Expect是互動性很強的腳本語言,可以幫助運維人員實作批量管理成千上百台伺服器操作,是一款很實用的批量部署工具!Expect依賴于tcl,而linux系統裡一般不自帶安裝tcl,是以需要手動安裝。下面記錄下Expect的安裝部署及使用過程:
1. 安裝部署Expect
下載下傳:expect-5.43.0.tar和tcl8.4.11-src.tar
下載下傳位址:https://pan.baidu.com/s/1kVyeLt9
提取密碼:af9p
将expect和tcl的軟體包下載下傳放到/usr/local/src目錄下
1)解壓tcl,進入tcl解壓目錄,然後進入unix目錄進行編譯安裝
[root@xw4 src]# tar -zvxf tcl8.4.11-src.tar.gz
[root@xw4 src]# cd tcl8.4.11/unix
[root@xw4 unix]# ./configure
[root@xw4 unix]# make && make install
2)安裝expect
[root@xw4 src]# tar -zvxf expect-5.43.0.tar.gz
[root@xw4 src]# cd expect-5.43.0
[root@xw4 expect-5.43.0]# ./configure --with-tclinclude=/usr/local/src/tcl8.4.11/generic --with-tclconfig=/usr/local/lib/
[root@xw4 expect-5.43.0]# make && make install
3)安裝完成後進行測試
[root@xw4 ~]# expect
expect1.1>
expect1.1>
2. Expect使用示例1
從本機自動登入到遠端機器192.168.1.200(端口是22,密碼是:PASSWORD),登入到遠端機器後做以下幾個操作:
1. useradd wangshibo
2. mkdir /opt/test
3. exit自動退出
1) 腳本内容如下
[root@xw4 tmp]# cat test-ssh.sh
#!/bin/bash
passwd='PASSWORD'
/usr/local/bin/expect <<-EOF
set time 30
spawn ssh -p22 [email protected]
expect {
"*yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$passwd\r" }
}
expect "*#"
send "useradd wangshibo\r"
expect "*#"
send "mkdir /opt/test\r"
expect "*#"
send "exit\r"
interact
expect eof
EOF
執行腳本, 發現登入到遠端主機192.168.1.201後确實自動執行了上面三個操作:
[root@xw4 tmp]# chmod 755 test.sh
[root@xw4 tmp]# sh test.sh
spawn ssh -p22 [email protected]
[email protected]'s password:
Last login: Fri Sep 23 16:21:20 2016 from 192.168.1.23
[root@vm-002 ~]# useradd wangshibo
[root@vm-002 ~]# mkdir /opt/test
[root@xw4 tmp]#
###########################################################################
上面示例如果隻是想實作自動登陸目的,登陸機器後不做操作。則腳本隻需改成下面即可:
[root@xw4 tmp]# cat test.sh
[root@xw4 tmp]# cat test.sh
#!/bin/bash
passwd='PASSWORD'
/usr/local/bin/expect <<-EOF
set time 30
spawn ssh -p22 [email protected]
expect {
"*yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$passwd\r" }
}
expect eof
EOF
執行腳本:
[root@xw4 tmp]# sh test.sh
[root@xw4 tmp]# sh test.sh
spawn ssh -p22 [email protected]
[email protected]'s password:
Last login: Fri Sep 23 16:21:20 2016 from 192.168.1.23
[root@vm-002 ~]#
##########################################################
如上示例隻實作自動登入目的,如果使用expect腳本,則寫法如下:
[root@xw4 tmp]# cat test
#!/bin/expect
set timeout 30
spawn ssh -p22 [email protected]
expect "*password:"
send "PASSWORD\r"
interact
執行腳本:
[root@xw4 tmp]# chmod 755 test
[root@xw4 tmp]#./test
###########################
需要注意:
spawn後面跟的是操作動作,比如登陸機器後執行uptime,即:
# spawn ssh -p22 [email protected] "uptime" 2. Expect使用示例2
在部署無密碼通路時, 手工建立ssh互信需要好幾個步驟,并且中途人工互動(輸入密碼等),如果機器數目多,則很繁瑣!下面方法用于自動化生成authorized_keys, 免去了手工操作。具體思路:利用expect編寫sshkey.exp在遠端主機上生成id_rsa,并重定向到本地;在利用noscp.exp.把檔案複制到遠端主機。
1)檢視expect安裝後的路徑是:
[root@xw4 ~]# which expect
/usr/local/bin/expect
2)做個expect執行檔案的軟體
[root@xw4 ~]# ln -s /usr/local/bin/expect /usr/bin/expect
[root@xw4 ~]# ll /usr/bin/expect
3)編寫expect腳本:sshkey.exp和noscp.exp
[root@xw4 ~]# cat sshkey.exp
#!/usr/bin/expect
#sshkey.exp
if {$argc<3} {
puts stderr "Usage: $argv0 host user passwd "
exit 1
}
set host [ lindex $argv 0 ]
set user [ lindex $argv 1 ]
set pwd [ lindex $argv 2 ]
set timeout 30
#spawn ssh ${user}@${host} "rm -rf ~/.ssh/id_rsa*"
#
#expect {
# "*yes/no" { send "yes\r"; exp_continue }
# "*password:" { send "$pwd\r"; exp_continue }
#}
spawn ssh ${user}@${host} "ssh-keygen -t rsa" #如果ssh端口是非22,比如22222,那麼這一行的ssh後面添加"-p22222"
expect {
"*yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$pwd\r"; exp_continue }
"Enter file in which to save the key*" { send "\n\r"; exp_continue }
"Overwrite*" { send "y\n"; exp_continue }
"Enter passphrase (empty for no passphrase):" { send "\n\r"; exp_continue }
"Enter same passphrase again:" { send "\n\r" }
}
spawn ssh ${user}@${host} "cat ~/.ssh/id_rsa.pub" #如果ssh端口是非22,比如22222,那麼這一行的ssh後面添加"-p22222"
expect {
"*yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$pwd\r" }
}
expect eof
#############################################################
[root@xw4 ~]# cat noscp.exp
#!/usr/bin/expect
#noscp.exp
if {$argc<4} {
puts stderr "Usage: $argv0 localfile remotefile user passwd "
exit 1
}
set localfile [ lindex $argv 0 ]
set remotefile [ lindex $argv 1 ]
set user [ lindex $argv 2 ]
set pwd [ lindex $argv 3 ]
set timeout 30
spawn scp ${localfile} ${user}@${remotefile} #如果ssh端口是非22,那麼這一行裡面的scp後面添加"-P 22222"
expect {
"*yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$pwd\r" }
}
expect eof
4)對上面兩個腳本授執行權限
[root@xw4 ~]# chmod 755 sshkey.exp
[root@xw4 ~]# chmod 755 noscp.exp
這兩個腳本檔案用法:
# ./sshkey.exp 主機名 使用者名 密碼 #在遠端主機生成id_rsa
# ./noscp.exp 本地檔案 遠端路徑 遠端使用者密碼 #無密碼拷貝檔案
5)驗證
[root@xw4 ~]# ./sshkey.exp 192.168.1.201 root PASSWORD |grep ssh-rsa >> ~/.ssh/authorized_keys
[root@xw4 ~]# ./noscp.exp ~/.ssh/authorized_keys 192.168.1.201:~/.ssh root PASSWORD
spawn scp /root/.ssh/authorized_keys [email protected]:~/.ssh
[email protected]'s password:
authorized_keys
這樣,就能無密碼登陸了!
[root@xw4 ~]# ssh 192.168.1.201
Last login: Fri Sep 23 18:33:21 2016 from 192.168.1.7
[root@vm-002 ~]#
######## 上面示例2中,如果是多台機器的話,可以結合shell腳本進行批量執行 ########
[root@xw4 ~]# cat /root/ip.list
192.168.1.100
192.168.1.101
192.168.1.102
192.168.1.103
192.168.1.104
......
......
[root@xw4 ~]# cat sshkey.sh
#!/bin/bash
for ip in `cat /root/ip.list`
do
/root/sshkey.exp $ip root PASSWORD |grep ssh-rsa >> ~/.ssh/authorized_keys
/root/noscp.exp ~/.ssh/authorized_keys $ip:~/.ssh root PASSWORD
done
[root@xw4 ~]# sh -x sshkey.sh
######## 貼一個簡單的expect跳轉腳本 ########
localhost:huan kevin$ cat jump
#!/usr/bin/expect
set timeout 30
spawn /usr/bin/ssh -p 2200 -l wangshibo 111.133.132.144
expect "password:"
send "shai3raesh2Uici\r"
interact
localhost:huan kevin$ ./jump
spawn /usr/bin/ssh -p 2200 -l wangshibo 111.133.132.144
[email protected]'s password:
Last login: Fri Oct 13 16:43:13 2017 from 210.12.101.146
Welcome to aliyun Elastic Compute Service!
[wangshibo@sh-sre-man01 ~]$ *************** 當你發現自己的才華撐不起野心時,就請安靜下來學習吧!***************