linuxea:变量实值与文件变量替换 我知道这个主题已经过时了，但我有一个需求需要来做，当我收集了这些后发现非常有趣，我觉得可以将这些记录下来，这是非常棒的一件事。我们将环境变量中的变量实际值通过几种方式替换到文件中环境变量，假如我的环境变量如下：[root@linuxea ~]$ env version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80我的test.conf文件中的环境变量如下：我需要实现的目的是：如果变量存在就替换，如果不存在就使用默认值USER ${USER:-nginx}; server_name ${SERVER_NAME:-linuxea.com}; listen ${NGINX_PORT:-88}; root ${WWWPATH:-/var/www/html}; access ${access:-/var/logs/www.log};第一种方式[root@linuxea ~]$ ( echo "cat <<EOF" ; cat test.conf ; echo EOF ) | sh USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access /var/logs/www.log;如果是在shell脚本中，它看起来像：#!/bin/sh cat > FILE <<EOF USER ${USER:-nginx}; server_name ${SERVER_NAME:-linuxea.com}; listen ${NGINX_PORT:-88}; root ${WWWPATH:-/var/www/html}; access ${access:-/var/logs/www.log}; EOF或者这样[root@linuxea ~]$ eval "echo \"$(cat test.conf)\"" USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access /var/logs/www.log;如果ENV的这些值在文件中，则可以这样[root@linuxea ~]$ cat .env version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80如：[root@linuxea ~]$ (. .env && eval "echo \"$(cat test.conf)\"") USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access /var/logs/www.log;或者直接进行替换[root@linuxea ~]$ envsubst < .env > test.conf [root@linuxea ~]$ cat test.conf version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80第二种方式如果test.conf文件中仅仅只是变量，如：[root@linuxea ~]$ cat test.conf USER $USER; server_name $SERVER_NAME; listen $NGINX_PORT; root $WWWPATH; access $access;替换的方式则可以如下进行：全部替换1：变量为空，则会替换为空[root@linuxea ~]$ envsubst < test.conf USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access ;[root@linuxea ~]$ perl -pe 's/\$(\{)?([a-zA-Z_]\w*)(?(1)\})/$ENV{$2}/g' < test.conf USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access ;全部替换2：变量不存在，则不替换[root@linuxea ~]$ perl -pe 's/\$([_A-Z]+)/$ENV{$1}/g' < test.conf USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access $access;部分替换倘若我只想替换指定的$NGINX_PORT,$SERVER_NAME的变量，而不是所有的，则可以将被替换的单引号引起来，如下：[root@linuxea ~]$ envsubst '$NGINX_PORT,$SERVER_NAME' < test.conf USER $USER; server_name meftp.linuxea.com; listen 80; root $WWWPATH; access $access;如果有多个可以换行，如:[root@linuxea ~]$ envsubst '$NGINX_PORT, $SERVER_NAME' < test.conf USER $USER; server_name meftp.linuxea.com; listen 80; root $WWWPATH; access $access;也可以使用反斜杠：[root@linuxea ~]$ envsubst \$NGINX_PORT,\$SERVER_NAME < test.conf USER $USER; server_name meftp.linuxea.com; listen 80; root $WWWPATH; access $access精确声明替换当在使用一些系统敏感的变量替换的时候就会出现问题， 由此我们可以使用envsubst SHELL_FORMAT参数限制要在输入中替换的变量字符串（避免输入中的字符串意外替换为常见的shell变量值 - 例如$ HOME）。此刻我.env文件中有HOME变量=linuxea.com，如下：[root@linuxea ~]$ cat .env version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80 HOME=linuxea.com而系统中的$HOME[root@linuxea ~]$ echo $HOME /root使用envsubst SHELL_FORMAT[root@linuxea ~]$ envsubst "$HOME" < .env > test.conf [root@linuxea ~]$ cat test.conf version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80 HOME=linuxea.com如果你有多个，可以envsubst "$HOME,$HOSTNAME" < .env > test.conf 延伸阅读：https://unix.stackexchange.com/questions/294835/replace-environment-variables-in-a-file-with-their-actual-values https://unix.stackexchange.com/questions/294378/replacing-only-specific-variables-with-envsubst https://www.gnu.org/software/gettext/manual/html_node/envsubst-Invocation.html https://www.gnu.org/software/gettext/manual/gettext.html#sh_002dformat https://stackoverflow.com/questions/14155596/how-to-substitute-shell-variables-in-complex-text-files

ssh使用root拉取和批量执行命令 1，文件分发，批量命令执行2，拉取文件SSH配置文件！GSSAPIAuthentication noUseDNS nossh-copy-id -i .ssh/id_dsa.pub 如果不是22端口ssh-copy-id -i "-p 2222 linuxea@nfs"指定用户做分发：在做之前，通常我们不适用root远程登录，在本次案例中使用root，和非root提权[root@NFS-server ~]# useradd linuxea [root@NFS-server ~]# su - linuxea [linuxea@NFS-server ~]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/linuxea/.ssh/id_dsa): Created directory '/home/linuxea/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/linuxea/.ssh/id_dsa. Your public key has been saved in /home/linuxea/.ssh/id_dsa.pub. The key fingerprint is: 1b:3c:32:ee:fa:7e:b7:b5:84:83:42:14:7c:f8:28:f7 linuxea@NFS-server The key's randomart image is: +--[ DSA 1024]----+ | ... | | o.. | | .+ | | ..o.. | | o+.S | | o oE= . | | o o o o | | . .. .+ . | | .++. .... | +-----------------+ [linuxea@NFS-server ~]$ ls -l .ssh/ total 8 -rw------- 1 linuxea linuxea 672 Dec 26 01:59 id_dsa---------私钥 -rw-r--r-- 1 linuxea linuxea 608 Dec 26 01:59 id_dsa.pub-----公钥 [linuxea@NFS-server ~]$ 如果端口不是22：则ssh-copy-id -i id_dsa.pub "ip 2222 root@10.0.0.54"[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub root@10.0.0.54 The authenticity of host '10.0.0.54 (10.0.0.54)' can't be established. RSA key fingerprint is b8:e2:26:b5:fb:b4:42:31:11:f8:15:45:71:0b:68:61. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.54' (RSA) to the list of known hosts. root@10.0.0.54's password: Now try logging into the machine, with "ssh 'root@10.0.0.54'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [linuxea@NFS-server ~]$ 当我们面对小规模时候，使用linux复制一些文件，如hosts，如dns文件都可以使用这样的方式进行发送当把秘钥已经做好了，就可以发送这些文件，可以单台，也可以多台单台：[linuxea@NFS-server ~]$ scp -P22 /etc/hosts root@10.0.0.55 多台写个简单脚本即可！[linuxea@NFS-server ~]$ vim hosts.sh scp -P22 /etc/hosts root@10.0.0.51 echo ===================================== scp -P22 /etc/hosts root@10.0.0.52 echo ===================================== scp -P22 /etc/hosts root@10.0.0.53 echo ===================================== scp -P22 /etc/hosts root@10.0.0.55 [linuxea@NFS-server ~]$ sh hosts.sh 也可以这样：写一个脚本，运行时输入需要复制的文件或目录，，并且打印出结果！如下：如果不输入内容则输出结果！[linuxea@NFS-server ~]$ vim hosts.sh #!/bin/sh . /etc/init.d/functions if [ $# -ne 1 ] then echo "USAGE:$0 {FILE NAME|DIR NAME}" exit 1 fi for n in 53 54 55 do scp -P22 -r $1 root@10.0.0.$n:~ &>/dev/null if [ $? -eq 0 ] then action "file put ok $!" /bin/true else action "file put ok $!" /bin/false fi done 运行脚本，并且输入需要复制的文件路径/etc/hosts[linuxea@NFS-server ~]$ sh hosts.sh /etc/hosts file put ok [ OK ] file put ok [ OK ] file put ok [ OK ] [linuxea@NFS-server ~]$ 如果不输入则提示：[linuxea@NFS-server ~]$ bash hosts.sh USAGE:hosts.sh {FILE NAME|DIR NAME} [linuxea@NFS-server ~]$ 优化二：修改上面的脚本进行远程传递参数：[linuxea@NFS-server ~]$ cat command.sh #!/bin/sh if [ $# -ne 1 ] then echo "USAGE:$0 COMMAND" exit 1 fi for n in 53 54 55 do ssh -p22 root@10.0.0.$n $1 done 运行并且输出需要传递的参数，用“/sbin/ifconfig eth1"[linuxea@NFS-server ~]$ sh command.sh "/sbin/ifconfig eth1" eth1 Link encap:Ethernet HWaddr 00:0C:29:6A:AB:0F inet addr:10.0.0.53 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe6a:ab0f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1069 errors:0 dropped:0 overruns:0 frame:0 TX packets:619 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:98330 (96.0 KiB) TX bytes:60915 (59.4 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:88:53:53 inet addr:10.0.0.54 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe88:5353/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1097 errors:0 dropped:0 overruns:0 frame:0 TX packets:652 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:104498 (102.0 KiB) TX bytes:64988 (63.4 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:CE:B5:7D inet addr:10.0.0.55 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fece:b57d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:730 errors:0 dropped:0 overruns:0 frame:0 TX packets:354 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:77161 (75.3 KiB) TX bytes:48873 (47.7 KiB) [linuxea@NFS-server ~]$ 查看版本号！[linuxea@NFS-server ~]$ sh command.sh "cat /etc/redhat-release" CentOS release 6.6 (Final) CentOS release 6.6 (Final) CentOS release 6.6 (Final) [linuxea@NFS-server ~]$ 关于错误的权限问题，1，/etc/下的内容大部分是没有写权限的，如果是root则可以，上面则是root权限在使用2, 把需要分发的文件cp到服务器家目录，然后sudo提权复制分发文件到对于的权限目录3, 将操作命令做成suid4， saltstack，puppet等！

linux下发送系统邮件的两种方式 ssh秘钥分发useradd linuxea[linuxea@NFS-server ~]$ useradd linuxea [linuxea@NFS-server ~]$ echo 123|passwd --stdin linuxea 实现本地登录远程免秘钥[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.55 实现本地用户让远程用户免密码登录！[linuxea@NFS-server ~]$ scp -p .ssh/id_dsa linuxea@10.0.0.53:~/.ssh [linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.52 发邮件[root@NFS-server ~]# /etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@NFS-server ~]# su - linuxea^C [root@NFS-server ~]# lsof -i :25 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME master 5223 root 12u IPv4 45229 0t0 TCP localhost:smtp (LISTEN) master 5223 root 13u IPv6 45231 0t0 TCP localhost:smtp (LISTEN) [root@NFS-server ~]# mail -s "linuxea title" 734943463@qq.com </etc/hosts [root@NFS-server ~]# mailq Mail queue is empty [root@NFS-server ~]# ![1.png][1] if [ -s "/var/log/backupSQLfile.log" ] then mail -s "$(date +%F-%T) backup" 734943463@qq.com <</var/log/backSQLfail.log >/var/log/backSQLfile.log fi163:[root@NFS-server ~]# vim /etc/mail.rc #######set mail set from=usertzc@163.com smtp=smtp.163.com set smtp-auth-user=usertzc smtp-auth-password=password smtp-auth=login [root@NFS-server ~]# mail -s linuxea 734943463@qq.com < /etc/rc.local

小环境中利用ssh的sudo提权分发文件用法 利用ssh的sudo提权分发1.在10.0.0.55上创建用户，添加密码，并且给用户sudo权限[root@NFS-BACKUP home]# useradd linuxea [root@NFS-BACKUP home]# echo 123|passwd --stdin linuxea [root@NFS-BACKUP home]# echo 'linuxea ALL=(ALL) NOPASSWD:/usr/bin/rsync'>>/e^C/sudoers [root@NFS-BACKUP home]# grep linuxea /etc/sudoers linuxea ALL=(ALL) NOPASSWD:/usr/bin/rsync [root@NFS-BACKUP home]# visudo -c /etc/sudoers: parsed OK [root@NFS-BACKUP home]# 2.在10.0.0.52上将秘钥传输过去[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.55 linuxea@10.0.0.55's password: Now try logging into the machine, with "ssh 'linuxea@10.0.0.55'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [linuxea@NFS-server ~]$ 3，在分发端，将文件复制到对方的linuxea家目录[linuxea@NFS-server ~]$ scp -P22 -r /etc/hosts linuxea@10.0.0.55:~ hosts 100% 182 0.2KB/s 00:00 在对端家目录使用sudo rsync 将文件复制到/etc/ [linuxea@NFS-server ~]$ ssh -t linuxea@10.0.0.55 sudo rsync hosts /etc/ Connection to 10.0.0.55 closed. [linuxea@NFS-server ~]$ ssh -t linuxea@10.0.0.55 'cat /etc/hosts' 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 Connection to 10.0.0.55 closed. [linuxea@NFS-server ~]$ 4，脚本实现：脚本的实现也需要在远端机器创建用户和visudo授权使用rsync命令1，编辑脚本[linuxea@NFS-server ~]$ cat sudolocal.sh #!/bin/sh . /etc/init.d/functions if [ $# -ne 2 ] then echo "USAGE:$0 Local->RemoteHost" exit 1 fi for n in 53 54 55 do echo ==========================10.0.0.$n====================== scp -P22 -r $1 linuxea@10.0.0.$n:~ &>/dev/null &&\ ssh -t linuxea@10.0.0.$n sudo rsync $1 $2 &>/dev/null if [ $? -eq 0 ] then action "Local->RemoteHost $!" /bin/true else action "Local->RemoteHost $!" /bin/false fi done [linuxea@NFS-server ~]$ 在root下复制到linuxea的家目录[root@NFS-server ~]# cp /etc/hosts /home/linuxea/切换价目路，把hosts文件发到远端的/etc/下[root@NFS-server ~]# su - linuxea [linuxea@NFS-server ~]$ bash sudolocal.sh hosts /etc ==========================10.0.0.53====================== Local->RemoteHost [ OK ] ==========================10.0.0.54====================== Local->RemoteHost [ OK ] ==========================10.0.0.55====================== Local->RemoteHost [ OK ] [linuxea@NFS-server ~]$ 查看[linuxea@NFS-server ~]$ bash command.sh "cat /etc/hosts" =========10.0.0.53==================== #test 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 =========10.0.0.54==================== #test 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 =========10.0.0.55==================== #test 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [linuxea@NFS-server ~]$ 其它方式：修改rsync权限，不安全chmod 4755 /usr/bin/rsyncscp -P22 -r hosts linuxea@10.0.0.8:~ssh -t linuxea@10.0.0.8 rsync ~/hosts /etc/

expect解决登录交互问题 expect语言，解决交互式输入密码的问题1，安装expectyum install expect -y 2,编写expect脚本[root@NFS-server tmp]# cat sshexpect.exp #!/usr/bin/expect if { $argc != 2 } { send_user "usage: expect EXPECT.exp file host\n" exit } #define var set file [lindex $argv 0] set host [lindex $argv 1] set password "123.com" spawn ssh-copy-id -i $file "-p 22 root@$host" expect { "yes/no" {send "yes\r";exp_continue} "*password" {send "$password\r"} } expect eof [root@NFS-server tmp]# 3，编写shell调用[root@NFS-server tmp]# cat 1.sh #！/bin/sh . /etc/init.d/functions for ip in 53 54 55 do expect sshexpect.exp ~/.ssh/id_dsa.pub 10.0.0.$ip &>/dev/null if [ $? -eq 0 ];then action "$ip" /bin/true else action "$ip" /bin/false fi done [root@NFS-server tmp]# 4, 测试，给10.0.0.53/55发id_dsa.pub[root@NFS-server tmp]# expect sshfile.exp ~/.ssh/id_dsa.pub 10.0.0.54 spawn ssh-copy-id -i /root/.ssh/id_dsa.pub -p 22 root@10.0.0.54 The authenticity of host '10.0.0.54 (10.0.0.54)' can't be established. RSA key fingerprint is b8:e2:26:b5:fb:b4:42:31:11:f8:15:45:71:0b:68:61. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.54' (RSA) to the list of known hosts. root@10.0.0.54's password: Now try logging into the machine, with "ssh '-p 22 root@10.0.0.54'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@NFS-server tmp]# ls 1.sh pulse-75mVmxEZuktI sshfile.exp VMwareDnD vmware-root [root@NFS-server tmp]# vim 1.sh [root@NFS-server tmp]# vim 1.sh [root@NFS-server tmp]# mv sshfile.exp sshexpect.exp [root@NFS-server tmp]# bash 1.sh 53 [ OK ] 54 [ OK ] 55 [ OK ] 5，登录测试[root@NFS-server tmp]# ssh 10.0.0.53 Last login: Sat Dec 26 09:17:40 2015 from 10.0.0.250 [root@NFS-WEB1 ~]# exit logout Connection to 10.0.0.53 closed. [root@NFS-server tmp]# ssh 10.0.0.54 Last login: Sat Dec 26 02:10:43 2015 from 10.0.0.52 [root@NFS-WEB2 ~]# exit logout Connection to 10.0.0.54 closed. [root@NFS-server tmp]# ssh 10.0.0.55 Last login: Sat Dec 26 02:12:57 2015 from 10.0.0.250 [root@NFS-BACKUP ~]# exit logout Connection to 10.0.0.55 closed. [root@NFS-server tmp]#