zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[init] 完善初始化脚本

Browse Source
This commit is contained in:
zeaslity
2023-10-08 09:27:58 +08:00
parent 65cb700649
commit 0b957c06d2
4 changed files with 174 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
Public/dep/octopus_ssh_banner Normal file
View File

@@ -0,0 +1,25 @@
______ __ ______ __
/ \ | \ / \ | \
| $$$$$$\ _______ _| $$_ ______ ______ __ __ _______ | $$$$$$\ ______ ______ _______ _| $$_
| $$ | $$/ | $$ \ / \ / \| \ | \/ \ | $$__| $$/ \ / \| | $$ \
| $$ | $| $$$$$$$\$$$$$$ | $$$$$$| $$$$$$| $$ | $| $$$$$$$ | $$ $| $$$$$$| $$$$$$| $$$$$$$\$$$$$$
| $$ | $| $$ | $$ __| $$ | $| $$ | $| $$ | $$\$$ \ | $$$$$$$| $$ | $| $$ $| $$ | $$| $$ __
| $$__/ $| $$_____ | $$| | $$__/ $| $$__/ $| $$__/ $$_\$$$$$$\ | $$ | $| $$__| $| $$$$$$$| $$ | $$| $$| \
\$$ $$\$$ \ \$$ $$\$$ $| $$ $$\$$ $| $$ | $$ | $$\$$ $$\$$ | $$ | $$ \$$ $$
\$$$$$$ \$$$$$$$ \$$$$ \$$$$$$| $$$$$$$ \$$$$$$ \$$$$$$$ \$$ \$$_\$$$$$$$ \$$$$$$$\$$ \$$ \$$$$
| $$ | \__| $$
| $$ \$$ $$
\$$ \$$$$$$
__ __
| \ | \
____| $$ ______ ____| $$ ______ __ __ __ ______ _______ ______
______ ______ ______ / $$| \ / $$| \ | \ | \ | \| \| \ / \
| | | \ | $$$$$$$ \$$$$$$| $$$$$$$ \$$$$$$\ | $$ | $$ | $$ \$$$$$$| $$$$$$$| $$$$$$\
\$$$$$$\$$$$$$\$$$$$$ | $$ | $$/ $| $$ | $$/ $$ | $$ | $$ | $$/ $| $$ | $| $$ | $$
| $$__| $| $$$$$$| $$__| $| $$$$$$$ | $$_/ $$_/ $| $$$$$$| $$ | $| $$__| $$
\$$ $$\$$ $$\$$ $$\$$ $$ \$$ $$ $$\$$ $| $$ | $$\$$ $$
\$$$$$$$ \$$$$$$$ \$$$$$$$ \$$$$$$$ \$$$$$\$$$$ \$$$$$$$\$$ \$$_\$$$$$$$
| \__| $$
\$$ $$
\$$$$$$

1
Public/dep/ssh_key_pub.txt
View File

@@ -1 +1,2 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDL9S6CSAjTFe2fy4bAIfqu90ft6E+GBRvS59kno6LDeAbqUQNYf9hEnIg07Ee/x5DlnYE0S3Ykv3WCHuVyBH2zANnC0P87SqphDGmoqdqF3r6uDaCr4lBsUqEai9X2q6dyjZj6ym+r4zQhMApNDzbhcyfKQ54tKFylGIdx6siyktuU/VbOzWc6G8r+BfFsQpMCA1ihmCY1jGjsKPqFlZGLeTrlBb1Zk0OV+GtDhlf/t0cd0kRPJoydm2juTXrZO+tFmf9turfKZsBnRYKtQBLJG5mF1hsjIqo8DHr+PUL2wRrSxEhGTZiJL4rNJo/kHhKXXsomc5RM/AnfgAfxrLlH zeasl@DESKTOP-K2F9GG3

178
Public/init-script-wdd.sh
View File

@@ -8,7 +8,7 @@ echo ""
echo ""
mkdir -p /root/wdd/lib/
lib_file_list=(wdd-lib-log.sh wdd-lib-sys.sh)
for lib_file in ${lib_file_list[@]} ; do
for lib_file in ${lib_file_list[@]}; do
wget "https://oss-s1.107421.xyz/${lib_file}" -qO "/root/wdd/lib/${lib_file}"
echo "加载库文件 < /root/wdd/lib/${lib_file}"
. "/root/wdd/lib/${lib_file}"
@@ -23,6 +23,7 @@ done
docker_version=20.10.10
oss_url_prefix="https://oss-s1.107421.xyz"
modify_ssh_port=22333
# 脚本执行内容
deploy_in_cn=0
@@ -107,15 +108,15 @@ shutdown_firewall() {
add_octopus_host() {
FunctionStart "添加Octopus自定义Hosts"
if grep -q "140.238" < /etc/hosts; then
if grep -q "140.238" </etc/hosts; then
warn "自定义的Hosts已经配置完成 跳过!"
else
log "开始下载 自定义的Hosts文件"
wget "$oss_url_prefix/wdd-server-host.txt" -O /tmp/wdd-server-host.txt
cat /tmp/wdd-server-host.txt >> /etc/hosts
cat /tmp/wdd-server-host.txt >>/etc/hosts
fi
if grep -q "140.238" < /etc/hosts; then
if grep -q "140.238" </etc/hosts; then
colorEchoGreen "自定义hosts添加成功"
SplitGreen
fi
@@ -141,7 +142,7 @@ disable_swap() {
colorEchoGreen " 备份完成 "
echo ""
log "正在修改文件系统表,去除虚拟内存的部分……"
grep -v swap < /etc/fstab_bak >/etc/fstab
grep -v swap </etc/fstab_bak >/etc/fstab
colorEchoGreen " 修改完成 "
FunctionEnd
}
@@ -197,7 +198,6 @@ install_docker() {
$CMD_REMOVE "$pre_one"
done
colorEchoGreen "----------docker环境清理完成----------"
SplitGreen
@@ -272,8 +272,8 @@ install_docker() {
log "开始添加 Docker官方 的docker源的apt源"
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" \
| sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
colorEchoGreen " apt源添加成功 "
echo ""
fi
@@ -368,7 +368,7 @@ install_zsh() {
echo y | sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
fi
SplitLine
log
log
if modify_zsh; then
log "开始修改默认shell为zsh……"
local i
@@ -437,9 +437,9 @@ EOF
echo ""
colorEchoGreen "请检查当前zsh的插件开启情况"
colorEchoGreen "------------------------------------------"
grep "plugins=" < /root/.zshrc| grep -v "\#"
grep "plugins=" < /root/.zshrc| grep -v "\#"
grep "plugins=" < /root/.zshrc| grep -v "\#"
grep "plugins=" </root/.zshrc | grep -v "\#"
grep "plugins=" </root/.zshrc | grep -v "\#"
grep "plugins=" </root/.zshrc | grep -v "\#"
colorEchoGreen "------------------------------------------"
echo ""
@@ -562,7 +562,7 @@ time_sync_to_ali_by_chrony() {
}
#######################################
# description
# description 修改时区为东八区的时间并且开启NTP时间同步
# Globals:
# BLUE
# GREEN
@@ -590,35 +590,135 @@ change_time_zone_and_ntp() {
FunctionEnd
}
modify_ssh_port(){
#######################################
# description 修改SSH的登录端口为 ${modify_ssh_port}
# Globals:
# modify_ssh_port 需要修改的ssh_port
# Arguments:
# None
#######################################
modify_ssh_port() {
FunctionStart "开始修改SSH的登录端口为 ${modify_ssh_port}"
local ssh_config_file="/etc/ssh/sshd_config"
if [[ -s /etc/ssh/sshd_config_wdd_back ]]; then
log "sshd_config文件已经备份跳过"
else
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_wdd_back
fi
SplitGreen
# 修改sshd的配置
local sshd_change_to_yes=("PermitRootLogin" "PasswordAuthentication" "TCPKeepAlive" "AllowTcpForwarding" "AllowAgentForwarding" "TCPKeepAlive")
local sshd_change_to_no=("ChallengeResponseAuthentication" "PermitEmptyPasswords" "StrictModes")
local yes_item
for yes_item in ${sshd_change_to_yes[@]}; do
if grep -x "$yes_item yes" $ssh_config_file; then
# 已经存在了,什么都不做
:
elif grep -x "#$yes_item yes" $ssh_config_file; then
# 被 # 注释,需要解开
sed -i "s/#$yes_item yes/$yes_item yes/g" $ssh_config_file
elif grep -x "$yes_item no" $ssh_config_file; then
# 被修改为no需要改为yes
sed -i "s/$yes_item no/$yes_item yes/g" $ssh_config_file
else
# 没有,那就添加
sed -i "$ a $yes_item yes" $ssh_config_file
fi
done
local no_item
for no_item in ${sshd_change_to_no[@]}; do
if grep -x "$no_item no" $ssh_config_file; then
:
elif grep -x "#$no_item no" $ssh_config_file; then
sed -i "s/#$no_item no/$no_item no/g" $ssh_config_file
elif grep -x "$no_item yes" $ssh_config_file; then
sed -i "s/$no_item yes/$no_item no/g" $ssh_config_file
else
sed -i "$ a $no_item no" $ssh_config_file
fi
done
SplitGreen
# 修改访问端口
if grep -xw "Port ${modify_ssh_port}" $ssh_config_file &>/dev/null; then
log "当前的ssh登录端口已经为${SSHLoginPort},无需修改!"
else
if sed -i "/^#Port 22/a Port ${modify_ssh_port}" $ssh_config_file; then
log "ssh的登陆端口已被修改为${modify_ssh_port},请修改防火墙以开放该端口!!"
fi
fi
SplitGreen
# 修改ssh的连接中断延时
log "修改ssh的连接中断延时!"
echo "ClientAliveInterval 30" >>$ssh_config_file
echo "ClientAliveCountMax 60" >>$ssh_config_file
SplitGreen
# 修改ssh的banner信息
log "修改ssh的banner信息 !"
wget $oss_url_prefix/octopus_ssh_banner -qO /etc/ssh/octopus_banner
sed -i "s/#Banner none/Banner \/etc\/ssh\/octopus_banner/g" $ssh_config_file
echo ""
log "banner 内容为 => $(cat /etc/ssh/octopus_banner)"
SplitGreen
# 重启SSHD服务
log "开始重启SSHD服务"
if systemctl restart sshd.service; then
log "sshd.service服务已经重启完成"
colorEchoGreen "sshd文件已经修改成功可以进行root登录请修改root密码~~"
else
error "sshd服务重启失败请检查原因!!!"
error "如果是CentOS大概率是防火墙的问题。"
fi
SplitGreen
FunctionEnd
}
modify_ssh_login(){
#######################################
# description
# Arguments:
# None
# Returns:
# 1 ...
#######################################
modify_ssh_login() {
FunctionStart "开始配置SSH 登录密钥!"
if [[ ! -f /root/.ssh/id_rsa ]]; then
log "未检测到 ssh rsa 密钥信息,开始生成!"
ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa
fi
cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
if grep $(cut -d " " -f3 < ~/.ssh/id_rsa.pub) < ~/.ssh/authorized_keys; then
log "本机的ssh-key信息已经写入跳过"
else
cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
fi
SplitLine
log "下载公共id_rsa.pub文件"
wget https://oss-s1.107421.xyz/ssh_key_pub.txt -qO /tmp/ssh_key_pub.txt
if [[ ! -s /tmp/ssh_key_pub.txt ]]; then
error "下载 ssh-key 失败!"
return 1
fi
log "开始写入ssh-key信息"
cat /tmp/ssh_key_pub.txt >> ~/.ssh/authorized_keys
cat /tmp/ssh_key_pub.txt >>~/.ssh/authorized_keys
if grep -q "DESKTOP-K2F9GG3" < ~/.ssh/authorized_keys; then
colorEchoGreen "公共SSH-Key已经写入成功"
if grep -q "DESKTOP-K2F9GG3" <~/.ssh/authorized_keys; then
log $(grep "DESKTOP-K2F9GG3" <~/.ssh/authorized_keys)
colorEchoGreen " 公共SSH-Key已经写入成功 "
SplitGreen
fi
@@ -649,26 +749,39 @@ common_tool_install() {
# None
#######################################
help() {
local call_script_command="source <(curl -sL https://oss-s1.107421.xyz/init-script-wdd.sh)"
local only_ssh_init_command="$call_script_command --ssh-login --ssh-port 22333 --firewall "
local base_init_command="$only_ssh_init_command --tools --host --zsh"
cat - 1>&2 <<EOF
# 打印使用说明
$call_script_command --help
# 修改sshd的端口的命令
$only_ssh_init_command
# 安装docker docker-compose的初始化
source <(curl -sL https://oss-s1.107421.xyz/init-script-wdd.sh) --firewall --tools --docker 20.10.10 --docker-compose --zsh --host --cn
$base_init_command --docker 20.10.10 --docker-compose --cn
# 不安装docker的初始化
source <(curl -sL https://oss-s1.107421.xyz/init-script-wdd.sh) --firewall --tools --zsh --host --cn
$base_init_command --cn
-h, --help 打印本说明文档
--firewall 关闭防火墙
--swap 关闭Swap
--tools 安装通用的实用工具
--docker <version> 安装docker,并且指定相应的版本
--docker <version> 安装docker 版本<version>
--docker-compose 安装docker-compose 2.18.0
--zsh 安装并且配置ZSH
--cn 是否在国内安装
--host 是否配置服务器的Host解析
--time 是否配置时间同步
--ssh-login 修改ssh的登录密钥
--ssh-port <port> 修改ssh的登录端口
--ssh-port <port> 修改ssh的登录端口 端口 <port>
EOF
}
@@ -710,12 +823,13 @@ while [[ $# -gt 0 ]]; do
is_modify_ssh_login=1
;;
--ssh-port)
is_modify_ssh_login=1
is_modify_ssh_port=1
modify_ssh_port=$2
;;
*)
# unknown option
;;
esac
esac
shift # past argument or value
done
@@ -738,7 +852,7 @@ main() {
check_root
check_sys
if [[ "$is_shutdown_firewall" -eq "1" ]]; then
if [[ $is_shutdown_firewall -eq "1" ]]; then
shutdown_firewall
fi
@@ -746,7 +860,7 @@ main() {
# 关闭虚拟缓存k8s安装的时候才需要
disable_swap
fi
if [[ $is_modify_ssh_login -eq 1 ]]; then
modify_ssh_login
fi
@@ -782,9 +896,6 @@ main() {
install_zsh
fi
# 使用chrony进行NTP时间同步--包含下面的设置
# time_sync_to_ali_by_chrony || return $?
@@ -793,4 +904,3 @@ main() {
}
main

4
Public/mid-script.sh
View File

@@ -1,5 +1,9 @@
#!/bin/bash
.
## 对外暴露的安装Redis的主函数
InstallRedis() {
FunctionStart