From 053d2a093599e1f481bdda59a803eba370ebbda2 Mon Sep 17 00:00:00 2001 From: panhongyin Date: Fri, 16 Mar 2018 17:52:02 +0800 Subject: [PATCH] =?UTF-8?q?1:=20=E6=B7=BB=E5=8A=A0=E5=AE=9E=E7=94=A8?= =?UTF-8?q?=E5=B7=A5=E5=85=B7=E9=9B=86=E7=9B=AE=E5=BD=95tools=202:=20?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0sshkey=E8=87=AA=E5=8A=A8=E5=A4=8D=E5=88=B6?= =?UTF-8?q?=E8=84=9A=E6=9C=AC=EF=BC=8C=E6=96=B9=E4=BE=BFansible=E7=9A=84?= =?UTF-8?q?=E4=BD=BF=E7=94=A8=203=EF=BC=9A=E6=B7=BB=E5=8A=A0kubectl?= =?UTF-8?q?=E8=87=AA=E5=8A=A8=E8=A1=A5=E5=85=A8=E9=85=8D=E7=BD=AE=204?= =?UTF-8?q?=EF=BC=9A=E4=BF=AE=E5=A4=8DCentOS=E7=B3=BB=E7=BB=9F=E4=B8=8Bsel?= =?UTF-8?q?inux=E9=85=8D=E7=BD=AEBUG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/prepare/tasks/main.yml | 41 ++++++++++++++----- tools/yc-ssh-key-copy.sh | 78 ++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+), 11 deletions(-) create mode 100755 tools/yc-ssh-key-copy.sh diff --git a/roles/prepare/tasks/main.yml b/roles/prepare/tasks/main.yml index f8be1f5..f0a5ff3 100644 --- a/roles/prepare/tasks/main.yml +++ b/roles/prepare/tasks/main.yml @@ -43,19 +43,38 @@ - lxcfs - lxc-common -# 删除默认安装 -- name: 删除centos默认安装 - when: ansible_distribution == "CentOS" - yum: name={{ item }} state=absent - with_items: - - firewalld - - firewalld-filesystem - - python-firewall +- block: + # 删除默认安装 + - name: 删除centos默认安装 + yum: name={{ item }} state=absent + with_items: + - firewalld + - python-firewall + - firewalld-filesystem + + - name: 安装基础软件包 + yum: name={{ item }} state=installed + with_items: + - vim + - git + - wget + - net-tools + - bash-completion + + - name: 临时关闭 selinux + shell: "setenforce 0" + failed_when: false + + - name: 永久关闭 selinux + lineinfile: + dest: /etc/selinux/config + regexp: "^SELINUX" + line: "SELINUX=disabled" -- name: 关闭 selinux - shell: "setenforce 0 && echo SELINUX=disabled > /etc/selinux/config" when: ansible_distribution == "CentOS" - ignore_errors: true + +- name: 添加 kubectl 命令自动补全 + shell: "echo 'source <(kubectl completion bash)' >> ~/.bashrc" # 设置系统参数for k8s # 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled diff --git a/tools/yc-ssh-key-copy.sh b/tools/yc-ssh-key-copy.sh new file mode 100755 index 0000000..b298b3d --- /dev/null +++ b/tools/yc-ssh-key-copy.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +#set -x + +# check args count +if test $# -ne 3; then + echo -e "\nUsage: $0 < hosts file > < username > < password >\n" + exit 1 +fi + +# check hosts file +hosts_file=$1 +if ! test -e $hosts_file; then + echo "[ERROR]: Can't find hosts file" + exit 1 +fi + +username=$2 +password=$3 + +# check sshkey file +sshkey_file=~/.ssh/id_rsa.pub +if ! test -e $sshkey_file; then + expect -c " + spawn ssh-keygen -t rsa + expect \"Enter*\" { send \"\n\"; exp_continue; } + " +fi + +# get hosts list +hosts=$(ansible -i $hosts_file all --list-hosts | awk 'NR>1') +echo "=======================================================================" +echo "hosts: " +echo "$hosts" +echo "=======================================================================" + +ssh_key_copy() +{ + # delete history + sed "/$1/d" -i ~/.ssh/known_hosts + + # start copy + expect -c " + set timeout 100 + spawn ssh-copy-id $username@$1 + expect { + \"yes/no\" { send \"yes\n\"; exp_continue; } + \"password\" { send \"$password\n\"; } + \"already exist on the remote system\" { exit 1; } + } + expect eof + " +} + +# auto sshkey pair +for host in $hosts; do + echo "=======================================================================" + + # check network + ping -i 0.2 -c 3 -W 1 $host >& /dev/null + if test $? -ne 0; then + echo "[ERROR]: Can't connect $host" + exit 1 + fi + + cat /etc/hosts | grep -v '^#' | grep $host >& /dev/null + if test $? -eq 0; then + hostaddr=$(cat /etc/hosts | grep -v '^#' | grep $host | awk '{print $1}') + hostname=$(cat /etc/hosts | grep -v '^#' | grep $host | awk '{print $2}') + + ssh_key_copy $hostaddr + ssh_key_copy $hostname + else + ssh_key_copy $host + fi + + echo "" +done