自动安装部署服务的脚本
1.自动化配置dns服务器
#!/bin/bash
echo -e "\033[31m =====正在验证当前为仅主机还是NAT模式===== \033[0m"
ping -c1 -W1 www.baidu.com &> /dev/null
if [ $? -eq 0 ];then echo -e "\033[31m 检测当前为NAT模式,为您配置在线yum源 \033[0m"
mkdir -p /etc/yum.repos.d/repo.bak
mv -f /etc/yum.repos.d/* /etc/yum.repos.d/repo.bak &> /dev/null
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null
yum clean all &> /dev/null
yum list &> /dev/null
echo -e "\033[31m 在线源已配置完成 \033[0m"
else
echo -e "\033[31m 检测当前为仅主机模式,为您配置本地yum源 \033[0m"
mount /dev/sr0 /mnt &> /dev/null
cd /etc/yum.repos.d/
mkdir -p /etc/yum.repos.d/repo.bak
mv -f /etc/yum.repos.d/* /etc/yum.repos.d/repo.bak &> /dev/null
echo '[local]
name=local
baseurl=file:///mnt
enabled=1
gpgcheck=0' > /etc/yum.repos.d/local.repo
yum clean all &> /dev/null
yum makecache &> /dev/null
df -h | grep "/mnt"
if [ $? -ne 0 ];then
echo -e "\033[31m 检测当前为仅主机模式,但光盘未连接! \033[0m"
else
echo -e "\033[31m 本地yum源已配置完成 \033[0m"
fi
fi
yum -y install bind &> /dev/null
#修改主配置文件 :/etc/named.conf
sed -i 's/127.0.0.1;/any;/' /etc/named.conf
sed -i 's/localhost;/any;/' /etc/named.conf
for ((;;))
do
read -p "请输入你需要配置的域名(例www.abc.com):" a
b=`echo $a | awk -F "." 'BEGIN{OFS="."}{$2=$2;print$2,$3}'`
c=`ip a | grep "ens33" | awk NR==2'{print}' | awk -F/ '{print$1}' | awk '{print$2}'`
#修改区域配置文件 :/etc/named.rfc1912.zones
echo "zone \"$b\" IN {
type master;
file \"$b.zone\";
allow-update { none; };
};" >> /etc/named.rfc1912.zones
#修改区域数据配置文件 :/var/named/named.localhost
cd /var/named
cp -p named.localhost $b.zone
sed -i "2c @ IN SOA $b. rname.invalid. (" /var/named/$b.zone
sed -i "8c NS $b." /var/named/$b.zone && sed -i "8 s/^/\t/" /var/named/$b.zone
sed -i "9c A $c" /var/named/$b.zone && sed -i "9 s/^/\t/" /var/named/$b.zone
sed -i "10c www IN A $c" /var/named/$b.zone
#添加指定dns服务器
sed -i "2c nameserver $c" /etc/resolv.conf
read -p "是否需要继续添加(y/n):" d
case $d in
y)
continue
;;
n)
#关闭系统防火墙和系统安全机制
systemctl stop firewalld
setenforce 0
#开启dns服务
systemctl restart named
break
;;
*)
echo "请正确输入"
systemctl stop firewalld
setenforce 0
systemctl restart named
break
esac
done
echo -e "\033[31m dns解析已配置完成 \033[0m "
echo -e "\033[31m 请输入host $a 验证 \033[0m "
- 自动化配置rsync服务
服务器配置
[root@backup scripts]# cat backup_server.sh
#!/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
#rsyncd.conf file 配置rsync的服务端文件
cat >>/etc/rsyncd.conf< #rsync_config______________begin #creat by yuguotianqing 2018-01-15 ##rsync.conf start## uid =rsync #用户远端的命令使用 rsync 访问共享目录 gid =rsync #授权的用户组 use chroot =no #安全相关 max connections =200 #最大连接数 timeout =300 #超时时间 pid file =/var/run/rsyncd.pid#程序进程对应的进程号文件 lock file =/var/run/rsync.lock#锁文件 log file =/var/log/rsyncd.log#日志文件 [backup]#模块名 path =/backup/ #模块设定的路径(提供访问的目录) ignore errors #忽略错误 read only =false #只读为假(可写) list =false#不能列表 hosts allow =172.16.1.0/24 #允许连接的 ip 段 #host deny =0.0.0.0/32#拒绝连接的 ip 段 auth users =rsync_backup#授权连接的用户 secrets file =/etc/rsync.password#虚拟账号对应的密码文件 #rsync_config_____________end EOF #useradd rsync 创建虚拟用户和虚拟用户组 useradd rsync -s /sbin/nologin -M &&\ #不需要用命令-s 不需要家目录-M tail -1 /etc/passwd &&\ #查询是否创建 #daemon 启动daemon(进程)服务 rsync --daemon &&\ #启动进程服务 ps -ef |grep rsync|grep -v grep &&\ #查询是否开启 lsof -i :873 &&\ #查看端口 #backup establish 创建backup目录 mkdir -p /backup &&\ chown rsync.rsync /backup/ &&\ #backup目录需要对应配置文件的uid和gid的属主和属组主,如果不对应的话客户端无法把文件推送过来 ls -ld /backup &&\ #查看目录的属主和属组主必须为 rsync #rsync password file 创建虚拟账号的密码文件 echo "rsync_backup:oldboy" >/etc/rsync.password &&\ #对应rsync_backup账号:oldboy为密码 chmod 600 /etc/rsync.password &&\ #因为oldboy是可读的字节但是文件类型是其他用户是可读的,这样子就不安全,所以需要修改文件权限,如果不修改权限也无法推送文件。 ls -l /etc/rsync.password &&\ #查看权限 #local daemon echo "/usr/bin/rsync --daemon" >>/etc/rc.local &&\ #加入开机自启动的配置文件里面去 tail -5 /etc/rc.local #查看配置文件是否存在/usr/bin/rsync --daemon 客户端配置 [root@nfs scripts]# cat rsync_client.sh #!/bin/bash export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin #rsync password file echo "oldboy" >/etc/rsync.password &&\ #在/etc/rsync.password留下密码就可以了密码为:oldboy chmod 600 /etc/rsync.password &&\ #因为有密码考虑到安全问题所以权限也修改成600 ls -l /etc/rsync.password &&\ mkdir -p /backup #创建一个backup目录 #!/bin/sh echo 1.创建ftp上传根目录 mkdir -p /opt/server/ftp/media sleep 3 echo 2.vsftpd.conf配置文件修改 echo "export local_root=/opt/server/ftp/media" >> /etc/vsftpd/vsftpd.conf echo "export anon_root=/opt/server/ftp/media" >> /etc/vsftpd/vsftpd.conf echo "export chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf echo "export allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf #vsftpd.conf配置文件其它选项,按需添加注释中内容 # pam_service_name=vsftpd # userlist_enable=YES # tcp_wrappers=YES # seccomp_sandbox=NO # local_root=/opt/server/ftp/media # anon_root=/opt/server/ftp/media # chroot_local_user=YES # allow_writeable_chroot=YES # pasv_enable=NO # 配置FTP服务器禁止匿名上传,修改配置文件,以及设置相关信息 # anonymous_enable=NO #禁止匿名登录 # 尾部添加 # seccomp_sandbox=NO sleep 3 echo 3.centos7.1系统文件目录解固 chattr -i /etc/gshadow chattr -i /etc/group chattr -i /etc/passwd chattr -i /etc/shadow sleep 3 echo 4.添加ftp用户组 groupadd ftp useradd -G ftp -d /opt/server/ftp/media -M ftpuser (echo 'ftpuser';sleep 2;echo "ftpuser")| passwd ftpuser sleep 3 echo 5.改变文件夹的属主和权限 chown -R ftpuser:ftpuser /opt/server/ftp/media chown -R ftpuser:ftpuser /opt/server/ftp sleep 3 echo 6.改变父文件夹权限 chmod 755 /opt/server chmod -R 766 /opt/server/ftp sleep 3 echo 7.改变目录权限 chmod -R 766 /opt/server/ftp/media sleep 3 echo 8.启动ftp服务 service vsftpd start service vsftpd status chkconfig --list ##默认开机启动列表查询 chkconfig --level 2345 vsftpd on ##设置默认开机启动 # 测试FTP服务器 # ftp://IP/ 用户名:ftpuser 密码:ftpuser sleep 3 # 8.测试文件上传 # curl -T box.log -u ftpuser:ftpuser ftp://10.10.10.10/ # curl -T localfile -u name:passwd ftp://upload_site:port/path/ exit 0 4.自动化配置frp的服务器端和客户端 A主机: vim frp.sh #!/bin/bash # 1、确保本机中有软件包 frp_0.33.0_linux_amd64.tar.gz # 2、解压软件包 tar -zxvf frp_0.33.0_linux_amd64.tar.gz # 3、切换到解压后的目录中 cd frp_0.33.0_linux_amd64/ # 4、修改配置文件 vim frps.ini (全部追加) # dashboard_user=aaa # dashboard_pwd=aaa # dashboard_port=7500 # 5、启动frp服务 ./frps -c frps.ini tar -zxf frp_0.33.0_linux_amd64.tar.gz cd frp_0.33.0_linux_amd64/ sed -i '$a dashboard_user=aaa' frps.ini sed -i '$a dashboard_pwd=aaa' frps.ini sed -i '$a dashboard_port=7500' frps.ini ./frps -c frps.ini sh frp.sh B主机: vim frpcs.sh #!/bin/bash # 测试机测试frp服务器 # 1、解压软件包 # 2、切换到目录中 # 3、修改配置文件 vim frpc.ini # [common] # server_addr = 10.0.0.20 # server_port = 7000 # [lijiaqi] # type = tcp # local_ip = 127.0.0.1 # local_port = 22 # remote_port = 6064 # 4、启动frp客户端服务 ./frpc -c frpc.ini tar -zxf frp_0.33.0_linux_amd64.tar.gz cd frp_0.33.0_linux_amd64 sed -i '/server_addr/ s/127.0.0.1/10.0.0.10/' frpc.ini sed -i '/[ssh]/ s/ssh/baibai/' frpc.ini sed -i '/remote_port/ s/6000/6035/' frpc.ini ./frpc -c frpc.ini sh frpcs.sh 5.自动化配置samba共享 #!/bin/bash if [ "$#" -ne 1 ] ###判断参数个数是否唯一,不是则进行then的逻辑处理 if ! rpm -q samba >/dev/null dirconf="/etc/samba/smb.conf" if [ ! -d $1 ] chmod 777 $1 systemctl start smb chmod +x /opt/samba.sh #测试# #!/bin/bash # 一键部署yum本地源、阿里源或同时兼备 # anthor:cheng # 2021年 06月 010日 星期三 13:15:26 CST # 备份官方yum源 backup (){ if ls /etc/yum.repos.d/ | grep repo.bak &> /dev/null then mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repo.bak/ else mkdir /etc/yum.repos.d/repo.bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repo.bak/ fi } # 配置本地yum源 yumm(){ echo -e "[local]\nname=local\nbaseurl=file:///mnt\nenable=1\ngpgcheck=0" > /etc/yum.repos.d/local.repo } # 配置阿里yum源 ali () { echo -e "\033[35;5m 正在下载阿里yum源,请稍等............ \033[0m" wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null } # 对光盘进行挂载 cdmount(){ # 如果光盘被挂载就解挂重新挂,没有就进行挂载 if df -h | grep /dev/sr0 &> /dev/null then umount /dev/sr0 mount /dev/cdrom /mnt &> /dev/null echo -e '\033[36m 光盘已挂载至/mnt目录!\033[0m' else mount /dev/cdrom /mnt &> /dev/null if [ $? -ne 0 ] then echo "光盘不存在,检查是否加载镜像,状态是否已连接!" exit fi fi } # yum缓存清除并重新建立 clean (){ if yum clean all &> /dev/null then if yum makecache &> /dev/null then echo -e '\033[33m yum缓存已清除并重新建立!可以正常安装程序!\033[0m' else echo "yum缓存建立失败!" fi else echo "yum缓存清除失败......" fi } choose(){ echo -e '\033[33m 输入对应的[数字]选择yum源!\033[0m' read -p "本地源[1]|阿里源[2]|同时配置[3]退出[任意] :" rd case $rd in "1") backup yumm cdmount clean echo -e '\033[33m 本地源已配置完成!\033[0m' ;; "2") backup ali clean echo -e '\033[33m 阿里官方源已配置完成!\033[0m' ;; "3") backup ali if (rpm -q yum-plugin-priorities.noarch) &> /dev/null then continue else yum install -y yum-plugin-priorities.noarch &> /dev/null if [ $? -eq 0 ];then continue else echo -e \"yum-plugin-priorities.noarch\"安装失败 exit fi fi yumm echo -e "priority=3\n[epel]\nname=epel\nbaseurl=https://mirrors.aliyun.com/epel/7Server/x86_64/\nenabled=1\ngpgcheck=0\npriority=2" >> /etc/yum.repos.d/local.repo cdmount clean echo -e '\033[33m 本地源和阿里官方源已配置完成!(优先本地源)\033[0m' ;; *) echo -e '\033[33m 脚本已退出.....\033[0m' esac } echo -e '\033[33m -----------正常网络测试中--------------\033[0m' if ping -c 3 baidu.com &> /dev/null then if ls /etc/yum.repos.d/ | grep CentOS-Base.repo &> /dev/null then choose else echo -e '\033[33m 网络正常,官方在线源不存在!\033[0m' choose fi else echo -e '\033[33m 网络异常....配置本地源!\033[0m' backup yumm cdmount clean Fi #!/bin/bash #作者:张小白 #联系方式:2367127577@qq.com #日期:2021年11月4日 #版本:NFS服务一键搭建脚本 # 两部分,1.安装服务(判断是否安装服务) 2.配置文件/etc/exports #设置全局变量 PATH=${PATH}:/root/ LANG=zh_CN.UTF-8 hong="\033[31m" huang="\033[33m" lv="\033[32m" se="\033[0m" #来个检查程序是否成功执行函数 check_ok(){ if [ $? != 0 ] then echo -e ""$hong"程序出现错误,请检查日志"$se"" exit 1 fi } #安装服务函数 myyum(){ s=`rpm -qa |grep "^$1"|wc -l` if [ "$s" == 0 ] then yum install -y $1 check_ok else echo -e " serveice $1 already occure yuo can use "$huang"systemctl start $1 "$se"" fi check_ok } #配置环境 myyum iptables-services #是否需要下载iptables服务 iptables-save > /etc/sysconfig/iptables_`date +%F` #备份原有防火墙规则 iptables -F #清空防火墙规则 check_ok #关闭selinux sed 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config -i s_num=`getenforce` if [ "$s_num" == Enforcing ]; then setenforce 0 fi check_ok #安装服务 nfs_n=`rpm -qa |grep nfs-utils|wc -l` if [ $nfs_n -gt 0 ] then echo "nfs-utils与rpcbind服务已存在,不需要安装,你可以通过编辑 /etc/exports来添加客户端" echo "/etc/exports配置格式:dir ip(rw,sync,no_root_squash,anonuid="uid",anongid="gid",)" systemctl restart nfs-utils systemctl restart nfs systemctl restart rpcbind check_ok exit fi check_ok myyum nfs-utils systemctl start nfs-utils systemctl start nfs myyum rpcbind systemctl start rpcbind check_ok #配置文件 while : do read -p "请输入想要共享的目录(默认为你的家目录):" home read -p "是否加入新的客户端IP或网络,添加完毕直接按 ENTER:" ip if [ -z $home ] then home="~/" fi check_ok if [ -z $ip ] then break else uid=`cat /etc/passwd|grep nfsnobody|awk -F ":" {'print $3'}` gid=`cat /etc/passwd|grep nfsnobody|awk -F ":" {'print $4'}` echo " $home $ip(rw,sync,no_root_squash,anonuid="$uid",anongid="$gid",)" >> /etc/exports fi done check_ok echo "NFS 服务安装完成,请在客户端安装nfs-utils 并使用showmount 192.168.127.10(服务端ip)来查看可以挂载的目录。 " exit #! /bin/bash #This part will receive target ipaddresses. read -p "Please inpute external ip from controller node as below:(It shoud ends with \"/\", each IP should use \"/\" to distingusish ) " ExternalIPs read -p "Please inpute management ip from compute node as below:(It should ends with \"/\",each IP should use \"/\" to distingusish) " ManagementIPs read -p "Please inpute Rollor ip:" RollerIP #This part will cut character string, and store in a array. Use this ip to connect target server. Then we can change NTP server ipaddress in ntp confige file and restart ntp server. OLD_IFS="$IFS" IFS="/" external=($ExternalIPs) management=($ManagementIPs) IFS="$OLD_IFS" #echo ${external[@]} #echo ${management[@]} for externalip in ${external[@]} do ssh -Tq root@$externalip << EOF sed -i 's/server $RollerIP/server 192.158.58.1/' /etc/ntp.conf systemctl restart ntpd hostname sleep 2 ntpq -p EOF sleep 1 done for managementip in ${management[@]} do ssh -Tq root@$managementip << EOF sed -i 's/server $RollerIP/server ${external[0]}/' /etc/ntp.conf systemctl restart ntpd hostname sleep 1 ntpq -p EOF sleep 1 done
then
echo "运行脚本格式为:$0 /dir/"
exit 1
else
if ! echo $1 |grep -q '^/.*'
then
echo "请提供一个绝对路径。"
exit 0
fi
fi
then
echo "将要安装samba"
sleep 1
yum -y install samba
if [ $? -ne 0 ]
then
echo "samba 安装失败"
exit 1
fi
fi
cat >> $dirconf << EOF
[global]
workgroup = workgroup
security = user
map to guest = bad user
[share]
comment= share all
path = $1
browseable = yes
public = yes
writable = no
EOF
then
mkdir -p $1
fi
chown nobody:nobody $1
echo "www.51xit.top" > $1/51xit.txt
if [ $? -ne 0 ]
then
echo "samba服务启动失败,请检查配置文件是否正常"
else
echo "samba服务启动正常"
fi
/opt/samba.sh /opt/samba/