def rpm_install_iperf():
print(green("准备安装'iperf'......"))
file_path = rpm_file_path("iperf")
if len(file_path) > 0:
if promised("是否安装'%s' ? " % file_path):
execute('rpm -Uvh %s' % file_path)
yum_install('iperf')
else:
print(red("'iperf'安装包不存在"))
def modify_resolv_conf(dns_conf):
exp_dns_list = re.split(" +", dns_conf)
print("期望DNS配置:")
print(exp_dns_list)
act_dns_list = []
resolv_ctx = execute('cat /etc/resolv.conf')
pattern_split = re.compile("nameserver +")
for each in resolv_ctx.splitlines():
if pattern_split.match(each):
act_dns_list.append(pattern_split.split(each, 1)[1])
print("系统实际DNS配置:")
print(act_dns_list)
os.system('chattr -i /etc/resolv.conf')
for exp_dns in exp_dns_list:
if exp_dns not in act_dns_list:
if promised("未配置DNS'%s', 是否配置 ? " % exp_dns):
os.system("sed -i '$a nameserver '%s /etc/resolv.conf" %
exp_dns)
for act_dns in act_dns_list:
if act_dns not in exp_dns_list:
if promised("不期望的DNS'%s', 是否需要将其注释 ? " % act_dns):
command = "sed -i 's/^nameserver *%s/# nameserver %s/g' /etc/resolv.conf" % (
act_dns, act_dns)
print(command)
os.system(command)
os.system('chattr +i /etc/resolv.conf')
def modify_dns_conf_optional(dns_conf):
exp_dns_list = re.split(" +", dns_conf)
print("期望DNS配置:")
print(exp_dns_list)
# 查询当前配置的DNS
dns_ctx = execute("nmcli dev show | grep IP4.DNS")
act_dns_list = []
for act_dns in dns_ctx.splitlines():
act_dns_list.append(re.split(" +", act_dns, 2)[1])
print("系统实际DNS配置:")
print(act_dns_list)
# 比对
need_modify = False
for exp_dns in exp_dns_list:
if exp_dns not in act_dns_list:
need_modify = True
break
# 获取所有连接
if need_modify:
# 修改连接的DNS, 并生效
for uuid in con_uuid_list():
if promised("是否修改连接'%s'的DNS ? " % uuid):
os.system("nmcli connection modify %s ipv4.dns \"%s\"" %
(uuid, dns_conf))
os.system("nmcli connection up %s" % uuid)
else:
print("DNS配置正确, 不需要更改")
def set_system_timezone():
"""查看当前时区, 不是Asia/Shanghai则进行修改"""
zone_ctx = execute("timedatectl status | grep zone")
print("当前时区")
print(zone_ctx)
if zone_ctx.find('Asia/Shanghai') == -1:
if promised("当前时区非'Asia/Shanghai', 是否进行配置 ? "):
os.system("timedatectl set-timezone Asia/Shanghai")
os.system("chronyc -a makestep")
else:
print("时区配置正确, 不需要更改")
def modify(self):
if self.status == -1:
# command = "sed -n '%dc %s' %s" % (self.line_num, self.standard_config(), self.file_path)
command = "sed -i '%dc %s' %s" % (
self.line_num, self.standard_config(), self.file_path)
elif self.status == 0:
command = "echo '%s' >> %s" % (self.standard_config(),
self.file_path)
else:
return
print(execute(command))
self.validate()
def con_uuid_list():
"""系统连接的uuid集合"""
uuid_list = []
con_ctx = execute("nmcli connection show")
print(con_ctx)
lines = con_ctx.splitlines()
if len(lines) > 0:
uuid_head_idx = lines[0].find("UUID")
for line in lines:
uuid_tail_idx = line.find(" ", uuid_head_idx)
uuid = line[uuid_head_idx:uuid_tail_idx]
if uuid != "UUID":
uuid_list.append(uuid)
return uuid_list
def install_zabbix_agent():
print(green("准备安装'zabbix-agent'......"))
if os.path.exists('/usr/local/zabbix/'):
print(red("'/usr/local/zabbix/'文件已存在"))
else:
file_path = tar_file_path('zabbix_linux_2.6')
os.system('tar -xvf %s -C /usr/local' % file_path)
os.system('groupadd zabbix')
os.system('useradd -g zabbix -M -s /sbin/nologin zabbix')
os.system('chown -R zabbix.zabbix /usr/local/zabbix')
zabbix_conf_path = '/usr/local/zabbix/conf/zabbix_agentd.conf'
print(green("检测'%s'配置文件......" % zabbix_conf_path))
specs = []
# Server配置
if 'zabbix_agentd.Server' in os_dict:
exp_val = os_dict['zabbix_agentd.Server']
specs.append(
Spec('配置Server', zabbix_conf_path, 'Server', exp_val, '=', '='))
# ServerActive配置
if 'zabbix_agentd.ServerActive' in os_dict:
exp_val = os_dict['zabbix_agentd.ServerActive']
specs.append(
Spec('配置ServerActive', zabbix_conf_path, 'ServerActive', exp_val,
'=', '='))
# 配置hostname
ip = get_host()
specs.append(Spec('配置Hostname', zabbix_conf_path, 'Hostname', ip, '=',
'='))
display_colorful(specs)
modify_optional(specs)
# 启动zabbix-agent
startup_command = '/usr/local/zabbix/sbin/zabbix_agentd -c %s' % zabbix_conf_path
if promised("是否启动'zabbix-agentd' ? "):
os.system(startup_command)
# 开机自启
if len(
execute(
'cat /etc/rc.d/rc.local | grep /usr/local/zabbix/sbin/zabbix_agentd'
)) == 0:
if promised('是否开机自启 ? '):
os.system('chmod a+x /etc/rc.d/rc.local')
os.system("echo '%s' >> /etc/rc.d/rc.local" % startup_command)
else:
print(green('检测到已配置开机自启...'))
# 设置读权限
os.system('setfacl -m u:zabbix:r /var/log/messages')
def firewall_service_management():
"""防火墙服务管理"""
# 启动防火墙
os.system('systemctl start firewalld')
# 查看允许的服务
act_service_list = execute('firewall-cmd --list-services')[0:-1].split(" ")
print(green("实际允许的服务:"))
print(act_service_list)
exp_service_list = ['ssh', 'zabbix-agent', 'chronyd']
need_reload = False
# 删除非期望的服务
for act_service in act_service_list:
if act_service not in exp_service_list and len(act_service) > 0:
if promised("是否删除'%s'服务 ? " % act_service):
os.system('firewall-cmd --remove-service=%s --permanent' %
act_service)
need_reload = True
# 添加期望的服务
for exp_service in exp_service_list:
if exp_service not in act_service_list:
if promised("是否添加'%s'服务 ? " % exp_service):
if exp_service == 'chronyd':
# 自定义服务
os.system('firewall-cmd --new-service=chronyd --permanent')
os.system(
'firewall-cmd --service=chronyd --add-port=323/tcp --permanent'
)
os.system(
'firewall-cmd --service=chronyd --add-port=323/udp --permanent'
)
# 重新加载, 不然仍会服务无效
os.system('firewall-cmd --reload')
# 添加
os.system('firewall-cmd --add-service=chronyd --permanent')
else:
os.system("firewall-cmd --add-service=%s --permanent" %
exp_service)
need_reload = True
if need_reload:
os.system('firewall-cmd --reload')
def sync_system_time(chrony_server_conf):
"""
同步系统时间
1. 获取/etc/chrony.conf中所有server
2. 与chrony_server_list进行比对
3. 注释掉不期望的server, 添加未配置的server
"""
exp_server_list = re.split(" +", chrony_server_conf)
print('期望时间服务器配置:')
print(exp_server_list)
chr_ctx = execute("cat /etc/chrony.conf | grep -n '^server'") # -n 显示行号
line_num_list = []
act_server_list = []
for line in chr_ctx.splitlines():
arr = re.split(" +", line, 3)
act_server_list.append(arr[1])
line_num_list.append(arr[0][:arr[0].find(':')]) # 1:server 获取在文件中行号
print('系统实际时间服务配置:')
# print(chr_ctx)
print(act_server_list)
# 比对, 注释掉不期望的配置
for idx in range(len(act_server_list)):
act_server = act_server_list[idx]
if act_server not in exp_server_list:
if promised("不期望的时间服务器'%s', 是否需要将其注释 ? " % act_server):
line_num = line_num_list[idx]
command = "sed -i '%ss/^/# /' /etc/chrony.conf" % line_num
print(command)
os.system(command)
# 比对, 添加期望的配置
insert_line_num = 1
if len(line_num_list) != 0:
insert_line_num = int(line_num_list[len(line_num_list) - 1])
for exp_server in exp_server_list:
if exp_server not in act_server_list:
if promised("未配置时间服务器'%s', 是否配置 ? " % exp_server):
os.system("sed -i '%da server %s iburst' /etc/chrony.conf" %
(insert_line_num, exp_server))
def service_probes_and_shutdown_optional():
service_ctx = execute('netstat -nlp -t -u')
print(service_ctx)
lines = service_ctx.splitlines()
port_to_server_dict = {}
for line in lines:
arr = []
if line.startswith('tcp'):
arr = re.split(" +", line, 6)
elif line.startswith('udp'):
arr = re.split(" +", line, 5)
if len(arr) != 0:
local_address = arr[3]
pid_and_name = arr[-1]
port = local_address[local_address.rfind(':') + 1:]
port_to_server_dict[port] = pid_and_name
for port in port_to_server_dict:
pid_and_name = port_to_server_dict[port]
pid = pid_and_name[:pid_and_name.find('/')]
name = pid_and_name[pid_and_name.find('/') + 1:]
print("端口: %s 进程ID:%s 服务名: %s" % (port, pid, name))
if port != "323" and port != "22":
if promised('是否关闭该服务 ? '):
os.system("kill -15 %s" % pid)