最新消息:

自动化运维基础实例解析-Python批量登录到服务器执行任务

python admin 4419浏览 0评论

开发背景:
根据信息系统安全等级保护的要求,需要对IDC所有数据库服务器进行安全检查,以确认服务器的安全设置是否符合等级保护要求,需要在所有数据库服务器上执行以下命令:

[root@aikaiyuan ~]#  wget http://www.aikaiyuan.com/tools/check.sh
[root@aikaiyuan ~]#  bash check.sh

对于目前现状,我们总共目前约有mysql数据库约60台左右,加上oracle数据库会更多,如果通过单一的登录到每个数据库服务器执行,效率是非常低的,所以写了一个批量执行的Python脚本。该脚本会读取一个定义好的服务器列表和命令列表,然后利用了python的多进程特性,每个服务器一个独立进程,自动登录到对应的服务器,运行相应的脚本。登录认证方式包括密码登录和密钥登录,如果定义了密钥,则脚本会使用密钥登录,否则则使用密码登录。该脚本比较通用,在自动化监控和运维过程中比较实用,下面将对脚本做简单的分析。

代码解析:
该脚本共有两个文件,linux_batch_command.py和linux_servers.list。linux_batch_command.py用于执行自动登录和运行脚本。linux_servers.list用于定义主机列表。

linux_batch_command.py代码如下:需要执行的命令定义在cmds=‘’‘ ’‘’里面,需要执行多个命令用,分隔。timeout用于定义登录服务器和执行脚本的超时时间,运行时间比较长的话该值请修改的比较大些。

#!//bin/env python
#ssh_cmd_ver2.py
#coding:utf-8
import pexpect
import os, sys, string, time, datetime, traceback;
from multiprocessing import Process;

cmds= '''cd /tmp && wget http://www.aikaiyuan.com/tools/check.sh && bash check.sh'''

def ssh_cmd(ip,port,user,keyfile,passwd,cmd):
    if keyfile <> '':
        ssh = pexpect.spawn('ssh -p%s -i %s %s@%s "%s"' % (port,keyfile, user, ip, cmd))

        try:
            i = ssh.expect(["Enter passphrase for key '"+keyfile+"': ", 'continue connecting (yes/no)?'],timeout=60)
            if i == 0 :
                ssh.sendline(passwd)
                r = ssh.read()
            elif i == 1:
               ssh.sendline('yesn')
               ssh.expect("Enter passphrase for key '"+keyfile+"': ")
               ssh.sendline(passwd)
               r = ssh.read()
        except pexpect.EOF:
            ssh.close()
            r=ip+":EOF"
        except pexpect.TIMEOUT:
            #ssh.close()
            r="ip:TIMEOUT"
        return r

    else:
        ssh = pexpect.spawn('ssh -p%s %s@%s "%s"' % (port, user, ip, cmd))
        try:
            i = ssh.expect(['password: ', 'continue connecting (yes/no)?'],timeout=60)
            if i == 0 :
                ssh.sendline(passwd)
                r = ssh.read()
            elif i == 1:
                ssh.sendline('yesn')
                ssh.expect('password: ')
                ssh.sendline(passwd)
                r = ssh.read()
        except pexpect.EOF:
            ssh.close()
            r="EOF"
        except pexpect.TIMEOUT:
            #ssh.close()
            r="TIMEOUT"
        return r

def job_task(ip,port,user,keyfile,passwd):
    for cmd in cmds.split(","):
        r=ssh_cmd(ip,port,user,keyfile,passwd,cmd)
        print r

def main():
    print("%s: controller started." % (time.strftime('%Y-%m-%d %H:%M:%S', time.localtime()),));
    hosts = open('./linux_servers.list');
    plist = []
    for host in hosts:
        if host:
            ip,port,user,keyfile,passwd = host.split(":")
            p = Process(target = job_task, args = (ip,port,user,keyfile,passwd))
            plist.append(p)
            #print plist
            p.start();
    for p in plist:
        p.join();
    print("%s: controller finished." % (time.strftime('%Y-%m-%d %H:%M:%S', time.localtime()),))

if __name__=='__main__':
    main()

linux_servers.list文件内容如下:

该文件里面定义需要登录执行命令的服务器,示例如下,每个服务器以单独行写在文件里面,第一行为密码登录的服务器格式示例,第二行为密码方式登录的服务器格式示例,定义好服务器后执行脚本,脚本会根据定义的格式自动选择登录方式

[root@aikaiyuan servers]# cat linux_servers.list
192.168.1.10:22:aikaiyuan:/home/aikaiyuan/.ssh/id_rsa:keypasswd
192.168.1.11:22:root::passwd

执行脚本,查看运行结果:

执行命令后,在终端会返回每个机器的执行输出结果,如果某个主机执行有异常则会输出EOF,执行超时则会输出数据TIMEOUT.

[root@aikaiyuan servers]# ./linux_batch_command.py

******************** 检查是否开启X-Window系统 *************************************************
[ OK ] 检查通过
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0

******************** 检查系统关机热键是否启用 ***********************************
[ FAILED ] 系统关机热键已启用
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0

******************** 检查是否禁止root用户远程登录 ****************************************
grep: /etc/ssh/sshd_config: Permission denied
[ FAILED ] PermitRootLogin 未设置
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0

******************** 检查历史命令缓存 ************************************
[ FAILED ] HISTFILESIZE 未设置
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0
[ FAILED ] HISTSIZE 设置不当(参考值30),当前值为: 1000
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0

******************** 检查umask **********************************************
[ FAILED ] UMASK设置不当,当前值为: 0002
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0

******************** 检查主机信任关系 *****************************************
find: /home/caojie: Permission denied
find: /home/zabbix: Permission denied
find: /home/liyong: Permission denied
find: /home/willy: Permission denied
find: /home/oracle: Permission denied
find: /home/liuyang: Permission denied
find: /home/lost+found: Permission denied
find: /home/nagios: Permission denied
find: /home/lengzhenguo: Permission denied
find: /home/mysql: Permission denied
[ OK ] 检查通过
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0

******************** 检查进程、内存资源访问限制 ***********************
[ FAILED ] HARD CORE设置不当,当前值为: unlimited
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0
[ FAILED ] HARD RSS 未设置
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0
[ FAILED ] HARD NPROC设置不当,当前值为: 131072
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0

******************** 检查su命令限制 **********************************
auth sufficient pam_rootok.so auth include system-auth
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0

******************** 检查sudoer账户 *********************************************
grep: /etc/sudoers: Permission denied

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0

******************** 检查SUID权限文件 ***********************************************
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1519 0 0 100 1519 0 2026 –:–:– –:–:– –:–:– 3273

转载请注明:爱开源 » 自动化运维基础实例解析-Python批量登录到服务器执行任务

您必须 登录 才能发表评论!