def modify_resolv_conf(dns_conf):
exp_dns_list = re.split(" +", dns_conf)
print("期望DNS配置:")
print(exp_dns_list)
act_dns_list = []
resolv_ctx = execute('cat /etc/resolv.conf')
pattern_split = re.compile("nameserver +")
for each in resolv_ctx.splitlines():
if pattern_split.match(each):
act_dns_list.append(pattern_split.split(each, 1)[1])
print("系统实际DNS配置:")
print(act_dns_list)
os.system('chattr -i /etc/resolv.conf')
for exp_dns in exp_dns_list:
if exp_dns not in act_dns_list:
if promised("未配置DNS'%s', 是否配置 ? " % exp_dns):
os.system("sed -i '$a nameserver '%s /etc/resolv.conf" %
exp_dns)
for act_dns in act_dns_list:
if act_dns not in exp_dns_list:
if promised("不期望的DNS'%s', 是否需要将其注释 ? " % act_dns):
command = "sed -i 's/^nameserver *%s/# nameserver %s/g' /etc/resolv.conf" % (
act_dns, act_dns)
print(command)
os.system(command)
os.system('chattr +i /etc/resolv.conf')
def install_zabbix_agent():
print(green("准备安装'zabbix-agent'......"))
if os.path.exists('/usr/local/zabbix/'):
print(red("'/usr/local/zabbix/'文件已存在"))
else:
file_path = tar_file_path('zabbix_linux_2.6')
os.system('tar -xvf %s -C /usr/local' % file_path)
os.system('groupadd zabbix')
os.system('useradd -g zabbix -M -s /sbin/nologin zabbix')
os.system('chown -R zabbix.zabbix /usr/local/zabbix')
zabbix_conf_path = '/usr/local/zabbix/conf/zabbix_agentd.conf'
print(green("检测'%s'配置文件......" % zabbix_conf_path))
specs = []
# Server配置
if 'zabbix_agentd.Server' in os_dict:
exp_val = os_dict['zabbix_agentd.Server']
specs.append(
Spec('配置Server', zabbix_conf_path, 'Server', exp_val, '=', '='))
# ServerActive配置
if 'zabbix_agentd.ServerActive' in os_dict:
exp_val = os_dict['zabbix_agentd.ServerActive']
specs.append(
Spec('配置ServerActive', zabbix_conf_path, 'ServerActive', exp_val,
'=', '='))
# 配置hostname
ip = get_host()
specs.append(Spec('配置Hostname', zabbix_conf_path, 'Hostname', ip, '=',
'='))
display_colorful(specs)
modify_optional(specs)
# 启动zabbix-agent
startup_command = '/usr/local/zabbix/sbin/zabbix_agentd -c %s' % zabbix_conf_path
if promised("是否启动'zabbix-agentd' ? "):
os.system(startup_command)
# 开机自启
if len(
execute(
'cat /etc/rc.d/rc.local | grep /usr/local/zabbix/sbin/zabbix_agentd'
)) == 0:
if promised('是否开机自启 ? '):
os.system('chmod a+x /etc/rc.d/rc.local')
os.system("echo '%s' >> /etc/rc.d/rc.local" % startup_command)
else:
print(green('检测到已配置开机自启...'))
# 设置读权限
os.system('setfacl -m u:zabbix:r /var/log/messages')
def modify_dns_conf_optional(dns_conf):
exp_dns_list = re.split(" +", dns_conf)
print("期望DNS配置:")
print(exp_dns_list)
# 查询当前配置的DNS
dns_ctx = execute("nmcli dev show | grep IP4.DNS")
act_dns_list = []
for act_dns in dns_ctx.splitlines():
act_dns_list.append(re.split(" +", act_dns, 2)[1])
print("系统实际DNS配置:")
print(act_dns_list)
# 比对
need_modify = False
for exp_dns in exp_dns_list:
if exp_dns not in act_dns_list:
need_modify = True
break
# 获取所有连接
if need_modify:
# 修改连接的DNS, 并生效
for uuid in con_uuid_list():
if promised("是否修改连接'%s'的DNS ? " % uuid):
os.system("nmcli connection modify %s ipv4.dns \"%s\"" %
(uuid, dns_conf))
os.system("nmcli connection up %s" % uuid)
else:
print("DNS配置正确, 不需要更改")
def rpm_install_iperf():
print(green("准备安装'iperf'......"))
file_path = rpm_file_path("iperf")
if len(file_path) > 0:
if promised("是否安装'%s' ? " % file_path):
execute('rpm -Uvh %s' % file_path)
yum_install('iperf')
else:
print(red("'iperf'安装包不存在"))
def password_less_login():
if os.path.exists('resources/id_rsa.pub'):
if promised("是否进行免密登录配置 ? "):
os.system("mkdir -p ~/.ssh && chmod 700 ~/.ssh")
os.system(
"cat resources/id_rsa.pub | cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
)
else:
print(red("免密登录, 没有找到'id_rsa.pub'文件"))
def set_system_timezone():
"""查看当前时区, 不是Asia/Shanghai则进行修改"""
zone_ctx = execute("timedatectl status | grep zone")
print("当前时区")
print(zone_ctx)
if zone_ctx.find('Asia/Shanghai') == -1:
if promised("当前时区非'Asia/Shanghai', 是否进行配置 ? "):
os.system("timedatectl set-timezone Asia/Shanghai")
os.system("chronyc -a makestep")
else:
print("时区配置正确, 不需要更改")
def install_all_required_software():
yum_install('vim')
if promised(green("是否安装gcc(如果yum源有问题, 可以ctrl+c在此结束运行)")):
yum_install('gcc')
yum_install('telnet')
yum_install('tar')
yum_install('zip')
yum_install('unzip')
yum_install('lvm2')
yum_install('firewalld')
yum_install('bind-utils') # nslookup
yum_install('java')
yum_install(
'libpcap'
) # Fix error "Failed dependencies" when install iftop in some machines
rpm_install_iftop()
rpm_install_iperf()
install_zabbix_agent()
if promised(green("是否安装nginx(安装时间较长, 没有必要可以不安装)")):
install_nginx()
def firewall_service_management():
"""防火墙服务管理"""
# 启动防火墙
os.system('systemctl start firewalld')
# 查看允许的服务
act_service_list = execute('firewall-cmd --list-services')[0:-1].split(" ")
print(green("实际允许的服务:"))
print(act_service_list)
exp_service_list = ['ssh', 'zabbix-agent', 'chronyd']
need_reload = False
# 删除非期望的服务
for act_service in act_service_list:
if act_service not in exp_service_list and len(act_service) > 0:
if promised("是否删除'%s'服务 ? " % act_service):
os.system('firewall-cmd --remove-service=%s --permanent' %
act_service)
need_reload = True
# 添加期望的服务
for exp_service in exp_service_list:
if exp_service not in act_service_list:
if promised("是否添加'%s'服务 ? " % exp_service):
if exp_service == 'chronyd':
# 自定义服务
os.system('firewall-cmd --new-service=chronyd --permanent')
os.system(
'firewall-cmd --service=chronyd --add-port=323/tcp --permanent'
)
os.system(
'firewall-cmd --service=chronyd --add-port=323/udp --permanent'
)
# 重新加载, 不然仍会服务无效
os.system('firewall-cmd --reload')
# 添加
os.system('firewall-cmd --add-service=chronyd --permanent')
else:
os.system("firewall-cmd --add-service=%s --permanent" %
exp_service)
need_reload = True
if need_reload:
os.system('firewall-cmd --reload')
def sync_system_time(chrony_server_conf):
"""
同步系统时间
1. 获取/etc/chrony.conf中所有server
2. 与chrony_server_list进行比对
3. 注释掉不期望的server, 添加未配置的server
"""
exp_server_list = re.split(" +", chrony_server_conf)
print('期望时间服务器配置:')
print(exp_server_list)
chr_ctx = execute("cat /etc/chrony.conf | grep -n '^server'") # -n 显示行号
line_num_list = []
act_server_list = []
for line in chr_ctx.splitlines():
arr = re.split(" +", line, 3)
act_server_list.append(arr[1])
line_num_list.append(arr[0][:arr[0].find(':')]) # 1:server 获取在文件中行号
print('系统实际时间服务配置:')
# print(chr_ctx)
print(act_server_list)
# 比对, 注释掉不期望的配置
for idx in range(len(act_server_list)):
act_server = act_server_list[idx]
if act_server not in exp_server_list:
if promised("不期望的时间服务器'%s', 是否需要将其注释 ? " % act_server):
line_num = line_num_list[idx]
command = "sed -i '%ss/^/# /' /etc/chrony.conf" % line_num
print(command)
os.system(command)
# 比对, 添加期望的配置
insert_line_num = 1
if len(line_num_list) != 0:
insert_line_num = int(line_num_list[len(line_num_list) - 1])
for exp_server in exp_server_list:
if exp_server not in act_server_list:
if promised("未配置时间服务器'%s', 是否配置 ? " % exp_server):
os.system("sed -i '%da server %s iburst' /etc/chrony.conf" %
(insert_line_num, exp_server))
def service_probes_and_shutdown_optional():
service_ctx = execute('netstat -nlp -t -u')
print(service_ctx)
lines = service_ctx.splitlines()
port_to_server_dict = {}
for line in lines:
arr = []
if line.startswith('tcp'):
arr = re.split(" +", line, 6)
elif line.startswith('udp'):
arr = re.split(" +", line, 5)
if len(arr) != 0:
local_address = arr[3]
pid_and_name = arr[-1]
port = local_address[local_address.rfind(':') + 1:]
port_to_server_dict[port] = pid_and_name
for port in port_to_server_dict:
pid_and_name = port_to_server_dict[port]
pid = pid_and_name[:pid_and_name.find('/')]
name = pid_and_name[pid_and_name.find('/') + 1:]
print("端口: %s 进程ID:%s 服务名: %s" % (port, pid, name))
if port != "323" and port != "22":
if promised('是否关闭该服务 ? '):
os.system("kill -15 %s" % pid)
def modify_optional(specs):
for spec in specs:
if spec.status == -1 or spec.status == 0:
display_colorful([spec], False)
if promised("是否修复 ? "):
spec.modify()
def yum_base_repo_conf(host):
if promised("是否配置'CentOS-Base.repo'文件"):
os.system('sh shell/yum_base_repo_configure.sh %s %d' %
(host, os_version()))
def install_nginx():
if not os.path.exists('/usr/local/nginx') or promised(
green("检测到nginx已安装, 是否覆盖安装")):
os.system('sh shell/nginx_install.sh')
