 恭喜!集群全网免密配置成功!${NC}"
else
    echo -e "${RED}❌ 测试失败。Node01 无法免密连接 Node02。${NC}"
    echo "请手动检查: ssh root@node01 然后 ssh root@node02"
fi

批量操作

apt install pdsh -y
本文阅读量  次
本站总访问量  次
Authors: Wind