本文介绍如何使用 MCollective 的 shell 插件进行远程命令执行,包括插件安装、验证加载状态及执行具体命令等关键步骤,并强调了使用该插件的安全注意事项。
1、下载插件放在对应的目录里即可
mcollective-client端
|
1
|
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@linuxmaster1poc ~]# mco shell "cat /etc/passwd | grep puppet"
Do you really want to send this command unfiltered? (y/n): y
Discovering hosts using the mc method for 2 second(s) .... 3
Host: linux58pocStatuscode: 0
Output:puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
Host: linux64pocStatuscode: 0
Output:puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
Host: linux57pocStatuscode: 0
Output:puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
|
|
1
|
|
mcollective-server端
|
1
2
3
|
[root@linux57poc agent]# ll /usr/libexec/mcollective/mcollective/agent/ | grep shell-rw-r--r-- 1 root root 1017 Aug 6 06:36 shell.ddl
-rw-r--r-- 1 root root 862 Aug 6 06:36 shell.rb
|
备注:mcollective-server端部署完成之后,记得重启mcollective服务。
2、 查看shell插件是否加载成功
从下面可以看出mcollective-client端shell插件已经有了[root@linuxmaster1poc ~]# mco The Marionette Collective version 2.2.4
|
1
2
3
4
5
6
7
8
|
usage: /usr/bin/mco command <options>Known commands: completion facts find
help inventory ping
plugin puppet rpc
shell #shell插件加载OK
Type '/usr/bin/mco help' for a detailed list of commands and '/usr/bin/mco help command'
to get detailed help for a command
|
从下面可以看出mcollective-server端shell插件也加载了
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[root@linuxmaster1poc ~]# mco inventory linux57pocInventory for linux57poc:
Server Statistics:
Version: 2.2.4
Start Time: Fri Dec 13 01:14:14 +0800 2013
Config File: /etc/mcollective/server.cfg
Collectives: mcollective
Main Collective: mcollective
Process ID: 23898
Total Messages: 10
Messages Passed Filters: 10
Messages Filtered: 0
Expired Messages: 0
Replies Sent: 9
Total Processor Time: 0.73 seconds
System Time: 0.17 seconds
Agents:
discovery puppet rpcutil
shell #shell插件加载OK
Data Plugins:
agent fstat puppet
resource
Configuration Management Classes:
No classes applied
Facts:
architecture => x86_64
augeasversion => 0.10.0
bios_release_date => 06/22/2012
bios_vendor => Phoenix Technologies LTD
bios_version => 6.00
blockdevice_fd0_size => 4096
blockdevice_hdc_size => 3834736640
blockdevice_sda_model => Virtual disk
blockdevice_sda_size => 42949672960
。。。
|
3、通过shell插件执行shell命令
mco shell帮助信息
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@linuxmaster1poc ~]# mco shell --helpMCollective Distributed ShellUsage: mco shell <CMD> The CMD is a string
EXAMPLES:
mco shell uptime
--np, --no-progress Do not show the progress bar
-1, --one Send request to only one discovered nodes
--batch SIZE Do requests in batches
--batch-sleep SECONDS Sleep time between batches
--limit-seed NUMBER Seed value for deterministic random batching
--limit-nodes, --ln, --limit COUNT
Send request to only a subset of nodes, can be a percentage
-j, --json Produce JSON output
--display MODE Influence how results are displayed. One of ok, all or failed
-c, --config FILE Load configuratuion from file rather than default
-v, --verbose Be verbose
-h, --help Display this screen
Common Options -T, --target COLLECTIVE Target messages to a specific sub collective
--dt, --discovery-timeout SECONDS
Timeout for doing discovery
-t, --timeout SECONDS Timeout for calling remote agents
-q, --quiet Do not be verbose
--ttl TTL Set the message validity period
--reply-to TARGET Set a custom target for replies
--dm, --disc-method METHOD Which discovery method to use
--do, --disc-option OPTION Options to pass to the discovery method
--nodes FILE List of nodes to address
Host Filters -W, --with FILTER Combined classes and facts filter
-S, --select FILTER Compound filter combining facts and classes
-F, --wf, --with-fact fact=val Match hosts with a certain fact
-C, --wc, --with-class CLASS Match hosts with a certain config management class
-A, --wa, --with-agent AGENT Match hosts with a certain agent
-I, --wi, --with-identity IDENT Match hosts with a certain configured identity
The Marionette Collective 2.2.4
|
显示对端uptime命令负载情况
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@linuxmaster1poc ~]# mco shell "uptime"
Do you really want to send this command unfiltered? (y/n): y
Discovering hosts using the mc method for 2 second(s) .... 3
Host: linux58pocStatuscode: 0
Output: 02:45:02 up 21:10, 2 users, load average: 0.00, 0.00, 0.00
Host: linux64pocStatuscode: 0
Output: 02:45:02 up 20:59, 1 user, load average: 0.00, 0.00, 0.00
Host: linux57pocStatuscode: 0
Output: 02:45:02 up 21:04, 3 users, load average: 0.00, 0.00, 0.00
|
显示所有节点/etc/password文件中puppet用户哪一行
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@linuxmaster1poc ~]# mco shell "cat /etc/passwd | grep puppet"
Do you really want to send this command unfiltered? (y/n): y
Discovering hosts using the mc method for 2 second(s) .... 3
Host: linux58pocStatuscode: 0
Output:puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
Host: linux64pocStatuscode: 0
Output:puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
Host: linux57pocStatuscode: 0
Output:puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
|
修改其中一台主机的root密码
备注:更多操作步骤可参考mco shell --help帮助。
警告:基于mcollective的shell插件虽然功能很强大,除了动态显示的命令之外,其它root能操作的,它基本上都能操作。所以操作也非常危险,可根据生产环境实际情况而定。
本文转自凌激冰51CTO博客,原文链接:http://blog.51cto.com/dreamfire/1340121,如需转载请自行联系原作者
扫一扫
300
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
