初始化脚本

我就随便看看
已于 2023-02-23 11:57:33 修改
阅读量625
点赞数
CC 4.0 BY-SA版权
分类专栏： shell 文章标签： linux centos docker
于 2022-07-20 12:05:22 首次发布
本文链接：https://blog.youkuaiyun.com/weixin_60274825/article/details/125889593
shell 专栏收录该内容
1 篇文章
订阅专栏
#! /bin/bash

#安装wget
we=`ls /usr/bin/ | grep 'wget' >> /dev/null`
if [[ ${we} != o ]];then
    yum install wget -y
fi

#安装iostat
io=`ls /usr/bin/ | grep 'iostat' >> /dev/null`
if [[ ${io} != o ]];then
    yum install sysstat -y
fi

#关闭selinux和setenforce
echo "正在关闭selinux...."
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
echo "selinux已关闭~"

# #创建一个垃圾站
# if [[ -f "/tmp/garbage" ]]
# then
#         echo "垃圾站创建成功~~ （/tmp/garbage）"
# else
#         touch /tmp/garbage
#         echo "垃圾站创建成功~~ （/tmp/garbage）"
# fi

#创建并挂载swap分区
echo "正在创建swap分区，请稍等..." 
echo "swap分区文件地址：/mnt/swapfile"
dd if=/dev/zero of=/mnt/swapfile bs=1MB count=1024 >> /tmp/garbage
mkswap /mnt/swapfile
if [[ $? == 0 ]] && [[ -e "/mnt/swapfile" ]]
then
        echo "swap盘创建成功,正在挂载....."
        swapon /mnt/swapfile
        if [[ $? == 0 ]];then  
           echo "swap 分区挂载成功！！！"
        fi
fi
echo "/mnt/swapfile swap swap defaults 0 0" >> /etc/fstab
echo "swap 分区已添加至永久挂载~~~"
chown root:root /mnt/swapfile
chmod 0600 /mnt/swapfile
sysctl vm.swappiness=10 >> /tmp/garbage
echo "vm.swappiness = 10" >> /etc/sysctl.conf
echo "swap 分区创建完毕~"

sleep 3

#挂盘
echo "开始挂载磁盘"

check_expect=`ll /usr/bin/ | grep 'expect' | wc -l`
if [[ ${check_expect} == 0 ]];then
    yum install expect -y 
fi

mount_disk(){
    mkdir /root/init
    DISK="/dev/vdb"
    /usr/bin/expect -c"
    set timeout -1
    spawn /usr/sbin/fdisk $DISK
    
    expect \"*m for help*:\"
    send -- \"n\r\"
    expect \"*p*\n\"
    send -- \"p\r\"
    expect \"*Partition number*\"
    send -- \"\r\"
    expect \"*default*:\"
    send -- \"\r\"
    expect \"*default*:\"
    send -- \"\r\"
    expect \"*m for help*:\"
    send -- \"w\r\"

    expect eof
    "
    mkfs.ext4 ${DISK}{$vdb_free} > /dev/null

    df -lh | grep -q "${DISK}${vdb_free}"
    if [ $? -ne 0 ];then
        grep -q "/home" /etc/fstab
        if [ $? -ne 0 ];then
            
            mount ${DISK}${vdb_free} /home
            echo "${DISK}${vdb_free}  /home   ext4    defaults    0   0" >>/etc/fstab
        else
            sed -i '/home/d' /etc/fstab && mount ${DISK}${vdb_free} /home
            echo "${DISK}${vdb_free}   /home  ext4  defaults   0   0" >> /etc/fstab
        fi

        df -h |grep home
        if [ $? -eq 0 ];then
            touch /root/init/mountdisk.status
        fi
    else
        echo "Home partition has been mounted,please check!!" >> /root/init.log
    fi
}

check_home=`df -h | grep home |wc -l`
if [[ $check_home == 0 ]]
then
        vdb_free=`ll /dev/ | grep vdb | wc -l`
        check_mount=`blkid | grep vdb1 | wc -l`
        check_df=`df -h | grep vdb1 | wc -l`
        check_fstab=`grep -v '^#' /etc/fstab  | grep -E 'vdb1|home' |wc -l`
        if [[ ${vdb_free} -lt 4 ]]
        then
                if [[ ${vdb_free} == 1 ]] 
                then
                        mount_disk
                elif [[ ${vdb_free} == 2 ]]   
                then                     
                        if [[ ${check_mount} == 0  ]]
                        then
                                mkfs.ext4 /dev/vdb1
                                mount /dev/vdb1 /home
                                echo "/dev/vdb1  /home   ext4    defaults    0   0" >>/etc/fstab 
                                echo "/dev/vdb1 挂载完毕，挂载点：/home"
                        elif  [[ ${check_mount} != 0  ]] && [[ ${check_df} == 0 ]]
                        then
                                mount /dev/vdb1 /home
                                echo "/dev/vdb1 挂载完毕，挂载点：/home"
                                if  [[ ${check_fstab} == 0 ]]
                                then
                                        echo "/dev/vdb1  /home   ext4    defaults    0   0" >>/etc/fstab                                        
                                fi
                        fi
                fi
        else    
                echo "磁盘vdb可用分区不足，请检查"
        fi
else
        echo "home 分区已挂载"
fi


#启动并添加firewalld规则
echo "即将配置防火墙规则"
sleep 3
systemctl restart firewalld
systemctl enable firewalld
if [[ $? == 0 ]]
then
        echo "firewall 启动完成~"
else
        echo "firewall 启动失败，请检查~"
        break
fi
firewall-cmd --zone=public --add-port=52525/tcp --permanent
firewall-cmd --zone=public --add-port=52526/tcp --permanent
firewall-cmd --zone=public --add-port=10051/tcp --permanent
firewall-cmd --zone=public --add-port=10050/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload
echo "********************************************************
#信任端口 52525、52526、10051、10050、80、443、8080添加完毕~
#为您显示firewall规则
#*********************************************************       
#"
firewall-cmd --list-all --zone=public

sleep 3

#ntp时间同步
echo "开始ntp同步时间~~"
ntpdcheck=`systemctl status ntpd | wc -l`
if [[ ${ntpdcheck} == 0 ]];then
        yum install -y ntpdate
        if [[ $? == 0 ]];then
                systemctl start ntpd
        fi
else
        echo "ntpdate 已经存在，重启中。。。"
        systemctl restart ntpd
fi

if [[ $? == 0 ]]
then
        systemctl stop ntpd
        ntpdate cn.pool.ntp.org
        systemctl restart ntpd
        echo "ntp 时间同步完成~"
fi

sleep 3

#salt-minion 安装
echo "开始安装salt-minion . . ."
cat >/etc/yum.repos.d/salt.repo <<EOF

[salt-latest-repo]
name=Salt repo for RHEL/CentOS 7 PY2
baseurl=https://archive.repo.saltproject.io/yum/redhat/7/x86_64/archive/3000.5
skip_if_unavailable=True
failovermethod=priority
enabled=1
enabled_metadata=1
gpgcheck=0
gpgkey=https://archive.repo.saltproject.io/yum/redhat/7/x86_64/archive/30005/SALTSTACK-GPG-KEY.pub, https://archive.repo.saltproject.io/yum/redhat/7/x86_64/archive/3000.5/base/RPM-GPG-KEY-CentOS-7
EOF
yum clean all
yum install -y salt-minion
echo "" > /etc/salt/minion
echo "master: 49.233.21.192" >>  /etc/salt/minion
echo "master_port: 52526" >>  /etc/salt/minion
echo "id: 82.157.253.241" >>  /etc/salt/minionfdisk
echo "salt-minion 配置完成，为您重启~"
if [[ $? == 0 ]];then
    echo "salt-minion 重启成功"
fi


echo "下来安装coscmd工具。。。。"
sleep 3

#安装并配置python环境
if [[ -e "/usr/bin/python3" ]]
then
        #rm -rf /usr/bin/python
        #ln -s /usr/bin/python3 /usr/bin/python
        echo "Python 配置成功~"
else
        yum install python3 -y
        if [[ $? == 0 ]]
        then
                echo "Python 配置成功~"
        fi
fi

echo "正在配置pip环境，以及安装coscmd"

#检测pip
if [[ -e "/usr/bin/pip3" ]]
# 安装coscmd
then
        pip3 install coscmd
        if [[ $? == 0 ]]
        then
                echo "coscmd 安装成功！！！"
        fi
else
        yum install python-pip -y
        pip3 install coscmd
        if [[ $? == 0 ]]
        then
                echo "coscmd 安装成功！！！"
        fi
fi

echo "开始安装HTTP。。。"
sleep 3

#安装httpd

httpcheck=`systemctl status  httpd | wc -l`
if [[ ${httpcheck} == 0 ]];then
        yum install -y httpd
        if [[ $? == 0 ]];then
                systemctl start httpd
        fi
else
        echo "http 已经存在，重启中。。。"
        systemctl restart httpd
fi

systemctl enable httpd
#echo "DirectoryIndex index.html index.php" >> /etc/httpd/conf/httpd.conf
#echo "AddType application/x-httpd-php .php .php3 .php4 .php5" >> /etc/httpd/conf/httpd.conf
systemctl start httpd

if [[ $? == 0 ]]
then
        echo "HTTP 启动成功"
fi


#*******************************************************************************************************
#安装zabbix-server及配置数据库

#rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
#
#yum clean all
#
#yum install zabbix-server-mysql zabbix-agent -y
#
#yum install centos-release-scl -y
#
#sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/zabbix.repo
#
#yum install zabbix-web-mysql-scl zabbix-apache-conf-scl -y
#
#wget http://repo.mysql.com/mysql57-community-release-el7-8.noarch.rpm
#
#rpm -ivh mysql57-community-release-el7-8.noarch.rpm
#sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/mysql-community.repo
#sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/mysql-community-source.repo
#yum -y install mysql-server
#
#systemctl start mysqld
#
#passwd=`grep "root@localhost" /var/log/mysqld.log | awk '{print $NF}'`
#read -p "请输入Mysql的新密码：" mysqlnewpasswd
#mysqladmin -uroot -p"$passwd" password $mysqlnewpasswd
#echo "Mysql密码修改成功！！！"
#gg
#echo "Mysql安装成功，开始安装zabbix......"
#
#mysql -uroot -p$mysqlnewpasswd -e 'create database zabbix character set utf8 collate utf8_bin;'
#if [[ $? == 0 ]]
#then
#        echo "zabbix 数据库创建成功！！！"
#fi
#read -p "请输入zabbix用户密码：" zabbixpasswd
#mysql -uroot -p$mysqlnewpasswd -e "grant all on zabbix.* to zabbix@localhost identified by '$zabbixpasswd'"
#echo "用户zabbix创建成功！！"
#mysql -uroot -p$mysqlnewpasswd -e "update mysql.user set host='%' where user='zabbix';"
#mysql -uroot -p$mysqlnewpasswd -e "update mysql.user set host='%' where user='root';"
#echo "权限修改成功！！"
#
#zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p"$zabbixpasswd" zabbix
#echo "DBPassword=$mysqlnewpasswd" >> /etc/zabbix/zabbix_server.conf
#
#echo "php_value[date.timezone] = Asia/Shanghai" >> /etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf
#
#systemctl restart zabbix-server zabbix-agent httpd rh-php72-php-fpm
#
#systemctl enable zabbix-server zabbix-agent httpd rh-php72-php-fpm
#
#if [[ $? == 0 ]]
#then
#        echo "zabbix-server 启动成功！！！"
#        echo "浏览器输入 ’IP+/zabbix‘ 进入zabbix监控~~~ "
#fi

#*******************************************************************************************************


echo "开始安装zabbix-agent ，并配置接入到zabbix监控平台"
sleep 3
#源码安装zabbix并且将其接入zabbix监控平台

installdir='/usr/local/zabbix'
purl='http://49.233.25.108/get_proxy_api/'
IP=`ip a | egrep -w "inet" | grep 'brd' | awk '{print $2}' | awk -F"/" '{print $1}'`
# IP='10.157.0.3'
Proxy=`curl ${purl}${IP}`  
# oldstartdir='/tmp/oldzabbix'
startdir='/etc/init.d/'
confdir='/usr/local/etc/'

wget http://101.200.170.223/linux/zabbix_agent5/zabbix-5.0.15_x64_kernel2.6.tgz

if [[ $? == 0 ]];then
    if [[ -d ${installdir} ]];then
        tar -xzvf zabbix-5.0.15_x64_kernel2.6.tgz -C /usr/local/zabbix
        chmod 755 -R ${installdir}/sbin/
    else
        mkdir ${installdir}
        tar -xzvf zabbix-5.0.15_x64_kernel2.6.tgz -C /usr/local/zabbix
        chmod 755 -R ${installdir}/sbin/
    fi
fi

[[ ! -f ${installdir}/conf/zabbix_agentd.conf ]] && echo "ERROR：install zabbix_agent filed!!" && break

sed -i "s/IP/${IP}/g" ${installdir}/conf/zabbix_agentd.conf
sed -i "s/Proxy/${Proxy}/g" ${installdir}/conf/zabbix_agentd.conf
mv ${installdir}/conf/zabbix_agentd.conf ${confdir}



if [[ -e ${installdir}/sbin/zabbix_agentd ]];then
    mv ${installdir}/sbin/zabbix_agentd ${startdir}
fi

if [[ $? == 0 ]];then
    ${startdir}zabbix_agentd
        if [[ $? == 0 ]];then
            echo "/etc/init.d/zabbix_agentd" >> /etc/rc.local
            echo "zabbix-agent started!!"
        else
            echo "zabbix-agent start failed" && break
        fi
fi


# echo "修改root用户密码，并创建普通用户！！"
# sleep 3

# 修改root用户密码
# # read -p "请输入root用户的新密码：" rootnewpasswd
# echo "root123456" | passwd --stdin root
# # read -p "请输入新创建的用户名：" newuser
# useradd yanjie_c
# if [[ $? == 0 ]]
# then                    
#       echo "用户 yanjie_c 创建成功~~ ~"     
# fi


sleep 3
# ssh免密认证
# echo "配置ssh免密认证"
# /usr/bin/expect -c"
# set timeout -1
# spawn  /usr/bin/ssh-keygen     
# expect \"*/root/.ssh/id_rsa*:\"
# send -- \"\r\"
# expect \"*Enter passphrase*:\"
# send -- \"\r\"
# expect \"*same passphrase again*:\"
# send -- \"\r\"

# spawn  ssh-copy-id -i /root/.ssh/id_rsa.pub  root@10.157.0.3
# expect \"*t@10.157.0.3's pass*:\"
# send -- \"Nebula@123\r\"

# expect eof
# "


echo "开始添加ssh 权限名单"
sleep 3

#创建ssh黑/白名单
echo "开始创建ssh黑/白名单..."
echo "sshd:ALL" >> /etc/hosts.deny
echo "sshd:10.1.38.2" >> /etc/hosts.allow
echo "sshd:10.157.0.3" >> /etc/hosts.allow
echo "sshd:10.157.0.12" >> /etc/hosts.allow
systemctl restart sshd

# while :
# do
#         cat << EOF
# ***************************     
# 请选择你要进行的操作
# ***************************     
# 1.禁用IP
# 2.开放IP
# 3.禁用用户
# 4.开放用户
# 5.退出程序
# ***************************     
# EOF
#         read -p "输入你的操作：" choice
#         case $choice in
#                 "1")
#                 read -p "请输入你要禁用的IP：" rejectip
#                 echo "sshd:$rejectip:deny" >> /etc/hosts.deny
#                 ;;
#                 "2")
#                 read -p "请输入你要开放的IP：" acceptip
#                 echo "sshd:$acceptip:allow" >> /etc/hosts.allow
#                 ;;
#                 "3")
#                 read -p "请输入你要禁用的用户名：" rejectuser
#                 echo "DenyUsers $rejectuser" >> /etc/ssh/sshd_config
#                 ;;
#                 "4")
#                 read -p "请输入你要开放的用户名：" acceptuser
#                 echo "AllowUsers $acceptuser" >> /etc/ssh/sshd_config
#                 ;;
#                 [!12345])
#                 echo "输入错误，请重新输入"
#                 ;;
#                 "5")
#                 echo "程序退出~"
#                 break
#         esac
# done