阅读量:0
1.自动化配置dns服务器
#!/bin/bash
echo -e "\033[31m =====正在验证当前为仅主机还是NAT模式===== \033[0m"
ping -c1 -W1 www.baidu.com &> /dev/null
if [ $? -eq 0 ];then echo -e "\033[31m 检测当前为NAT模式,为您配置在线yum源 \033[0m"
mkdir -p /etc/yum.repos.d/repo.bak
mv -f /etc/yum.repos.d/* /etc/yum.repos.d/repo.bak &> /dev/null
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null
yum clean all &> /dev/null
yum list &> /dev/null
echo -e "\033[31m 在线源已配置完成 \033[0m"
else
echo -e "\033[31m 检测当前为仅主机模式,为您配置本地yum源 \033[0m"
mount /dev/sr0 /mnt &> /dev/null
cd /etc/yum.repos.d/
mkdir -p /etc/yum.repos.d/repo.bak
mv -f /etc/yum.repos.d/* /etc/yum.repos.d/repo.bak &> /dev/null
echo '[local]
name=local
baseurl=file:///mnt
enabled=1
gpgcheck=0' > /etc/yum.repos.d/local.repo
yum clean all &> /dev/null
yum makecache &> /dev/null
df -h | grep "/mnt"
if [ $? -ne 0 ];then
echo -e "\033[31m 检测当前为仅主机模式,但光盘未连接! \033[0m"
else
echo -e "\033[31m 本地yum源已配置完成 \033[0m"
fi
fi
yum -y install bind &> /dev/null
#修改主配置文件 :/etc/named.conf
sed -i 's/127.0.0.1;/any;/' /etc/named.conf
sed -i 's/localhost;/any;/' /etc/named.conf
for ((;;))
do
read -p "请输入你需要配置的域名(例www.abc.com):" a
b=`echo $a | awk -F "." 'BEGIN{OFS="."}{$2=$2;print$2,$3}'`
c=`ip a | grep "ens33" | awk NR==2'{print}' | awk -F/ '{print$1}' | awk '{print$2}'`
#修改区域配置文件 :/etc/named.rfc1912.zones
echo "zone \"$b\" IN {
type master;
file \"$b.zone\";
allow-update { none; };
};" >> /etc/named.rfc1912.zones
#修改区域数据配置文件 :/var/named/named.localhost
cd /var/named
cp -p named.localhost $b.zone
sed -i "2c @ IN SOA $b. rname.invalid. (" /var/named/$b.zone
sed -i "8c NS $b." /var/named/$b.zone && sed -i "8 s/^/\t/" /var/named/$b.zone
sed -i "9c A $c" /var/named/$b.zone && sed -i "9 s/^/\t/" /var/named/$b.zone
sed -i "10c www IN A $c" /var/named/$b.zone
#添加指定dns服务器
sed -i "2c nameserver $c" /etc/resolv.conf
read -p "是否需要继续添加(y/n):" d
case $d in
y)
continue
;;
n)
#关闭系统防火墙和系统安全机制
systemctl stop firewalld
setenforce 0
#开启dns服务
systemctl restart named
break
;;
*)
echo "请正确输入"
systemctl stop firewalld
setenforce 0
systemctl restart named
break
esac
done
echo -e "\033[31m dns解析已配置完成 \033[0m "
echo -e "\033[31m 请输入host $a 验证 \033[0m "
- 自动化配置rsync服务
服务器配置
[root@backup scripts]# cat backup_server.sh
#!/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
#rsyncd.conf file 配置rsync的服务端文件
cat >>/etc/rsyncd.conf<<EOF
#rsync_config______________begin
#creat by yuguotianqing 2018-01-15
##rsync.conf start##
uid =rsync #用户远端的命令使用 rsync 访问共享目录
gid =rsync #授权的用户组
use chroot =no #安全相关
max connections =200 #最大连接数
timeout =300 #超时时间
pid file =/var/run/rsyncd.pid#程序进程对应的进程号文件
lock file =/var/run/rsync.lock#锁文件
log file =/var/log/rsyncd.log#日志文件
[backup]#模块名
path =/backup/ #模块设定的路径(提供访问的目录)
ignore errors #忽略错误
read only =false #只读为假(可写)
list =false#不能列表
hosts allow =172.16.1.0/24 #允许连接的 ip 段
#host deny =0.0.0.0/32#拒绝连接的 ip 段
auth users =rsync_backup#授权连接的用户
secrets file =/etc/rsync.password#虚拟账号对应的密码文件
#rsync_config_____________end
EOF
#useradd rsync 创建虚拟用户和虚拟用户组
useradd rsync -s /sbin/nologin -M &&\ #不需要用命令-s 不需要家目录-M
tail -1 /etc/passwd &&\ #查询是否创建
#daemon 启动daemon(进程)服务
rsync --daemon &&\ #启动进程服务
ps -ef |grep rsync|grep -v grep &&\ #查询是否开启
lsof -i :873 &&\ #查看端口
#backup establish 创建backup目录
mkdir -p /backup &&\
chown rsync.rsync /backup/ &&\ #backup目录需要对应配置文件的uid和gid的属主和属组主,如果不对应的话客户端无法把文件推送过来
ls -ld /backup &&\ #查看目录的属主和属组主必须为 rsync
#rsync password file 创建虚拟账号的密码文件
echo "rsync_backup:oldboy" >/etc/rsync.password &&\ #对应rsync_backup账号:oldboy为密码
chmod 600 /etc/rsync.password &&\ #因为oldboy是可读的字节但是文件类型是其他用户是可读的,这样子就不安全,所以需要修改文件权限,如果不修改权限也无法推送文件。
ls -l /etc/rsync.password &&\ #查看权限
#local daemon
echo "/usr/bin/rsync --daemon" >>/etc/rc.local &&\ #加入开机自启动的配置文件里面去
tail -5 /etc/rc.local #查看配置文件是否存在/usr/bin/rsync --daemon
客户端配置
[root@nfs scripts]# cat rsync_client.sh
#!/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
#rsync password file
echo "oldboy" >/etc/rsync.password &&\ #在/etc/rsync.password留下密码就可以了密码为:oldboy
chmod 600 /etc/rsync.password &&\ #因为有密码考虑到安全问题所以权限也修改成600
ls -l /etc/rsync.password &&\
mkdir -p /backup #创建一个backup目录
- 自动化配置FTP服务
#!/bin/sh
echo 1.创建ftp上传根目录
mkdir -p /opt/server/ftp/media
sleep 3
echo 2.vsftpd.conf配置文件修改
echo "export local_root=/opt/server/ftp/media" >> /etc/vsftpd/vsftpd.conf
echo "export anon_root=/opt/server/ftp/media" >> /etc/vsftpd/vsftpd.conf
echo "export chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf
echo "export allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf
#vsftpd.conf配置文件其它选项,按需添加注释中内容
# pam_service_name=vsftpd
# userlist_enable=YES
# tcp_wrappers=YES
# seccomp_sandbox=NO
# local_root=/opt/server/ftp/media
# anon_root=/opt/server/ftp/media
# chroot_local_user=YES
# allow_writeable_chroot=YES
# pasv_enable=NO
# 配置FTP服务器禁止匿名上传,修改配置文件,以及设置相关信息
# anonymous_enable=NO #禁止匿名登录
# 尾部添加
# seccomp_sandbox=NO
sleep 3
echo 3.centos7.1系统文件目录解固
chattr -i /etc/gshadow
chattr -i /etc/group
chattr -i /etc/passwd
chattr -i /etc/shadow
sleep 3
echo 4.添加ftp用户组
groupadd ftp
useradd -G ftp -d /opt/server/ftp/media -M ftpuser
(echo 'ftpuser';sleep 2;echo "ftpuser")| passwd ftpuser
sleep 3
echo 5.改变文件夹的属主和权限
chown -R ftpuser:ftpuser /opt/server/ftp/media
chown -R ftpuser:ftpuser /opt/server/ftp
sleep 3
echo 6.改变父文件夹权限
chmod 755 /opt/server
chmod -R 766 /opt/server/ftp
sleep 3
echo 7.改变目录权限
chmod -R 766 /opt/server/ftp/media
sleep 3
echo 8.启动ftp服务
service vsftpd start
service vsftpd status
chkconfig --list ##默认开机启动列表查询
chkconfig --level 2345 vsftpd on ##设置默认开机启动
# 测试FTP服务器
# ftp://IP/ 用户名:ftpuser 密码:ftpuser
sleep 3
# 8.测试文件上传
# curl -T box.log -u ftpuser:ftpuser ftp://10.10.10.10/
# curl -T localfile -u name:passwd ftp://upload_site:port/path/
exit 0
4.自动化配置frp的服务器端和客户端
A主机:
vim frp.sh
#!/bin/bash
# 1、确保本机中有软件包 frp_0.33.0_linux_amd64.tar.gz
# 2、解压软件包 tar -zxvf frp_0.33.0_linux_amd64.tar.gz
# 3、切换到解压后的目录中 cd frp_0.33.0_linux_amd64/
# 4、修改配置文件 vim frps.ini (全部追加)
# dashboard_user=aaa
# dashboard_pwd=aaa
# dashboard_port=7500
# 5、启动frp服务 ./frps -c frps.ini
tar -zxf frp_0.33.0_linux_amd64.tar.gz
cd frp_0.33.0_linux_amd64/
sed -i '$a dashboard_user=aaa' frps.ini
sed -i '$a dashboard_pwd=aaa' frps.ini
sed -i '$a dashboard_port=7500' frps.ini
./frps -c frps.ini
sh frp.sh
B主机:
vim frpcs.sh
#!/bin/bash
# 测试机测试frp服务器
# 1、解压软件包
# 2、切换到目录中
# 3、修改配置文件 vim frpc.ini
# [common]
# server_addr = 10.0.0.20
# server_port = 7000
# [lijiaqi]
# type = tcp
# local_ip = 127.0.0.1
# local_port = 22
# remote_port = 6064
# 4、启动frp客户端服务 ./frpc -c frpc.ini
tar -zxf frp_0.33.0_linux_amd64.tar.gz
cd frp_0.33.0_linux_amd64
sed -i '/server_addr/ s/127.0.0.1/10.0.0.10/' frpc.ini
sed -i '/[ssh]/ s/ssh/baibai/' frpc.ini
sed -i '/remote_port/ s/6000/6035/' frpc.ini
./frpc -c frpc.ini
sh frpcs.sh
5.自动化配置samba共享
#!/bin/bash
if [ "$#" -ne 1 ] ###判断参数个数是否唯一,不是则进行then的逻辑处理
then
echo "运行脚本格式为:$0 /dir/"
exit 1
else
if ! echo $1 |grep -q '^/.*'
then
echo "请提供一个绝对路径。"
exit 0
fi
fi
if ! rpm -q samba >/dev/null
then
echo "将要安装samba"
sleep 1
yum -y install samba
if [ $? -ne 0 ]
then
echo "samba 安装失败"
exit 1
fi
fi
dirconf="/etc/samba/smb.conf"
cat >> $dirconf << EOF
[global]
workgroup = workgroup
security = user
map to guest = bad user
[share]
comment= share all
path = $1
browseable = yes
public = yes
writable = no
EOF
if [ ! -d $1 ]
then
mkdir -p $1
fi
chmod 777 $1
chown nobody:nobody $1
echo "www.51xit.top" > $1/51xit.txt
systemctl start smb
if [ $? -ne 0 ]
then
echo "samba服务启动失败,请检查配置文件是否正常"
else
echo "samba服务启动正常"
fi
chmod +x /opt/samba.sh
#测试#
/opt/samba.sh /opt/samba/
- 自动化配置yum仓库初始化 包含阿里云和epel
#!/bin/bash
# 一键部署yum本地源、阿里源或同时兼备
# anthor:cheng
# 2021年 06月 010日 星期三 13:15:26 CST
# 备份官方yum源
backup (){
if ls /etc/yum.repos.d/ | grep repo.bak &> /dev/null
then
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repo.bak/
else
mkdir /etc/yum.repos.d/repo.bak/
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repo.bak/
fi
}
# 配置本地yum源
yumm(){
echo -e "[local]\nname=local\nbaseurl=file:///mnt\nenable=1\ngpgcheck=0" > /etc/yum.repos.d/local.repo
}
# 配置阿里yum源
ali () {
echo -e "\033[35;5m 正在下载阿里yum源,请稍等............ \033[0m"
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo &> /dev/null
}
# 对光盘进行挂载
cdmount(){
# 如果光盘被挂载就解挂重新挂,没有就进行挂载
if df -h | grep /dev/sr0 &> /dev/null
then
umount /dev/sr0
mount /dev/cdrom /mnt &> /dev/null
echo -e '\033[36m 光盘已挂载至/mnt目录!\033[0m'
else
mount /dev/cdrom /mnt &> /dev/null
if [ $? -ne 0 ]
then
echo "光盘不存在,检查是否加载镜像,状态是否已连接!"
exit
fi
fi
}
# yum缓存清除并重新建立
clean (){
if yum clean all &> /dev/null
then
if yum makecache &> /dev/null
then
echo -e '\033[33m yum缓存已清除并重新建立!可以正常安装程序!\033[0m'
else
echo "yum缓存建立失败!"
fi
else
echo "yum缓存清除失败......"
fi
}
choose(){
echo -e '\033[33m 输入对应的[数字]选择yum源!\033[0m'
read -p "本地源[1]|阿里源[2]|同时配置[3]退出[任意] :" rd
case $rd in
"1")
backup
yumm
cdmount
clean
echo -e '\033[33m 本地源已配置完成!\033[0m'
;;
"2")
backup
ali
clean
echo -e '\033[33m 阿里官方源已配置完成!\033[0m'
;;
"3")
backup
ali
if (rpm -q yum-plugin-priorities.noarch) &> /dev/null
then
continue
else
yum install -y yum-plugin-priorities.noarch &> /dev/null
if [ $? -eq 0 ];then
continue
else
echo -e \"yum-plugin-priorities.noarch\"安装失败
exit
fi
fi
yumm
echo -e "priority=3\n[epel]\nname=epel\nbaseurl=https://mirrors.aliyun.com/epel/7Server/x86_64/\nenabled=1\ngpgcheck=0\npriority=2" >> /etc/yum.repos.d/local.repo
cdmount
clean
echo -e '\033[33m 本地源和阿里官方源已配置完成!(优先本地源)\033[0m'
;;
*)
echo -e '\033[33m 脚本已退出.....\033[0m'
esac
}
echo -e '\033[33m -----------正常网络测试中--------------\033[0m'
if ping -c 3 baidu.com &> /dev/null
then
if ls /etc/yum.repos.d/ | grep CentOS-Base.repo &> /dev/null
then
choose
else
echo -e '\033[33m 网络正常,官方在线源不存在!\033[0m'
choose
fi
else
echo -e '\033[33m 网络异常....配置本地源!\033[0m'
backup
yumm
cdmount
clean
Fi
- 自动化配置nfs服务
#!/bin/bash
#作者:张小白
#联系方式:2367127577@qq.com
#日期:2021年11月4日
#版本:NFS服务一键搭建脚本
# 两部分,1.安装服务(判断是否安装服务) 2.配置文件/etc/exports
#设置全局变量
PATH=${PATH}:/root/
LANG=zh_CN.UTF-8
hong="\033[31m"
huang="\033[33m"
lv="\033[32m"
se="\033[0m"
#来个检查程序是否成功执行函数
check_ok(){
if [ $? != 0 ]
then
echo -e ""$hong"程序出现错误,请检查日志"$se""
exit 1
fi
}
#安装服务函数
myyum(){
s=`rpm -qa |grep "^$1"|wc -l`
if [ "$s" == 0 ]
then
yum install -y $1
check_ok
else
echo -e " serveice $1 already occure yuo can use "$huang"systemctl start $1 "$se""
fi
check_ok
}
#配置环境
myyum iptables-services #是否需要下载iptables服务
iptables-save > /etc/sysconfig/iptables_`date +%F` #备份原有防火墙规则
iptables -F #清空防火墙规则
check_ok
#关闭selinux
sed 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config -i
s_num=`getenforce`
if [ "$s_num" == Enforcing ];
then
setenforce 0
fi
check_ok
#安装服务
nfs_n=`rpm -qa |grep nfs-utils|wc -l`
if [ $nfs_n -gt 0 ]
then
echo "nfs-utils与rpcbind服务已存在,不需要安装,你可以通过编辑 /etc/exports来添加客户端"
echo "/etc/exports配置格式:dir ip(rw,sync,no_root_squash,anonuid="uid",anongid="gid",)"
systemctl restart nfs-utils
systemctl restart nfs
systemctl restart rpcbind
check_ok
exit
fi
check_ok
myyum nfs-utils
systemctl start nfs-utils
systemctl start nfs
myyum rpcbind
systemctl start rpcbind
check_ok
#配置文件
while :
do
read -p "请输入想要共享的目录(默认为你的家目录):" home
read -p "是否加入新的客户端IP或网络,添加完毕直接按 ENTER:" ip
if [ -z $home ]
then
home="~/"
fi
check_ok
if [ -z $ip ]
then
break
else
uid=`cat /etc/passwd|grep nfsnobody|awk -F ":" {'print $3'}`
gid=`cat /etc/passwd|grep nfsnobody|awk -F ":" {'print $4'}`
echo " $home $ip(rw,sync,no_root_squash,anonuid="$uid",anongid="$gid",)" >> /etc/exports
fi
done
check_ok
echo "NFS 服务安装完成,请在客户端安装nfs-utils 并使用showmount 192.168.127.10(服务端ip)来查看可以挂载的目录。 "
exit
- 自动化配置ntp服务
#! /bin/bash
#This part will receive target ipaddresses.
read -p "Please inpute external ip from controller node as below:(It shoud ends with \"/\", each IP should use \"/\" to distingusish ) " ExternalIPs
read -p "Please inpute management ip from compute node as below:(It should ends with \"/\",each IP should use \"/\" to distingusish) " ManagementIPs
read -p "Please inpute Rollor ip:" RollerIP
#This part will cut character string, and store in a array. Use this ip to connect target server. Then we can change NTP server ipaddress in ntp confige file and restart ntp server.
OLD_IFS="$IFS"
IFS="/"
external=($ExternalIPs)
management=($ManagementIPs)
IFS="$OLD_IFS"
#echo ${external[@]}
#echo ${management[@]}
for externalip in ${external[@]}
do
ssh -Tq root@$externalip << EOF
sed -i 's/server $RollerIP/server 192.158.58.1/' /etc/ntp.conf
systemctl restart ntpd
hostname
sleep 2
ntpq -p
EOF
sleep 1
done
for managementip in ${management[@]}
do
ssh -Tq root@$managementip << EOF
sed -i 's/server $RollerIP/server ${external[0]}/' /etc/ntp.conf
systemctl restart ntpd
hostname
sleep 1
ntpq -p
EOF
sleep 1
done
