Add base system configuration commands for agent-wdd
- Implemented new base commands for system configuration: * swap: Disable system swap * selinux: Disable SELinux * firewall: Stop and disable firewalld and ufw * sysconfig: Modify system sysctl configuration * ssh: Add SSH-related subcommands (key, port, config) - Updated Config.go to initialize ConfigCache with default values - Added new utility functions in FileUtils.go for file content manipulation - Extended Excutor.go with HardCodeCommandExecutor method
This commit is contained in:
zeaslity
@@ -52,6 +52,124 @@ func addBaseSubcommands(cmd *cobra.Command) {
|
||||
addDockerComposeSubcommands(dockerComposeCmd)
|
||||
|
||||
// 其他base子命令...
|
||||
swapCmd := &cobra.Command{
|
||||
Use: "swap",
|
||||
Short: "关闭系统的Swap",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
log.Info("Swap 关闭!")
|
||||
// 实现这个函数,能够关闭centos或者ubuntu系统的swap
|
||||
|
||||
// 备份文件存在,pass
|
||||
if !utils.FileExistAndNotNull("/etc/fstab_back_wdd_swap") {
|
||||
utils.AppendOverwriteContentToFile(
|
||||
"/etc/fstab",
|
||||
"/etc/fstab_back_wdd_swap",
|
||||
)
|
||||
}
|
||||
// 执行关闭操作
|
||||
op.SingleLineCommandExecutor([]string{
|
||||
"swapoff",
|
||||
"-a",
|
||||
})
|
||||
|
||||
op.SingleLineCommandExecutor([]string{
|
||||
"sed",
|
||||
"-i",
|
||||
"/swap/d",
|
||||
"/etc/fstab",
|
||||
})
|
||||
|
||||
log.Info("Swap 关闭成功!")
|
||||
},
|
||||
}
|
||||
|
||||
selinuxCmd := &cobra.Command{
|
||||
Use: "selinux",
|
||||
Short: "关闭selinux",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
log.Info("Selinux 关闭!")
|
||||
|
||||
// 如果configCache的OS为空,则收集OS信息
|
||||
if config.ConfigCache.Agent.OS.Hostname == "" {
|
||||
log.Warning("ConfigCache OS is nil")
|
||||
config.ConfigCache.Agent.OS.Gather()
|
||||
config.ConfigCache.Agent.OS.SaveConfig()
|
||||
}
|
||||
|
||||
os := config.ConfigCache.Agent.OS
|
||||
if os.IsUbuntuType {
|
||||
log.Info("Ubuntu 系统,跳过关闭selinux!")
|
||||
return
|
||||
} else {
|
||||
op.SingleLineCommandExecutor([]string{
|
||||
"setenforce",
|
||||
"0",
|
||||
})
|
||||
|
||||
// 备份一下/etc/selinux/config
|
||||
if !utils.FileExistAndNotNull("/etc/selinux/config_back_wdd_selinux") {
|
||||
utils.AppendOverwriteContentToFile(
|
||||
"/etc/selinux/config",
|
||||
"/etc/selinux/config_back_wdd_selinux",
|
||||
)
|
||||
}
|
||||
|
||||
// 持久化关闭selinux
|
||||
utils.FindAndDeleteContentInFile("SELINUX=enforcing", "/etc/selinux/config")
|
||||
utils.FindAndDeleteContentInFile("SELINUX=permissive", "/etc/selinux/config")
|
||||
utils.FindAndDeleteContentInFile("SELINUX=disabled", "/etc/selinux/config")
|
||||
utils.AppendContentToFile("SELINUX=disabled", "/etc/selinux/config")
|
||||
}
|
||||
|
||||
log.Info("Selinux 关闭成功!")
|
||||
},
|
||||
}
|
||||
|
||||
firewallCmd := &cobra.Command{
|
||||
Use: "firewall",
|
||||
Short: "关闭防火墙",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
log.Info("Firewall 关闭!")
|
||||
|
||||
// 调用systemd关闭firewalld
|
||||
op.SystemdDown("firewalld")
|
||||
op.SystemdDisable("firewalld")
|
||||
// 调用systemd关闭ufw
|
||||
op.SystemdDown("ufw")
|
||||
op.SystemdDisable("ufw")
|
||||
|
||||
// 清空路由表
|
||||
log.Info("清空路由表...")
|
||||
op.HardCodeCommandExecutor("iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -t raw -F")
|
||||
op.HardCodeCommandExecutor("ip6tables -F && ip6tables -t nat -F && ip6tables -t mangle -F && ip6tables -t raw -F")
|
||||
|
||||
log.Info("Firewall 关闭成功!")
|
||||
},
|
||||
}
|
||||
|
||||
sysconfigCmd := &cobra.Command{
|
||||
Use: "sysconfig",
|
||||
Short: "修改系统的sysconfig",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
log.Info("Sysconfig 修改!")
|
||||
|
||||
// 修改系统的sysconfig
|
||||
sysctlConfigFile := "/etc/sysctl.d/wdd-k8s.conf"
|
||||
|
||||
if !utils.AppendOverwriteContentToFile(beans.SysctlConfig, sysctlConfigFile) {
|
||||
log.Error("[ModifySysConfigBastion] - error appending sysctl config to sysctl.d !")
|
||||
return
|
||||
}
|
||||
|
||||
op.SingleLineCommandExecutor([]string{
|
||||
"sysctl",
|
||||
"-p",
|
||||
sysctlConfigFile,
|
||||
})
|
||||
|
||||
log.Info("Sysconfig 修改成功!")
|
||||
},
|
||||
}
|
||||
|
||||
// 通用工具安装
|
||||
commonToolsInstall := &cobra.Command{
|
||||
@@ -80,14 +198,134 @@ func addBaseSubcommands(cmd *cobra.Command) {
|
||||
},
|
||||
}
|
||||
|
||||
sshCmd := &cobra.Command{
|
||||
Use: "ssh",
|
||||
Short: "修改ssh配置",
|
||||
}
|
||||
addSSHSubcommands(sshCmd)
|
||||
|
||||
cmd.AddCommand(
|
||||
dockerCmd,
|
||||
dockerComposeCmd,
|
||||
swapCmd,
|
||||
commonToolsInstall,
|
||||
selinuxCmd,
|
||||
firewallCmd,
|
||||
sysconfigCmd,
|
||||
sshCmd,
|
||||
// 其他命令...
|
||||
)
|
||||
}
|
||||
|
||||
func addSSHSubcommands(sshCmd *cobra.Command) {
|
||||
keyCmd := &cobra.Command{
|
||||
Use: "key",
|
||||
Short: "安装默认的ssh-key",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
log.Info("安装默认的ssh-key!")
|
||||
|
||||
// 创建.ssh目录
|
||||
utils.CreateFolder("/root/.ssh")
|
||||
|
||||
// 检查密钥是否存在
|
||||
if utils.FileExistAndNotNull("/root/.ssh/id_ed25519") &&
|
||||
utils.FileExistAndNotNull("/root/.ssh/id_ed25519.pub") &&
|
||||
utils.FindContentInFile("wdd@cmii.com", "/root/.ssh/authorized_keys") {
|
||||
log.Info("SSH密钥已存在,无需重新安装。")
|
||||
return
|
||||
}
|
||||
|
||||
// 下载标准的私钥和公钥
|
||||
if !utils.AppendOverwriteContentToFile(beans.Ed25519PrivateKey, "/root/.ssh/id_ed25519") {
|
||||
log.Error("[InstallDefaultSSHKey] - error appending private ssh key to authorized_keys !")
|
||||
return
|
||||
}
|
||||
if !utils.AppendOverwriteContentToFile(beans.Ed25519PublicKey, "/root/.ssh/id_ed25519.pub") {
|
||||
log.Error("[InstallDefaultSSHKey] - error appending public ssh key to authorized_keys !")
|
||||
return
|
||||
}
|
||||
|
||||
// 写入到authorized_keys
|
||||
if !utils.AppendFileToFile("/root/.ssh/id_ed25519.pub", "/root/.ssh/authorized_keys") {
|
||||
log.Error("[InstallDefaultSSHKey] - error appending ssh key to authorized_keys !")
|
||||
return
|
||||
}
|
||||
|
||||
// 设置权限
|
||||
op.SingleLineCommandExecutor([]string{
|
||||
"chmod",
|
||||
"600",
|
||||
"/root/.ssh/id_ed25519",
|
||||
})
|
||||
|
||||
// 检查
|
||||
if utils.FindContentInFile("wdd@cmii.com", "/root/.ssh/authorized_keys") {
|
||||
log.Info("[InstallDefaultSSHKey] - install success !")
|
||||
} else {
|
||||
log.Error("[InstallDefaultSSHKey] - authorized_keys don't contain the ssh-pub key !")
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
portCmd := &cobra.Command{
|
||||
Use: "port",
|
||||
Short: "修改ssh端口",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
log.Info("修改ssh端口!")
|
||||
|
||||
// 检查参数
|
||||
if len(args) > 0 {
|
||||
fmt.Printf("modify ssh port to: %s\n", args[0])
|
||||
}
|
||||
|
||||
// 没有传递参数,使用默认参数
|
||||
port := "22333"
|
||||
log.Info("[ModifySSHPort] modify ssh port to: %s", port)
|
||||
|
||||
// 修改ssh端口
|
||||
utils.AppendContentToFile(fmt.Sprintf("Port %s", port), "/etc/ssh/sshd_config")
|
||||
|
||||
// 重启ssh服务
|
||||
ok, resultLog := op.SystemdRestart("sshd")
|
||||
if !ok {
|
||||
log.Error("[ModifySSHPort] restart sshd error: %s", resultLog)
|
||||
return
|
||||
}
|
||||
|
||||
log.Info("[ModifySSHPort] modify ssh port to: %s success!", port)
|
||||
|
||||
},
|
||||
}
|
||||
|
||||
configCmd := &cobra.Command{
|
||||
Use: "config",
|
||||
Short: "修改ssh配置 为wdd默认配置!",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
log.Info("修改ssh配置 为wdd默认配置!")
|
||||
|
||||
// 备份文件
|
||||
if !utils.FileExistAndNotNull("/etc/ssh/sshd_config_back_wdd_ssh") {
|
||||
utils.AppendOverwriteContentToFile("/etc/ssh/sshd_config", "/etc/ssh/sshd_config_back_wdd_ssh")
|
||||
}
|
||||
|
||||
// 修改ssh配置
|
||||
utils.AppendContentToFile(beans.DefaultSshdConfig, "/etc/ssh/sshd_config")
|
||||
|
||||
// 重启ssh服务
|
||||
ok, resultLog := op.SystemdRestart("sshd")
|
||||
if !ok {
|
||||
log.Error("sshd 重启失败: %s", resultLog)
|
||||
return
|
||||
}
|
||||
|
||||
log.Info("[sshd配置修改] 成功!")
|
||||
|
||||
},
|
||||
}
|
||||
|
||||
sshCmd.AddCommand(keyCmd, portCmd, configCmd)
|
||||
}
|
||||
|
||||
// 添加docker子命令
|
||||
func addDockerSubcommands(cmd *cobra.Command) {
|
||||
onlineCmd := &cobra.Command{
|
||||
|
||||
Reference in New Issue
Block a user