常见命令库

产品文档

云主机 CVM

2024-06-03 08:57:14

常见命令库

京东云提供以下常见的运维命令脚本。

批量修改Linux系统云主机密码

#!/bin/bash

if [ -z '{{userName}}' ]; then
    echo 'userName 为空(userName is empty)'
    exit 1
fi

if [ -z '{{newPassword}}' ]; then
    echo 'newPassword 为空(newPassword is empty)'
    exit 2
fi

if passwd --help | grep "stdin" > /dev/null 2>&1; then
    echo '{{newPassword}}' | passwd '{{userName}}' --stdin > /dev/null 2>&1
    if [ $? -ne 0 ]; then
        echo "User not found: {{userName}}"
        exit -1
    fi
else
    echo '{{userName}}:{{newPassword}}' | chpasswd > /dev/null 2>&1
    if [ $? -ne 0 ]; then
        echo "User not found: {{userName}}"
        exit -1
    fi
fi

if grep -q "PasswordAuthentication no" /etc/ssh/sshd_config; then
    sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
    systemctl restart sshd
fi

if ! faillock --user '{{userName}}' --reset &> /dev/null; then 
    pam_tally2 --user '{{userName}}' --reset &> /dev/null
fi

参数说明

参数名 描述
userName 用户名
newPassword 新密码

批量修改Windows系统云主机密码

$userName="{{userName}}"
$newPassword="{{newPassword}}"

$UserAccountInfo=Get-WmiObject -Class Win32_UserAccount -Filter "Name='$userName'" | Select Name,Status,Disabled,Lockout,LocalAccount,PasswordExpires,PasswordChangeable,AccountType
echo $UserAccountInfo
if ($UserAccountInfo -eq $null -or $UserAccountInfo -eq "") {
    Write-Host "User not found: $userName"
    exit 1
}

if ($UserAccountInfo.Disabled -eq "True") {
    net user $userName /active:yes |Out-Null
}

if ($UserAccountInfo.Lockout -eq "True") {
    net user $userName /active:yes |Out-Null
}

net user $userName $newPassword

参数说明

参数名 描述
userName 用户名
newPassword 新密码

查看Linux系统云主机实例目录占用磁盘空间大小

#!/bin/bash
du -sh {{directory}}

参数说明

参数名 描述
directory 目标目录

查看Linux系统云主机实例CPU占用率高的进程

#!/bin/bash
TOPK={{topk}}

SECS={{samplingTime}}
INTERVAL={{interval}}
STEPS=$(( $SECS / $INTERVAL ))
TEMP_FILE_PREFIX="/tmp/tat_public_cpu_usage"

echo Watching CPU usage...
for((i=0;i<$STEPS;i++))
do
  ps -eocomm,pcpu | tail -n +2 >> $TEMP_FILE_PREFIX.$$
  sleep $INTERVAL
done

echo
echo CPU eaters :
cat $TEMP_FILE_PREFIX.$$ | \
awk '
{ process[$1]+=$2;}

END{
  for(i in process) {
    printf("%-20s %s\n",i, process[i]) ;
  }
}' | sort -nrk 2 | head -n $TOPK

rm $TEMP_FILE_PREFIX.$$

参数说明

参数名 描述
topk 前k个进程
samplingTime 采样时间, 单位秒
interval 采样间隔时间, 单位秒

给Linux系统云主机实例批量添加SSH公钥

#!/bin/bash

# ssh public key to be added.
sshPublicKey="{{sshPublicKey}}"

mkdir -p ~/.ssh && chmod 700 ~/.ssh 
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
echo $sshPublicKey >> ~/.ssh/authorized_keys
echo "operation success!"

参数说明

参数名 描述
sshPublicKey SSH公钥

在Linux系统云主机实例的iptables放开指定协议和端口

#!/bin/bash

# ports to be checked, seperated by comma.
PORTS="{{PORTS}}"
# supported protocols, available values: all, tcp, udp.
PROTOCOL="{{PROTOCOL}}"

gen_result() {
  result=$1
  err_info=$2
  if [ "$result" == "success" ]; then
    echo "result: success"
  else
    echo "result: failed"
    echo "reason: $err_info"
  fi
  exit 0;
}

check_param() {
  protocol=$1
  if [ "$protocol" != "all" ] && [ "$protocol" != "tcp" ] && [ "$protocol" != "udp" ]; then
    gen_result "failed" "PROTOCOL $protocol is not valid."
  fi

  ports=$2
  IFS=',' read -ra arr <<< "$ports"
  for port in "${arr[@]}"; do
    [ -n "${port##*[!0-9]*}" ] || gen_result "failed" "port is not number."
  done
}

open_port() {
  port=$1
  protocol=$2
  protocols=($protocol)
  if [ "$protocol" == "all" ]; then
    protocols=("tcp" "udp")
  fi

  for item in "${protocols[@]}"; do
    # clear outdated `DROP` and `ACCEPT` rules if exists.
    iptables -D INPUT -p "$item" --dport "$port" -j DROP >/dev/null 2>&1
    iptables -D INPUT -p "$item" --dport "$port" -j ACCEPT >/dev/null 2>&1
    # insert new `ACCEPT` rule.
    iptables -I INPUT -p "$item" --dport "$port" -j ACCEPT
  done
}

main() {
  check_param $PROTOCOL $PORTS

  IFS=',' read -ra arr <<< "$PORTS"
  for port in "${arr[@]}"; do
    open_port "$port" $PROTOCOL || gen_result "failed" "open port failed: $port."
  done
}

main && gen_result "success"

参数说明

参数名 描述
PORTS 待放开的端口,多个端口用英文逗号隔开
PROTOCOL 待放开的协议, 可选值: all,tcp,udp

检测Linux系统云主机实例的指定端口和协议是否被iptables封禁

#!/bin/bash

# ports to be checked, seperated by comma.
PORTS="{{PORTS}}"
# supported protocols, available values: all, tcp, udp.
PROTOCOL="{{PROTOCOL}}"

gen_result() {
  result=$1
  err_info=$2
  if [ "$result" == "success" ]; then
    echo "result: success"
  else
    echo "result: failed"
    echo "reason: $err_info"
  fi
  exit 0;
}

check_param() {
  protocol=$1
  if [ "$protocol" != "all" ] && [ "$protocol" != "tcp" ] && [ "$protocol" != "udp" ]; then
    gen_result "failed" "PROTOCOL $protocol is not valid."
  fi

  ports=$2
  IFS=',' read -ra arr <<< "$ports"
  for port in "${arr[@]}"; do
    [ -n "${port##*[!0-9]*}" ] || gen_result "failed" "port is not number."
  done
}

# check if port blocked for specific protocol.
is_port_blocked() {
  port=$1
  protocol=$2
  blocked='false'
  if [ "$protocol" == "all" ]; then
      if iptables -L -n -v | grep "$port" | head -1 | grep 'tcp\|udp' | grep "DROP" >/dev/null; then
        blocked='true'
      fi
  else
      if iptables -L -n -v | grep "$port" | head -1 | grep "$protocol" | grep "DROP" >/dev/null; then
        blocked='true'
      fi
  fi
  echo "$port: $blocked"
}

main() {
  check_param $PROTOCOL $PORTS

  echo "result: success"
  IFS=',' read -ra arr <<< "$PORTS"
  for port in "${arr[@]}"; do
    is_port_blocked "$port" $PROTOCOL
  done
}

main

参数说明

参数名 描述
PORTS 待检测的端口,多个端口用英文逗号隔开
PROTOCOL 待检测的协议, 可选值: all,tcp,udp

批量在Linux系统云主机实例上显示僵尸进程

#!/bin/bash
processes=$(ps ax -o user,pid,ppid,pgid,args,stat,start,time)
zombies=$(echo -e "${processes}" | grep -E "\s(Z|z|Z.*)\s")
if [ $? == 1 ]; then
  echo "no zombie processes exists on machine"
else
  echo -e "${processes}" | head -1
  echo "$zombies"
fi

批量在Linux实例云主机实例上安装或卸载yum/apt包

#!/bin/bash
function configurePackages() {
    installer=$1
    action=$2
    packageName=$3
    if [ "$installer" = "yum" ]; then
        if [ "$action" = "install" ]; then
            yum install -y $packageName
            if [ $? -ne 0 ]; then
                echo "Package install failed. Please check your command"
                exit 1
            fi
        elif [ "$action" = "uninstall" ]; then
            yum remove -y $packageName
            if [ $? -ne 0 ]; then
                echo "Package uninstall failed. Please check your command"
                exit 1
            fi
        else
            echo "Package command must be install or uninstall"
            exit 1
        fi
    elif [ "$installer" = "apt-get" ]; then
        if [ "$action" = "install" ]; then
            apt-get -y install $packageName
            if [ $? -ne 0 ]; then
                echo "Package install failed. Please check your command"
                exit 1
            fi
        elif [ "$action" = "uninstall" ]; then
            apt-get -y remove $packageName
            if [ $? -ne 0 ]; then
                echo "Package uninstall failed. Please check your command"
                exit 1
            fi
        else
            echo "Package command must be install or uninstall"
            exit 1
        fi
    else
        echo "Unknown package installer. Only support yum/apt-get"
        exit 1
    fi
}
  
configurePackages {{installer}} {{action}} {{packageName}}

参数说明

参数名 描述
installer 包管理器
action 安装或卸载 package
packageName yum/apt-get安装的包名

批量清理多台Linux系统云主机实例的磁盘

#!/bin/bash
  
function deletefiles() {
  if [ ! -d $2 ]; then
    echo "The specified directory("$2") is not exist."
    return
  fi
  
  expiredTimeUnit=${1: -1}
  expiredTimeValue=${1:0:-1}
  
  if [ "$expiredTimeUnit" = "d" ]; then
    expiredTime=$(($expiredTimeValue * 24 * 60 * 60))
  elif [ "$expiredTimeUnit" = "h" ]; then
    expiredTime=$(($expiredTimeValue * 60 * 60))
  elif [ "$expiredTimeUnit" = "m" ]; then
    expiredTime=$(($expiredTimeValue * 60))
  else
    echo "The unit("$expiredTimeUnit") of file age is not supported."
    return
  fi
  
  for file in $(find $2 -type f -name "$3"); do
    local currentDate=$(date +%s)
    local modifyDate=$(stat -c %Y $file)
    local existTime=$(($currentDate - $modifyDate))
  
    if [ $existTime -gt $expiredTime ]; then
      echo "File cleaning succeeded,path:"$file"."
      rm -f $file
    fi
  done
}
  
deletefiles {{delayTime}} {{filePath}} "{{matchPattern}}"

参数说明

参数名 描述
delayTime 文件的有效时间。如 7d(代表7天),1h(代表1小时),5m(代表5分钟),默认是7d
filePath 清理文件路径。如:/root/log/
matchPattern 清理文件匹配格式,如 *.log。 支持正则匹配
文档反馈

开始与售前顾问沟通

可直接拨打电话 400-098-8505转1

我们的产品专家为您找到最合适的产品/解决⽅案

在线咨询 5*8⼩时

1v1线上咨询获取售前专业咨询

点击咨询
企微服务助手

专业产品顾问,随时随地沟通