解读先电2.4版 iaas-pre-host.sh 脚本 #!/bin/bash#声明解释器路径source /etc/xiandian/openrc.sh#生效环境变量 #selinuxsed -i 's/SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config#编写配置文件,永久关闭selinuxset
解读先电2.4版 iaas-pre-host.sh 脚本
#!/bin/bash #声明解释器路径
source /etc/xiandian/openrc.sh #生效环境变量
#selinux
sed -i 's/SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config #编写配置文件,永久关闭selinux
setenforce 0 #临时关闭selinux
#firewalld
systemctl stop firewalld #关闭防火墙
systemctl disable firewalld >> /dev/null 2>&1 #关闭开机自启防火墙,并把这句命令的正确输出和错误输出以追加的方式都保存到/dev/null,相当于丢进回收站
#NetworkManager
systemctl stop NetworkManager >> /dev/null 2>&1 #关闭网络管理器,并把这句命令的正确输出和错误输出都保存到/dev/null,相当于丢进回收站
systemctl disable NetworkManager >> /dev/null 2>&1 #关闭开机自启网络管理器,并把这句命令的正确输出和错误输出都保存到/dev/null,相当于丢进回收站
yum remove -y NetworkManager firewalld #卸载网络管理器的防火墙
systemctl restart network #重新启动网络服务
#iptables
yum install iptables-services -y
if [ 0 -ne $? ]; then
echo -e "\033[31mThe installation source configuration errors\033[0m"
exit 1
fi
#安装iptables服务
shell语法不做解释,这一部分的功能是看iptables服务是否安装成功,错误则报错并终止执行脚本,然后打印出(The installation source configuration errors)
systemctl restart iptables #重启iptables服务
iptables -F #清除所有规则
iptables -X #删除用户自定义的链
iptables -Z #链的计数器清零
/usr/sbin/iptables-save #保存修改
systemctl stop iptables #关闭iptables服务
systemctl disable iptables #禁用iptables服务
iptables介绍
原文链接:https://blog.csdn.net/bjgaocp/article/details/88722806
#install package
sed -i -e 's/#UseDNS yes/UseDNS no/g' -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config #编辑/etc/ssh/sshd_config文件,关闭dns域名解析,关闭gssapi 认证, 提高SSH的连接速度
yum upgrade -y #升级所有包和系统版本,不改变内核,软件和系统设置
yum install python-openstackclient openstack-selinux openstack-utils crudini expect -y #安装Openstack软件包、crudini命令解释器和expect命令解释器
#hosts
if [[ `ip a |grep -w $HOST_IP ` != '' ]];then
hostnamectl set-hostname $HOST_NAME
elif [[ `ip a |grep -w $HOST_IP_NODE ` != '' ]];then
hostnamectl set-hostname $HOST_NAME_NODE
else
hostnamectl set-hostname $HOST_NAME
fi
sed -i -e "/$HOST_NAME/d" -e "/$HOST_NAME_NODE/d" /etc/hosts
echo "$HOST_IP $HOST_NAME" >> /etc/hosts
echo "$HOST_IP_NODE $HOST_NAME_NODE" >> /etc/hosts
#shell语法不做解释,这一部分的功能是设置主机名和主机解析
#ssh
if [[ ! -s ~/.ssh/id_rsa.pub ]];then
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa -q -b 2048
fi
name=`hostname
if [[ $name == $HOST_NAME ]];then
expect -c "set timeout -1;
spawn ssh-copy-id -i /root/.ssh/id_rsa $HOST_NAME_NODE;
expect {
*password:* {send -- $HOST_PASS_NODE\r;
expect {
*denied* {exit 2;}
eof}
}
*(yes/no)* {send -- yes\r;exp_continue;}
eof {exit 1;}
}
"
else
expect -c "set timeout -1;
spawn ssh-copy-id -i /root/.ssh/id_rsa $HOST_NAME;
expect {
*password:* {send -- $HOST_PASS\r;
expect {
*denied* {exit 2;}
eof}
}
*(yes/no)* {send -- yes\r;exp_continue;}
eof {exit 1;}
}
"
fi
#shell语法和expect的语法不做解释,这部分的功能是生成密钥在传给另一个结点的ssh,实现免密登录
expect的语法:https://blog.csdn.net/Cantevenl/article/details/115271301
密钥简介:https://blog.csdn.net/hanguofei/article/details/103135178
ssh-keygen 命令简介:https://blog.csdn.net/qq_40932679/article/details/117487540
#chrony
yum install -y chrony
if [[ $name == $HOST_NAME ]];then
sed -i '3,6s/^/#/g' /etc/chrony.conf
sed -i '7s/^/server controller iburst/g' /etc/chrony.conf #表示与controller同步时间
echo "allow $network_segment_IP" >> /etc/chrony.conf #允许network_segment_IP到这台时间服务器来同步时间。必须配置
echo "local stratum 10" >> /etc/chrony.conf
else
sed -i '3,6s/^/#/g' /etc/chrony.conf
sed -i '7s/^/server controller iburst/g' /etc/chrony.conf
fi
systemctl restart chronyd
systemctl enable chronyd
#安装chrony软件来实现ntp服务
shell语法不做解释,这部分的功能是安装ntp服务、编辑ntp服务的配置文件/etc/chrony.conf和启用ntp服务,ntp是时间服务器,chrony能保持系统时钟与时间服务器(ntp)同步,让时间保持精确。
#DNS
if [[ $name == $HOST_NAME ]];then
yum install bind -y
sed -i -e '13,14s/^/\/\//g' \
-e '19s/^/\/\//g' \
-e '37,42s/^/\/\//g' \
-e 's/recursion yes/recursion no/g' \ #迭代查询:就是DNS服务器向DNS服务器询问;
-e 's/dnssec-enable yes/dnssec-enable no/g' \ #dns安全扩展,可以改为no关闭
-e 's/dnssec-validation yes/dnssec-validation no/g' /etc/named.conf #dns验证,可以改为no关闭
systemctl start named.service
systemctl enable named.service
fi
#安装bind软件来实现DNS服务
shell语法不做解释,这部分的功能是安装DNS服务、编辑DNS服务的配置文件/etc/named.conf和启用DNS服务,DNS服务为域名系统服务,简单来说就是把域名翻译为IP