shell脚本自动化部署

1.自动化配置dns服务器

#!/bin/bash

echo -e "\033[31m =====正在验证当前为仅主机还是NAT模式===== \033[0m"

ping -c1 -W1 www.baidu.com &> /dev/null

if [ $? -eq 0 ];then echo -e "\033[31m 检测当前为NAT模式，为您配置在线yum源 \033[0m"

mkdir -p /etc/yum.repos.d/repo.bak

mv -f /etc/yum.repos.d/* /etc/yum.repos.d/repo.bak &> /dev/null

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null

yum clean all &> /dev/null

yum list &> /dev/null

echo -e "\033[31m 在线源已配置完成 \033[0m"

else

echo -e "\033[31m 检测当前为仅主机模式，为您配置本地yum源 \033[0m"

mount /dev/sr0 /mnt &> /dev/null

cd /etc/yum.repos.d/

mkdir -p /etc/yum.repos.d/repo.bak

mv -f /etc/yum.repos.d/* /etc/yum.repos.d/repo.bak &> /dev/null

echo '[local]

name=local

baseurl=file:///mnt

enabled=1

gpgcheck=0' > /etc/yum.repos.d/local.repo

yum clean all &> /dev/null

yum makecache &> /dev/null

df -h | grep "/mnt"

if [ $? -ne 0 ];then

echo -e "\033[31m 检测当前为仅主机模式，但光盘未连接！ \033[0m"

else

echo -e "\033[31m 本地yum源已配置完成 \033[0m"

fi

fi

yum -y install bind &> /dev/null

#修改主配置文件 ：/etc/named.conf

sed -i 's/127.0.0.1;/any;/' /etc/named.conf

sed -i 's/localhost;/any;/' /etc/named.conf

for ((;;))

do

read -p "请输入你需要配置的域名（例www.abc.com）:" a

b=`echo $a | awk -F "." 'BEGIN{OFS="."}{$2=$2;print$2,$3}'`

c=`ip a | grep "ens33" | awk NR==2'{print}' | awk -F/ '{print$1}' | awk '{print$2}'`

#修改区域配置文件 ：/etc/named.rfc1912.zones

echo "zone \"$b\" IN {

        type master;

        file \"$b.zone\";

        allow-update { none; };

};" >> /etc/named.rfc1912.zones

#修改区域数据配置文件 ：/var/named/named.localhost

cd /var/named

cp -p named.localhost $b.zone

sed -i "2c @       IN SOA  $b. rname.invalid. (" /var/named/$b.zone

sed -i "8c NS  $b." /var/named/$b.zone && sed -i "8 s/^/\t/" /var/named/$b.zone

sed -i "9c   A  $c" /var/named/$b.zone && sed -i "9 s/^/\t/" /var/named/$b.zone

sed -i "10c www IN A $c" /var/named/$b.zone

#添加指定dns服务器

sed -i "2c nameserver $c" /etc/resolv.conf

read -p "是否需要继续添加（y/n）：" d

case $d in

y)

continue

;;

n)

#关闭系统防火墙和系统安全机制

systemctl stop firewalld

setenforce 0

#开启dns服务

systemctl restart named

break

;;

*)

echo "请正确输入"

systemctl stop firewalld

setenforce 0

systemctl restart named

break

esac

done

echo -e "\033[31m dns解析已配置完成  \033[0m "

echo -e "\033[31m 请输入host $a 验证  \033[0m "

2.自动化配置rsync服务

服务器配置

[root@backup scripts]# cat backup_server.sh

#!/bin/bash

export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

#rsyncd.conf file 配置rsync的服务端文件

cat >>/etc/rsyncd.conf<<EOF

#rsync_config______________begin

#creat by yuguotianqing  2018-01-15

##rsync.conf start##

uid =rsync #用户远端的命令使用 rsync 访问共享目录

gid =rsync #授权的用户组

use chroot =no #安全相关

max connections =200  #最大连接数

timeout =300 #超时时间

pid file =/var/run/rsyncd.pid#程序进程对应的进程号文件

lock file =/var/run/rsync.lock#锁文件

log file =/var/log/rsyncd.log#日志文件

[backup]#模块名

path =/backup/ #模块设定的路径（提供访问的目录）

ignore errors #忽略错误

read only =false #只读为假（可写）

list =false#不能列表

hosts allow =172.16.1.0/24 #允许连接的 ip 段

#host deny =0.0.0.0/32#拒绝连接的 ip 段

auth users =rsync_backup#授权连接的用户

secrets file =/etc/rsync.password#虚拟账号对应的密码文件

#rsync_config_____________end

EOF

#useradd rsync 创建虚拟用户和虚拟用户组

useradd rsync -s /sbin/nologin -M  &&\   #不需要用命令-s  不需要家目录-M

tail -1 /etc/passwd &&\   #查询是否创建

#daemon  启动daemon(进程)服务

rsync --daemon  &&\   #启动进程服务

ps -ef |grep rsync|grep -v grep &&\  #查询是否开启

lsof -i :873 &&\  #查看端口

#backup establish  创建backup目录

mkdir -p /backup &&\  

chown rsync.rsync /backup/ &&\ #backup目录需要对应配置文件的uid和gid的属主和属组主，如果不对应的话客户端无法把文件推送过来

ls -ld /backup  &&\  #查看目录的属主和属组主必须为 rsync

#rsync password file 创建虚拟账号的密码文件

echo "rsync_backup:oldboy" >/etc/rsync.password &&\ #对应rsync_backup账号：oldboy为密码

chmod 600 /etc/rsync.password &&\ #因为oldboy是可读的字节但是文件类型是其他用户是可读的，这样子就不安全，所以需要修改文件权限，如果不修改权限也无法推送文件。

ls -l /etc/rsync.password &&\ #查看权限

#local daemon

echo "/usr/bin/rsync --daemon" >>/etc/rc.local &&\ #加入开机自启动的配置文件里面去

tail -5 /etc/rc.local  #查看配置文件是否存在/usr/bin/rsync --daemon

客户端配置

[root@nfs scripts]# cat rsync_client.sh

#!/bin/bash

export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

#rsync password file

echo "oldboy" >/etc/rsync.password &&\  #在/etc/rsync.password留下密码就可以了密码为：oldboy

chmod 600 /etc/rsync.password &&\  #因为有密码考虑到安全问题所以权限也修改成600

ls -l /etc/rsync.password &&\

mkdir -p /backup  #创建一个backup目录

3.自动化配置FTP服务

#!/bin/sh

echo 1.创建ftp上传根目录

mkdir -p /opt/server/ftp/media

sleep 3

echo 2.vsftpd.conf配置文件修改

echo "export local_root=/opt/server/ftp/media" >> /etc/vsftpd/vsftpd.conf

echo "export anon_root=/opt/server/ftp/media" >> /etc/vsftpd/vsftpd.conf

echo "export chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf

echo "export allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf

#vsftpd.conf配置文件其它选项，按需添加注释中内容

# pam_service_name=vsftpd

# userlist_enable=YES

# tcp_wrappers=YES

# seccomp_sandbox=NO

# local_root=/opt/server/ftp/media

# anon_root=/opt/server/ftp/media

# chroot_local_user=YES

# allow_writeable_chroot=YES

# pasv_enable=NO

# 配置FTP服务器禁止匿名上传，修改配置文件，以及设置相关信息

# anonymous_enable=NO  #禁止匿名登录

# 尾部添加

# seccomp_sandbox=NO

sleep 3

echo 3.centos7.1系统文件目录解固

chattr -i  /etc/gshadow

chattr -i  /etc/group

chattr -i  /etc/passwd

chattr -i  /etc/shadow

sleep 3

echo 4.添加ftp用户组

groupadd ftp

useradd -G ftp -d /opt/server/ftp/media -M ftpuser

(echo 'ftpuser';sleep 2;echo "ftpuser")| passwd  ftpuser

sleep 3

echo 5.改变文件夹的属主和权限

chown -R ftpuser:ftpuser /opt/server/ftp/media

chown -R ftpuser:ftpuser /opt/server/ftp

sleep 3

echo 6.改变父文件夹权限

chmod 755 /opt/server

chmod -R 766 /opt/server/ftp

sleep 3

echo 7.改变目录权限

chmod -R 766 /opt/server/ftp/media

sleep 3

echo 8.启动ftp服务

service vsftpd start

service vsftpd status

chkconfig --list  ##默认开机启动列表查询

chkconfig --level 2345 vsftpd on ##设置默认开机启动

# 测试FTP服务器

# ftp://IP/  用户名：ftpuser 密码：ftpuser

sleep 3

# 8.测试文件上传

# curl -T box.log -u ftpuser:ftpuser ftp://10.10.10.10/

# curl -T localfile -u name:passwd ftp://upload_site:port/path/

exit 0

5.自动化配置frp的服务器端和客户端

 A主机：

 vim frp.sh

   #!/bin/bash

   # 1、确保本机中有软件包  frp_0.33.0_linux_amd64.tar.gz

   # 2、解压软件包 tar -zxvf frp_0.33.0_linux_amd64.tar.gz

   # 3、切换到解压后的目录中   cd frp_0.33.0_linux_amd64/

   # 4、修改配置文件   vim frps.ini   （全部追加）

   # dashboard_user=aaa

   # dashboard_pwd=aaa

   # dashboard_port=7500

   # 5、启动frp服务    ./frps -c frps.ini  

   tar -zxf frp_0.33.0_linux_amd64.tar.gz

   cd frp_0.33.0_linux_amd64/

   sed -i '$a dashboard_user=aaa' frps.ini

   sed -i '$a dashboard_pwd=aaa' frps.ini

   sed -i '$a dashboard_port=7500' frps.ini

   ./frps -c frps.ini

 sh frp.sh

 B主机：

 vim frpcs.sh

   #!/bin/bash

   # 测试机测试frp服务器

   # 1、解压软件包

   # 2、切换到目录中

   # 3、修改配置文件  vim frpc.ini

   # [common]

   # server_addr = 10.0.0.20

   # server_port = 7000

   # [lijiaqi]

   # type = tcp

   # local_ip = 127.0.0.1

   # local_port = 22

   # remote_port = 6064

   # 4、启动frp客户端服务 ./frpc -c frpc.ini

   tar -zxf frp_0.33.0_linux_amd64.tar.gz

   cd frp_0.33.0_linux_amd64

   sed -i '/server_addr/ s/127.0.0.1/10.0.0.10/' frpc.ini

   sed -i '/[ssh]/ s/ssh/baibai/' frpc.ini

   sed -i '/remote_port/ s/6000/6035/' frpc.ini

   ./frpc -c frpc.ini

 sh frpcs.sh

6.自动化配置samba共享

#!/bin/bash

if [ "$#" -ne 1 ]     ###判断参数个数是否唯一，不是则进行then的逻辑处理
then
  echo "运行脚本格式为：$0 /dir/"
exit 1
else
  if ! echo $1 |grep -q '^/.*'
  then
   echo "请提供一个绝对路径。"
   exit 0
  fi
fi

if ! rpm -q samba >/dev/null
then
  echo "将要安装samba"
  sleep 1
  yum -y install samba
  if [ $? -ne 0 ]
  then
   echo "samba 安装失败"
   exit 1
  fi
fi

dirconf="/etc/samba/smb.conf"
cat >> $dirconf << EOF
[global]
   workgroup = workgroup
   security = user
   map to guest = bad user
[share]
   comment= share all
   path = $1
   browseable = yes
   public = yes
writable = no
EOF

if [ ! -d $1 ]
then
  mkdir -p $1
fi

chmod 777 $1
chown nobody:nobody $1
echo "www.51xit.top" > $1/51xit.txt

systemctl start smb
if [ $? -ne 0 ]
then
  echo "samba服务启动失败，请检查配置文件是否正常"
else
  echo "samba服务启动正常"
fi

chmod +x /opt/samba.sh

#测试#
/opt/samba.sh /opt/samba/

7.自动化配置yum仓库初始化  包含阿里云和epel

#!/bin/bash

# 一键部署yum本地源、阿里源或同时兼备

# anthor:cheng

# 备份官方yum源

backup (){

    if ls /etc/yum.repos.d/ | grep repo.bak &> /dev/null

    then

        mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repo.bak/

    else

        mkdir /etc/yum.repos.d/repo.bak/

        mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repo.bak/

    fi

}

# 配置本地yum源

yumm(){

    echo -e "[local]\nname=local\nbaseurl=file:///mnt\nenable=1\ngpgcheck=0" > /etc/yum.repos.d/local.repo

}

# 配置阿里yum源

ali () {

echo -e "\033[35;5m 正在下载阿里yum源，请稍等............ \033[0m"

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null

}

# 对光盘进行挂载

cdmount(){

    # 如果光盘被挂载就解挂重新挂，没有就进行挂载

    if df -h | grep /dev/sr0 &> /dev/null

    then

        umount /dev/sr0

        mount /dev/cdrom /mnt &> /dev/null

echo -e '\033[36m 光盘已挂载至/mnt目录！\033[0m'

    else

        mount /dev/cdrom /mnt &> /dev/null

        if [ $? -ne 0 ]

        then

            echo "光盘不存在，检查是否加载镜像，状态是否已连接！"

            exit

        fi

    fi

}

# yum缓存清除并重新建立

clean (){

if yum clean all &> /dev/null

then

    if yum makecache &> /dev/null

    then

echo -e '\033[33m yum缓存已清除并重新建立！可以正常安装程序！\033[0m'

    else

        echo "yum缓存建立失败！"

    fi

else

    echo "yum缓存清除失败......"        

fi

}

choose(){

echo -e '\033[33m 输入对应的[数字]选择yum源！\033[0m'

        read -p "本地源[1]|阿里源[2]|同时配置[3]退出[任意] ：" rd

        case $rd in

        "1")

backup

yumm

cdmount

clean

    echo -e '\033[33m 本地源已配置完成！\033[0m'

        ;;

        "2")

backup

ali

clean

     echo -e '\033[33m 阿里官方源已配置完成！\033[0m'

        ;;

        "3")

backup

ali

if  (rpm -q yum-plugin-priorities.noarch) &> /dev/null

then

    continue

else

     yum install -y yum-plugin-priorities.noarch &> /dev/null

    if [ $? -eq 0 ];then

         continue

     else

         echo -e \"yum-plugin-priorities.noarch\"安装失败

exit

    fi

fi

yumm

echo -e "priority=3\n[epel]\nname=epel\nbaseurl=https://mirrors.aliyun.com/epel/7Server/x86_64/\nenabled=1\ngpgcheck=0\npriority=2" >> /etc/yum.repos.d/local.repo

cdmount

clean

  echo -e '\033[33m 本地源和阿里官方源已配置完成！（优先本地源）\033[0m'

        ;;

        *)

    echo -e '\033[33m 脚本已退出.....\033[0m'

        esac

}

echo -e '\033[33m -----------正常网络测试中--------------\033[0m'

if  ping -c 3  baidu.com &> /dev/null

then

    if ls /etc/yum.repos.d/ | grep CentOS-Base.repo &> /dev/null

    then

choose

    else

echo -e '\033[33m 网络正常，官方在线源不存在！\033[0m'

choose

    fi

else

    echo -e '\033[33m 网络异常....配置本地源！\033[0m'

    backup

    yumm

    cdmount

    clean

Fi

8.自动化配置nfs服务

#!/bin/bash

# 两部分，1.安装服务（判断是否安装服务) 2.配置文件/etc/exports

#设置全局变量

PATH=${PATH}:/root/

LANG=zh_CN.UTF-8

hong="\033[31m"

huang="\033[33m"

lv="\033[32m"

se="\033[0m"

#来个检查程序是否成功执行函数

check_ok(){

if [ $? != 0 ]

then

    echo -e ""$hong"程序出现错误,请检查日志"$se""

exit 1

fi

}

#安装服务函数

myyum(){

s=`rpm -qa |grep "^$1"|wc -l`

if [ "$s" == 0 ]

then

    yum install -y  $1

    check_ok

else

    echo -e " serveice  $1  already occure yuo can use "$huang"systemctl start $1 "$se""

fi

check_ok

}

#配置环境

myyum iptables-services                                  #是否需要下载iptables服务

iptables-save > /etc/sysconfig/iptables_`date +%F`      #备份原有防火墙规则

iptables -F                                             #清空防火墙规则

check_ok

#关闭selinux

sed 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config -i

s_num=`getenforce`

if [ "$s_num" == Enforcing ];

then

    setenforce 0

fi

check_ok

#安装服务

nfs_n=`rpm -qa |grep nfs-utils|wc -l`

if [ $nfs_n -gt 0 ]

then

    echo "nfs-utils与rpcbind服务已存在，不需要安装,你可以通过编辑 /etc/exports来添加客户端"

    echo "/etc/exports配置格式:dir  ip(rw,sync,no_root_squash,anonuid="uid",anongid="gid",)"

    systemctl restart nfs-utils

    systemctl restart nfs

    systemctl restart rpcbind

    check_ok

    exit

fi

check_ok

myyum nfs-utils

systemctl start nfs-utils

systemctl start nfs

myyum rpcbind

systemctl start rpcbind

check_ok

#配置文件

while :

do

read -p "请输入想要共享的目录(默认为你的家目录):" home

read -p "是否加入新的客户端IP或网络,添加完毕直接按 ENTER:" ip

if [ -z $home ]

then

    home="~/"

fi

check_ok

if [ -z $ip ]

then

    break

else

    uid=`cat /etc/passwd|grep nfsnobody|awk -F ":" {'print $3'}`

    gid=`cat /etc/passwd|grep nfsnobody|awk -F ":" {'print $4'}`

    echo " $home  $ip(rw,sync,no_root_squash,anonuid="$uid",anongid="$gid",)" >> /etc/exports

fi

done

check_ok

echo "NFS 服务安装完成，请在客户端安装nfs-utils 并使用showmount 192.168.127.10(服务端ip)来查看可以挂载的目录。 "

exit

9.自动化配置ntp服务

#! /bin/bash

#This part will receive target ipaddresses.

read -p "Please inpute external ip from controller node as below:(It shoud ends with \"/\", each IP should use \"/\" to distingusish ) " ExternalIPs

read -p "Please inpute management ip from compute node as below:(It should ends with \"/\",each IP should use \"/\" to distingusish) " ManagementIPs

read -p "Please inpute Rollor ip:" RollerIP

#This part will cut character string, and store in a array. Use this ip to connect target server. Then we can change NTP server ipaddress in ntp confige file and restart ntp server.

OLD_IFS="$IFS"

IFS="/"

external=($ExternalIPs)

management=($ManagementIPs)

IFS="$OLD_IFS"

#echo ${external[@]}

#echo ${management[@]}

for externalip in ${external[@]}

do

        ssh -Tq  root@$externalip << EOF

sed -i  's/server $RollerIP/server 192.158.58.1/'  /etc/ntp.conf

systemctl restart ntpd

hostname

sleep 2

ntpq -p

EOF

sleep 1

done

for managementip in ${management[@]}

do

        ssh -Tq root@$managementip  << EOF

sed -i  's/server $RollerIP/server ${external[0]}/'  /etc/ntp.conf

systemctl restart ntpd

hostname

sleep 1

ntpq -p

EOF

sleep 1

done