Shell
本文收录常用的 Shell 脚本范例,包括系统初始化脚本、账号配置、服务部署等场景,可作为日常运维的脚本模板参考。
系统初始化脚本
#!/bin/bash
#author:Fiber
#Moding:MRCO
#date:2016-10-20
#version:1.1
cd `dirname $0`
#关闭selinux
setenforce 0
sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config
#配置本地源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.bbdops.com/centos/CentOS-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.bbdops.com/epel/epel-7.repo
wget -O /etc/yum.repos.d/docker-ce.repo http://mirrors.bbdops.com/list/docker-ce/linux/centos/docker-ce.repo
yum clean all
yum makecache
#系统升级 & 安装基础软件.
rpm -ivh http://mirrors.ustc.edu.cn/epel/7Server/x86_64/e/epel-release-7-8.noarch.rpm
yum clean all
yum makecache
yum update -y
yum install -y vim wget ncdu net-tools lvm2 tree screen tmux ncurses-devel rsync lrzsz zip unzip xz p7zip ntpdate gcc zlib sysstat smartmontools hdparm htop iotop iftop dstat nmap mtr mlocate bind-utils pciutils sar parted OpenIPMI OpenIPMI-devel OpenIPMI-tools OpenIPMI-libs man bash-completion epel-release salt-minion
yum groupinstall -y "Development Tools"
#配置saltstack
echo "master: salt.master.bbdops.com" > /etc/salt/minion
systemctl start salt-minion
chmod +x /etc/rc.d/rc.local
#该操作必须在禁止root登录之前!!!!
#创建bbders账号,设置免密sudo.
useradd -m bbders
echo "m4HPKASqAeTcbtoV"|passwd bbders --stdin
echo "bbders ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
echo "user ALL=(ALL:ALL) NOPASSWD: ALL,!/usr/bin/passwd,!/usr/bin/passwd root,!/usr/bin/passwd [A-Za-z]*,!/bin/su" >> /etc/sudoers
#配置ssh
sed -i 's/#Port 22/Port 51668/g' /etc/ssh/sshd_config
sed -i -e "/GSSAPIAuthentication/s/yes/no/g" -e "/GSSAPICleanupCredentials/s/yes/no/g" -e"s/^#UseDNS\ no/UseDNS\ no/" -e"s/^#UseDNS\ yes/UseDNS\ no/" /etc/ssh/sshd_config
echo -ne "ClientAliveInterval 60\nClientAliveCountMax 10\n" >> /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
echo "AllowUsers bbders" >> /etc/ssh/sshd_config
#重启生效
systemctl restart sshd
#修改主机名
echo "name.bbdops.com" > /etc/hostname
#hosts
#cat > /etc/hosts <<'EOF'
#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#
#10.10.10.10 www www.pre.bbdops.com
#EOF
#系统优化
cat >> /etc/security/limits.conf <<'EOF'
* soft nproc unlimited
* hard nproc unlimited
* soft nofile 655350
* hard nofile 655350
EOF
cat >> /etc/profile <<'EOF'
ulimit -SHn 655350
ulimit -SHu unlimited
EOF
cat >> /etc/sysctl.conf <<'EOF'
net.ipv4.ip_forward = 1
#net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.route.gc_timeout = 20
net.ipv4.ip_local_port_range = 1025 65535
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_max_tw_buckets = 200000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_wmem = 8192 131072 16777216
net.ipv4.tcp_rmem = 32768 131072 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
#以下未验证
#net.nf_conntrack_max = 25000000
#net.netfilter.nf_conntrack_max = 25000000
#net.netfilter.nf_conntrack_tcp_timeout_established = 180
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 1
#net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
#net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
/sbin/sysctl -p
#关闭firewalld,开启iptables
yum install -y iptables iptables-services
systemctl enable iptables
systemctl stop firewalld && systemctl disable firewalld
iptables -F
service iptables save
cat >> /etc/sysconfig/iptables <<'EOF'
# Generated by iptables-save v1.4.21 on Thu Oct 20 22:43:06 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 51668 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Oct 20 22:43:06 2016
EOF
#同步系统时间
echo "系统初始化完成,请重启服务器!"
sleep 5
exit 0
=======Linux自动挂载脚本
#!/bin/bash
cd `dirname $0`
function data_disks_list(){
#查找系统盘
sys_disk=`df -h|grep -w '/boot'|awk '{print $1}'|sed 's/.$//g'|uniq`
#全部磁盘
all_disks=`lsblk -dnp -e 9,11,180,253 --output KNAME,SIZE,RM,RO,ROTA|egrep -v 'mapper|\/dev\/md'|awk '$3=='0' && $4=='0''|sort`
data_disks=`echo "$all_disks"|grep -v $sys_disk`
echo "$data_disks" > data_disks.list
echo -ne "-------------------------grab data_disks list success--------------\n"
}
function lv_ssd_sata(){
cp /etc/fstab /tmp/fstab.`date +%F-%H_%M_%S`
ssd_sata=`cat data_disks.list | awk '{if ($5 == '0') print $1 }'|grep -v 'nvme'|xargs`
lv='/dev/vg_ssd/lv_ssd'
if [[ -n $ssd_sata ]];then
if [[ ! -a $lv ]];then
mountdir="/data1"
wipefs -af $ssd_sata
pvcreate $ssd_sata
vgcreate vg_ssd $ssd_sata
lvcreate -l +100%FREE -n lv_ssd vg_ssd
mkfs.xfs -fq $lv
[[ ! -d $mountdir ]] && mkdir -p $mountdir
umount -l $mountdir 2> /dev/null
echo "$lv $mountdir xfs defaults,noatime 0 0" >> /etc/fstab
mount -a
echo -ne "-------------------------SATA_SSD mount success-------------------------\n"
else
echo -ne "-------------------------$lv exists,quit-------------------------\n"
exit
fi
else
echo -ne "-------------------------NO SATA_SSD FOUND-------------------------\n"
#exit
fi
}
function lv_ssd_nvme(){
cp /etc/fstab /tmp/fstab.`date +%F-%H_%M_%S`
ssd_nvme=`cat data_disks.list | awk '{if ($5 == '0') print $1 }'|grep 'nvme'|xargs`
lv='/dev/vg_nvme/lv_nvme'
mountdir="/data2"
if [[ -n $ssd_nvme ]];then
if [[ ! -a $lv ]];then
wipefs -af $ssd_nvme
pvcreate $ssd_nvme
vgcreate vg_nvme $ssd_nvme
lvcreate -l +100%FREE -n lv_nvme vg_nvme
mkfs.xfs -fq $lv
[[ ! -d $mountdir ]] && mkdir -p $mountdir
umount -l $mountdir 2> /dev/null
echo "$lv $mountdir xfs defaults,noatime 0 0" >> /etc/fstab
mount -a
echo -ne "-------------------------NVME_SSD mount success-------------------------\n"
else
echo -ne "-------------------------$lv exists,quit-------------------------\n"
exit
fi
else
echo -ne "-------------------------NO NVME_SSD FOUND-------------------------\n"
#exit
fi
}
function mount_hdd(){
cp /etc/fstab /tmp/fstab.`date +%F-%H_%M_%S`
hdd=`cat data_disks.list | awk '{if ($5 == '1') print $1 }'|sort|xargs`
#判断硬盘列表是否为空
if [[ -n $hdd ]];then
wipefs -af $hdd
hdd_num=`cat data_disks.list | awk '{if ($5 == '1') print $1 }' | wc -l`
var=1
#循环挂载单个HDD
while [[ $var -le $hdd_num ]];do
for i in $hdd;do
mkfs.xfs -fq $i
uuid=`blkid -s UUID $i | awk '{print $2}'`
[[ ! -d /data$var ]] && mkdir -p /data$var
umount -l /data$var 2> /dev/null
echo "$uuid /data$var xfs defaults 0 0" >> /etc/fstab
var=$((var + 1))
done
done
mount -a
echo -ne "-------------------------HDD mount success-------------------------\n"
else
echo -ne "-------------------------NO HDD FOUND-------------------------\n"
#exit
fi
}
function help_me(){
echo
echo "使用说明:该脚本用于自动判断磁盘类型(SATA-SSD/NVME-SSD/HDD)并格式化,挂载."
echo
echo "命令参数:"
echo "-l: 查找出系统盘以外的磁盘,并输出到data_disks.list"
echo "-s: 格式化全部SATA类型的ssd并挂载."
echo "-n: 格式化全部nvme类型(PCI-E)的ssd并挂载."
echo "-h: 格式化全部机械磁盘并挂载."
echo "-a: 处理全部数据盘,包括SATA/NVME类型的SSD和机械盘."
}
#调用函数
if [[ $# -gt 0 ]];then
while getopts "lsnha" opt; do
case $opt in
l)
(data_disks_list);;
s)
(data_disks_list)
(lv_ssd_sata);;
n)
(data_disks_list)
(lv_ssd_nvme);;
h)
(data_disks_list)
(mount_hdd);;
a)
(data_disks_list)
(lv_ssd_sata)
(lv_ssd_nvme)
(mount_hdd);;
esac
done
else
help_me
fi删除一天前的文件
#!/bin/bash
start=$(date +%y-%m-%d-%H%M%m)
echo $start
File=/temp/delete_$start.txt
FilePath=/nsm/moloch/raw
echo $File
echo $FilePath
day=1
echo "输出日志文件:"
echo "sudo find $FilePath -mtime +$day -name '*.pcap' > $File"
sudo find $FilePath -mtime +$day -name '*.pcap' > $File
echo "删除日志文件:"
echo "sudo find $FilePath -mtime +$day -name '*.pcap' -exec rm -rf {} \;"
sudo find $FilePath -mtime +$day -name '*.pcap' -exec rm -rf {} \;最后更新于