一、基础
1、初始化
*****************************************************************************
COLOR="echo -e \\033[01;31m"
END='\033[0m'
os(){
if grep -Eqi "Centos" /etc/issue && [ $(sed -rn 's#^.* ([0-9]+)\..*#\1#p' /etc/redhat-release) == 6 ] ;then
OS_ID=`sed -rn 's#^([[:alpha:]]+) .*#\1#p' /etc/redhat-release`
OS_RELEASE=`sed -rn 's#^.* ([0-9.]+).*#\1#p' /etc/redhat-release`
OS_RELEASE_VERSION=`sed -rn 's#^.* ([0-9]+)\..*#\1#p' /etc/redhat-release`
OS_CODENAME=`sed -rn 's#^.*\(([[:alpha:]]+).*#\1#p' /etc/redhat-release |tr -t "[A-Z]" "[a-z]"`
else
OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`
OS_RELEASE=`sed -rn '/^VERSION_ID=/s@.*="?([0-9.]+)"?@\1@p' /etc/os-release`
OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
OS_CODENAME=`sed -rn '/^VERSION=/s@.*\(([[:alpha:]]+).*"$@\1@p' /etc/os-release | tr -t "[A-Z]" "[a-z]"`
fi
}
disable_selinux(){
if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;then
if [ `getenforce` == "Enforcing" ];then
sed -ri.bak 's/^(SELINUX=).*/\1disabled/' /etc/selinux/config
${COLOR}"${OS_ID} ${OS_RELEASE} SELinux已禁用,请重新启动系统后才能生效!"${END}
else
${COLOR}"${OS_ID} ${OS_RELEASE} SELinux已被禁用,不用设置!"${END}
fi
else
${COLOR}"${OS_ID} ${OS_RELEASE} SELinux默认没有安装,不用设置!"${END}
fi
}
disable_firewall(){
if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;then
rpm -q firewalld &> /dev/null && { systemctl disable --now firewalld &> /dev/null; ${COLOR}"${OS_ID} ${OS_RELEASE} Firewall防火墙已关闭!"${END}; } || ${COLOR}"${OS_ID} ${OS_RELEASE} 没有firewall防火墙服务,不用关闭!"${END}
else
dpkg -s ufw &> /dev/null && { systemctl disable --now ufw &> /dev/null; ${COLOR}"${OS_ID} ${OS_RELEASE} ufw防火墙已关闭!"${END}; } || ${COLOR}"${OS_ID} ${OS_RELEASE} 没有ufw防火墙服务,不用关闭!"${END}
fi
}
optimization_sshd(){
sed -i.bak -e 's/#UseDNS no/UseDNS no/' -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
if [ ${OS_RELEASE_VERSION} == "6" ] &> /dev/null;then
service sshd restart
else
systemctl restart sshd
fi
${COLOR}"${OS_ID} ${OS_RELEASE} SSH已优化完成!"${END}
}
set_centos_alias(){
cat >>~/.bashrc <<-EOF
alias cdnet="cd /etc/sysconfig/network-scripts"
alias vie0="vim /etc/sysconfig/network-scripts/ifcfg-eth0"
alias vie1="vim /etc/sysconfig/network-scripts/ifcfg-eth1"
alias scandisk="echo '- - -' > /sys/class/scsi_host/host0/scan;echo '- - -' > /sys/class/scsi_host/host1/scan;echo '- - -' > /sys/class/scsi_host/host2/scan"
EOF
${COLOR}"${OS_ID} ${OS_RELEASE} 系统别名已设置成功,请重新登陆后生效!"${END}
}
set_ubuntu_alias(){
cat >>~/.bashrc <<-EOF
alias cdnet="cd /etc/netplan"
alias scandisk="echo '- - -' > /sys/class/scsi_host/host0/scan;echo '- - -' > /sys/class/scsi_host/host1/scan;echo '- - -' > /sys/class/scsi_host/host2/scan"
EOF
${COLOR}"${OS_ID} ${OS_RELEASE} 系统别名已设置成功,请重新登陆后生效!"${END}
}
set_alias(){
if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ];then
if grep -Eqi "(.*cdnet|.*vie0|.*vie1|.*scandisk)" ~/.bashrc;then
sed -i -e '/.*cdnet/d' -e '/.*vie0/d' -e '/.*vie1/d' -e '/.*scandisk/d' ~/.bashrc
set_centos_alias
else
set_centos_alias
fi
fi
if [ ${OS_ID} == "Ubuntu" ];then
if grep -Eqi "(.*cdnet|.*scandisk)" ~/.bashrc;then
sed -i -e '/.*cdnet/d' -e '/.*scandisk/d' ~/.bashrc
set_ubuntu_alias
else
set_ubuntu_alias
fi
fi
}
set_vimrc(){
read -p "请输入作者名:" AUTHOR
read -p "请输入QQ号:" QQ
read -p "请输入网址:" V_URL
cat >~/.vimrc <<-EOF
set ts=4
set expandtab
set ignorecase
set cursorline
set autoindent
autocmd BufNewFile *.sh exec ":call SetTitle()"
func SetTitle()
if expand("%:e") == 'sh'
call setline(1,"#!/bin/bash")
call setline(2,"#")
call setline(3,"#**********************************************************************************************")
call setline(4,"#Author: ${AUTHOR}")
call setline(5,"#QQ: ${QQ}")
call setline(6,"#Date: ".strftime("%Y-%m-%d"))
call setline(7,"#FileName: ".expand("%"))
call setline(8,"#URL: ${V_URL}")
call setline(9,"#Description: The test script")
call setline(10,"#Copyright (C): ".strftime("%Y")." All rights reserved")
call setline(11,"#*********************************************************************************************")
call setline(12,"")
endif
endfunc
autocmd BufNewFile * normal G
EOF
${COLOR}"${OS_ID} ${OS_RELEASE} vimrc设置完成,请重新系统启动才能生效!"${END}
}
aliyun(){
URL=mirrors.aliyun.com
}
huawei(){
URL=repo.huaweicloud.com
}
tencent(){
URL=mirrors.cloud.tencent.com
}
tuna(){
URL=mirrors.tuna.tsinghua.edu.cn
}
netease(){
URL=mirrors.163.com
}
sohu(){
URL=mirrors.sohu.com
}
fedora(){
URL=archives.fedoraproject.org
}
nju(){
URL=mirrors.nju.edu.cn
}
set_yum_centos8(){
[ -d /etc/yum.repos.d/backup ] || mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<-EOF
[BaseOS]
name=BaseOS
baseurl=https://${URL}/centos/\$releasever/BaseOS/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[AppStream]
name=AppStream
baseurl=https://${URL}/centos/\$releasever/AppStream/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[extras]
name=extras
baseurl=https://${URL}/centos/\$releasever/extras/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
enabled=1
[centosplus]
name=centosplus
baseurl=https://${URL}/centos/\$releasever/centosplus/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[PowerTools]
name=PowerTools
baseurl=https://${URL}/centos/\$releasever/PowerTools/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
EOF
dnf clean all &> /dev/null
dnf repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} YUM源设置完成!"${END}
}
set_epel_centos8(){
cat > /etc/yum.repos.d/epel.repo <<-EOF
[epel]
name=epel
baseurl=https://${URL}/epel/\$releasever/Everything/\$basearch/
gpgcheck=1
gpgkey=https://${URL}/epel/RPM-GPG-KEY-EPEL-\$releasever
EOF
dnf clean all &> /dev/null
dnf repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} EPEL源设置完成!"${END}
}
set_epel_2_centos8(){
cat > /etc/yum.repos.d/epel.repo <<-EOF
[epel]
name=epel
baseurl=https://${URL}/fedora-epel/\$releasever/Everything/\$basearch/
gpgcheck=1
gpgkey=https://${URL}/fedora-epel/RPM-GPG-KEY-EPEL-\$releasever
EOF
dnf clean all &> /dev/null
dnf repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} EPEL源设置完成!"${END}
}
set_yum_centos7(){
[ -d /etc/yum.repos.d/backup ] || mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<-EOF
[base]
name=base
baseurl=https://${URL}/centos/\$releasever/os/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[extras]
name=extras
baseurl=https://${URL}/centos/\$releasever/extras/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[updates]
name=updates
baseurl=https://${URL}/centos/\$releasever/updates/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[centosplus]
name=centosplus
baseurl=https://${URL}/centos/\$releasever/centosplus/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
EOF
yum clean all &> /dev/null
yum repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} YUM源设置完成!"${END}
}
set_epel_centos7(){
cat > /etc/yum.repos.d/epel.repo <<-EOF
[epel]
name=epel
baseurl=https://${URL}/epel/\$releasever/\$basearch/
gpgcheck=1
gpgkey=https://${URL}/epel/RPM-GPG-KEY-EPEL-\$releasever
EOF
yum clean all &> /dev/null
yum repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} EPEL源设置完成!"${END}
}
set_epel_2_centos7(){
cat > /etc/yum.repos.d/epel.repo <<-EOF
[epel]
name=epel
baseurl=https://${URL}/fedora-epel/\$releasever/\$basearch/
gpgcheck=1
gpgkey=https://${URL}/fedora-epel/RPM-GPG-KEY-EPEL-\$releasever
EOF
yum clean all &> /dev/null
yum repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} EPEL源设置完成!"${END}
}
set_yum_centos6(){
[ -d /etc/yum.repos.d/backup ] || mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<-EOF
[base]
name=base
baseurl=https://${URL}/centos/\$releasever/os/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[extras]
name=extras
baseurl=https://${URL}/centos/\$releasever/extras/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[updates]
name=updates
baseurl=https://${URL}/centos/\$releasever/updates/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[centosplus]
name=centosplus
baseurl=https://${URL}/centos/\$releasever/centosplus/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
EOF
yum clean all &> /dev/null
yum repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} YUM源设置完成!"${END}
}
set_yum_2_centos6(){
[ -d /etc/yum.repos.d/backup ] || mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<-EOF
[base]
name=base
baseurl=https://${URL}/centos-vault/\$releasever.10/os/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[extras]
name=extras
baseurl=https://${URL}/centos-vault/\$releasever.10/extras/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[updates]
name=updates
baseurl=https://${URL}/centos-vault/\$releasever.10/updates/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
[centosplus]
name=centosplus
baseurl=https://${URL}/centos-vault/\$releasever.10/centosplus/\$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-\$releasever
EOF
yum clean all &> /dev/null
yum repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} YUM源设置完成!"${END}
}
set_epel_centos6(){
cat > /etc/yum.repos.d/epel.repo <<-EOF
[epel]
name=epel
baseurl=https://${URL}/epel/\$releasever/\$basearch/
gpgcheck=1
gpgkey=https://${URL}/epel/RPM-GPG-KEY-EPEL-\$releasever
EOF
yum clean all &> /dev/null
yum repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} EPEL源设置完成!"${END}
}
set_epel_2_centos6(){
cat > /etc/yum.repos.d/epel.repo <<-EOF
[epel]
name=epel
baseurl=https://${URL}/pub/archive/epel/\$releasever/\$basearch/
gpgcheck=1
gpgkey=https://$(tencent)/epel/RPM-GPG-KEY-EPEL-\$releasever
EOF
yum clean all &> /dev/null
yum repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} EPEL源设置完成!"${END}
}
set_yum_rocky8(){
[ -d /etc/yum.repos.d/backup ] || mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<-EOF
[BaseOS]
name=BaseOS
baseurl=https://${URL}/rocky/\$releasever/BaseOS/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
[AppStream]
name=AppStream
baseurl=https://${URL}/rocky/\$releasever/AppStream/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
[extras]
name=extras
baseurl=https://${URL}/rocky/\$releasever/extras/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
enabled=1
[plus]
name=plus
baseurl=https://${URL}/rocky/\$releasever/plus/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
[PowerTools]
name=PowerTools
baseurl=https://${URL}/rocky/\$releasever/PowerTools/\$basearch/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
EOF
dnf clean all &> /dev/null
dnf repolist &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} YUM源设置完成!"${END}
}
centos8_base_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)阿里镜像源
2)华为镜像源
3)腾讯镜像源
4)清华镜像源
5)网易镜像源
6)搜狐镜像源
7)南京大学镜像源
8)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-8)" NUM
case ${NUM} in
1)
aliyun
set_yum_centos8
;;
2)
huawei
set_yum_centos8
;;
3)
tencent
set_yum_centos8
;;
4)
tuna
set_yum_centos8
;;
5)
netease
set_yum_centos8
;;
6)
sohu
set_yum_centos8
;;
7)
nju
set_yum_centos8
;;
8)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-8)!"${END}
;;
esac
done
}
centos7_base_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)阿里镜像源
2)华为镜像源
3)腾讯镜像源
4)清华镜像源
5)网易镜像源
6)搜狐镜像源
7)南京大学镜像源
8)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-8)" NUM
case ${NUM} in
1)
aliyun
set_yum_centos7
;;
2)
huawei
set_yum_centos7
;;
3)
tencent
set_yum_centos7
;;
4)
tuna
set_yum_centos7
;;
5)
netease
set_yum_centos7
;;
6)
sohu
set_yum_centos7
;;
7)
nju
set_yum_centos7
;;
8)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-8)!"${END}
;;
esac
done
}
centos6_base_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)腾讯镜像源
2)搜狐镜像源
3)阿里镜像源
4)清华镜像源
5)南京大学镜像源
6)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-6)" NUM
case ${NUM} in
1)
tencent
set_yum_centos6
;;
2)
sohu
set_yum_centos6
;;
3)
aliyun
set_yum_2_centos6
;;
4)
tuna
set_yum_2_centos6
;;
5)
nju
set_yum_2_centos6
;;
6)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-6)!"${END}
;;
esac
done
}
rocky8_base_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)南京大学镜像源
2)网易镜像源
3)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-3)" NUM
case ${NUM} in
1)
nju
set_yum_rocky8
;;
2)
netease
set_yum_rocky8
;;
3)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-3)!"${END}
;;
esac
done
}
centos8_epel_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)阿里镜像源
2)华为镜像源
3)腾讯镜像源
4)清华镜像源
5)搜狐镜像源
6)南京大学镜像源
7)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-7)" NUM
case ${NUM} in
1)
aliyun
set_epel_centos8
;;
2)
huawei
set_epel_centos8
;;
3)
tencent
set_epel_centos8
;;
4)
tuna
set_epel_centos8
;;
5)
sohu
set_epel_2_centos8
;;
6)
nju
set_epel_centos8
;;
7)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-7)!"${END}
;;
esac
done
}
centos7_epel_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)阿里镜像源
2)华为镜像源
3)腾讯镜像源
4)清华镜像源
5)搜狐镜像源
6)南京大学镜像源
7)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-7)" NUM
case ${NUM} in
1)
aliyun
set_epel_centos7
;;
2)
huawei
set_epel_centos7
;;
3)
tencent
set_epel_centos7
;;
4)
tuna
set_epel_centos7
;;
5)
sohu
set_epel_2_centos7
;;
6)
nju
set_epel_centos7
;;
7)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-7)!"${END}
;;
esac
done
}
centos6_epel_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)腾讯镜像源
2)Fedora镜像源
3)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-3)" NUM
case ${NUM} in
1)
tencent
set_epel_centos6
;;
2)
fedora
set_epel_2_centos6
;;
3)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-3)!"${END}
;;
esac
done
}
centos_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)base仓库
2)epel仓库
3)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-3)" NUM
case ${NUM} in
1)
if [ ${OS_RELEASE_VERSION} == "8" ] &> /dev/null;then
centos8_base_menu
elif [ ${OS_RELEASE_VERSION} == "7" ] &> /dev/null;then
centos7_base_menu
else
centos6_base_menu
fi
;;
2)
if [ ${OS_RELEASE_VERSION} == "8" ] &> /dev/null;then
centos8_epel_menu
elif [ ${OS_RELEASE_VERSION} == "7" ] &> /dev/null;then
centos7_epel_menu
else
centos6_epel_menu
fi
;;
3)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-3)!"${END}
;;
esac
done
}
rocky_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)base仓库
2)epel仓库
3)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-3)" NUM
case ${NUM} in
1)
rocky8_base_menu
;;
2)
centos8_epel_menu
;;
3)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-3)!"${END}
;;
esac
done
}
set_apt(){
mv /etc/apt/sources.list /etc/apt/sources.list.bak
cat > /etc/apt/sources.list <<-EOF
deb http://${URL}/ubuntu/ ${OS_CODENAME} main restricted universe multiverse
deb-src http://${URL}/ubuntu/ ${OS_CODENAME} main restricted universe multiverse
deb http://${URL}/ubuntu/ ${OS_CODENAME}-security main restricted universe multiverse
deb-src http://${URL}/ubuntu/ ${OS_CODENAME}-security main restricted universe multiverse
deb http://${URL}/ubuntu/ ${OS_CODENAME}-updates main restricted universe multiverse
deb-src http://${URL}/ubuntu/ ${OS_CODENAME}-updates main restricted universe multiverse
deb http://${URL}/ubuntu/ ${OS_CODENAME}-proposed main restricted universe multiverse
deb-src http://${URL}/ubuntu/ ${OS_CODENAME}-proposed main restricted universe multiverse
deb http://${URL}/ubuntu/ ${OS_CODENAME}-backports main restricted universe multiverse
deb-src http://${URL}/ubuntu/ ${OS_CODENAME}-backports main restricted universe multiverse
EOF
apt update
${COLOR}"${OS_ID} ${OS_RELEASE} APT源设置完成!"${END}
}
apt_menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)阿里镜像源
2)华为镜像源
3)腾讯镜像源
4)清华镜像源
5)网易镜像源
6)南京大学镜像源
7)退出
EOF
echo -e '\E[0m'
read -p "请输入镜像源编号(1-7)" NUM
case ${NUM} in
1)
aliyun
set_apt
;;
2)
huawei
set_apt
;;
3)
tencent
set_apt
;;
4)
tuna
set_apt
;;
5)
netease
set_apt
;;
6)
nju
set_apt
;;
7)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-7)!"${END}
;;
esac
done
}
set_package_repository(){
if [ ${OS_ID} == "CentOS" ]&> /dev/null;then
centos_menu
elif [ ${OS_ID} == "Rocky" ]&> /dev/null;then
rocky_menu
else
apt_menu
fi
}
centos_minimal_install(){
${COLOR}'开始安装“Minimal安装建议安装软件包”,请稍等......'${END}
yum -y install gcc make autoconf gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel zlib-devel vim lrzsz tree tmux lsof tcpdump wget net-tools iotop bc bzip2 zip unzip nfs-utils man-pages &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} Minimal安装建议安装软件包已安装完成!"${END}
}
ubuntu_minimal_install(){
${COLOR}'开始安装“Minimal安装建议安装软件包”,请稍等......'${END}
apt -y install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev gcc openssh-server iotop unzip zip
${COLOR}"${OS_ID} ${OS_RELEASE} Minimal安装建议安装软件包已安装完成!"${END}
}
minimal_install(){
if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;then
centos_minimal_install
else
ubuntu_minimal_install
fi
}
set_mail(){
if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;then
rpm -q postfix &> /dev/null || { yum -y install postfix &> /dev/null; systemctl enable --now postfix; }
rpm -q mailx &> /dev/null || yum -y install mailx &> /dev/null
read -p "请输入邮箱地址:" MAIL
read -p "请输入邮箱授权码:" AUTH
SMTP=`echo ${MAIL} |awk -F"@" '{print $2}'`
cat >~/.mailrc <<-EOF
set from=${MAIL}
set smtp=smtp.${SMTP}
set smtp-auth-user=${MAIL}
set smtp-auth-password=${AUTH}
set smtp-auth=login
set ssl-verify=ignore
EOF
else
dpkg -s mailutils &> /dev/null || apt -y install mailutils
fi
${COLOR}"${OS_ID} ${OS_RELEASE} 邮件设置完成,请重新登录后才能生效!"${END}
}
set_sshd_port(){
disable_selinux
disable_firewall
read -p "请输入端口号:" PORT
sed -i 's/#Port 22/Port '${PORT}'/' /etc/ssh/sshd_config
${COLOR}"${OS_ID} ${OS_RELEASE} 更改SSH端口号已完成,请重启系统后生效!"${END}
}
set_centos_eth(){
ETHNAME=`ip addr | awk -F"[ :]" '/^2/{print $3}'`
#修改网卡名称配置文件
sed -ri.bak '/^GRUB_CMDLINE_LINUX=/s@"$@ net.ifnames=0 biosdevname=0"@' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg >& /dev/null
#修改网卡文件名
mv /etc/sysconfig/network-scripts/ifcfg-${ETHNAME} /etc/sysconfig/network-scripts/ifcfg-eth0
${COLOR}"${OS_ID} ${OS_RELEASE} 网卡名已修改成功,请重新启动系统后才能生效!"${END}
}
set_ubuntu_eth(){
#修改网卡名称配置文件
sed -ri.bak '/^GRUB_CMDLINE_LINUX=/s@"$@net.ifnames=0 biosdevname=0"@' /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg >& /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} 网卡名已修改成功,请重新启动系统后才能生效!"${END}
}
set_eth(){
if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;then
if [ ${OS_RELEASE_VERSION} == 6 ];then
${COLOR}"${OS_ID} ${OS_RELEASE} 不用修改网卡名"${END}
else
set_centos_eth
fi
else
set_ubuntu_eth
fi
}
check_ip(){
local IP=$1
VALID_CHECK=$(echo ${IP}|awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}')
if echo ${IP}|grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then
if [ ${VALID_CHECK} == "yes" ]; then
echo "IP ${IP} available!"
return 0
else
echo "IP ${IP} not available!"
return 1
fi
else
echo "IP format error!"
return 1
fi
}
set_centos_ip(){
while true; do
read -p "请输入IP地址:" IP
check_ip ${IP}
[ $? -eq 0 ] && break
done
read -p "请输入子网掩码位数:" C_PREFIX
while true; do
read -p "请输入网关地址:" GATEWAY
check_ip ${GATEWAY}
[ $? -eq 0 ] && break
done
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<-EOF
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=${IP}
PREFIX=${C_PREFIX}
GATEWAY=${GATEWAY}
DNS1=223.5.5.5
DNS2=180.76.76.76
EOF
${COLOR}"${OS_ID} ${OS_RELEASE} IP地址和网关地址已修改成功,请重新启动系统后生效!"${END}
}
set_ubuntu_ip(){
while true; do
read -p "请输入IP地址:" IP
check_ip ${IP}
[ $? -eq 0 ] && break
done
read -p "请输入子网掩码位数:" U_PREFIX
while true; do
read -p "请输入网关地址:" GATEWAY
check_ip ${GATEWAY}
[ $? -eq 0 ] && break
done
cat > /etc/netplan/01-netcfg.yaml <<-EOF
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses: [${IP}/${U_PREFIX}]
gateway4: ${GATEWAY}
nameservers:
addresses: [223.5.5.5, 180.76.76.76]
EOF
${COLOR}"${OS_ID} ${OS_RELEASE} IP地址和网关地址已修改成功,请重新启动系统后生效!"${END}
}
set_ip(){
if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;then
set_centos_ip
else
set_ubuntu_ip
fi
}
set_hostname_all(){
read -p "请输入主机名:" HOST
hostnamectl set-hostname ${HOST}
${COLOR}"${OS_ID} ${OS_RELEASE} 主机名设置成功,请重新登录生效!"${END}
}
set_hostname6(){
read -p "请输入主机名:" HOST
sed -i.bak -r '/^HOSTNAME/s#^(HOSTNAME=).*#\1'${HOST}'#' /etc/sysconfig/network
${COLOR}"${OS_ID} ${OS_RELEASE} 主机名设置成功,请重新登录生效!"${END}
}
set_hostname(){
if [ ${OS_RELEASE_VERSION} == 6 ] &> /dev/null;then
set_hostname6
else
set_hostname_all
fi
}
red(){
P_COLOR=31
}
green(){
P_COLOR=32
}
yellow(){
P_COLOR=33
}
blue(){
P_COLOR=34
}
violet(){
P_COLOR=35
}
cyan_blue(){
P_COLOR=36
}
random_color(){
P_COLOR="$[RANDOM%7+31]"
}
centos_ps1_1(){
C_PS1_1=$(echo "PS1='\[\e[1;${P_COLOR}m\][\u@\h \W]\\$ \[\e[0m\]'" >> /etc/profile.d/env.sh)
}
centos_ps1_2(){
C_PS1_2=$(echo "PS1='\[\e[1;${P_COLOR}m\][\u@\h \W]\\$ \[\e[0m\]'" > /etc/profile.d/env.sh)
}
centos_vim(){
echo "export EDITOR=vim" >> /etc/profile.d/env.sh
}
centos_history(){
echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/env.sh
}
ubuntu_ps1(){
U_PS1=$(echo 'PS1="\[\e[1;'''${P_COLOR}'''m\]${debian_chroot:+($debian_chroot)}\u@\h:\w\\$ \[\e[0m\]"' >> ~/.bashrc)
}
ubuntu_vim(){
echo "export EDITOR=vim" >> ~/.bashrc
}
ubuntu_history(){
echo 'export HISTTIMEFORMAT="%F %T "' >> ~/.bashrc
}
set_env(){
if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ];then
if [ -a /etc/profile.d/env.sh ] && grep -Eqi "(^PS1|.*EDITOR|.*HISTTIMEFORMAT)" /etc/profile.d/env.sh;then
sed -i -e '/^PS1/d' -e '/.*EDITOR/d' -e '/.*HISTTIMEFORMAT/d' /etc/profile.d/env.sh
centos_ps1_1
centos_vim
centos_history
else
centos_ps1_2
centos_vim
centos_history
fi
fi
if [ ${OS_ID} == "Ubuntu" ];then
if grep -Eqi "(^PS1|.*EDITOR|.*HISTTIMEFORMAT)" ~/.bashrc;then
sed -i -e '/^PS1/d' -e '/.*EDITOR/d' -e '/.*HISTTIMEFORMAT/d' ~/.bashrc
ubuntu_ps1
ubuntu_vim
ubuntu_history
else
ubuntu_ps1
ubuntu_vim
ubuntu_history
fi
fi
}
set_ps1(){
TIPS="${COLOR}${OS_ID} ${OS_RELEASE} PS1和系统环境变量已设置完成,请重新登录生效!${END}"
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
1)31 红色
2)32 绿色
3)33 黄色
4)34 蓝色
5)35 紫色
6)36 青色
7)随机颜色
8)退出
EOF
echo -e '\E[0m'
read -p "请输入颜色编号(1-8)" NUM
case ${NUM} in
1)
red
set_env
${TIPS}
;;
2)
green
set_env
${TIPS}
;;
3)
yellow
set_env
${TIPS}
;;
4)
blue
set_env
${TIPS}
;;
5)
violet
set_env
${TIPS}
;;
6)
cyan_blue
set_env
${TIPS}
;;
7)
random_color
set_env
${TIPS}
;;
8)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-9)!"${END}
;;
esac
done
}
set_swap(){
sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a
${COLOR}"${OS_ID} ${OS_RELEASE} 禁用swap成功!"${END}
}
set_kernel(){
cat > /etc/sysctl.conf <<-EOF
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001 65000
# swap
vm.overcommit_memory = 0
vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2
EOF
sysctl -p &> /dev/null
${COLOR}"${OS_ID} ${OS_RELEASE} 优化内核参数成功!"${END}
}
set_limits(){
cat >> /etc/security/limits.conf <<-EOF
root soft core unlimited
root hard core unlimited
root soft nproc 1000000
root hard nproc 1000000
root soft nofile 1000000
root hard nofile 1000000
root soft memlock 32000
root hard memlock 32000
root soft msgqueue 8192000
root hard msgqueue 8192000
EOF
${COLOR}"${OS_ID} ${OS_RELEASE} 优化资源限制参数成功!"${END}
}
set_root_login(){
read -p "请输入密码: " PASSWORD
echo ${PASSWORD} |sudo -S sed -ri 's@#(PermitRootLogin )prohibit-password@\1yes@' /etc/ssh/sshd_config
sudo systemctl restart sshd
sudo -S passwd root <<-EOF
${PASSWORD}
${PASSWORD}
EOF
${COLOR}"${OS_ID} ${OS_RELEASE} root用户登录已设置完成,请重新登录后生效!"${END}
}
ubuntu_remove(){
apt purge ufw lxd lxd-client lxcfs liblxc-common
${COLOR}"${OS_ID} ${OS_RELEASE} 无用软件包卸载完成!"${END}
}
menu(){
while true;do
echo -e "\E[$[RANDOM%7+31];1m"
cat <<-EOF
************************************************************
* 初始化脚本菜单 *
* 1.禁用SELinux 12.修改IP地址和网关地址 *
* 2.关闭防火墙 13.设置主机名 *
* 3.优化SSH 14.设置PS1和系统环境变量 *
* 4.设置系统别名 15.禁用SWAP *
* 5.1-4全设置 16.优化内核参数 *
* 6.设置vimrc配置文件 17.优化资源限制参数 *
* 7.设置软件包仓库 18.Ubuntu设置root用户登录 *
* 8.Minimal安装建议安装软件 19.Ubuntu卸载无用软件包 *
* 9.安装邮件服务并配置邮件 20.重启系统 *
* 10.更改SSH端口号 21.退出 *
* 11.修改网卡名 *
************************************************************
EOF
echo -e '\E[0m'
read -p "请选择相应的编号(1-21): " choice
case ${choice} in
1)
disable_selinux
;;
2)
disable_firewall
;;
3)
optimization_sshd
;;
4)
set_alias
;;
5)
disable_selinux
disable_firewall
optimization_sshd
set_alias
;;
6)
set_vimrc
;;
7)
set_package_repository
;;
8)
minimal_install
;;
9)
set_mail
;;
10)
set_sshd_port
;;
11)
set_eth
;;
12)
set_ip
;;
13)
set_hostname
;;
14)
set_ps1
;;
15)
set_swap
;;
16)
set_kernel
;;
17)
set_limits
;;
18)
set_root_login
;;
19)
ubuntu_remove
;;
20)
reboot
;;
21)
break
;;
*)
${COLOR}"输入错误,请输入正确的数字(1-21)!"${END}
;;
esac
done
}
main(){
os
menu
}
main
2、OpenVPN
2-1、自动安装openvpn生成证书
#!/bin/bash
#
#********************************************************************
#Author: wangdayu
#QQ: 965507991
#Date: 2022-08-20
#FileName: autovpn.sh
#URL: https://blog.51cto.com/dayu
#Description: The test script
#Copyright (C): 2022 All rights reserved
#********************************************************************
. /etc/init.d/functions
server=dayuserver
client=wangdayu
serverIP=`hostname -I|awk '{print $1}'`
# 安装openvpn和easy-rsa
install(){
if yum repolist |grep -i epel ;then
yum install -y openvpn easy-rsa
else
cat > /etc/yum.repos.d/epel.repo <<EOF
[epel]
name=EPEL
baseurl=https://mirror.tuna.tsinghua.edu.cn/epel/$releasever/Everything/$basearch
gpgcheck=0
enabled=1
EOF
yum install -y openvpn easy-rsa
fi
}
# CA环境部署和初始化生成ca证书
CA_init(){
cd /etc/openvpn/easy-rsa
cp -r /usr/share/easy-rsa/3/ /etc/openvpn/easy-rsa
cp /usr/share/doc/easy-rsa/vars.example /etc/openvpn/easy-rsa/vars
sed -r -i.bak 's/^#(set_var EASYRSA_CA_EXPIRE).*[0-9]+.*/\1 36500/' /etc/openvpn/easy-rsa/vars
sed -r -i.bak 's/^#(#set_var EASYRSA_CERT_EXPIRE).*[0-9]+.*/\1 3650/' /etc/openvpn/easy-rsa/vars
cd /etc/openvpn/easy-rsa
./easyrsa init-pki <<EOF
EOF
./easyrsa build-ca nopass <<EOF
EOF
}
# 创建服务器证书
server_init(){
cd /etc/openvpn/easy-rsa
./easyrsa gen-req $server nopass <<EOF
EOF
./easyrsa sign server $server <<EOF
yes
EOF
./easyrsa gen-dh
cp /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn/server/
cp /etc/openvpn/easy-rsa/pki/issued/$server.crt /etc/openvpn/server/
cp /etc/openvpn/easy-rsa/pki/private/$server.key /etc/openvpn/server/
cp /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpn/server/
mkdir /var/log/openvpn
chown openvpn.openvpn /var/log/openvpn
[ -e /etc/openvpn/checkpsw.sh ] || cp /root/checkpsw.sh /etc/openvpn/checkpsw.sh ; echo "已拷贝/root/checkpsw.sh至/etc/openvpn/checkpsw.sh";
chmod +x /etc/openvpn/checkpsw.sh
}
# 创建服务器配置文件
server_config(){
cat > /etc/openvpn/server.conf <<EOF
port 1194
proto tcp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/$server.crt
key /etc/openvpn/server/$server.key
dh /etc/openvpn/server/dh.pem
server 10.8.0.0 255.255.255.0
push "route 172.30.0.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
max-clients 1000
user openvpn
group openvpn
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
mute 20
script-security 3
auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env
username-as-common-name
EOF
}
# 用户名密码
userPW(){
read -p "请输入创建的用户名:" user
read -p "请输入密码:" password
echo "$user $password" >> /etc/openvpn/psw-file
}
# 启动openvpn服务
start_openvpn(){
[ -e /lib/systemd/system/openvpn@.service ] || cp /root/openvpn@.service /lib/systemd/system/
systemctl daemon-reload
systemctl enable --now openvpn@server
}
# 创建客户端证书
client_req(){
cd /etc/openvpn/easy-rsa
sed -r -i.bak 's/^#(#set_var EASYRSA_CERT_EXPIRE).*3650.*/\1 90/' /etc/openvpn/easy-rsa/vars
./easyrsa gen-req $client nopass <<EOF
EOF
./easyrsa sign client $client <<EOF
yes
EOF
mkdir /etc/openvpn/client/$client
find /etc/openvpn/easy-rsa/ -name "${client}*" -exec cp {} /etc/openvpn/client/${client}/ \;
cp pki/ca.crt ../client/$client/
}
# 创建客户端配置文件
client_config(){
cat > /etc/openvpn/client/$client/$client.ovpn <<EOF
client
dev tun
proto tcp
remote $serverIP 1194 #生产中为OpenVPN服务器的FQDN或者公网IP
resolv-retry infinite
nobind
ca ca.crt
cert $client.crt
key $client.key
remote-cert-tls server
cipher AES-256-CBC
verb 3 #此值不能随意指定,否则无法通信
compress lz4-v2 #此项在OpenVPN2.4.X版本使用,需要和服务器端保持一致,如不指定,默认使用comp-lz压缩
auth-user-pass
EOF
cd /etc/openvpn/client/$client
tar zcvf /root/$client.tar.gz * && echo "客户端文件已打包至/root/$client.tar/gz"
}
# 吊销证书
revoke_user(){
cd /etc/openvpn/easy-rsa
read -p "请输入需要吊销证书的用户名:" revokeuser
cd /etc/openvpn/easy-rsa
./easyrsa revoke $revokeuser
./easyrsa gen-crl
echo "crl-verify /etc/openvpn/easy-rsa/pki/crl.pem" >> /etc/openvpn/server.conf
systemctl restart openvpn@server.service
}
# 删除用户
deluser(){
read -p "请输入需要删除的用户名:" DELuser
sed -i "/^$DELuser/d" /etc/openvpn/psw-file
}
# 增加iptables
vpn_iptables(){
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j MASQUERADE
echo 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j MASQUERADE' >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf && sysctl -p
}
Menu(){
PS3="请选择:"
select MEMU in 创建CA 配置服务器 生成客户端文件 创建用户名密码 吊销证书 删除用户 增加iptables 退出;do
case $MEMU in
创建CA)
install && action "安装成功" || action "安装失败" false
CA_init && action "CA证书完成" || action "CA错误" false
;;
配置服务器)
server_init && action "服务器证书颁发完成" || action "服务器证书颁发错误" false
server_config && action "服务器配置文件生成" || action "服务器配置文件错误" false
start_openvpn && action "openvpn服务器配置完成,服务已启动" || action "服务启动失败" false
;;
生成客户端文件)
client_req && action "客户端证书颁发完成" || action "客户端证书颁发错误" false
client_config && action "客户端配置文件生成" || action "客户端配置文件错误" false
;;
创建用户名密码)
userPW && action "用户已创建" || action "创建失败" false
;;
吊销证书)
revoke_user && action "证书已吊销" || action "吊销失败" false
;;
删除用户)
deluser && action "删除用户成功" || action "删除失败" false
;;
增加iptables)
vpn_iptables && action "增加iptables完成" || action "增加iptables条目失败" false
;;
退出)
exit
;;
esac
done
}
Menu
2-2、自动生成证书
#证书存放目录
DIR=/data
#每个证书信息
declare -A CERT_INFO
CERT_INFO=([subject0]="/O=heaven/CN=ca.god.com" \
[keyfile0]="cakey.pem" \
[crtfile0]="cacert.pem" \
[key0]=2048 \
[expire0]=3650 \
[serial0]=0 \
[subject1]="/C=CN/ST=hubei/L=wuhan/O=Central.Hospital/CN=master.liwenliang.org" \
[keyfile1]="master.key" \
[crtfile1]="master.crt" \
[key1]=2048 \
[expire1]=365
[serial1]=1 \
[csrfile1]="master.csr" \
[subject2]="/C=CN/ST=hubei/L=wuhan/O=Central.Hospital/CN=slave.liwenliang.org" \
[keyfile2]="slave.key" \
[crtfile2]="slave.crt" \
[key2]=2048 \
[expire2]=365 \
[serial2]=2 \
[csrfile2]="slave.csr" )
COLOR="echo -e \\E[1;32m"
END="\\E[0m"
#证书编号最大值
N=`echo ${!CERT_INFO[*]} |grep -o subject|wc -l`
cd $DIR
for((i=0;i<N;i++));do
if [ $i -eq 0 ] ;then
openssl req -x509 -newkey rsa:${CERT_INFO[key${i}]} -subj ${CERT_INFO[subject${i}]} \
-set_serial ${CERT_INFO[serial${i}]} -keyout ${CERT_INFO[keyfile${i}]} -nodes \
-days ${CERT_INFO[expire${i}]} -out ${CERT_INFO[crtfile${i}]} &>/dev/null
else
openssl req -newkey rsa:${CERT_INFO[key${i}]} -nodes -subj ${CERT_INFO[subject${i}]} \
-keyout ${CERT_INFO[keyfile${i}]} -out ${CERT_INFO[csrfile${i}]} &>/dev/null
openssl x509 -req -in ${CERT_INFO[csrfile${i}]} -CA ${CERT_INFO[crtfile0]} \
-CAkey ${CERT_INFO[keyfile0]} -set_serial ${CERT_INFO[serial${i}]} \
-days ${CERT_INFO[expire${i}]} -out ${CERT_INFO[crtfile${i}]} &>/dev/null
fi
$COLOR"**************************************生成证书信息**************************************"$END
openssl x509 -in ${CERT_INFO[crtfile${i}]} -noout -subject -dates -serial
echo
done
chmod 600 *.key
echo "证书生成完成"
$COLOR"**************************************生成证书文件如下**************************************"$END
echo "证书存放目录: "$DIR
echo "证书文件列表: "`ls $DIR`
2-3、自动生成证书精简版
#!/bin/bash
CA_SUBJECT="/O=wang/CN=ca.wang.org"
SUBJECT="/C=CN/ST=zjk/L=zhengzhou/O=wang/CN=www.wang.org"
SERIAL=34
EXPIRE=202002
FILE=wang.org
openssl req -x509 -newkey rsa:2048 -subj $CA_SUBJECT -keyout ca.key -nodes -days 202002 -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key -subj $SUBJECT -out ${FILE}.csr
openssl x509 -req -in ${FILE}.csr -CA ca.crt -CAkey ca.key -set_serial $SERIAL -days $EXPIRE -out ${FILE}.crt
chmod 600 ${FILE}.key ca.key
二、服务
1、DNS
1-1、自动部署DNS服务器
DOMAIN=wang.org
HOST=www
HOST_IP=10.0.0.100
LOCALHOST=`hostname -I | awk '{print $1}'`
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_dns () {
if [ $ID = 'centos' -o $ID = 'rocky' ];then
yum install -y bind bind-utils
elif [ $ID = 'ubuntu' ];then
apt update
apt install -y bind9 bind9-utils bind9-host
else
color "不支持此操作系统,退出!" 1
exit
fi
}
config_dns () {
if [ $ID = 'centos' -o $ID = 'rocky' ];then
sed -i -e '/listen-on/s/127.0.0.1/localhost/' -e '/allow-query/s/localhost/any/' -e 's/dnssec-enable yes/dnssec-enable no/' -e 's/dnssec-validation yes/dnssec-validation no/' /etc/named.conf
cat >> /etc/named.rfc1912.zones <<EOF
zone "$DOMAIN" IN {
type master;
file "$DOMAIN.zone";
};
EOF
cat > /var/named/$DOMAIN.zone <<EOF
\$TTL 1D
@ IN SOA master admin (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A ${LOCALHOST}
$HOST A $HOST_IP
EOF
chmod 640 /var/named/$DOMAIN.zone
chgrp named /var/named/$DOMAIN.zone
elif [ $ID = 'ubuntu' ];then
sed -i 's/dnssec-validation auto/dnssec-validation no/' /etc/bind/named.conf.options
cat >> /etc/bind/named.conf.default-zones <<EOF
zone "$DOMAIN" IN {
type master;
file "/etc/bind/$DOMAIN.zone";
};
EOF
cat > /etc/bind/$DOMAIN.zone <<EOF
\$TTL 1D
@ IN SOA master admin (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A ${LOCALHOST}
$HOST A $HOST_IP
EOF
chgrp bind /etc/bind/$DOMAIN.zone
else
color "不支持此操作系统,退出!" 1
exit
fi
}
start_service () {
systemctl enable named
systemctl restart named
systemctl is-active named.service
if [ $? -eq 0 ] ;then
color "DNS 服务安装成功!" 0
else
color "DNS 服务安装失败!" 1
exit 1
fi
}
install_dns
config_dns
start_service
2、Mysql
2-1、自动部署Mysql
#!/bin/bash
#********************************************************************
#MySQL Download URL: https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.29-linux-glibc2.12-x86_64.tar.gz
#http://mirrors.163.com/mysql/Downloads/MySQL-5.7/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
#http://mirrors.163.com/mysql/Downloads/MySQL-8.0/mysql-8.0.23-linux-glibc2.12-x86_64.tar.xz
SRC_DIR=`pwd`
MYSQL='mysql-8.0.28-linux-glibc2.12-x86_64.tar.xz'
#MYSQL='mysql-8.0.24-linux-glibc2.12-x86_64.tar.xz'
#MYSQL='mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz'
MYSQL_ROOT_PASSWORD=123456
COLOR='echo -e \E[01;31m'
END='\E[0m'
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
check (){
if [ $UID -ne 0 ]; then
color "当前用户不是root,安装失败" 1
exit 1
fi
cd $SRC_DIR
if [ ! -e $MYSQL ];then
$COLOR"缺少${MYSQL}文件"$END
$COLOR"请将相关软件放在${SRC_DIR}目录下"$END
exit
elif [ -e /usr/local/mysql ];then
color "数据库已存在,安装失败" 1
exit
else
return
fi
}
install_mysql(){
$COLOR"开始安装MySQL数据库..."$END
if [ $ID = "centos" -o $ID = "rocky" ];then
yum -y -q install libaio numactl-libs ncurses-compat-libs
elif [ $ID = "ubuntu" ];then
apt update
apt -y install libtinfo5
else
color "不支持当前操作系统" 1
exit
fi
if [ $? -eq 0 ];then
color "安装相关包完成!" 0
else
color "安装相关包失败!" 1
exit
fi
tar xf $MYSQL -C /usr/local/
MYSQL_DIR=`echo $MYSQL| sed -nr 's/^(.*[0-9]).*/\1/p'`
ln -s /usr/local/$MYSQL_DIR /usr/local/mysql
chown -R root.root /usr/local/mysql/
id mysql &> /dev/null || { useradd -s /sbin/nologin -r mysql ; color "创建mysql用户" 0 ; }
echo 'PATH=/usr/local/mysql/bin/:$PATH' > /etc/profile.d/mysql.sh
. /etc/profile.d/mysql.sh
ln -s /usr/local/mysql/bin/* /usr/bin/
cat > /etc/my.cnf <<-EOF
[mysqld]
server-id=`hostname -I|cut -d. -f4`
log-bin
datadir=/data/mysql
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
EOF
[ -d /data ] || mkdir /data
mysqld --initialize-insecure --user=mysql --datadir=/data/mysql
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
if [ $ID = "centos" -o $ID = "rocky" ];then
chkconfig --add mysqld
systemctl start mysql
else
systemctl enable mysqld
systemctl start mysql
fi
[ $? -ne 0 ] && { $COLOR"数据库启动失败,退出!"$END;exit; }
#MYSQL_OLDPASSWORD=`awk '/A temporary password/{print $NF}' /data/mysql/mysql.log`
#mysqladmin -uroot -p$MYSQL_OLDPASSWORD password $MYSQL_ROOT_PASSWORD &>/dev/null
sleep 3
mysqladmin -uroot password $MYSQL_ROOT_PASSWORD &>/dev/null
color "数据库安装完成" 0
}
check
install_mysql
2-2、基于Key验证相互访问
#!/bin/bash
PASS=centos1
#设置网段最后的地址,4-255之间,越小扫描越快
END=254
IP=`ip a s eth0 | awk -F'[ /]+' 'NR==3{print $3}'`
NET=${IP%.*}.
. /etc/os-release
rm -f /root/.ssh/id_rsa
[ -e ./SCANIP.log ] && rm -f SCANIP.log
for((i=3;i<="$END";i++));do
ping -c 1 -w 1 ${NET}$i &> /dev/null && echo "${NET}$i" >> SCANIP.log &
done
wait
ssh-keygen -P "" -f /root/.ssh/id_rsa
if [ $ID = "centos" -o $ID = "rocky" ];then
rpm -q sshpass || yum -y install sshpass
else
dpkg -i sshpass &> /dev/null ||{ apt update; apt -y install sshpass; }
fi
sshpass -p $PASS ssh-copy-id -o StrictHostKeyChecking=no $IP
AliveIP=(`cat SCANIP.log`)
for n in ${AliveIP[*]};do
sshpass -p $PASS scp -o StrictHostKeyChecking=no -r /root/.ssh root@${n}:
done
#把.ssh/known_hosts拷贝到所有主机,使它们第一次互相访问时不需要输入回车
for n in ${AliveIP[*]};do
scp /root/.ssh/known_hosts ${n}:.ssh/
done
3、LVS
#!/bin/bash
vip=172.16.0.100
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
#!/bin/bash
vip='172.16.0.100'
iface='lo:1'
mask='255.255.255.255'
port='80'
rs1='10.0.0.8'
rs2='10.0.0.18'
scheduler='rr'
type='-g'
#rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/null
case $1 in
start)
ifconfig $iface $vip netmask $mask #broadcast $vip up
iptables -F
ipvsadm -A -t ${vip}:${port} -s $scheduler
ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1
ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1
echo "The VS Server is Ready!"
;;
stop)
ipvsadm -C
ifconfig $iface down
echo "The VS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
4、Nginx
4-1、自动部署Nginx
#!/bin/bash
NGINX_FILE=nginx-1.22.0
#NGINX_FILE=nginx-1.20.2
#NGINX_FILE=nginx-1.18.0
NGINX_URL=http://nginx.org/download/
TAR=.tar.gz
SRC_DIR=/usr/local/src
NGINX_INSTALL_DIR=/apps/nginx
CPUS=`lscpu |awk '/^CPU\(s\)/{print $2}'`
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
check () {
[ -e ${NGINX_INSTALL_DIR} ] && { color "nginx 已安装,请卸载后再安装" 1; exit; }
cd ${SRC_DIR}
if [ -e ${NGINX_FILE}${TAR} ];then
color "相关文件已准备好" 0
else
color '开始下载 nginx 源码包' 0
wget ${NGINX_URL}${NGINX_FILE}${TAR}
[ $? -ne 0 ] && { color "下载 ${NGINX_FILE}${TAR}文件失败" 1; exit; }
fi
}
install () {
color "开始安装 nginx" 0
if id nginx &> /dev/null;then
color "nginx 用户已存在" 1
else
useradd -s /sbin/nologin -r nginx
color "创建 nginx 用户" 0
fi
color "开始安装 nginx 依赖包" 0
if [ $ID == "centos" ] ;then
if [[ $VERSION_ID =~ ^7 ]];then
yum -y install gcc make pcre-devel openssl-devel zlib-devel perl-ExtUtils-Embed
elif [[ $VERSION_ID =~ ^8 ]];then
yum -y install make gcc-c++ libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel perl-ExtUtils-Embed
else
color '不支持此系统!' 1
exit
fi
elif [ $ID == "rocky" ];then
yum -y install gcc make gcc-c++ libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel perl-ExtUtils-Embed
else
apt update
apt -y install gcc make libpcre3 libpcre3-dev openssl libssl-dev zlib1g-dev
fi
cd $SRC_DIR
tar xf ${NGINX_FILE}${TAR}
NGINX_DIR=`echo ${NGINX_FILE}${TAR}| sed -nr 's/^(.*[0-9]).*/\1/p'`
cd ${NGINX_DIR}
./configure --prefix=${NGINX_INSTALL_DIR} --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
make -j $CPUS && make install
[ $? -eq 0 ] && color "nginx 编译安装成功" 0 || { color "nginx 编译安装失败,退出!" 1 ;exit; }
chown -R nginx.nginx ${NGINX_INSTALL_DIR}
echo "PATH=${NGINX_INSTALL_DIR}/sbin:${PATH}" > /etc/profile.d/nginx.sh
cat > /lib/systemd/system/nginx.service <<EOF
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=${NGINX_INSTALL_DIR}/logs/nginx.pid
ExecStartPre=/bin/rm -f ${NGINX_INSTALL_DIR}/logs/nginx.pid
ExecStartPre=${NGINX_INSTALL_DIR}/sbin/nginx -t
ExecStart=${NGINX_INSTALL_DIR}/sbin/nginx
ExecReload=/bin/kill -s HUP \$MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now nginx &> /dev/null
systemctl is-active nginx &> /dev/null || { color "nginx 启动失败,退出!" 1 ; exit; }
color "nginx 安装完成" 0
}
check
install
5、Tomcat
5-1、自动部署JDK
#!/bin/bash
JDK_FILE="jdk-8u341-linux-x64.tar.gz"
#JDK_FILE="jdk-11.0.15.1_linux-x64_bin.tar.gz"
#JDK_FILE="jdk-11.0.12_linux-x64_bin.tar.gz"
#JDK_FILE="jdk-8u301-linux-x64.tar.gz"
JDK_DIR="/usr/local"
DIR=`pwd`
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$2" && $MOVE_TO_COL
echo -n "["
if [ $1 = "success" -o $1 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $1 = "failure" -o $1 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_jdk(){
if ! [ -f "$DIR/$JDK_FILE" ];then
color 1 "$JDK_FILE 文件不存在"
exit;
elif [ -d $JDK_DIR/jdk ];then
color 1 "JDK 已经安装"
exit
else
[ -d "$JDK_DIR" ] || mkdir -pv $JDK_DIR
fi
tar xvf $DIR/$JDK_FILE -C $JDK_DIR
cd $JDK_DIR && ln -s jdk* jdk
cat > /etc/profile.d/jdk.sh <<EOF
export JAVA_HOME=$JDK_DIR/jdk
export PATH=\$PATH:\$JAVA_HOME/bin
#export JRE_HOME=\$JAVA_HOME/jre
#export CLASSPATH=.:\$JAVA_HOME/lib/:\$JRE_HOME/lib/
EOF
. /etc/profile.d/jdk.sh
java -version && color 0 "JDK 安装完成" || { color 1 "JDK 安装失败" ; exit; }
}
install_jdk
5-2、自动部署tomcat
#!/bin/bash
JDK_FILE="jdk-8u333-linux-x64.tar.gz"
#JDK_FILE="jdk-11.0.14_linux-x64_bin.tar.gz"
#JDK_FILE="jdk-8u281-linux-x64.tar.gz"
TOMCAT_FILE="apache-tomcat-9.0.64.tar.gz"
#TOMCAT_FILE="apache-tomcat-9.0.59.tar.gz"
#TOMCAT_FILE="apache-tomcat-8.5.64.tar.gz"
JDK_DIR="/usr/local"
TOMCAT_DIR="/usr/local"
DIR=`pwd`
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$2" && $MOVE_TO_COL
echo -n "["
if [ $1 = "success" -o $1 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $1 = "failure" -o $1 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_jdk(){
if ! [ -f "$DIR/$JDK_FILE" ];then
color 1 "$JDK_FILE 文件不存在"
exit;
elif [ -d $JDK_DIR/jdk ];then
color 1 "JDK 已经安装"
exit
else
[ -d "$JDK_DIR" ] || mkdir -pv $JDK_DIR
fi
tar xvf $DIR/$JDK_FILE -C $JDK_DIR
cd $JDK_DIR && ln -s jdk* jdk
cat > /etc/profile.d/jdk.sh <<EOF
export JAVA_HOME=$JDK_DIR/jdk
export PATH=\$PATH:\$JAVA_HOME/bin
#export JRE_HOME=\$JAVA_HOME/jre
#export CLASSPATH=.:\$JAVA_HOME/lib/:\$JRE_HOME/lib/
EOF
. /etc/profile.d/jdk.sh
java -version && color 0 "JDK 安装完成" || { color 1 "JDK 安装失败" ; exit; }
}
install_tomcat(){
if ! [ -f "$DIR/$TOMCAT_FILE" ];then
color 1 "$TOMCAT_FILE 文件不存在"
exit;
elif [ -d $TOMCAT_DIR/tomcat ];then
color 1 "TOMCAT 已经安装"
exit
else
[ -d "$TOMCAT_DIR" ] || mkdir -pv $TOMCAT_DIR
fi
tar xf $DIR/$TOMCAT_FILE -C $TOMCAT_DIR
cd $TOMCAT_DIR && ln -s apache-tomcat-*/ tomcat
echo "PATH=$TOMCAT_DIR/tomcat/bin:"'$PATH' > /etc/profile.d/tomcat.sh
id tomcat &> /dev/null || useradd -r -s /sbin/nologin tomcat
cat > $TOMCAT_DIR/tomcat/conf/tomcat.conf <<EOF
JAVA_HOME=$JDK_DIR/jdk
EOF
chown -R tomcat.tomcat $TOMCAT_DIR/tomcat/
cat > /lib/systemd/system/tomcat.service <<EOF
[Unit]
Description=Tomcat
#After=syslog.target network.target remote-fs.target nss-lookup.target
After=syslog.target network.target
[Service]
Type=forking
EnvironmentFile=$TOMCAT_DIR/tomcat/conf/tomcat.conf
ExecStart=$TOMCAT_DIR/tomcat/bin/startup.sh
ExecStop=$TOMCAT_DIR/tomcat/bin/shutdown.sh
RestartSec=3
PrivateTmp=true
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now tomcat.service &> /dev/null
systemctl is-active tomcat.service &> /dev/null && color 0 "TOMCAT 安装完成" || { color 1 "TOMCAT 安装失败" ; exit; }
}
install_jdk
install_tomcat
6、Ansible
6-1、打通控制端和被控端的sshkey验证
IPLIST="
10.0.0.8
10.0.0.18
10.0.0.7
10.0.0.6
10.0.0.200"
rpm -q sshpass &> /dev/null || yum -y install sshpass
[ -f /root/.ssh/id_rsa ] || ssh-keygen -f /root/.ssh/id_rsa -P ''
export SSHPASS=123456
for IP in $IPLIST;do
{ sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $IP; } &
done
wait
7、zabbix
7-1、安装zabbix-server脚本
#!/bin/bash
ZABBIX_VER=5.0
URL="https://mirror.tuna.tsinghua.edu.cn/zabbix"
FONT=msyhbd.ttc
MYSQL_HOST=localhost
#MYSQL_HOST=10.0.0.100
MYSQL_ZABBIX_USER="zabbix@localhost"
#MYSQL_ZABBIX_USER="zabbix@'10.0.0.%'"
MYSQL_ZABBIX_PASS='123456'
MYSQL_ROOT_PASS='123456'
ZABBIX_IP=`hostname -I|awk '{print $1}'`
GREEN="echo -e \E[32;1m"
END="\E[0m"
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_mysql () {
[ $MYSQL_HOST != "localhost" ] && return
if [ $ID = "centos" -o $ID = "rocky" ] ;then
VERSION_ID=`echo $VERSION_ID | cut -d . -f1`
if [ ${VERSION_ID} == "8" ];then
yum -y install mysql-server
systemctl enable --now mysqld
elif [ ${VERSION_ID} == "7" ];then
yum -y install mariadb-server
systemctl enable --now mariadb
else
color "不支持的操作系统,退出" 1
fi
else
apt update
apt -y install mysql-server
[ $? -eq 0 ] || { color "安装MySQL失败,退出!" 1 ; exit ; }
sed -i "/^bind-address.*/c bind-address = 0.0.0.0" /etc/mysql/mysql.conf.d/mysqld.cnf
systemctl restart mysql
fi
mysqladmin -uroot password $MYSQL_ROOT_PASS
mysql -uroot -p$MYSQL_ROOT_PASS <<EOF
create database zabbix character set utf8 collate utf8_bin;
create user $MYSQL_ZABBIX_USER identified by "$MYSQL_ZABBIX_PASS";
grant all privileges on zabbix.* to $MYSQL_ZABBIX_USER;
quit
EOF
if [ $? -eq 0 ];then
color "MySQL数据库准备完成" 0
else
color "MySQL数据库配置失败,退出" 1
exit
fi
}
install_zabbix () {
if [ $ID = "centos" -o $ID = "rocky" ] ;then
rpm -Uvh $URL/zabbix/${ZABBIX_VER}/rhel/${VERSION_ID}/x86_64/zabbix-release-${ZABBIX_VER}-1.el${VERSION_ID}.noarch.rpm
if [ $? -eq 0 ];then
color "YUM仓库准备完成" 0
else
color "YUM仓库配置失败,退出" 1
exit
fi
sed -i "s#http://repo.zabbix.com#$URL#" /etc/yum.repos.d/zabbix.repo
if [ ${VERSION_ID} == "8" ];then
yum -y install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-agent2 zabbix-get langpacks-zh_CN
else
yum -y install zabbix-server-mysql zabbix-agent2 zabbix-get
yum -y install centos-release-scl
rpm -q yum-utils || yum -y install yum-utils
yum-config-manager --enable zabbix-frontend
yum -y install zabbix-web-mysql-scl zabbix-apache-conf-scl
fi
else
wget $URL/zabbix/${ZABBIX_VER}/ubuntu/pool/main/z/zabbix-release/zabbix-release_${ZABBIX_VER}-1+${UBUNTU_CODENAME}_all.deb
if [ $? -eq 0 ];then
color "APT仓库准备完成" 0
else
color "APT仓库配置失败,退出" 1
exit
fi
dpkg -i zabbix-release_${ZABBIX_VER}-1+${UBUNTU_CODENAME}_all.deb
sed -i "s#http://repo.zabbix.com#$URL#" /etc/apt/sources.list.d/zabbix.list
apt update
apt -y install zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-agent2 zabbix-get language-pack-zh-hans
fi
}
config_mysql_zabbix () {
if [ -f $FONT ] ;then
mv /usr/share/zabbix/assets/fonts/graphfont.ttf{,.bak}
cp $FONT /usr/share/zabbix/assets/fonts/graphfont.ttf
else
color "缺少字体文件!" 1
fi
if [ $MYSQL_HOST = "localhost" ];then
zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p$MYSQL_ZABBIX_PASS -h$MYSQL_HOST zabbix
fi
sed -i -e "/.*DBPassword=.*/c DBPassword=$MYSQL_ZABBIX_PASS" -e "/.*DBHost=.*/c DBHost=$MYSQL_HOST" /etc/zabbix/zabbix_server.conf
if [ $ID = "centos" -o $ID = "rocky" ];then
if [ ${VERSION_ID} == "8" ];then
sed -i -e "/.*date.timezone.*/c php_value[date.timezone] = Asia/Shanghai" -e "/.*upload_max_filesize.*/c php_value[upload_max_filesize] = 20M" /etc/php-fpm.d/zabbix.conf
systemctl enable --now zabbix-server zabbix-agent2 httpd php-fpm
else
sed -i "/.*date.timezone.*/c php_value[date.timezone] = Asia/Shanghai" /etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf
systemctl restart zabbix-server zabbix-agent2 httpd rh-php72-php-fpm
systemctl enable zabbix-server zabbix-agent2 httpd rh-php72-php-fpm
fi
else
sed -i "/date.timezone/c php_value date.timezone Asia/Shanghai" /etc/apache2/conf-available/zabbix.conf
chown -R www-data.www-data /usr/share/zabbix/
systemctl enable zabbix-server zabbix-agent2 apache2
systemctl restart zabbix-server zabbix-agent2 apache2
fi
if [ $? -eq 0 ];then
echo
color "ZABBIX-${ZABBIX_VER}安装完成!" 0
echo "-------------------------------------------------------------------"
${GREEN}"请访问: http://$ZABBIX_IP/zabbix"${END}
else
color "ZABBIX-${ZABBIX_VER}安装失败!" 1
exit
fi
}
install_mysql
install_zabbix
config_mysql_zabbix
7-2、安装agent脚本
#!/bin/bash
ZABBIX_SERVER=zabbix.wang.org
ZABBIX_VER=5.0
URL="https://mirror.tuna.tsinghua.edu.cn/zabbix"
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_zabbix_agent2() {
if [ $ID = "centos" -o $ID = "rocky" ];then
VERSION_ID=`echo $VERSION_ID|awk -F. '{print $1}'`
rpm -Uvh $URL/zabbix/${ZABBIX_VER}/rhel/${VERSION_ID}/x86_64/zabbix-release-${ZABBIX_VER}-1.el${VERSION_ID}.noarch.rpm
if [ $? -eq 0 ];then
color "YUM仓库准备完成" 0
else
color "YUM仓库配置失败,退出" 1
exit
fi
sed -i "s#http://repo.zabbix.com#$URL#" /etc/yum.repos.d/zabbix.repo
yum -y install zabbix-agent2
else
wget $URL/zabbix/${ZABBIX_VER}/ubuntu/pool/main/z/zabbix-release/zabbix-release_${ZABBIX_VER}-1+${UBUNTU_CODENAME}_all.deb
if [ $? -eq 0 ];then
color "APT仓库准备完成" 0
else
color "APT仓库配置失败,退出" 1
exit
fi
dpkg -i zabbix-release_${ZABBIX_VER}-1+${UBUNTU_CODENAME}_all.deb
sed -i "s#http://repo.zabbix.com#$URL#" /etc/apt/sources.list.d/zabbix.list
apt update
apt -y install zabbix-agent2
fi
}
config_zabbix_agent2 (){
sed -i -e "/^Server=127.0.0.1/c Server=$ZABBIX_SERVER" -e "/^Hostname=Zabbix server/c Hostname=`hostname -I`" /etc/zabbix/zabbix_agent2.conf
}
start_zabbix_agent2 () {
systemctl enable zabbix-agent2.service
systemctl restart zabbix-agent2.service
systemctl is-active zabbix-agent2.service
if [ $? -eq 0 ];then
echo "-------------------------------------------------------------------"
color "Zabbix Agent 安装完成!" 0
else
color "Zabbix Agent 安装失败" 1
exit
fi
}
install_zabbix_agent2
config_zabbix_agent2
start_zabbix_agent2
8、kvm
8-1、克隆删除脚本
#!/bin/bash
. /etc/init.d/functions
Red="\e[1;31m"
Purple="\e[1;35m"
Green="\e[1;32m"
Blue="\e[1;36m"
Yellow="\e[1;33m"
End="\e[0m"
#克隆集群
clone() {
lists=`virsh list --all |awk '/.*template.*/{print $2}'`
echo "模板清单:"
echo "<-------------------->"
for x in $lists;do
echo -e "$Purple$x$End"
done
echo "<-------------------->"
read -p "请输入克隆模板: " template
#read -p "请输入克隆模板ip: " ip
read -p "请输入集群名称: " name
read -p "请输入节点数: " node
read -p "请输入ip起点x(y.y.y.x): " num
read -p "请输入模板IP地址:" tempip
perip=`echo "$tempip" | egrep -o "[0-9]+\.[0-9]+\.[0-9]+\."`
endip=`echo $tempip | awk -F"." '{print $NF}'`
echo $perip
echo $endip
for ((i=0;i<$node;i++)) ;do
let n=$i+1
arg[$i]="$name-0$n"
virt-clone -o $template -n ${arg[$i]} -f /var/lib/libvirt/images/${arg[$i]}.qcow2 || continue
virsh start ${arg[$i]} || continue
#sleep 60
while true;do
nc -vz $tempip 22 &> /dev/null && break
done
echo $num ${arg[$i]}
if [[ $template =~ "ubuntu" ]];then
ssh root@$tempip "sed -i -r 's@(^[[:space:]]+- $perip)[0-9]+@\1$num@' /etc/netplan/00-installer-config.yaml;hostnamectl set-hostname ${arg[$i]} ;reboot" &> /dev/null
else
ssh root@$tempip "sed -i -r 's@(^IPADDR=).*@\1$perip$num@' /etc/sysconfig/network-scripts/ifcfg-eth0;hostnamectl set-hostname ${arg[$i]} ;reboot" &> /dev/null
fi
let num=$num+1
done
}
#删除集群
delete(){
lists1=`virsh list --all | awk 'NR!=1{print $2}'|sed -nr "s/^(.*)-[0-9]+$/\1/p" |uniq`
echo "<-------------------->"
for n in $lists1 ;do
echo -e "$Purple$n$End"
done
echo "<-------------------->"
dname=1
echo $dname
read -p "请输入集群名称:" dname
echo $danme
for i in `virsh list --all| awk -v dname=$dname '$0 ~ dname{print $2}'`;do
echo -e "$Red$i$End"
if [[ $i =~ "template" ]]; then
continue;
elif [[ $dname == "" ]];then
action "删除失败" false
exit
else
virsh destroy $i &> /dev/null
virsh undefine --remove-all-storage $i &> /dev/null && action "删除成功" true || action "删除失败" false
fi
done
}
#单节点启动
nodestart(){
echo "<-------------------->"
for m in `virsh list --all | egrep ".*off$"|awk '{print $2}'` ;do
echo -e "$Purple$m$End"
done
echo "<-------------------->"
read -p "请输入节点名称:" startnode
virsh start $startnode &> /dev/null && action "$startnode 节点启动成功" true || action "$startnode 节点启动失败" false
}
#单节点重启
noderestart(){
echo "<-------------------->"
for o in `virsh list --all | egrep ".*running$"|awk '{print $2}'` ;do
echo -e "$Purple$o$End"
done
echo "<-------------------->"
read -p "请输入节点名称:" restartnode
virsh reboot $restartnode &> /dev/null && action "$restartnode 节点重启成功" true || action "$restartnode 节点重启失败" false
}
#单节点关机
nodestop(){
echo "<-------------------->"
for p in `virsh list --all | egrep ".*running$"|awk '{print $2}'` ;do
echo -e "$Purple$p$End"
done
echo "<-------------------->"
read -p "请输入节点名称:" stopnode
virsh shutdown $stopnode &> /dev/null && action "$stopnode 节点关机成功" true || action "$stopnode 节点关机失败" false
}
#启动集群
clusterstart(){
lists2=`virsh list --all | awk 'NR!=1{print $2}'|sed -nr "s/^(.*)-[0-9]+$/\1/p"|sort -nr|uniq`
echo "<-------------------->"
for q in $lists2 ;do
echo -e "$Purple$q$End"
done
echo "<-------------------->"
read -p "请输入集群名称:" dname
for i1 in `virsh list --all| awk -v dname=$dname '$0 ~ dname{print $2}'`;do
echo -e "$Red$i1$End"
virsh start $i1 &> /dev/null && action "$i1 节点启动成功" true || action "$i1 节点启动失败" false
done
}
#关闭集群
clusterstop(){
lists3=`virsh list --all | awk 'NR!=1{print $2}'|sed -nr "s/^(.*)-[0-9]+$/\1/p" |sort -nr|uniq`
echo "<-------------------->"
for r in $lists3 ;do
echo -e "$Purple$r$End"
done
echo "<-------------------->"
read -p "请输入集群名称:" dname
for i2 in `virsh list --all| awk -v dname=$dname '$0 ~ dname{print $2}'`;do
echo -e "$Red$i2$End"
virsh shutdown $i2 &> /dev/null && action "$i2 节点关闭成功" true || action "$i2 节点关闭失败" false
done
}
#集群重启
clusterrestart(){
lists4=`virsh list --all | awk 'NR!=1{print $2}'|sed -nr "s/^(.*)-[0-9]+$/\1/p" | sort -nr|uniq`
echo "<-------------------->"
for s in $lists4 ;do
echo -e "$Purple$s$End"
done
echo "<-------------------->"
read -p "请输入集群名称:" dname
for i3 in `virsh list --all| awk -v dname=$dname '$0 ~ dname{print $2}'`;do
echo -e "$Red$i3$End"
virsh reboot $i3 &> /dev/null && action "$i3 节点重启成功" true || action "$i3 节点重启失败" false
done
}
#单机克隆
clone_Single(){
echo "<-------------------->"
for p in `virsh list --all |awk '/.*template.*/{print $2}'` ;do
echo -e "$Purple$p$End"
done
echo "<-------------------->"
read -p "请输入克隆模板: " templatecs
#read -p "请输入克隆模板ip: " ip
read -p "请输入名称: " csname
read -p "请输入ipx(y.y.y.x): " num1
virt-clone -o $templatecs -n $csname -f /var/lib/libvirt/images/$csname.qcow2 || continue
virsh start $csname || continue
sleep 60
echo $csname
if [[ $templatecs =~ "ubuntu" ]];then
ssh root@10.0.0.100 "sed -i -r 's@(^[[:space:]]+- 10.0.0.)[0-9]+@\1$num1@' /etc/netplan/00-installer-config.yaml;hostnamectl set-hostname $csname ;reboot"
else
ssh root@192.168.100.10 "sed -i -r 's@(^IPADDR=).*@\1192.168.10.$num1@' /etc/sysconfig/network-scripts/ifcfg-eth0;hostnamectl set-hostname $csname ;reboot"
fi
}
#单机删除
delete_Single(){
echo "<-------------------->"
for p in `virsh list --all |awk '{print $2}'` ;do
echo -e "$Purple$p$End"
done
echo "<-------------------->"
read -p "请输入机器名称:" dsname
echo $dsname
if [[ $i =~ "template" ]]; then
exit;
elif [[ $dsname == "" ]];then
action "删除失败" false
exit
else
virsh destroy $dsname &> /dev/null
virsh undefine --remove-all-storage $dsname &> /dev/null && action "删除成功" true || action "删除失败" false
fi
}
#创建快照
create_snapshot(){
echo "<-------------------->"
for p in `virsh list --all |awk '{print $2}'` ;do
echo -e "$Purple$p$End"
done
echo "<-------------------->"
read -p "请选择你要创建快照的机器:" shname
virsh snapshot-list $shname
read -p "请输入创建的快照名称:" createsnap
virsh snapshot-create-as $shname $createsnap && echo -e "$Blue 创建成功 $End" || echo -e "$Red 创建失败 $End"
virsh snapshot-list $shname
}
#删除快照
delete_snapshot(){
echo "<-------------------->"
for p in `virsh list --all |awk '{print $2}'` ;do
echo -e "$Purple$p$End"
done
echo "<-------------------->"
read -p "请输入你要删除快照的机器:" dshname
virsh snapshot-list $dshname
read -p "请输入删除的快照名称:" deletesnap
virsh snapshot-delete $dshname $deletesnap && echo -e "$Blue 删除成功 $End" || echo -e "$Red 删除失败 $End"
virsh snapshot-list $dshname
}
#恢复快照
recover_snapshot(){
echo "<-------------------->"
for p in `virsh list --all |awk '{print $2}'` ;do
echo -e "$Purple$p$End"
done
echo "<-------------------->"
read -p "请输入你要恢复快照的机器:" rshname
virsh snapshot-list $rshname
read -p "请输入恢复的快照名称:" recoversnap
virsh snapshot-revert $rshname $recoversnap && echo -e "$Blue 恢复成功 $End" || echo -e "$Red 恢复失败 $End"
virsh snapshot-list $rshname
}
virsh list --all
PS3="请按要求输入操作选项:"
select lists in 克隆集群 删除集群 启动集群 关闭集群 集群重启 单节点启动 单节点关机 单节点重启 克隆单机 单机删除 创建快照 删除快照 恢复快照 退出;do
case $REPLY in # 1 2 3 4 5 6 7 8 9 10 11 12 13
1)
echo -e "$Blue$lists$End"
clone
;;
2)
echo -e "$Red$lists$End"
delete
;;
3)
echo -e "$Green$lists$End"
clusterstart
;;
4)
echo -e "$Red$lists$End"
clusterstop
;;
5)
echo -e "$Yellow$lists$End"
clusterrestart
;;
6)
echo -e "$Green$lists$End"
nodestart
;;
7)
echo -e "$Red$lists$End"
nodestop
;;
8)
echo -e "$Yellow$lists$End"
noderestart
;;
9)
echo -e "$Blue$lists$End"
clone_Single
;;
10)
echo -e "$Blue$lists$End"
delete_Single
;;
11)
echo -e "$Blue$lists$End"
create_snapshot
;;
12)
echo -e "$Blue$lists$End"
delete_snapshot
;;
13)
echo -e "$Blue$lists$End"
recover_snapshot
;;
14)
echo -e "$Blue$lists$End"
exit
;;
*)
echo -e "$Red输入错误$End"
;;
esac
done
9、haproxy
9-1、安装haprxoy脚本
#!/bin/bash
HAPROXY_VERSION=2.6.6
HAPROXY_FILE=haproxy-${HAPROXY_VERSION}.tar.gz
#HAPROXY_FILE=haproxy-2.2.12.tar.gz
LUA_VERSION=5.4.4
LUA_FILE=lua-${LUA_VERSION}.tar.gz
#LUA_FILE=lua-5.4.3.tar.gz
HAPROXY_INSTALL_DIR=/apps/haproxy
SRC_DIR=/usr/local/src
CWD=`pwd`
CPUS=`lscpu |awk '/^CPU\(s\)/{print $2}'`
LOCAL_IP=$(hostname -I|awk '{print $1}')
STATS_AUTH_USER=admin
STATS_AUTH_PASSWORD=123456
VIP=192.168.10.100
MASTER1=192.168.10.101
MASTER2=192.168.10.102
MASTER3=192.168.10.103
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
check_file (){
if [ ! -e ${LUA_FILE} ];then
color "缺少${LUA_FILE}文件!" 1
exit
elif [ ! -e ${HAPROXY_FILE} ];then
color "缺少${HAPROXY_FILE}文件!" 1
exit
else
color "相关文件已准备!" 0
fi
}
install_packs () {
if [ $ID = "centos" -o $ID = "rocky" ];then
yum -y install gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel libtermcap-devel ncurses-devel libevent-devel readline-devel
elif [ $ID = "ubuntu" ];then
apt update
apt -y install gcc make openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev libreadline-dev libsystemd-dev
else
color "不支持此操作系统!" 1
fi
[ $? -eq 0 ] || { color '安装软件包失败,退出!' 1; exit; }
}
install_lua () {
tar xf ${LUA_FILE} -C ${SRC_DIR}
LUA_DIR=${LUA_FILE%.tar*}
cd ${SRC_DIR}/${LUA_DIR}
make all test
}
install_haproxy(){
cd ${CWD}
tar xf ${HAPROXY_FILE} -C ${SRC_DIR}
HAPROXY_DIR=${HAPROXY_FILE%.tar*}
cd ${SRC_DIR}/${HAPROXY_DIR}
make -j ${CPUS} ARCH=x86_64 TARGET=linux-glibc USE_PROMEX=1 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 USE_LUA=1 LUA_INC=${SRC_DIR}/${LUA_DIR}/src/ LUA_LIB=${SRC_DIR}/${LUA_DIR}/src/ PREFIX=${HAPROXY_INSTALL_DIR}
make install PREFIX=${HAPROXY_INSTALL_DIR}
[ $? -eq 0 ] && color "HAPROXY编译安装成功" 0 || { color "HAPROXY编译安装失败,退出!" 1;exit; }
[ -L /usr/sbin/haproxy ] || ln -s ${HAPROXY_INSTALL_DIR}/sbin/haproxy /usr/sbin/
[ -d /etc/haproxy ] || mkdir /etc/haproxy
[ -d /var/lib/haproxy/ ] || mkdir -p /var/lib/haproxy/
cat > /etc/haproxy/haproxy.cfg <<-EOF
global
maxconn 100000
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth ${STATS_AUTH_USER}:${STATS_AUTH_PASSWORD}
#listen kubernetes-6443
# bind ${VIP}:6443
# mode tcp
# log global
# server ${MASTER1} ${MASTER1}:6443 check inter 3000 fall 2 rise 5
# server ${MASTER2} ${MASTER2}:6443 check inter 3000 fall 2 rise 5
# server ${MASTER3} ${MASTER2}:6443 check inter 3000 fall 2 rise 5
EOF
groupadd -g 99 haproxy
useradd -u 99 -g haproxy -d /var/lib/haproxy -M -r -s /sbin/nologin haproxy
}
start_haproxy () {
cat > /lib/systemd/system/haproxy.service <<-EOF
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now haproxy
systemctl is-active haproxy &> /dev/null && color 'HAPROXY安装完成!' 0 || { color 'HAPROXY 启动失败,退出!' 1; exit; }
echo "-------------------------------------------------------------------"
echo -e "请访问链接: \E[32;1mhttp://${LOCAL_IP}:9999/haproxy-status\E[0m"
echo -e "用户和密码: \E[32;1m${STATS_AUTH_USER}/${STATS_AUTH_PASSWORD}\E[0m"
}
check_file
install_packs
install_lua
install_haproxy
start_haproxy
9-2、自动上线下线docker
#!/bin/bash
WEB_SERVERS="
10.0.0.18
10.0.0.28
"
for i in $WEB_SERVERS;do
echo "set server www.wang.org_nginx/$i state maint" | socat stdio /var/lib/haproxy/haproxy.sock
ssh $i docker rm -f nginx
ssh $i "echo DOCKER $i WEBSITE $1 > /data/www/index.html"
ssh $i docker run -d -p 80:80 -v /data/www:/usr/share/nginx/html --name nginx nginx
sleep 10
echo "set server www.wang.org_nginx/$i state ready" | socat stdio /var/lib/haproxy/haproxy.sock
done
10、harbor
10-1、安装harbor脚本
#!/bin/bash
HARBOR_VERSION=2.6.1
#HARBOR_VERSION=2.6.0
HARBOR_BASE=/apps
HARBOR_NAME=harbor.wang.org
#HARBOR_NAME=`hostname -I|awk '{print $1}'`
DOCKER_VERSION="20.10.10"
#DOCKER_VERSION="19.03.14"
DOCKER_URL="http://mirrors.ustc.edu.cn"
#DOCKER_URL="https://mirrors.tuna.tsinghua.edu.cn"
DOCKER_COMPOSE_VERSION=2.6.1
#DOCKER_COMPOSE_VERSION=1.29.2
DOCKER_COMPOSE_FILE=docker-compose-Linux-x86_64
HARBOR_ADMIN_PASSWORD=123456
HARBOR_IP=`hostname -I|awk '{print $1}'`
COLOR_SUCCESS="echo -e \\033[1;32m"
COLOR_FAILURE="echo -e \\033[1;31m"
END="\033[m"
. /etc/os-release
UBUNTU_DOCKER_VERSION="5:${DOCKER_VERSION}~3-0~${ID}-${UBUNTU_CODENAME}"
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_docker(){
if [ $ID = "centos" -o $ID = "rocky" ];then
if [ $VERSION_ID = "7" ];then
cat > /etc/yum.repos.d/docker.repo <<EOF
[docker]
name=docker
gpgcheck=0
#baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
baseurl=${DOCKER_URL}/docker-ce/linux/centos/7/x86_64/stable/
EOF
else
cat > /etc/yum.repos.d/docker.repo <<EOF
[docker]
name=docker
gpgcheck=0
#baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/8/x86_64/stable/
baseurl=${DOCKER_URL}/docker-ce/linux/centos/8/x86_64/stable/
EOF
fi
yum clean all
${COLOR_FAILURE} "Docker有以下版本"${END}
yum list docker-ce --showduplicates
${COLOR_FAILURE}"5秒后即将安装: docker-"${DOCKER_VERSION}" 版本....."${END}
${COLOR_FAILURE}"如果想安装其它Docker版本,请按ctrl+c键退出,修改版本再执行"${END}
sleep 5
yum -y install docker-ce-$DOCKER_VERSION docker-ce-cli-$DOCKER_VERSION \
|| { color "Base,Extras的yum源失败,请检查yum源配置" 1;exit; }
else
dpkg -s docker-ce &> /dev/null && $COLOR"Docker已安装,退出" 1 && exit
apt update || { color "更新包索引失败" 1 ; exit 1; }
apt -y install apt-transport-https ca-certificates curl software-properties-common || \
{ color "安装相关包失败" 1 ; exit 2; }
curl -fsSL ${DOCKER_URL}/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] ${DOCKER_URL}/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt update
${COLOR_FAILURE} "Docker有以下版本"${END}
apt-cache madison docker-ce
${COLOR_FAILURE}"5秒后即将安装: docker-"${UBUNTU_DOCKER_VERSION}" 版本....."${END}
${COLOR_FAILURE}"如果想安装其它Docker版本,请按ctrl+c键退出,修改版本再执行"${END}
sleep 5
apt -y install docker-ce=${UBUNTU_DOCKER_VERSION} docker-ce-cli=${UBUNTU_DOCKER_VERSION}
fi
if [ $? -eq 0 ];then
color "安装软件包成功" 0
else
color "安装软件包失败,请检查网络配置" 1
exit
fi
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://si7y70hh.mirror.aliyuncs.com"],
"insecure-registries": ["harbor.wang.org"]
}
EOF
systemctl daemon-reload
systemctl enable docker
systemctl restart docker
docker version && color "Docker 安装成功" 0 || color "Docker 安装失败" 1
echo 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrc
echo 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrc
}
install_docker_compose(){
if [ $ID = "centos" -o $ID = "rocky" ];then
${COLOR_SUCCESS}"开始安装 Docker compose....."${END}
sleep 1
if [ ! -e ${DOCKER_COMPOSE_FILE} ];then
#curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/${DOCKER_COMPOSE_FILE} -o /usr/bin/docker-compose
curl -L https://get.daocloud.io/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m) -o /usr/bin/docker-compose
else
mv ${DOCKER_COMPOSE_FILE} /usr/bin/docker-compose
fi
chmod +x /usr/bin/docker-compose
else
apt -y install docker-compose
fi
if docker-compose --version ;then
${COLOR_SUCCESS}"Docker Compose 安装完成"${END}
else
${COLOR_FAILURE}"Docker compose 安装失败"${END}
exit
fi
}
install_harbor(){
${COLOR_SUCCESS}"开始安装 Harbor....."${END}
sleep 1
if [ ! -e harbor-offline-installer-v${HARBOR_VERSION}.tgz ] ;then
wget https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/harbor-offline-installer-v${HARBOR_VERSION}.tgz || ${COLOR_FAILURE} "下载失败!" ${END}
fi
[ -d ${HARBOR_BASE} ] || mkdir ${HARBOR_BASE}
tar xvf harbor-offline-installer-v${HARBOR_VERSION}.tgz -C ${HARBOR_BASE}
cd ${HARBOR_BASE}/harbor
cp harbor.yml.tmpl harbor.yml
sed -ri "/^hostname/s/reg.mydomain.com/${HARBOR_NAME}/" harbor.yml
sed -ri "/^https/s/(https:)/#\1/" harbor.yml
sed -ri "s/(port: 443)/#\1/" harbor.yml
sed -ri "/certificate:/s/(.*)/#\1/" harbor.yml
sed -ri "/private_key:/s/(.*)/#\1/" harbor.yml
sed -ri "s/Harbor12345/${HARBOR_ADMIN_PASSWORD}/" harbor.yml
sed -i 's#^data_volume: /data#data_volume: /data/harbor#' harbor.yml
#mkdir -p /data/harbor
${HARBOR_BASE}/harbor/install.sh && ${COLOR_SUCCESS}"Harbor 安装完成"${END} || ${COLOR_FAILURE}"Harbor 安装失败"${END}
cat > /lib/systemd/system/harbor.service <<EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f ${HARBOR_BASE}/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f ${HARBOR_BASE}/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable harbor &>/dev/null || ${COLOR}"Harbor已配置为开机自动启动"${END}
if [ $? -eq 0 ];then
echo
color "Harbor安装完成!" 0
echo "-------------------------------------------------------------------"
echo -e "请访问链接: \E[32;1mhttp://${HARBOR_IP}/\E[0m"
echo -e "用户和密码: \E[32;1madmin/${HARBOR_ADMIN_PASSWORD}\E[0m"
else
color "Harbor安装失败!" 1
exit
fi
echo "$HARBOR_IP $HARBOR_NAME" >> /etc/hosts
}
docker info &> /dev/null && ${COLOR_FAILURE}"Docker已安装"${END} || install_docker
docker-compose --version &> /dev/null && ${COLOR_FAILURE}"Docker Compose已安装"${END} || install_docker_compose
install_harbor
11、docker
11-1、安装docker脚本
#!/bin/bash
#
#********************************************************************
#Author: wangdayu
#QQ: 965507991
#Date: 2022-10-14
#FileName: docker_install.sh
#URL: https://blog.51cto.com/dayu
#Description: The test script
#Copyright (C): 2022 All rights reserved
#********************************************************************
URL=https://download.docker.com/linux/static/stable/x86_64
VER=20.10.19
#下载docker包
down(){
if [ ! -e docker-${VER}.tgz ];then
wget ${URL}/docker-${VER}.tgz
else
echo "文件已存在"
exit
fi
[ $? -ne 0 ] && "{ echo "下载失败" ; exit ; }"
}
#安装docker
install_docker(){
tar xf docker-${VER}.tgz
cp docker/* /usr/bin/
cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF
}
config(){
mkdir -p /etc/docker
cat > /etc/docker/daemon.json <<-EOF
{
"registry-mirrors": ["https://pgavrk5n.mirror.aliyuncs.com"]
}
EOF
}
start_docker(){
systemctl daemon-reload
systemctl restart docker.service
}
down
install_docker
config
start_docker
docker info
