实战练习之Linux上实现shell脚本自动化编程

实验拓扑要求

主机环境描述

注意:

  • 172.25.250.101-172.25.250.105 共 5 个 IP 地址由servera.exam.com服务器进行提供。
  • 172.25.250.106 由 serverb.exam.com 服务器进行提供。

需求描述

1. 172.25.250.101 主机上的 Web 服务要求提供 www.exam.com Web站点,该站点在任何路由可达
的主机上被访问,页面内容显示为 "Hello,Welcome to www.exam.com !",并提供
content.exam.com/yum/AppStream和content.exam.com/yum/BaseOS URL 作为网络仓库供所
有主机使用。
2. 172.25.250.102 主机提供基于Chronyd 的 NTP 服务将本主机作为时间服务器,对外提供 NTP 服
务,并设置本服务器为 3 层。
3. 172.25.250.103 主机提供的MySQL 数据库服务,要求使用需求1中提供的仓库进行安装,并将数据
库密码设定为 redhat。创建名称为 bbs 的数据库提供给论坛服务使用。
4. 172.25.250.104 主机提供 NFS 服务,该服务将导出本地的 /bbs 目录作为论坛数据目录,该导出指
定只能论坛所在主机使用,并且开机自动挂载。
5. 172.25.250.105 主机提供 DNS 服务,该服务需要提供对项目中所有主机名的正向和反向解析,并
要求所有服务器的 DNS 配置为该 DNS 服务器。
6. 172.25.250.106 主机提供基于 Discuz 的论坛服务,该论坛服务使用 172.25.250.103 主机提供的数
据库 bbs,使用 172.25.250.104 主机提供的 NFS 作为论坛数据目录,并开机挂载。并使用
172.25.250.101 主机提供的网络仓库,172.25.250.102 主机提供的 NTP 服务,172.25.250.105 主
机提供的 DNS 服务。
7. 所有服务器的防火墙服务和 SELinux 服务必须开启。
8. 所有服务器提供的网络服务必须在系统重启后仍然可以正常提供服务。
9. 根据所有服务的相关代码,编写一键部署shell脚本,最基础的功能为 通过执行该脚本实现所有上面
所有需求,要求脚本必须在 servera.exam.com 主机上运行,并支持多次运行。

解答

环境准备:首先准备两台虚拟机,然后手动将两台虚拟机上的IP都修改为题目要求的,并且在两台虚拟机之间相互直接配置ssh公钥认证实现无密码自动登录。并且将仓库的压缩包传到101主机的根目录下面。以便实现shell脚本的自动化运行。

1、要想实现题目中的网络仓库,就要先配置本地仓库,来下载dns,http进行域名解析,能够在网页中通过这个content.exam.com/yum/AppStream来访问到其文件目录。

bash 复制代码
#首先先配置本地仓库
#配置本地仓库的函数代码如下
bendi(){
	num=`/usr/bin/ls -l /mnt | grep "total" | cut -d" " -f2`
	if [ $num -eq 0 ];then
		echo 'no mount'
		/usr/bin/mount /dev/sr0 /mnt
		echo 'success mounted'
	else
		echo 'is mounted'
	fi
	/usr/bin/cat>/etc/yum.repos.d/myrepo.repo<<"EOF"
[baseOS]
name=baseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
}

#然后下载httpd,dns服务
xiazai(){

/usr/bin/yum install httpd  bind -y
systemctl start httpd
systemctl start named

systemctl enable httpd
systemctl enable named
}

下载完服务后,就先配置web服务器,能够实现页面访问。并且要在本地hosts上面写主机名解析文件。其代码如下:

bash 复制代码
#Web服务
web(){
/usr/bin/mkdir /www
/usr/bin/mkdir /www/exam
/usr/bin/mkdir /www/exam/yum
host=`grep -o "172.25.250.101 www.exam.com" /etc/hosts`
if [ $? -eq 1 ];then
	echo "172.25.250.101 www.exam.com" >> /etc/hosts
fi
echo "Hello,Welcome to www.exam.com" > /www/exam/index.html
	/usr/bin/cat>/etc/httpd/conf.d/vhost.conf<<"EOF"
<directory /www>
allowoverride none
require all granted
</directory>
<virtualhost 172.25.250.101:80>
documentroot /www/exam
servername www.exam.com
</virtualhost>
<directory /www/exam/yum>
Options Indexes FollowSymLinks
allowoverride none
require all granted
</directory>
EOF
}

2、配置DNS服务,能够正向反向解析。并且在172.25.250.106上面能够解析成功

bash 复制代码
#配置dns 
dns(){
/usr/bin/cat>/etc/named.conf<<"EOF"
options {
        listen-on port 53 { 172.25.250.105; };
        directory       "/var/named";
};


zone "exam.com" IN {
        type master;
        file "named.exam";
};

zone "250.25.172.in-addr.arpa" IN {
        type master;
        file "named.fanxiang";
};
EOF
/usr/bin/cat>/var/named/named.exam<<"EOF"
$TTL 1d
@       IN      SOA     @       admin.exam.com. (2024071901
                                                             1
                                                             1
                                                             1
                                                             1)
        IN      NS      ns.exam.com.
        IN      MX      10 mail.exam.com.
ns      IN      A       172.25.250.105
www     IN      A       172.25.250.101
content IN      A       172.25.250.101
ntp     IN      A       172.25.250.102
mysql   IN      A       172.25.250.103
nfs     IN      A       172.25.250.104
dns     IN      A       172.25.250.105
bbs     IN      A       172.25.250.106
EOF
/usr/bin/cat>/var/named/named.fanxiang<<"EOF"
$TTL 1d
@       IN      SOA     @       admin.exam.com. (2024071901
                                                             1
                                                             1
                                                             1
                                                             1)
        IN      NS      ns.exam.com.
        IN      MX      10 mail.exam.com.
105     IN 	PTR     ns  
101     IN 	PTR     content.exam.com.  
101     IN 	PTR     www.exam.com.
102     IN 	PTR     ntp.exam.com. 
103     IN 	PTR     mysql.exam.com.
104     IN 	PTR     nfs.exam.com.
105     IN 	PTR     dns.exam.com.
106     IN 	PTR     bbs.exam.com.
EOF
#其是将106主机的dns改成dns,使其能够进行正反解析
ssh root@172.25.250.106 << 'EOF'
nmcli connection modify ens160 ipv4.dns 172.25.250.105
nmcli connection up ens160
EOF
}
#重启服务
reloa(){
	systemctl restart named
	systemctl restart httpd
}

3、在101和106上分别创建网络仓库,使其能够在网页中访问。

bash 复制代码
#在101上面配置网络仓库
wangluo(){
#配置网络仓库
umount /dev/sr0
mv /etc/yum.repos.d/myrepo.repo myrepo
mount /dev/sr0 /www/exam/yum
/usr/bin/cat>/etc/yum.repos.d/yum.repo<<"EOF"
[baseOS]
name=baseOS
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
}

#在106上创建网络仓库
serverwangluo(){
ssh root@172.25.250.106 << END
cat>/etc/yum.repos.d/yum.repo<< EOF
[baseOS]
name=baseOS
baseurl=http://172.25.250.101/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://172.25.250.101/yum/AppStream
gpgcheck=0
EOF
END
}

4、在101上配置NTP服务器。

bash 复制代码
#时间服务器 NTP
ntp(){
	
local1=`grep -o "local stratum 3" /etc/chrony.conf`
if [ $? -eq 0 ];then
	echo "existed"
else
	echo "local stratum 3" >> /etc/chrony.conf
fi
allow1=`grep -0 "allow 172.25.250.0/24" /etc/chrony.conf`
if [ $? -eq 0 ];then
        echo "existed"
else
	echo "allow 172.25.250.0/24">>/etc/chrony.conf
fi
	systemctl enable chronyd.service
	systemctl restart chronyd.service

	ssh root@172.25.250.106 << 'EOF'
echo "server 172.25.250.102 iburst" >> /etc/chrony.conf
systemctl enable chronyd.service
systemctl restart chronyd.service
exit
EOF
}

5、来配置nfs服务,来共享/bbs的目录文件内容。106实现自动挂载。

bash 复制代码
nfs(){

	#server
	dnf install nfs-utils -y
	systemctl start nfs-server
  	mkdir /bbs
	chmod 777 /bbs
	echo "/bbs *(rw)" > /etc/exports
	exportfs -r
	firewall-cmd --permanent --add-service=nfs
	firewall-cmd --permanent --add-service=mountd
	firewall-cmd --permanent --add-service=rpc-bind
	firewall-cmd --reload
	systemctl restart nfs-server
	#client
	ssh root@172.25.250.106 << 'EOF'
yum install httpd -y
systemctl restart httpd
dnf install nfs-utils -y
systemctl start nfs-server
yum install autofs -y
systemctl start autofs
systemctl enable autofs
echo "/var/www/html/  /etc/auto.nfs" >> /etc/auto.master
echo "bbs 172.25.250.104:/bbs" >> /etc/auto.nfs
systemctl restart autofs
EOF
}

6、安装MySQL,并初始化密码。并实现两边都能登录。并且来创建数据库bbs来共享。

bash 复制代码
mysql(){
	rpm1=`rpm -qa | grep mariadb`
	if [ $? -eq 0 ];then
		echo "existed"
	else
		sudo dnf install mariadb-server -y
	fi
	firewall-cmd --add-service=mysql --permanent
	firewall-cmd --reload
	sudo systemctl start mariadb
	sudo systemctl enable mariadb
	MYSQL_ROOT_PASSWORD="redhat"
	sudo mysql_secure_installation <<'EOF'
Y
$MYSQL_ROOT_PASSWORD
$MYSQL_ROOT_PASSWORD
Y
Y
Y
Y
EOF
}
user(){
        sudo mysql -uroot -predhat << 'EOF'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'redhat' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
EOF
}
createdatabase(){
	sudo mysql -uroot -predhat << 'EOF'
create database bbs;
exit;
EOF

}

7、配置论坛服务

bash 复制代码
luntan(){
cp /root/Discuz_X3.5_SC_UTF8_20230520.zip  /bbs
ssh root@172.25.250.106 << 'EOF'
sudo dnf install mariadb-server -y
yum install httpd -y
yum install php* -y
systemctl restart httpd
cd /var/www/html/bbs
unzip Discuz_X3.5_SC_UTF8_20230520.zip 
chmod 777  /var/www/html/bbs/upload/config/ /var/www/html/bbs/upload/data/ /var/www/html/bbs/upload/uc_client/ /var/www/html/bbs/upload/uc_server/  -R
EOF
}

#cp /root/Discuz_X3.5_SC_UTF8_20230520.zip  /var/www/html/bbs
luntanweb(){

ssh root@172.25.250.106 <<"EOF"
cat>/etc/httpd/conf.d/vhost.conf<<END
<directory /var/www/html>
allowoverride none
require all granted
</directory>
<virtualhost 172.25.250.106:80>
documentroot /var/www/html/bbs
servername 172.25.250.106
</virtualhost>
END

EOF
}

8、配置防火墙SELinux服务,

bash 复制代码
#防火墙SELinux
fire101(){
	systemctl start firewalld
	firewall-cmd --permanent --add-service=http
	firewall-cmd --permanent --add-service=dns
	firewall-cmd --permanent --add-service=ntp
	firewall-cmd --reload
	setenforce 1
	setsebool -P httpd_use_nfs 1
	setsebool -P httpd_can_network_connect_db on
	chcon -t httpd_sys_content_t /www/exam/index.html -R
	systemctl restart httpd
}
fire106(){
ssh root@172.25.250.106 << 'EOF'
systemctl start firewalld
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=dns
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
setenforce 1
setsebool -P httpd_use_nfs 1
setsebool -P httpd_can_network_connect_db on
systemctl restart httpd
sudo systemctl start mariadb
sudo systemctl enable mariadb
EOF
}

所有代码

bash 复制代码
#!bin/bash

#配置ip
ip(){

nmcli connection modify ens160 ipv4.addresses 172.25.250.101/24
nmcli connection modify ens160 ipv4.gateway 172.25.250.2
nmcli connection modify ens160 ipv4.dns 172.25.250.105
nmcli connection modify ens160 ipv4.method manual
nmcli connection modify ens160 connection.autoconnect yes

nmcli connection modify ens160 +ipv4.addresses 172.25.250.102/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.103/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.104/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.105/24
nmcli connection up ens160
}
#配置本地仓库
bendi(){
	num=`/usr/bin/ls -l /mnt | grep "total" | cut -d" " -f2`
	if [ $num -eq 0 ];then
		echo 'no mount'
		/usr/bin/mount /dev/sr0 /mnt
		echo 'success mounted'
	else
		echo 'is mounted'
	fi
	/usr/bin/cat>/etc/yum.repos.d/myrepo.repo<<"EOF"
[baseOS]
name=baseOS
baseurl=/mnt/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
}

#下载httpd,dns

xiazai(){

/usr/bin/yum install httpd  bind -y
systemctl start httpd
systemctl start named

systemctl enable httpd
systemctl enable named
}



#Web服务
web(){
	

/usr/bin/mkdir /www
/usr/bin/mkdir /www/exam
/usr/bin/mkdir /www/exam/yum

host=`grep -o "172.25.250.101 www.exam.com" /etc/hosts`
if [ $? -eq 1 ];then
	echo "172.25.250.101 www.exam.com" >> /etc/hosts
fi
echo "Hello,Welcome to www.exam.com" > /www/exam/index.html
	/usr/bin/cat>/etc/httpd/conf.d/vhost.conf<<"EOF"
<directory /www>
allowoverride none
require all granted
</directory>
<virtualhost 172.25.250.101:80>
documentroot /www/exam
servername www.exam.com
</virtualhost>
<directory /www/exam/yum>
Options Indexes FollowSymLinks
allowoverride none
require all granted
</directory>
EOF
}

#防火墙SELinux
fire101(){
	systemctl start firewalld
	firewall-cmd --permanent --add-service=http
	firewall-cmd --permanent --add-service=dns
	firewall-cmd --permanent --add-service=ntp
	firewall-cmd --reload
	setenforce 1
	setsebool -P httpd_use_nfs 1
	setsebool -P httpd_can_network_connect_db on
	chcon -t httpd_sys_content_t /www/exam/index.html -R
	systemctl restart httpd
}


#配置dns 
dns(){
/usr/bin/cat>/etc/named.conf<<"EOF"
options {
        listen-on port 53 { 172.25.250.105; };
        directory       "/var/named";
};


zone "exam.com" IN {
        type master;
        file "named.exam";
};

zone "250.25.172.in-addr.arpa" IN {
        type master;
        file "named.fanxiang";
};
EOF
/usr/bin/cat>/var/named/named.exam<<"EOF"
$TTL 1d
@       IN      SOA     @       admin.exam.com. (2024071901
                                                             1
                                                             1
                                                             1
                                                             1)
        IN      NS      ns.exam.com.
        IN      MX      10 mail.exam.com.
ns      IN      A       172.25.250.105
www     IN      A       172.25.250.101
content IN      A       172.25.250.101
ntp     IN      A       172.25.250.102
mysql   IN      A       172.25.250.103
nfs     IN      A       172.25.250.104
dns     IN      A       172.25.250.105
bbs     IN      A       172.25.250.106
EOF
/usr/bin/cat>/var/named/named.fanxiang<<"EOF"
$TTL 1d
@       IN      SOA     @       admin.exam.com. (2024071901
                                                             1
                                                             1
                                                             1
                                                             1)
        IN      NS      ns.exam.com.
        IN      MX      10 mail.exam.com.
105     IN 	PTR     ns  
101     IN 	PTR     content.exam.com.  
101     IN 	PTR     www.exam.com.
102     IN 	PTR     ntp.exam.com. 
103     IN 	PTR     mysql.exam.com.
104     IN 	PTR     nfs.exam.com.
105     IN 	PTR     dns.exam.com.
106     IN 	PTR     bbs.exam.com.
EOF
ssh root@172.25.250.106 << 'EOF'
nmcli connection modify ens160 ipv4.dns 172.25.250.105
nmcli connection up ens160
EOF
}
#重启服务
reloa(){
	systemctl restart named
	systemctl restart httpd
}
wangluo(){
#配置网络仓库
umount /dev/sr0
mv /etc/yum.repos.d/myrepo.repo myrepo
mount /dev/sr0 /www/exam/yum
/usr/bin/cat>/etc/yum.repos.d/yum.repo<<"EOF"
[baseOS]
name=baseOS
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
}
:<<BLOCK
servercangku(){
	ssh root@172.25.250.106 << 'EOF'
/usr/bin/mount /dev/sr0 /mnt
echo "[baseos]" >> /etc/yum.repos.d/myrepo.repo
echo "name=baseOS" >> /etc/yum.repos.d/myrepo.repo
echo "baseurl=/mnt/BaseOS" >> /etc/yum.repos.d/myrepo.repo
echo "gpgcheck=0" >> /etc/yum.repos.d/myrepo.repo
echo "[appstream]" >> /etc/yum.repos.d/myrepo.repo
echo "name=appstream" >> /etc/yum.repos.d/myrepo.repo
echo "baseurl=/mnt/AppStream" >> /etc/yum.repos.d/myrepo.repo
echo "gpgcheck=0" >> /etc/yum.repos.d/myrepo.repo
exit
EOF
}
BLOCK



serverwangluo(){
ssh root@172.25.250.106 << END
cat>/etc/yum.repos.d/yum.repo<< EOF
[baseOS]
name=baseOS
baseurl=http://172.25.250.101/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://172.25.250.101/yum/AppStream
gpgcheck=0
EOF
END
}

serverdns(){
ssh root@172.25.250.106 << 'EOF'
/usr/bin/yum install httpd  bind -y
systemctl start httpd
systemctl start named
systemctl enable httpd
systemctl enable named
EOF
}
#时间服务器 NTP
ntp(){
	
local1=`grep -o "local stratum 3" /etc/chrony.conf`
if [ $? -eq 0 ];then
	echo "existed"
else
	echo "local stratum 3" >> /etc/chrony.conf
fi
allow1=`grep -0 "allow 172.25.250.0/24" /etc/chrony.conf`
if [ $? -eq 0 ];then
        echo "existed"
else
	echo "allow 172.25.250.0/24">>/etc/chrony.conf
fi
	systemctl enable chronyd.service
	systemctl restart chronyd.service

	ssh root@172.25.250.106 << 'EOF'
echo "server 172.25.250.102 iburst" >> /etc/chrony.conf
systemctl enable chronyd.service
systemctl restart chronyd.service
exit
EOF
}

nfs(){

	#server
	dnf install nfs-utils -y
	systemctl start nfs-server
  	mkdir /bbs
	chmod 777 /bbs
	echo "/bbs *(rw)" > /etc/exports
	exportfs -r
	firewall-cmd --permanent --add-service=nfs
	firewall-cmd --permanent --add-service=mountd
	firewall-cmd --permanent --add-service=rpc-bind
	firewall-cmd --reload
	systemctl restart nfs-server
	#client
	ssh root@172.25.250.106 << 'EOF'
yum install httpd -y
systemctl restart httpd
dnf install nfs-utils -y
systemctl start nfs-server
yum install autofs -y
systemctl start autofs
systemctl enable autofs
echo "/var/www/html/  /etc/auto.nfs" >> /etc/auto.master
echo "bbs 172.25.250.104:/bbs" >> /etc/auto.nfs
systemctl restart autofs
EOF
}

mysql(){
	rpm1=`rpm -qa | grep mariadb`
	if [ $? -eq 0 ];then
		echo "existed"
	else
		sudo dnf install mariadb-server -y
	fi
	firewall-cmd --add-service=mysql --permanent
	firewall-cmd --reload
	sudo systemctl start mariadb
	sudo systemctl enable mariadb
	MYSQL_ROOT_PASSWORD="redhat"
	sudo mysql_secure_installation <<'EOF'
Y
$MYSQL_ROOT_PASSWORD
$MYSQL_ROOT_PASSWORD
Y
Y
Y
Y
EOF
}

createdatabase(){
	sudo mysql -uroot -predhat << 'EOF'
create database bbs;
exit;
EOF

}
user(){
        sudo mysql -uroot -predhat << 'EOF'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'redhat' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit
EOF
}


luntan(){
cp /root/Discuz_X3.5_SC_UTF8_20230520.zip  /bbs
ssh root@172.25.250.106 << 'EOF'
sudo dnf install mariadb-server -y
yum install httpd -y
yum install php* -y
systemctl restart httpd
cd /var/www/html/bbs
unzip Discuz_X3.5_SC_UTF8_20230520.zip 
chmod 777  /var/www/html/bbs/upload/config/ /var/www/html/bbs/upload/data/ /var/www/html/bbs/upload/uc_client/ /var/www/html/bbs/upload/uc_server/  -R
EOF
}

#cp /root/Discuz_X3.5_SC_UTF8_20230520.zip  /var/www/html/bbs
luntanweb(){

ssh root@172.25.250.106 <<"EOF"
cat>/etc/httpd/conf.d/vhost.conf<<END
<directory /var/www/html>
allowoverride none
require all granted
</directory>
<virtualhost 172.25.250.106:80>
documentroot /var/www/html/bbs
servername 172.25.250.106
</virtualhost>
END

EOF
}
fire106(){
ssh root@172.25.250.106 << 'EOF'
systemctl start firewalld
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=dns
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
setenforce 1
setsebool -P httpd_use_nfs 1
setsebool -P httpd_can_network_connect_db on
systemctl restart httpd
sudo systemctl start mariadb
sudo systemctl enable mariadb
EOF
}
main(){
#ip
bendi
xiazai
web
fire101
dns
reloa
wangluo
serverwangluo
serverdns
ntp
nfs
mysql
createdatabase
user
luntan
luntanweb
fire106
}
main
相关推荐
Michaelwubo16 分钟前
Docker dockerfile镜像编码 centos7
运维·docker·容器
远游客071321 分钟前
centos stream 8下载安装遇到的坑
linux·服务器·centos
马甲是掉不了一点的<.<22 分钟前
本地电脑使用命令行上传文件至远程服务器
linux·scp·cmd·远程文件上传
jingyu飞鸟23 分钟前
centos-stream9系统安装docker
linux·docker·centos
好像是个likun1 小时前
使用docker拉取镜像很慢或者总是超时的问题
运维·docker·容器
超爱吃士力架1 小时前
邀请逻辑
java·linux·后端
cominglately3 小时前
centos单机部署seata
linux·运维·centos
魏 无羡3 小时前
linux CentOS系统上卸载docker
linux·kubernetes·centos
CircleMouse3 小时前
Centos7, 使用yum工具,出现 Could not resolve host: mirrorlist.centos.org
linux·运维·服务器·centos
程序猿000001号4 小时前
Selenium 深度解析:自动化浏览器操作的利器
selenium·测试工具·自动化