前言:
由於線上服務器密碼長久沒有更新,現領導要求批量更換密碼。線上的之前部署過salt,但由於各種因素沒有正常使用。
使用自動化工具批量修改的計划擱淺了,后來領導給了個python多線程修改密碼腳本。但實際測試效果並不理想,會出現卡住情況
#!/usr/bin/python import paramiko#ssh連接模塊 import time,sys,re,os import socket import threading,Queue#線程模塊 root_cmd = r''' 這里輸入你要執行的命令 ''' user_cmd = r''' echo '' ''' issu = 1 root_pwd='你要修改的root密碼' login_user = '普通用戶名' key_file = '/home/.ssh/id_rsa'#普通用戶key sshport = 22#端口 time_out = 60 #超時時間 Numer_Thread = 300#最大線程數(根據主機數量修改) q = Queue.Queue()#線程隊列 socket.setdefaulttimeout(time_out) lock = threading.RLock()#線程鎖(同時只允許一個線程執行動作) onlydir = dir() def sshgo(host,rootuser,rootpwd): rtn = [] key = paramiko.RSAKey.from_private_key_file(key_file) ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.load_system_host_keys() rtn.append('________________________________%s'%host) try: ssh.connect(host,sshport,login_user,pkey=key) except Exception,e: rtn.append('%s__ERROR_________________________%s'%(e,host)) return rtn if 'user_cmd' in onlydir: stdin, stdout, stderr = ssh.exec_command('LANG=en_US.UTF-8;LANGUAGE=en_US.UTF-8; %s'%user_cmd) rtn.append(stdout.read() + stdout.read()) #rtn.append(stdout.read() + stderr.read()) if not issu: #return rtn return "",(rtn) shell = ssh.invoke_shell() while not shell.recv(4096).endswith(']$ '): time.sleep(0.1) buff ='' shell.send('LANG=en_US.UTF-8;LANGUAGE=en_US.UTF-8;su - %s'%rootuser) shell.send('\n') while not buff.endswith('Password: '): time.sleep(0.1) resp = shell.recv(4096) buff += resp if buff.endswith('exist') or buff.endswith(']$ '): rtn.append('ERROR_SSH.RECV_____1________________%s'% resp) return rtn buff ='' shell.send(root_pwd) shell.send('\n') while not buff.endswith(']# '): time.sleep(0.1) resp = shell.recv(4096) buff += resp if buff.endswith('password') or buff.endswith(']$ '): rtn.append('ERROR_SSH.RECV_____2________________%s'% resp) return rtn shell.send('LANG=en_US.UTF-8;LANGUAGE=en_US.UTF-8; %s '%root_cmd) shell.send('\n') buff = '' while not buff.endswith(']# '): time.sleep(0.1) resp = shell.recv(4096) buff += resp if buff.endswith(']$ '): rtn.append('ERROR_SSH.RECV_____3________________%s'% resp) break elif buff.endswith('? '): rtn.append('ERROR_SSH.RECV_____4________________??') break #print buff #rtn= (''.join(rtn)).strip()+" "+host rtn.append('\n'.join(buff.split('\n')[1:-1])) ssh.close() return "",(rtn) #return rtn def do_echo(host,rootuser,rootpwd): result = sshgo(host,rootuser,rootpwd) lock.acquire() for pp in result: print pp print sys.stdout.flush() lock.release() def working(): while 1: args = q.get() do_echo(args[0],args[1],args[2]) q.task_done() for i in range (Numer_Thread): t = threading.Thread(target=working) t.setDaemon(1) t.start() print "Begin......" fn = open("/var/tmp/169" ,"r") #fn = open("/tmp/1.log" ,"r") for i in fn: if not re.match('#',i) and re.search('.',i): c = i.split() q_args = [c[0],'',''] #q_args = [c[0],c[1],c[2]] q.put(q_args) fn.close() q.join()
后來想到了不需要安裝客戶端的自動化管理工具:ansible 好吧那就查下相關資料吧
1.安裝ansible
yum -y install ansible
2.修改主機配置文件
vim /etc/ansible/hosts
[web]#主機組
10.18.111.123 ansible_ssh_user=usernam ansible_ssh_private_key_file=/home/maintain/username/.ssh/id_rsa
192.168.1.1 ansible_become_pass='password' ansible_ssh_user=username ansible_ssh_private_key_file=/home/maintain/username/.ssh/id_rsa
配置得了root密碼,及普通用戶和相應的key,這樣做其實並不理想,1:不安全2:配置復雜點。后續可以使用ansible的playbook實現
2.切換普通用戶執行命令
ansible web -S -R root -m raw -a 'echo '需要修改的root密碼' | passwd --stdin root'
