shell脚本一键部署多种服务

通过一个实验案例来说明shell脚本一键部署多种服务的方法。

实验场景

初创公司是一家新成立的创业公司, 公司根据业务需求准备部署一个小型网络, 包含四
台服务器和若干客户机。考虑到后期需要在全国多个城市开分公司, 公司希望通过 Shell 的方式, 可以在不同的分支机构进行快速复制现有网络。

实验拓扑

shell脚本一键部署多种服务_第1张图片

实验要求

在管理员 PC 上编写 Shell 脚本, 实现一键部署。 实现以下项目需求:

  1. 分别部署防火墙、 DHCP 服务器、 DNS 服务器和 FTP 服务器
  2. 防火墙使用 Firewalld 服务, 并允许来自内网客户端( 172.16.1.0/24) 对服务器的访问。同时防火墙作为公司的边界设备, 要允许内网客户端( 172.16.1.0/24) 对互联网web服务器的访问。
  3. Firewalld 上配置 DHCP 中继服务, 使内网客户端( 172.16.1.0/24) 可以动态获取由 DHCP服务器分配的 IP 地址。
  4. 内网客户端( 172.16.1.0/24) 可以通过 DNS Server 解析 bdqn.com 中的域名。
  5. 网客户端( 192.168.1.0/24) 可以通过被动模式以匿名身份访问 FTP Server, 并且具备上
    传、 下载、 修改目录以及删除权限

实现步骤

配置SSH免密访问

在管理员PC上生成秘钥对

ssh-keygen 

shell脚本一键部署多种服务_第2张图片
为了可以将管理员PC上生成的公钥上传到其他网段的服务器,需要在网关服务器(firewalld)开启路由转发 功能和地址伪装

echo "1" > /proc/sys/net/ipv4/ip_forward  #路由转发
firewall-cmd --add-masquerade   #地址伪装

上传公钥至其他服务器
命令ssh-copy-id IP地址
shell脚本一键部署多种服务_第3张图片
shell脚本一键部署多种服务_第4张图片
shell脚本一键部署多种服务_第5张图片
shell脚本一键部署多种服务_第6张图片
验证免密连接
网关服务器
DHCP服务器
DNS服务器
FTP服务器

编写main.sh脚本,并完成调试(最终执行的脚本)

#!/bin/bash
Admin_IP=172.16.1.10
FW_IP=172.16.1.2
DHCP_Server_IP=192.168.1.10
DHCP_relay_IP=172.16.1.2
DNS_Server_IP=192.168.1.20
FTP_Server_IP=192.168.1.30

source ./firewall.sh
source ./yum.sh
source ./dhcp.sh
source ./dhcrelay.sh
source ./dns.sh
source ./ftp.sh

赋予可执行权限
chmod +x main.sh

编写firewall.sh脚本,并完成调试

#!/bin/bash
FW_cmd="ssh $FW_IP"
route=`$FW_cmd cat /proc/sys/net/ipv4/ip_forward`
if test $route != 0
then
$FW_cmd "echo 1 > /proc/sys/net/ipv4/ip_forward"
echo "route on firewall is open"
fi
$FW_cmd firewall-cmd  --zone=internal --query-interface=ens33 &> /dev/null
if test $? != 0
then
$FW_cmd ferewall-cmd --permanent --zone=internal --add-interface=ens33 &> /dev/null
fi

$FW_cmd firewall-cmd  --zone=dmz --query-interface=ens37 &> /dev/null
if test $? != 0
then
$FW_cmd firewall-cmd --permanent --zone=dmz --add-interface=ens37 &> /dev/null
fi
$FW_cmd firewall-cmd  --zone=external --query-interface=ens38 &> /dev/null
if test $? != 0
then
$FW_cmd firewall-cmd --permanent --zone=external --add-interface=ens38 &> /dev/null
fi

#ftp
$FW_cmd firewall-cmd --permanent --direct --query-rule ipv4 filter FORWARD_direct 0 -p tcp  --dport 21 -m conntrack --ctstate NEW -j ACCEPT &> /dev/null
if test $? != 0
then
$FW_cmd firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD_direct 0 -p tcp  --dport 21 -m conntrack --ctstate NEW -j ACCEPT &> /dev/null
fi
$FW_cmd firewall-cmd --permanent --direct --query-rule ipv4 filter FORWARD_direct 0 -p tcp  --dport 20000:20100 -m conntrack --ctstate NEW -j ACCEPT &> /dev/null
if test $? != 0
then
$FW_cmd firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD_direct 0 -p tcp  --dport 20000:20100 -m conntrack --ctstate NEW -j ACCEPT &> /dev/null     
fi
#ssh
$FW_cmd firewall-cmd --permanent --direct --query-rule ipv4 filter FORWARD_direct 0 -p tcp --dport 22 -j ACCEPT &> /dev/null
if test $? != 0
then
$FW_cmd firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD_direct 0 -p tcp --dport 22 -j ACCEPT &> /dev/null
fi
#dns
$FW_cmd firewall-cmd --permanent --direct --query-rule ipv4 filter FORWARD_direct 0 -p udp  --dport 53 -m conntrack --ctstate NEW -j ACCEPT &> /dev/null
if test $? != 0
then
$FW_cmd firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD_direct 0 -p udp  --dport 53 -m conntrack --ctstate NEW -j ACCEPT &> /dev/null
fi
#端口转发
$FW_cmd firewall-cmd --permanent --zone=external --query-forward-port=port=22:proto=tcp:toport=22:toaddr=$Admin_IP &> /dev/null
if test $? != 0
then
$FW_cmd firewall-cmd --permanent --zone=external --add-forward-port=port=22:proto=tcp:toport=22:toaddr=$Admin_IP &> /dev/null
fi
$FW_cmd firewall-cmd --reload &> /dev/null
echo "firewalld rules are ok!"

赋予可执行权限
chmod +x firewall.sh

编写yum.sh脚本,并完成调试

在编写完后,一定要现将每一台服务器上/etc/yum.repos.d/目录下的文件手动移动到其他目录,如:
cd /etc/yum.repos.d
mkdir repo
mv * repo
以下是脚本内容:

#!/bin/bash
ServerIP="$FW_IP $DHCP_Server_IP $DNS_Server_IP $FTP_Server_IP"
for i in $ServerIP
do
cmd="ssh $i"
$cmd 'df | grep /dev/cdrom' > /dev/null
if test $? == 0
then
        $cmd 'umount /dev/cdrom' &> /dev/null
        $cmd 'umount /mnt' &> /dev/null
fi
        $cmd 'mount /dev/cdrom /mnt' &> /dev/null
$cmd 'echo "[local]" >> /etc/yum.repos.d/local.repo'
$cmd 'echo "name=local" >> /etc/yum.repos.d/local.repo'
$cmd 'echo "baseurl=file:///mnt" >> /etc/yum.repos.d/local.repo'
$cmd 'echo "enabled=1" >> /etc/yum.repos.d/local.repo'
$cmd 'echo "gpgcheck=0" >> /etc/yum.repos.d/local.repo'
$cmd 'yum clean all' &> /dev/null
$cmd 'yum makecache' &> /dev/null
if test $? == 0
then
        echo "yum is ok($i)"
else
        echo "yum is failed($i)"
fi
done

赋予可执行权限
chmod +x yum.sh

编写dhcp.sh脚本,并完成调试

#!/bin/bash
DHCP_Server_cmd="ssh $DHCP_Server_IP"
$DHCP_Server_cmd "rpm -qa | grep dhcp-4" &> /dev/null
if [ $? -eq 0 ]
then
        $DHCP_Server_cmd yum -y remove dhcp &> /dev/null
fi


$DHCP_Server_cmd yum -y install dhcp &> /dev/null
if [ $? -eq 0 ]
then
$DHCP_Server_cmd 'echo "subnet 172.16.1.0 netmask 255.255.255.0 {" >> /etc/dhcp/dhcpd.conf'
$DHCP_Server_cmd 'echo "range 172.16.1.100 172.16.1.200;" >> /etc/dhcp/dhcpd.conf'
$DHCP_Server_cmd ' echo "option domain-name-servers 192.168.1.20;" >> /etc/dhcp/dhcpd.conf‘
$DHCP_Server_cmd 'echo "option routers 172.16.1.2;" >> /etc/dhcp/dhcpd.conf'
$DHCP_Server_cmd 'echo "}" >> /etc/dhcp/dhcpd.conf'
$DHCP_Server_cmd 'echo "subnet 192.168.1.0 netmask 255.255.255.0 {}" >> /etc/dhcp/dhcpd.conf'
$DHCP_Server_cmd systemctl enable firewalld &> /dev/null
$DHCP_Server_cmd systemctl restart firewalld &> /dev/null
$DHCP_Server_cmd firewall-cmd --permanent --zone=public --query-service=dhcp &> /dev/null
if test $? != 0
then
$DHCP_Server_cmd firewall-cmd --permanent --add-service=dhcp &> /dev/null
$DHCP_Server_cmd firewall-cmd --reload &> /dev/null
fi

$DHCP_Server_cmd systemctl enable dhcpd &> /dev/null
$DHCP_Server_cmd systemctl restart dhcpd &> /dev/null
	if test $? != 0
	then
		echo "dhcpd boot error!"
	else
		echo "DHCP Server is ok"
	fi
else
echo "dhcp install error!!!"
fi

赋予可执行权限
chmod +x dhcp.sh

编写dhcrelay.sh脚本,并完成调试

#!/bin/bash
DHCP_relay_cmd="ssh $DHCP_relay_IP"
$DHCP_relay_cmd "rpm -qa | grep dhcp-4" &> /dev/null
if [ $? -eq 0 ]
then
        $DHCP_relay_cmd yum -y remove dhcp &> /dev/null
fi
$DHCP_relay_cmd yum -y install dhcp &> /dev/null
$DHCP_relay_cmd "sed -i 's/--no-pid/& 192.168.1.10/' /usr/lib/systemd/system/dhcrelay.service"
$DHCP_relay_cmd systemctl enable dhcrelay &> /dev/null
$DHCP_relay_cmd systemctl start dhcrelay &> /dev/null
if [ $? -eq 0 ]
then
        echo "dhcrelay is ok!"
else
        echo "dhcrelay boot error!"
fi

赋予可执行权限
chmod +x dhcrelay.sh

编写dns.sh脚本,并完成调试

#!/bin/bash
DNS_Server_cmd="ssh $DNS_Server_IP"
$DNS_Server_cmd "rpm -qa | grep '^bind-9'" &> /dev/null
if [ $? -eq 0 ]
then
	$DNS_Server_cmd yum -y remove bind &> /dev/null
fi
$DNS_Server_cmd 'yum -y install bind*' &> /dev/null
$DNS_Server_cmd sed -i 's/127.0.0.1/any/g' /etc/named.conf
$DNS_Server_cmd sed -i 's/localhost/any/g' /etc/named.conf
$DNS_Server_cmd sed -i 's/\"\.\"/\"bdqn.com\"/g' /etc/named.conf
$DNS_Server_cmd sed -i 's/hint/master/g' /etc/named.conf
$DNS_Server_cmd sed -i 's/named.ca/bdqn.zone/g' /etc/named.conf
$DNS_Server_cmd touch /var/named/bdqn.zone
$DNS_Server_cmd chown root.named /var/named/bdqn.zone
$DNS_Server_cmd 'echo "\$TTL 1D" >> /var/named/bdqn.zone'
$DNS_Server_cmd 'echo "@	IN	SOA	bdqn.com.  admin.bdqn.com.  (200 1H 15M 1W 1D)" >> /var/named/bdqn.zone'
$DNS_Server_cmd 'echo "@        IN	NS	www.bdqn.com." >> /var/named/bdqn.zone'
$DNS_Server_cmd 'echo "www	IN	A	192.168.1.20" >> /var/named/bdqn.zone'
$DNS_Server_cmd 'echo "dhcp	IN	A	192.168.1.10" >> /var/named/bdqn.zone'
$DNS_Server_cmd 'echo "ftp 	IN	A	192.168.1.30" >> /var/named/bdqn.zone'
$DNS_Server_cmd 'echo "dns 	IN	A	192.168.1.20" >> /var/named/bdqn.zone'
$DNS_Server_cmd systemctl enable firewalld &> /dev/null
$DNS_Server_cmd systemctl restart firewalld &> /dev/null
$DNS_Server_cmd firewall-cmd --permanent --zone=public --query-service=dns &> /dev/null
if test $? != 0
then
$DNS_Server_cmd firewall-cmd --permanent --zone=public --add-service=dns &> /dev/null
$DNS_Server_cmd firewall-cmd --reload
fi
$DNS_Server_cmd systemctl  enable named &> /dev/null
$DNS_Server_cmd systemctl restart named &> /dev/null
if test $? != 0
then
	echo named boot error
else
	echo named is ok
fi

赋予可执行权限
chmod +x dns.sh

编写ftp.sh脚本,并完成调试

#!/bin/bash
FTP_Server_cmd="ssh $FTP_Server_IP"
$FTP_Server_cmd 'rpm -qa | grep vsftpd' &> /dev/null
if [ $? -eq 0 ]
then
	$FTP_Server_cmd yum -y remove vsftpd &> /dev/null
fi
$FTP_Server_cmd yum -y install vsftpd &> /dev/null
# 备份原配置文件
$FTP_Server_cmd "mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_bak"
$FTP_Server_cmd 'grep -v "#" /etc/vsftpd/vsftpd.conf_bak > /etc/vsftpd/vsftpd.conf'
# 修改配置文件
$FTP_Server_cmd 'echo "anon_umask=022" >> /etc/vsftpd/vsftpd.conf'
$FTP_Server_cmd 'echo "anon_upload_enable=YES" >> /etc/vsftpd/vsftpd.conf'
$FTP_Server_cmd 'echo "anon_mkdir_write_enable=YES" >> /etc/vsftpd/vsftpd.conf'
$FTP_Server_cmd 'echo "anon_other_write_enable=YES" >> /etc/vsftpd/vsftpd.conf'
$FTP_Server_cmd 'echo "pasv_max_port=20100" >> /etc/vsftpd/vsftpd.conf'
$FTP_Server_cmd 'echo "pasv_min_port=20000" >> /etc/vsftpd/vsftpd.conf'

$FTP_Server_cmd chmod  777 /var/ftp/pub/
$FTP_Server_cmd systemctl enable firewalld &> /dev/null
$FTP_Server_cmd systemctl restart firewalld &> /dev/null
$FTP_Server_cmd firewall-cmd --permanent --zone=public --query-service=ftp &> /dev/null
if test $? != 0
then
$FTP_Server_cmd firewall-cmd --permanent --add-service=ftp &> /dev/null
$FTP_Server_cmd firewall-cmd --reload &> /dev/null
fi
$FTP_Server_cmd systemctl enable vsftpd &> /dev/null
$FTP_Server_cmd systemctl restart vsftpd &> /dev/null
if [ $? -eq 0 ]
then
	echo "ftp is ok!"
else
	echo "ftp boot error!"
fi

赋予可执行权限
chmod +x ftp.sh

运行main.sh脚本实现一键部署

./main.sh
运行结果:
shell脚本一键部署多种服务_第7张图片
从运行结果看,所有服务已经部署成功
提示: 如果在运行脚本的过程中出现报错,可执行bash -x mian.sh命令来显示详细过程来查看具体错误
为了验证一键部署是否成功,在服务器上进行查看
DHCP服务器
DNS服务器
FTP服务器
服务正常都启动了,就说明yum也成功了

验证

验证内网访问外网

内网访问外网
成功从内部客户机访问到外网

验证DHCP

shell脚本一键部署多种服务_第8张图片
已成功获取到DHCP服务器分发的地址

验证DNS

shell脚本一键部署多种服务_第9张图片
内部客户机可以成功解析服务器的地址

验证FTP

shell脚本一键部署多种服务_第10张图片
shell脚本一键部署多种服务_第11张图片
FTP验证成功。

你可能感兴趣的:(Linux操作系统,shell编程,服务)