ubuntu20.04初始化脚本

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin  #设置PATH环境变量

#为了兼容dash,测试语句建议使用[ expression ],不要使用[[ expression ]]
#为了兼容dash,[ expression ]中建议使用=,不要使用==
#dash,函数名不支持小横线-


#彩色打印[yes]、[no]、[warning]
#兼容bash和dash,dash的echo不支持-e,echo "\e[32m  [yes]\e[0m"即可
echo_yes() { echo -n "END: $comment ------------------------------------"; bash -c 'echo -e "\e[32m  [yes]\e[0m"'; }  #绿色
echo_no() { echo -n "END: $comment ------------------------------------"; bash -c 'echo -e "\e[31m  [no]\e[0m"'; }  #红色
echo_warning() { echo -n "END: $comment <no set> ------------------------------------"; bash -c 'echo -e "\e[33m  [warning]\e[0m"'; }  #黄色

#显示脚本用法
usage() {
echo "Usage: `basename $0` [-h] [-n hostname] [-p port] [-t timezone] [-c ntp]

Options:
    -h             : 显示帮助
    -n hostname    : 设置主机名
    -p port        : 设置ssh端口, 默认2208
    -t timezone    : 设置时区, 默认Asia/Shanghai(查看所有可用时区timedatectl list-timezones)
    -c ntp         : 设置同步的ntp服务器, 默认192.168.1.200
"
}

#获取传入参数
get_arguments() {
    while getopts hn:p:t:c: opt
    do
        case "$opt" in
            h) usage && exit 0;;
            n) set_hostname=${OPTARG};;
            p) set_port=${OPTARG};;
            t) set_tz=${OPTARG};;
            c) set_ntp=${OPTARG};;
            *) exit 1;;
        esac
    done
}

#也可以不检测免密,执行过程中输一次能sudo的当前用户密码就可以了
check_sudo() {
    comment="检测当前用户是否可以sudo免密执行指令"
    echo "BEGIN: $comment"
    if sudo -n true; then
        echo_yes
    else
        echo_no
        exit 1
    fi
}

#用$USER变量检测不准确
#######################################################
#    $ whoami; echo $USER                             #
#    user1                                            #
#    user1                                            #
#    $ su root                                        #
#    Password:                                        #
#    # whoami; echo $USER                             #
#    root                                             #
#    user1                                            #
#######################################################
check_notRoot() {
    comment="检测是否非root执行脚本"
    echo "BEGIN: $comment"
    if [ "root" = `whoami` ]; then
        echo_no
        exit 1
    else
        echo_yes
    fi
}

set_hostname() {
    comment="配置主机名"
    echo "BEGIN: $comment"
    if [ -n "$set_hostname" ]; then  #如果传入hostname参数
        hostnamectl set-hostname $set_hostname
        echo_yes
    else
        echo_warning
    fi
}

set_zabbixAgent() {
    comment="配置zabbix-agent"
    echo "BEGIN: $comment"
    #下载zabbix agent
    if [ ! -f zabbix_agent-6.0.25-linux-3.0-amd64-static.tar.gz ]; then
        wget http://172.27.244.150/download/zabbix_agent-6.0.25-linux-3.0-amd64-static.tar.gz
    fi
    
    #安装
    if [ -d /usr/local/zabbix ]; then  #检测是否已安装,简单判断不严谨
        echo_yes
    else
        #创建zabbix用户
        sudo useradd -r -M -s /usr/sbin/nologin zabbix
        
        #安装zabbix agent
        sudo mkdir /usr/local/zabbix && sudo chown zabbix:zabbix /usr/local/zabbix
        sudo tar zxf zabbix_agent-6.0.25-linux-3.0-amd64-static.tar.gz -C /usr/local/zabbix
        
        #配置
        sudo sed -ri 's/^(Server|ServerActive)=.*$/\1=zabbixproxy.sunwoda-evb.com/' /usr/local/zabbix/conf/zabbix_agentd.conf
        ip=$(hostname -I | awk '{print $1}') && sudo sed -i "s/^Hostname=.*$/Hostname=$ip/" /usr/local/zabbix/conf/zabbix_agentd.conf
        sudo sed -i 's/^# Timeout=3/Timeout=20/' /usr/local/zabbix/conf/zabbix_agentd.conf
        
        #添加自定义服务
        echo "添加自定义服务/etc/systemd/system/zabbix-agent.service"
        sudo tee /etc/systemd/system/zabbix-agent.service <<- EOF
[Unit]
Description=Zabbix Agent
After=syslog.target
After=network.target

[Service]
Type=forking
Restart=on-failure
PIDFile=/tmp/zabbix_agentd.pid
KillMode=control-group
ExecStart=/usr/local/zabbix/sbin/zabbix_agentd -c /usr/local/zabbix/conf/zabbix_agentd.conf
ExecStop=/bin/sh -c '[ -n "\$1" ] && kill -s TERM "\$1"' -- "\$MAINPID"
RestartSec=10s
User=zabbix
Group=zabbix

[Install]
WantedBy=multi-user.target
EOF

        sudo systemctl daemon-reload
        sudo systemctl restart zabbix-agent
        sudo systemctl enable zabbix-agent
        
        #安装完了再检测一次进程
        if ps -ef | grep -q 'zabbix_agent[d]'; then
            echo_yes
        else
            echo_no
            exit 1
        fi
    fi
}

set_timezone_ntp() {
    comment="配置时区及时间同步,时区默认Asia/Shanghai,NTP默认192.168.1.200"
    echo "BEGIN: $comment"
    #timezone
    set_tz="${set_tz:-Asia/Shanghai}"  #不传时区参数的话,默认设置Asia/Shanghai时区
    sudo timedatectl set-timezone $set_tz
    
    #ntp
    set_ntp="${set_ntp:-192.168.1.200}"  #不传ntp服务器参数的话,默认192.168.1.200
    sudo sed -ri 's/^#?(NTP=).*$/\1'"$set_ntp"'/' /etc/systemd/timesyncd.conf  #正则^#?表示不管NTP那一行是否有注释,直接替换
    sudo systemctl restart systemd-timesyncd
    echo_yes
}

set_openfile_process() {
comment="配置文件打开数及进程数"
echo "BEGIN: $comment"
echo '* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535' | sudo tee /etc/security/limits.d/nofile-noproc.conf
echo_yes
}

set_sshPort() {
    comment="配置ssh端口,默认2208"
    echo "BEGIN: $comment"
    #设置端口
    set_port="${set_port:-2208}"  #不传ssh端口参数的话,默认设置2208
    
    #检测当前ssh端口
    config_port=$(awk '/^Port/{print $2}' /etc/ssh/sshd_config)
    ssh_port="${config_port:-22}"  #如果config_port为空则是22端口
    
    #如果设置端口与当前端口不一致,才执行
    if [ "$set_port" != "$ssh_port" ]; then
        if grep -q '^Port [0-9]\+' /etc/ssh/sshd_config; then  #如果配置文件有指定Port
            sudo sed -ri "s/^Port [0-9]+$/Port $set_port/" /etc/ssh/sshd_config
        else  #否则没有指定Port,比如默认22端口的情况
            echo "Port $set_port" | sudo tee -a /etc/ssh/sshd_config
        fi
        sudo systemctl reload ssh
    fi
    echo_yes
}

set_sshKey() {
    comment="配置密钥"
    echo "BEGIN: $comment"
    [ ! -d ~/.ssh ] && mkdir ~/.ssh
    chmod 700 ~/.ssh
    
    key1="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB root@ansible"
    key2="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB root@baoleiji"
    
    if ! grep -q "$key1" ~/.ssh/authorized_keys; then
        echo "$key1" >> ~/.ssh/authorized_keys
    fi
    if ! grep -q "$key2" ~/.ssh/authorized_keys; then
        echo "$key2" >> ~/.ssh/authorized_keys
    fi
    
    chmod 600 ~/.ssh/authorized_keys
    echo_yes
}

set_ufw() {
    comment="关闭防火墙ufw"
    echo "BEGIN: $comment"
    sudo systemctl stop ufw
    sudo systemctl disable ufw
    echo_yes
}


#主函数
main() {
    get_arguments "$@"
    
#    #bash
#    func=(check_notRoot check_sudo set_hostname set_timezone_ntp set_sshPort set_sshKey set_openfile_process set_zabbixAgent set_ufw)
#    count=${#func[@]}
#    for((i=1; i<=$count; i++)); do
#        echo -n "$i/$count) "; ${func[i-1]}
#    done
    
    #兼容bash和dash,dash不支持数组,不支持C风格的for循环
    func="check_notRoot check_sudo set_hostname set_timezone_ntp set_sshPort set_sshKey set_openfile_process set_zabbixAgent"
    count=$(echo $func | awk '{print NF}')
    begin=1
    for f in $func; do
        echo -n "$begin/$count) "; $f
        begin=$((begin+1))
    done
}


#脚本执行入口
main "$@"