linux自动化部署脚本教程,linux自动化脚本
linux自动化部署脚本教程,linux自动化脚本
1、自动化部署脚本如下:
init.sh脚本
#获取当前脚本所在的目录并赋值给变量bin,/opt/xxx/xxx bin=`dirname "${BASH_SOURCE-$0}"` bin=`cd "$bin"; pwd` PORT=3222 STEP=1 ENDSTEP=9 SSH='/usr/bin/ssh' #SSHID=`netstat -ntlp | grep sshd | grep -w "tcp" | awk '{print $4}' | cut -d: -f2` SSH_KEYGEN='/usr/bin/ssh-keygen' SSH_COPY_ID='/usr/bin/ssh-copy-id' SCP='/usr/bin/scp' function print_usage(){ echo -e "Usage: ./first.sh [-step stepNUM] [-endstep endstepnum] [-port sshPort] COMMAND" } #整个脚本执行的顺序,从哪传的参数,什么时候执行这个代码的。相当于重新获取 port值,step值和endstep值 ((NUM=$#%2)) if [ $NUM != 0 ];then print_usage exit fi # ./frist.sh -step 2 -endstep 6 -port until [ $# -eq 0 ] do case $1 in -port) PORT=$2 ;; -step) STEP=$2 ;; -endstep) ENDSTEP=$2 ;; *) print_usage exit ;; esac shift 2 done #####################public function############################ #1 步骤输出 紫色 #2 正确输出 绿色 #3 错误输出 红色 #4 提示输出 蓝色 #5 警告输出 黄色 function echo_fun(){ if [ $# -ge 2 ];then params_num=$1 shift 1 params_mes=$@ else echo_fun 3 请至少输入两个参数 echo_fun ... exit fi case $params_num in 1) echo -e "\033[35;40;1m ***************************** ${params_mes} *****************************\033[0m\r\n" ;; 2) echo -e "\033[32;40;1m ${params_mes}\033[0m\r\n" ;; 3) echo -e "\033[31;40;1m ${params_mes}\033[0m\r\n" ;; 4) echo -e "\033[36;40;1m ${params_mes}\033[0m\r\n" ;; 5) echo -e "\033[33;40;1m ${params_mes} \033[0m\r\n" ;; *) echo_fun 3 参数异常第一个参数应为1,2,3,4,5 ;; esac } # 公共函数 遍历hosts function list_hosts(){ OLD_IS="$IFS" IFS=" " while read LINE do arr=($LINE) HOSTNAME=${arr[0]} USERNAME=${arr[1]} PASSWD=${arr[2]} $1 $USERNAME $HOSTNAME $PASSWD RES=$? if [ $RES != "0" ];then return "$RES" break fi done < $bin/hosts } #获取秘钥 ### function ssh_keygen(){ res=`ssh_keygen_fun $1 $2 $3` #$1,$2,$3分别为 $USERNAME $HOSTNAME $PASSWD RESULT=$? MESSAGE="keygen-->$1@$2" show_result $RESULT $MESSAGE # 公共函数 数据结果 } #获取秘钥的实际操作步骤 ### function ssh_keygen_fun(){ expect -c" spawn $SSH -p$PORT $1@$2 $SSH_KEYGEN set timeout 30 expect { \"*Permission denied, please try again*\" {puts \"fail\";exit 9 } \"*Connection refused*\" {puts \"fail\";exit 7 } \"*continue connecting (yes/no)*\" {send \"yes\r\";exp_continue} \"*password*\" {send \"$3\r\";exp_continue} \"Enter file in which to save the key*\" {send \"\r\";exp_continue} \"Enter passphrase*\" {send \"\r\";exp_continue} \"Enter same passphrase again*\" {send \"\r\";puts \"success\";exit 1} \"Overwrite (y/n)*\" {send \"n\r\";puts \"success\";exit 2} \"*No route to host*\" {puts \"fail\";exit 8} \"*Connection timed out*\" {puts \"fail\";exit 6} } " } # 公共函数 数据结果 ### #下面的数字是根据上面的函数执行后的结果所返回的 # 9 --> 密码错误 # 8 --> ip/hostname 错误 # 7 --> passwd # 6 --> Connection timed out # 2 --> 已经做过的ssh-keygen 不在做了 # 1 --> 新做的ssh-keygen function show_result(){ if [ $# -ge 2 ];then params_num=$1 shift 1 params_mes=$@ else echo_fun 3 请至少输入两个参数 show_result .. exit fi case $params_num in 0) echo_fun 2 "${params_mes[*]} [ success ]" ;; 1) echo_fun 2 "${params_mes[*]} [ success ]" ;; 2) echo_fun 2 "${params_mes[*]} [ success ]" ;; 6) echo_fun 3 "${params_mes[*]} [ failed ] : Connection timed out" return 6 ;; 7) echo_fun 3 "${params_mes[*]} [ failed ] : Connection refused(ssh 端口是否正确)" return 7 ;; 8) echo_fun 3 "${params_mes[*]} [ failed ] : No route to host(ip地址是否正确)" return 8 ;; 9) echo_fun 3 "${params_mes[*]} [ failed ] : Permission denied(密码错误)" return 9 ;; *) echo_fun 3 "${params_mes[*]} [ failed ] : 未知的错误" return 9 ;; esac } #################第一步 读取hosts文本内容,对每台机器生成秘钥对######################### function step_fun_1(){ echo_fun 1 第一步,生成秘钥对 if [ "`rpm -qa |grep expect`" = "" ];then echo_fun 4 下载expect... yum install expect -y >/dev/null 2>&1 if [ `echo $?` != 0 ];then echo_fun 5 expect下载失败请检查yum源 exit fi fi list_hosts ssh_keygen # 公共函数 遍历hosts RES=$? if [ $RES != 0 ];then echo -e "\033[33;40;1m>>Please check '${bin}/hosts' file<< Retry(yes/no)?\033[0m" read name if [ $name = "no" ];then echo_fun 5 "当前执行第 1 步,如果继续执行请输入 ./frist.sh -step 1 -port portnum " exit elif [ $name = "yes" ];then step_fun_1 else step_fun_1 fi fi echo -e "\r\n" } #-----------------------------------第二步 配置单项免密---------------------------- function step_fun_2(){ echo_fun 1 第二步,配置免密 echo_fun 4 "当前机器`hostname`" ssh_copyid_fun } ###########循环遍历 做单项免密############### function ssh_copyid_fun(){ OLD_IS="$IFS" IFS=" " while read LINE do arr=($LINE) HOSTNAME=${arr[0]} USERNAME=${arr[1]} PASSWD=${arr[2]} # 免秘钥 ~/.ssh/id_rsa.pub abc=`expect -c " spawn $SSH_COPY_ID -p $PORT $USERNAME@$HOSTNAME expect { \"*continue connecting (yes/no)*\" {send \"yes\r\";exp_continue} \"*Permission denied*\" {puts \"fail\";exit 9 } \"*password*\" {send \"$PASSWD\r\";exp_continue} \"*No route to host*\" {puts \"fail\r\";exit 8} \"*Connection timed out*\" {puts \"fail\r\";exit 6} } "` RESULT=$? MESSAGE="免密-->$USERNAME@$HOSTNAME" show_result $RESULT $MESSAGE if [ $RESULT -ne 0 ];then echo_fun 5 "当前执行第 2 步,如果继续执行请输入 ./frist.sh -step 2 -port portnum " exit fi done < $bin/hosts } #opt目录 ENV_PARENT_PATH="/opt" TAR_JDK_PATH="" #后期的值为jdk包的全路径以及包的名字/opt/software/jdk1.7.0_67.tar.gz TAR_PYTHON_PATH="" MYSQL_JDBC_DRIVER="" #后期的值为mysqljar包的全路径以及包的名字 #TAG_MYSQL_JDBC_DRIVER="/usr/share/java/$mysql_jdbc_name" TAG_MYSQL_JDBC_DRIVER="" PARENT_PACAKGE="/opt/software" LN_MYSQL_JDBC_DRIVER=/usr/share/java/mysql-connector-java.jar function is_opt_exsit(){ $SSH -n -p $PORT $1@$2 "if [ ! -d ${ENV_PARENT_PATH} ];then exit 2; fi" } function is_opt_java(){ $SSH -n -p $PORT $1@$2 "if [ -d ${ENV_PARENT_PATH}/java ] ;then exit 2; fi" } function is_opt_python(){ $SSH -n -p $PORT $1@$2 "if [ -d ${ENV_PARENT_PATH}/python ];then exit 2; fi" } function distri_jdk_fun(){ #TAR_JDK_PATH java的安装包 $SCP -P $PORT $TAR_JDK_PATH $1@$2:${ENV_PARENT_PATH} } function distri_py_fun(){ $SCP -P $PORT $TAR_PYTHON_PATH $1@$2:${ENV_PARENT_PATH} } function distri_mysql_jdbc(){ $SSH -n -p $PORT $1@$2 "mkdir -p /usr/share/java" $SCP -P $PORT $MYSQL_JDBC_DRIVER $1@$2:/usr/share/java/ $SSH -n -p $PORT $1@$2 "if [ -f $LN_MYSQL_JDBC_DRIVER ];then rm -r $LN_MYSQL_JDBC_DRIVER; fi" $SSH -n -p $PORT $1@$2 "ln -s $TAG_MYSQL_JDBC_DRIVER $LN_MYSQL_JDBC_DRIVER" } function get_params_value() { if [ $# -ne 1 ];then echo_fun 3 参数输入有误 get_params_value fi k=$1 value=`awk -F= -v key=${k} '{if ($1 == key ) print $2}' $bin/params` echo $value } #将jdk的包分发到其他机器上 function distri_jdk_fun(){ #TAR_JDK_PATH java的安装包的路径加包名 $SCP -P $PORT $TAR_JDK_PATH $1@$2:${ENV_PARENT_PATH} } function loop_hosts(){ i=1 l=$(wc -l $bin/hosts| sed 's/^[ \t]*//g' | cut -d ' ' -f1) CMD=$1 MESSAGE_3=$2 STEP_3=$3 OLD_IS="$IFS" IFS=" " while read LINE do arr=($LINE) HOSTNAME=${arr[0]} USERNAME=${arr[1]} PASSWD=${arr[2]} $CMD $USERNAME $HOSTNAME $PASSWD RES=$? if [ $RES != "0" ];then echo -e "\r\n\033[31;40;1mERROR: $HOSTNAME $MESSAGE_3 \033[0m \r\n" echo -e "\033[33;40;1m 当前执行第 $STEP_3 步,如果继续执行请输入 ./frist.sh -step $STEP_3 -port portnum \033[0m\r\n" exit fi if [ "`rpm -qa |grep "^bc"`" = "" ];then echo_fun 4 下载bc... yum install bc -y >/dev/null 2>&1 if [ `echo $?` != 0 ];then echo_fun 5 bc下载失败请检查yum源 exit fi fi echo -en "\b\b\b\b" `echo $i*100/$l | bc `'%' done < $bin/hosts echo -en '\033[32;40;1m\b\b\b\bOK\033[0m \r\n' } function step_fun_3(){ echo_fun 1 第三步,分发jdk python echo_fun 5 默认情况下是安装python 如果想不装python 请将./tool/params文件的'TAR_PYTHON_NAME'值清空! echo_fun 4 是否继续[yes/no]: read value case $value in yes) echo -e "\n" echo -e "\033[42;33m 接着执行 \033[0m\n" ;; no) echo_fun 5 当前执行第 3 步,如果继续执行请输入 ./frist.sh -step 3 -port portnum exit ;; *) step_fun_3 ;; esac #获取jdk包的名字 TAR_JDK_NAME参数k=v 这里相当于k ,params中的TAR_JDK_NAME=jdk1.7.0_67.tar.gz的key #tar_jdk_name的值为jdk1.7.0_67.tar.gz tar_jdk_name=`get_params_value TAR_JDK_NAME` #获取python包的名字 tar_python_name=`get_params_value TAR_PYTHON_NAME` #获取mysql的数据库连接jar包名字 mysql_jdbc_name=`get_params_value MYSQL_JDBC_DRIVER` # 检测是否存在 /opt 目录 CHECK_OPT_MESSAGE="经检查该机器上不存在${ENV_PARENT_PATH}目录" echo_fun 4 "检查是否存在${ENV_PARENT_PATH}目录....." loop_hosts is_opt_exsit $CHECK_OPT_MESSAGE "3" echo_fun 2 "检查是否存在${ENV_PARENT_PATH}目录完毕!" if [ "$tar_jdk_name" = "" ];then echo_fun 5 ./tool/params文件中TAR_JDK_NAME值为空,再安装jdk else #检测 /opt/java 目录是否存在 echo_fun 4 "检查是否存在${ENV_PARENT_PATH}/java" CHECK_JAVA_HOME="的机器上已存在${ENV_PARENT_PATH}/java目录,请检查手动清理一下!" loop_hosts is_opt_java $CHECK_JAVA_HOME 3 TAR_JDK_PATH="${PARENT_PACAKGE}/${tar_jdk_name}" if [ -f $TAR_JDK_PATH ];then echo_fun 4 分发JDK loop_hosts distri_jdk_fun else echo_fun 3 $TAR_JDK_PATH 文件不存在 请检查文件的完整性 echo_fun 5 当前执行第 3 步,如果继续执行请输入 ./frist.sh -step 3 -port portnum exit 9 fi fi if [ "$tar_python_name" = "" ];then echo_fun 5 ./tool/params文件中TAR_PYTHON_NAME值为空 不在安装python else TAR_PYTHON_PATH=$PARENT_PACAKGE/$tar_python_name #检测 /opt/python 目录是否存在 echo_fun 4 "检查是否存在${ENV_PARENT_PATH}/python" CHECK_PYTHON_HOME="的机器上已存在${ENV_PARENT_PATH}/python目录,请检查手动清理一下一下!" loop_hosts is_opt_python $CHECK_PYTHON_HOME 3 if [ ! -f $TAR_PYTHON_PATH ];then echo_fun 3 $TAR_PYTHON_PATH 文件不存在 请检查包的完整性 echo_fun 5 当前执行第 3 步,如果继续执行请输入 ./frist.sh -step 3 -port portnum exit 9 fi fi if [ "$tar_python_name" != "" ];then echo_fun 4 分发python loop_hosts distri_py_fun fi if [ "$mysql_jdbc_name" = "" ];then echo_fun 5 ./tool/params文件中MYSQL_JDBC_DRIVER值为空 不在分发mysql驱动 else MYSQL_JDBC_DRIVER=$PARENT_PACAKGE/$mysql_jdbc_name TAG_MYSQL_JDBC_DRIVER="/usr/share/java/$mysql_jdbc_name" if [ -f $MYSQL_JDBC_DRIVER ];then echo_fun 4 分发jdbc的驱动 loop_hosts distri_mysql_jdbc else echo 3 $MYSQL_JDBC_DRIVER 文件不存在 exit fi fi } #---------------------------------------第四步 安装jdk、python------------------------------------------------- #检查 是否存在/jdk python 安装包。 function is_exist_java(){ ssh -n -p $PORT $1@$2 "if [ ! -f $TAG_JDK_PATH ];then exit 2; fi" } function is_exist_python(){ ssh -n -p $PORT $1@$2 "if [ ! -f $TAG_PYTHON_PATH ];then exit 2; fi" } function is_exist_path_java(){ ssh -n -p $PORT $1@$2 "if [ -d ${DECOM_JDK_PATH} ] ;then exit 2; fi" } function is_exist_path_python(){ ssh -n -p $PORT $1@$2 "if [ -d ${DECOM_PYTHON_PATH} ];then exit 2; fi" } function decom_jdk(){ ssh -n -p $PORT $1@$2 "tar -zxvf $TAG_JDK_PATH -C ${ENV_PARENT_PATH} >/dev/null 2>&1; ln -s ${DECOM_JDK_PATH} ${ENV_PARENT_PATH}/java >/dev/null 2>&1; " } function decom_python(){ ssh -n -p $PORT $1@$2 " tar -xvf $TAG_PYTHON_PATH -C ${ENV_PARENT_PATH} >/dev/null 2>&1; ln -s ${DECOM_PYTHON_PATH} ${ENV_PARENT_PATH}/python >/dev/null 2>&1; " } TAG_JDK_PATH="" # /opt/jdk1.7.0_67.tar.gz包 TAG_PYTHON_PATH="" DECOM_JDK_PATH="" DECOM_PYTHON_PATH="" #"################################安装jdk,python######################################" function step_fun_4(){ echo_fun 1 第四步,解压jdk python tar_jdk_name=`get_params_value TAR_JDK_NAME` tar_python_name=`get_params_value TAR_PYTHON_NAME` if [ "$tar_jdk_name" != "" ];then TAR_JDK_PATH="${PARENT_PACAKGE}/${tar_jdk_name}" # /opt/jdk1.7.0_67.tar.gz包 TAG_JDK_PATH="${ENV_PARENT_PATH}/${tar_jdk_name}" #检查各个机器上jdk的安装包是否存在 echo_fun 4 "检查jdk安装包是否存在" CHECK_JAVA_MESSAGE="的机器上不存在${TAG_JDK_PATH}请检查一下" loop_hosts is_exist_java $CHECK_JAVA_MESSAGE 4 echo_fun 2 "jdk检查完毕" after_jdk_decom_path=`tar -tvf $TAG_JDK_PATH |head -n 1 |awk -F ' ' '{print $6}' |awk -F '/' '{print $1}'` if [ "$after_jdk_decom_path" = "" ];then echo_fun 3 after_decom_path is null at $LINENO line exit fi DECOM_JDK_PATH="${ENV_PARENT_PATH}/${after_jdk_decom_path}" #"检查是否存在已经解压好的 jdk python的目录" CHECK_JAVA_PATH_MESSAGE="的机器上已存在${DECOM_JDK_PATH}请检查一下" loop_hosts is_exist_path_java ${CHECK_JAVA_PATH_MESSAGE} 4 fi if [ "$tar_python_name" != "" ];then TAR_PYTHON_PATH="${PARENT_PACAKGE}/${tar_python_name}" TAG_PYTHON_PATH="${ENV_PARENT_PATH}/${tar_python_name}" echo_fun 4 "检查python 安装包是否存在!" #检查各个机器上python的安装包是否存在 CHECK_PYTHON_MESSAGE="的机器上不存存在${TAG_PYTHON_PATH}请检查一下" loop_hosts is_exist_python ${CHECK_PYTHON_MESSAGE} 4 echo_fun 2 "python 检查完毕" after_python_decom_path=`tar -tvf ${TAG_PYTHON_PATH} |head -n 1 |awk -F ' ' '{print $6}' |awk -F '/' '{print $1}'` if [ "$after_python_decom_path" = "" ];then echo_fun 3 after_python_decom_path is null at $LINENO line exit fi DECOM_PYTHON_PATH="${ENV_PARENT_PATH}/${after_python_decom_path}" #"检查是否存在已经解压好的 jdk python的目录" CHECK_PYTHON_PATH_MESSAGE="的机器上已存在${DECOM_PYTHON_PATH}请检查一下" loop_hosts is_exist_path_python ${CHECK_PYTHON_PATH_MESSAGE} 4 fi if [ "$tar_jdk_name" != "" ];then echo_fun 4 "开始解压jdk包此过程比较缓慢请耐心等待" loop_hosts decom_jdk "的机器上jdk解压失败" 4 fi if [ "$tar_python_name" != "" ];then echo_fun 4 "开始解压python包此过程比较缓慢请耐心等待" loop_hosts decom_python "的机器上python解压失败" 4 fi } #-------------------------------第五步、生成环境变量-------------------------------------------------- function gen_pro_env_fun(){ > /etc/profile.d/bfd_env.sh >/dev/null if [ -d ${ENV_PARENT_PATH}/python ];then cat << EOF >> /etc/profile.d/bfd_env.sh export JAVA_HOME=${ENV_PARENT_PATH}/java export PATH=\$JAVA_HOME/bin:\$PATH export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export PYTHON_HOME=${ENV_PARENT_PATH}/python export PATH=\$PYTHON_HOME/bin:\$PATH EOF else cat << EOF >> /etc/profile.d/bfd_env.sh export JAVA_HOME=${ENV_PARENT_PATH}/java export PATH=\$JAVA_HOME/bin:\$PATH export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar EOF fi } function gen_ld_env_fun(){ ssh -n -p $PORT $1@$2 " /bin/cat << EOF >> /etc/ld.so.conf ${ENV_PARENT_PATH}/python/lib EOF " } function scp_pro_env_fun(){ scp -P $PORT /etc/profile.d/bfd_env.sh $1@$2:/etc/profile.d/ } function exe_env_fun(){ #ssh -n -p $PORT $1@$2 "/sbin/ldconfig;/bin/sh /etc/profile" ssh -n -p $PORT $1@$2 "/sbin/ldconfig;source /etc/profile.d/bfd_env.sh" } function step_fun_5(){ echo_fun 1 第五步,生成环境变量 echo "开始生成环境变量..." gen_pro_env_fun loop_hosts scp_pro_env_fun tar_python_name=`get_params_value TAR_PYTHON_NAME` if [ "$tar_python_name" != "" ];then loop_hosts gen_ld_env_fun loop_hosts exe_env_fun fi } #--------------------------第六步,检查openssl的版本号---------------------- function check_openssl_fun(){ ssh -n -p $PORT $1@$2 "if [ `rpm -qa |grep openssl-1 |awk -F '-' '{print $3}' |awk -F '.' '{print $1}'` -lt 15 ];then exit 3;fi" } if [ "`rpm -qa |grep "^redhat-lsb"`" = "" ];then echo_fun 4 下载redhat-lsb... yum install redhat-lsb -y >/dev/null 2>&1 if [ `echo $?` != 0 ];then echo_fun 5 redhat-lsb下载失请检查yum源 exit fi fi function get_centos_verison(){ cen_version=`lsb_release -a |awk -F ' ' '{print $2}' |head -n 4 |tail -n 1 |awk -F '.' '{print $1}'` echo $cen_version } function step_fun_6(){ echo_fun 1 "第六步,检查openssl的版本" echo_fun 4 检查openssl版本号 centos_version=`get_centos_verison` case $centos_version in 6) CHECK_OPENSSL_MESSAGE="该机器上的openssl小于15版本" loop_hosts check_openssl_fun $CHECK_OPENSSL_MESSAGE 6 echo_fun 2 openssl检查成功 ;; 7) echo_fun 5 "centos7 跳过该步" ;; *) echo_fun 3 操作系统版本获取失败 exit ;; esac } #------------------------------第七步,配置ect/hosts------------------------------ function dishosts(){ scp -P $PORT $bin/srchosts $1@$2:/etc/hosts } function step_fun_7(){ echo_fun 1 第七步 配置/etc/hosts的文件 echo_fun 4 开始生成hosts文件 sh $bin/genAllHostname.sh $PORT echo_fun 2 hosts文件生成成功 echo_fun 4 开始分发hosts的文件 if [ ! -f $bin/srchosts ];then echo_fun 5 $bin/srchosts文件不存在 $LI echo -e "\033[33;40;1m 当前执行第 7 步,如果继续执行请输入 ./frist.sh -step 7 -port portnum \033[0m\r\n" exit 9 fi ERROR_MESSAGE="hosts文件分发失败,请检查原因" loop_hosts dishosts $ERROR_MESSAGE 8 echo_fun 2 hosts文件分发成功 } #-------------------第八步,搭建时间同步服务器------------------------------- function ntp_client_ins(){ host_ip=`hostname -i` if [ "$host_ip" = "" ];then echo_fun 5 不能获取到当前机器ip"hostname -i" exit 9 fi echo "host_ip $host_ip" if [ "$host_ip" != "$2" ];then ssh -n -p $PORT $1@$2 "yum install ntp -y >/dev/null 2 >&1" if [ `echo $?` != 0 ];then echo_fun 5 ntp客户端安装失败 echo_fun 4 失败机器hostname$2 exit 9 fi ssh -n -p $PORT $1@$2 "/usr/sbin/ntpdate $host_ip >/dev/null 2 >&1 " if [ `echo $?` != 0 ];then echo_fun 5 ntpdate 更新失败 echo_fun 4 失败机器hostname$2 exit 9 fi scp -P $PORT $bin/genCrontab.sh $1@$2:/tmp if [ `echo $?` != 0 ];then echo_fun 5 "$bin/genCrontab.sh文件分发失败" echo_fun 4 失败机器hostname$2 exit 9 fi ssh -n -p $PORT $1@$2 "sh /tmp/genCrontab.sh $host_ip ; /usr/bin/crontab -l" if [ `echo $?` != 0 ];then echo_fun 5 配置crontab失败 echo_fun 4 失败机器hostname$2 exit 9 fi fi } function step_fun_8(){ echo_fun 1 "第八步,搭建时间同步服务器" centos_version=`get_centos_verison` echo_fun 4 安装ntp服务器 if [ "`rpm -qa|grep ntp- |head -n 1`" = "" ];then yum install ntp -y >/dev/null 2>&1 if [ `echo $?` != 0 ];then echo_fun 5 ntp服务器安装失败! exit 9 fi fi echo_fun 2 ntp服务器安装成功 #先注释掉,然后在追加 sed -i '/restrict default/s/^/#/g' /etc/ntp.conf sed -i '6a\restrict default nomodify\n' /etc/ntp.conf sed -i '7a\server 127.127.1.0\n' /etc/ntp.conf echo_fun 4 启动ntp服务器 case $centos_version in 6) chkconfig ntpd on service ntpd restart if [ `echo $?` != 0 ];then echo_fun 5 ntp服务启动失败 exit 9 fi ;; 7) systemctl enable ntpd systemctl restart ntpd if [ `echo $?` != 0 ];then echo_fun 5 ntp服务启动失败 exit 9 fi ;; *) echo_fun 3 操作系统版本获取失败 exit 9 ;; esac echo_fun 2 ntp服务器启动成功 echo_fun 4 配置ntp客户端 loop_hosts ntp_client_ins ntp客户端安装失败 "8" } #-----------------------------第九步,优化系统参数-------------------------------------- function scp_in_fun6(){ scp -P $PORT $bin/in6.sh $1@$2:/tmp/ } function ssh_in_fun6(){ ssh -n -p $PORT $1@$2 "/bin/sh /tmp/in6.sh" } function scp_in_fun7(){ scp -P $PORT $bin/in7.sh $1@$2:/tmp/ } function ssh_in_fun7(){ ssh -n -p $PORT $1@$2 "/bin/sh /tmp/in7.sh" } function step_fun_9(){ centos_version=`get_centos_verison` echo_fun 1 "第九步,优化系统参数" echo_fun 4 开始优化系统参数 case $centos_version in 6) loop_hosts scp_in_fun6 loop_hosts ssh_in_fun6 > /dev/null 2>&1 ;; 7) loop_hosts scp_in_fun7 loop_hosts ssh_in_fun7 > /dev/null 2>&1 ;; *) echo_fun 3 获取版本失败 exit ;; esac echo_fun 2 优化系统参数完成 } while (($STEP <= $ENDSTEP)) do step_fun_$STEP ((STEP++)) done
genAllHostname.sh 脚本
#!/bin/sh bin=`dirname "${BASH_SOURCE-$0}"` bin=`cd "$bin"; pwd` PORT=22 if [ "$1" != "" ];then PORT=$1 fi function loop_hosts(){ OLD_IS="$IFS" IFS=" " while read LINE do arr=($LINE) HOSTNAME=${arr[0]} USERNAME=${arr[1]} PASSWD=${arr[2]} tag_hostname=`ssh -n -p$PORT $USERNAME@$HOSTNAME "hostname"` RES=$? echo "$HOSTNAME $tag_hostname" >> $bin/srchosts if [ $RES != "0" ];then echo -e "\r\n\033[31;40;1mERROR: $HOSTNAME 机器主机名获取失败\033[0m \r\n" exit 9 fi done < $bin/hosts } if [ ! -d $bin/../tmp ];then mkdir $bin/../tmp fi cat > $bin/srchosts << EOF 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 EOF loop_hosts
genCrontab.sh?脚本
#!/bin/sh hostname=$1 echo "*/15 * * * * /usr/sbin/ntpdate $hostname" >> /var/spool/cron/root
?hosts和params 文件
172.18.1.25 root bfd123 172.18.1.26 root bfd123 TAR_JDK_NAME=jdk1.8.0_131.tar.gz TAR_PYTHON_NAME=Python-2.7.8.tar.gz MYSQL_JDBC_DRIVER=mysql-connector-java-5.1.42.jar
in7.sh脚本
#关闭防火墙 if [ "`rpm -qa|grep firewalld- |head -n 1`" = "" ];then yum install firewalld -y >/dev/null 2>&1 if [ `echo $?` != 0 ];then echo_fun 5 firewalld安装失败! exit 9 fi fi systemctl stop firewalld #关闭开启自启 systemctl disable firewalld #关闭 seliunx if [ `getenforce` != "Disabled" ];then setenforce 0 fi #优化ulimit cat >> /etc/security/limits.conf << EOF * soft nofile 655350 * hard nofile 655350 * soft nproc 655350 * hard nproc 655350 EOF sed -i 's#4096#65535#g' /etc/security/limits.d/20-nproc.conf #设置ssh sed -i -e 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config #优化内核参数#### cat > /etc/sysctl.conf << EOF net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.tcp_max_tw_buckets = 60000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 1024 65535 EOF sysctl -p >/dev/null 2>&1
in6.sh脚本
#!/bin/bash #close servers for i in `chkconfig --list |awk '{print $1}'` do chkconfig $i off; done #open servers for i in crond network haldaemon messagebus udev-post ntpd sshd rsyslog sysstat do chkconfig $i on; done #close iptables chkconfig iptables off chkconfig ip6tables off /etc/init.d/ip6tables stop /etc/init.d/iptables stop #close seliunx if [ `getenforce` != "Disabled" ];then setenforce 0 fi #about ssh #sed -i 's/#Port 22/Port 3222/' /etc/ssh/sshd_config sed -i -e 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config #sed -i 's/X11Forwarding yes/X11Forwarding no/' /etc/ssh/sshd_config sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config #modify max openfile and max process cat >> /etc/security/limits.conf << EOF * soft nofile 655350 * hard nofile 655350 * soft nproc 655350 * hard nproc 655350 EOF cat >> /etc/security/limits.d/90-nproc.conf << EOF * soft nproc 655350 * hard nproc 655350 root soft nproc unlimited EOF sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf #modify kernel parameters cat > /etc/sysctl.conf << EOF #net.bridge.bridge-nf-call-ip6tables = 0 #net.bridge.bridge-nf-call-iptables = 0 #net.bridge.bridge-nf-call-arptables = 0 net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.tcp_max_tw_buckets = 60000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 1024 65535 EOF sysctl -p >/dev/null 2>&1 #echo "nameserver 219.141.140.10" >> /etc/resolv.conf #yum install vim ntpdate lsof -y #yum install R -y #/usr/sbin/ntpdate ntp.api.bz
评论暂时关闭