京东云提供以下常见的运维命令脚本。
批量修改Linux系统云主机密码
#!/bin/bash
if [ -z '{{userName}}' ]; then
echo 'userName 为空(userName is empty)'
exit 1
fi
if [ -z '{{newPassword}}' ]; then
echo 'newPassword 为空(newPassword is empty)'
exit 2
fi
if passwd --help | grep "stdin" > /dev/null 2>&1; then
echo '{{newPassword}}' | passwd '{{userName}}' --stdin > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "User not found: {{userName}}"
exit -1
fi
else
echo '{{userName}}:{{newPassword}}' | chpasswd > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "User not found: {{userName}}"
exit -1
fi
fi
if grep -q "PasswordAuthentication no" /etc/ssh/sshd_config; then
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
systemctl restart sshd
fi
if ! faillock --user '{{userName}}' --reset &> /dev/null; then
pam_tally2 --user '{{userName}}' --reset &> /dev/null
fi
参数说明
参数名 | 描述 |
---|---|
userName | 用户名 |
newPassword | 新密码 |
批量修改Windows系统云主机密码
$userName="{{userName}}"
$newPassword="{{newPassword}}"
$UserAccountInfo=Get-WmiObject -Class Win32_UserAccount -Filter "Name='$userName'" | Select Name,Status,Disabled,Lockout,LocalAccount,PasswordExpires,PasswordChangeable,AccountType
echo $UserAccountInfo
if ($UserAccountInfo -eq $null -or $UserAccountInfo -eq "") {
Write-Host "User not found: $userName"
exit 1
}
if ($UserAccountInfo.Disabled -eq "True") {
net user $userName /active:yes |Out-Null
}
if ($UserAccountInfo.Lockout -eq "True") {
net user $userName /active:yes |Out-Null
}
net user $userName $newPassword
参数说明
参数名 | 描述 |
---|---|
userName | 用户名 |
newPassword | 新密码 |
查看Linux系统云主机实例目录占用磁盘空间大小
#!/bin/bash
du -sh {{directory}}
参数说明
参数名 | 描述 |
---|---|
directory | 目标目录 |
查看Linux系统云主机实例CPU占用率高的进程
#!/bin/bash
TOPK={{topk}}
SECS={{samplingTime}}
INTERVAL={{interval}}
STEPS=$(( $SECS / $INTERVAL ))
TEMP_FILE_PREFIX="/tmp/tat_public_cpu_usage"
echo Watching CPU usage...
for((i=0;i<$STEPS;i++))
do
ps -eocomm,pcpu | tail -n +2 >> $TEMP_FILE_PREFIX.$$
sleep $INTERVAL
done
echo
echo CPU eaters :
cat $TEMP_FILE_PREFIX.$$ | \
awk '
{ process[$1]+=$2;}
END{
for(i in process) {
printf("%-20s %s\n",i, process[i]) ;
}
}' | sort -nrk 2 | head -n $TOPK
rm $TEMP_FILE_PREFIX.$$
参数说明
参数名 | 描述 |
---|---|
topk | 前k个进程 |
samplingTime | 采样时间, 单位秒 |
interval | 采样间隔时间, 单位秒 |
给Linux系统云主机实例批量添加SSH公钥
#!/bin/bash
# ssh public key to be added.
sshPublicKey="{{sshPublicKey}}"
mkdir -p ~/.ssh && chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
echo $sshPublicKey >> ~/.ssh/authorized_keys
echo "operation success!"
参数说明
参数名 | 描述 |
---|---|
sshPublicKey | SSH公钥 |
在Linux系统云主机实例的iptables放开指定协议和端口
#!/bin/bash
# ports to be checked, seperated by comma.
PORTS="{{PORTS}}"
# supported protocols, available values: all, tcp, udp.
PROTOCOL="{{PROTOCOL}}"
gen_result() {
result=$1
err_info=$2
if [ "$result" == "success" ]; then
echo "result: success"
else
echo "result: failed"
echo "reason: $err_info"
fi
exit 0;
}
check_param() {
protocol=$1
if [ "$protocol" != "all" ] && [ "$protocol" != "tcp" ] && [ "$protocol" != "udp" ]; then
gen_result "failed" "PROTOCOL $protocol is not valid."
fi
ports=$2
IFS=',' read -ra arr <<< "$ports"
for port in "${arr[@]}"; do
[ -n "${port##*[!0-9]*}" ] || gen_result "failed" "port is not number."
done
}
open_port() {
port=$1
protocol=$2
protocols=($protocol)
if [ "$protocol" == "all" ]; then
protocols=("tcp" "udp")
fi
for item in "${protocols[@]}"; do
# clear outdated `DROP` and `ACCEPT` rules if exists.
iptables -D INPUT -p "$item" --dport "$port" -j DROP >/dev/null 2>&1
iptables -D INPUT -p "$item" --dport "$port" -j ACCEPT >/dev/null 2>&1
# insert new `ACCEPT` rule.
iptables -I INPUT -p "$item" --dport "$port" -j ACCEPT
done
}
main() {
check_param $PROTOCOL $PORTS
IFS=',' read -ra arr <<< "$PORTS"
for port in "${arr[@]}"; do
open_port "$port" $PROTOCOL || gen_result "failed" "open port failed: $port."
done
}
main && gen_result "success"
参数说明
参数名 | 描述 |
---|---|
PORTS | 待放开的端口,多个端口用英文逗号隔开 |
PROTOCOL | 待放开的协议, 可选值: all,tcp,udp |
检测Linux系统云主机实例的指定端口和协议是否被iptables封禁
#!/bin/bash
# ports to be checked, seperated by comma.
PORTS="{{PORTS}}"
# supported protocols, available values: all, tcp, udp.
PROTOCOL="{{PROTOCOL}}"
gen_result() {
result=$1
err_info=$2
if [ "$result" == "success" ]; then
echo "result: success"
else
echo "result: failed"
echo "reason: $err_info"
fi
exit 0;
}
check_param() {
protocol=$1
if [ "$protocol" != "all" ] && [ "$protocol" != "tcp" ] && [ "$protocol" != "udp" ]; then
gen_result "failed" "PROTOCOL $protocol is not valid."
fi
ports=$2
IFS=',' read -ra arr <<< "$ports"
for port in "${arr[@]}"; do
[ -n "${port##*[!0-9]*}" ] || gen_result "failed" "port is not number."
done
}
# check if port blocked for specific protocol.
is_port_blocked() {
port=$1
protocol=$2
blocked='false'
if [ "$protocol" == "all" ]; then
if iptables -L -n -v | grep "$port" | head -1 | grep 'tcp\|udp' | grep "DROP" >/dev/null; then
blocked='true'
fi
else
if iptables -L -n -v | grep "$port" | head -1 | grep "$protocol" | grep "DROP" >/dev/null; then
blocked='true'
fi
fi
echo "$port: $blocked"
}
main() {
check_param $PROTOCOL $PORTS
echo "result: success"
IFS=',' read -ra arr <<< "$PORTS"
for port in "${arr[@]}"; do
is_port_blocked "$port" $PROTOCOL
done
}
main
参数说明
参数名 | 描述 |
---|---|
PORTS | 待检测的端口,多个端口用英文逗号隔开 |
PROTOCOL | 待检测的协议, 可选值: all,tcp,udp |
批量在Linux系统云主机实例上显示僵尸进程
#!/bin/bash
processes=$(ps ax -o user,pid,ppid,pgid,args,stat,start,time)
zombies=$(echo -e "${processes}" | grep -E "\s(Z|z|Z.*)\s")
if [ $? == 1 ]; then
echo "no zombie processes exists on machine"
else
echo -e "${processes}" | head -1
echo "$zombies"
fi
批量在Linux实例云主机实例上安装或卸载yum/apt包
#!/bin/bash
function configurePackages() {
installer=$1
action=$2
packageName=$3
if [ "$installer" = "yum" ]; then
if [ "$action" = "install" ]; then
yum install -y $packageName
if [ $? -ne 0 ]; then
echo "Package install failed. Please check your command"
exit 1
fi
elif [ "$action" = "uninstall" ]; then
yum remove -y $packageName
if [ $? -ne 0 ]; then
echo "Package uninstall failed. Please check your command"
exit 1
fi
else
echo "Package command must be install or uninstall"
exit 1
fi
elif [ "$installer" = "apt-get" ]; then
if [ "$action" = "install" ]; then
apt-get -y install $packageName
if [ $? -ne 0 ]; then
echo "Package install failed. Please check your command"
exit 1
fi
elif [ "$action" = "uninstall" ]; then
apt-get -y remove $packageName
if [ $? -ne 0 ]; then
echo "Package uninstall failed. Please check your command"
exit 1
fi
else
echo "Package command must be install or uninstall"
exit 1
fi
else
echo "Unknown package installer. Only support yum/apt-get"
exit 1
fi
}
configurePackages {{installer}} {{action}} {{packageName}}
参数说明
参数名 | 描述 |
---|---|
installer | 包管理器 |
action | 安装或卸载 package |
packageName | yum/apt-get安装的包名 |
批量清理多台Linux系统云主机实例的磁盘
#!/bin/bash
function deletefiles() {
if [ ! -d $2 ]; then
echo "The specified directory("$2") is not exist."
return
fi
expiredTimeUnit=${1: -1}
expiredTimeValue=${1:0:-1}
if [ "$expiredTimeUnit" = "d" ]; then
expiredTime=$(($expiredTimeValue * 24 * 60 * 60))
elif [ "$expiredTimeUnit" = "h" ]; then
expiredTime=$(($expiredTimeValue * 60 * 60))
elif [ "$expiredTimeUnit" = "m" ]; then
expiredTime=$(($expiredTimeValue * 60))
else
echo "The unit("$expiredTimeUnit") of file age is not supported."
return
fi
for file in $(find $2 -type f -name "$3"); do
local currentDate=$(date +%s)
local modifyDate=$(stat -c %Y $file)
local existTime=$(($currentDate - $modifyDate))
if [ $existTime -gt $expiredTime ]; then
echo "File cleaning succeeded,path:"$file"."
rm -f $file
fi
done
}
deletefiles {{delayTime}} {{filePath}} "{{matchPattern}}"
参数说明
参数名 | 描述 |
---|---|
delayTime | 文件的有效时间。如 7d(代表7天),1h(代表1小时),5m(代表5分钟),默认是7d |
filePath | 清理文件路径。如:/root/log/ |
matchPattern | 清理文件匹配格式,如 *.log。 支持正则匹配 |
我们的产品专家为您找到最合适的产品/解决⽅案
1v1线上咨询获取售前专业咨询
专业产品顾问,随时随地沟通