Shell script topic (02): production common shell use cases

1. Thematic background

Recently, I used an automation platform (see Automated Operation and Maintenance Platform Spug Test for details ) to make weekly changes. The effect is very good. The platform has standardized and automated a large number of repetitive and tedious operations through script distribution. The core of the platform is distributed to each server. Shell script, I feel it is necessary to make a summary of shell script, so I have the idea of ​​writing this topic. This topic will introduce the various uses of shell scripts in combination with operation and maintenance. It is estimated that about 10 articles will include system inspection, monitoring, ftp upload and download, database query, log cleanup, clock synchronization, timing tasks, etc., which will involve shell commonly used Grammar, notes, debugging, etc.

2. Preface

This article is the second of the topic.

The article mainly introduces some shell statements recently used in daily production operation and maintenance, mainly including replacement, deletion, search for specified lines and specified characters, file transfer, column and column interchange, etc.

Three, shell use cases

1. Prohibit root login directly

Requirements: To ensure safety, direct login with root account is prohibited in production

before fixing:

[root@ansible /etc/ssh]# ll|grep sshd_config
-rw-------. 1 root root       3907 4月  11 2018 sshd_config
[root@ansible /etc/ssh]# more /etc/ssh/sshd_config|grep PermitRootLogin
#PermitRootLogin yes
# the setting of "PermitRootLogin without-password".

Before the modification, there is only one sshd_config file under the directory /etc/ssh and PermitRootLogin is configured as a comment state

After modification:

[root@ansible /etc/ssh]# sed -i.bak 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
[root@ansible /etc/ssh]# more /etc/ssh/sshd_config|grep PermitRootLogin                               
PermitRootLogin no
# the setting of "PermitRootLogin without-password".
[root@ansible /etc/ssh]# ll|grep sshd_config                                                          
-rw-------  1 root root       3905 1月  22 15:26 sshd_config
-rw-------. 1 root root       3907 4月  11 2018 sshd_config.bak

After the modification, the directory /etc/ssh has more backup files and the PermitRootLogin parameter is uncommented and is in no state

2. Update the sudoer list

Requirements: some accounts require root privileges

before fixing:

[root@ansible /etc]# cd
[root@ansible ~]# cd /etc
[root@ansible /etc]# ll|grep sudoers              
-r--r-----.  1 root root     4328 10月 30 2018 sudoers
drwxr-x---.  2 root root        6 10月 31 2018 sudoers.d
[root@ansible /etc]# more sudoers|grep 'ALL=(ALL)'
root    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL
# %wheel        ALL=(ALL)       NOPASSWD: ALL

Before modification, there is only sudoers file under /etc and no other accounts except root have root privileges

After modification:

[root@ansible /etc]# sed  -i.bak "/root.*ALL=(ALL).*ALL/a\app    ALL=(ALL)       ALL"  /etc/sudoers
[root@ansible /etc]# ll|grep sudoers                                                               
-r--r-----   1 root root     4355 1月  22 16:05 sudoers
-r--r-----   1 root root     4328 1月  22 15:53 sudoers.bak
drwxr-x---.  2 root root        6 10月 31 2018 sudoers.d
[root@ansible /etc]# more sudoers|grep 'ALL=(ALL)'                                                 
root    ALL=(ALL)       ALL
app    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       ALL
# %wheel        ALL=(ALL)       NOPASSWD: ALL

After the modification, there is an additional backup file sudoers.bak in /etc and the line under root has more information about the app account, so that the app has root privileges

3.scp copy multiple directories or files

Requirements: Copy multiple local files to the remote or copy multiple files from the remote to the local

Copy locally to remote directory:

[root@ansible ~]# touch  a.txt b.txt c.txt
[root@ansible ~]# mkdir d
[root@ansible ~]# scp -v -r a.txt b.txt c.txt d [email protected]:/tmp

Create a new file a.txt b.txt c.txt and directory d locally and copy them to the /tmp directory of the remote host

Copy the remote directory to the local:

[root@157 ~]# touch 01.sh 02.sh 03.sh
[root@157 ~]# mkdir 04

[root@ansible ~]# scp -v -r [email protected]:/root/\{01.sh,02.sh,03.sh,04\} /tmp

Create a new file 01.sh 02.sh 03.sh and directory 04 on 157 and copy them to the local /tmp directory

4. Delete existing scheduled tasks

Requirement: delete the specified timed task

[root@ansible /var/spool/cron]# crontab -l
0 0 * * * /usr/sbin/ntpdate -u ntpserver  >> /tmp/ntp.log
[root@ansible /var/spool/cron]# sed -i.bak '/\/usr\/sbin\/ntpdate/d' /var/spool/cron/root

Note that "/" needs to be escaped when matching /usr/sbin/ntpdate

5. Swap between columns and columns

Requirement: swap the ip and hostname in the /etc/hosts file, the format of the host list in ansible is hostname+ip

before fixing:

[root@ansible ~]# cd /etc
[root@ansible /etc]# cp hosts hosts-ansible.txt 
[root@ansible /etc]# more hosts-ansible.txt 
10.17.6.137          loong576-file01
10.17.6.129          loong576-kxxl01
10.17.6.130          loong576-kxxl02
10.17.6.131          loong576-capp01
10.17.6.132          loong576-capp02
10.17.6.128          loong576-pbgw01
10.17.6.127          loong576-pbgw02
10.17.6.134          loong576-xucs01
10.17.6.133          loong576-xucs02
10.17.6.136          loong576-webc01
10.17.6.135          loong576-webc02
10.17.6.14           loong576-gwxx-1
10.17.6.15           loong576-gwxx-2
10.17.6.18           loong576-mysql1
10.17.6.17           loong576-mysql2

After modification:

[root@ansible /etc]# awk '{print $2,$1 > "hosts-ansible.txt"}' hosts-ansible.txt 
[root@ansible /etc]# more hosts-ansible.txt 
loong576-file01 10.17.6.137
loong576-kxxl01 10.17.6.129
loong576-kxxl02 10.17.6.130
loong576-capp01 10.17.6.131
loong576-capp02 10.17.6.132
loong576-pbgw01 10.17.6.128
loong576-pbgw02 10.17.6.127
loong576-xucs01 10.17.6.134
loong576-xucs02 10.17.6.133
loong576-webc01 10.17.6.136
loong576-webc02 10.17.6.135
loong576-gwxx-1 10.17.6.14
loong576-gwxx-2 10.17.6.15
loong576-mysql1 10.17.6.18
loong576-mysql2 10.17.6.17

This script can easily realize the position exchange of ip and hostname

6. Add specified line

Requirements: Add the parameter'ansible_ssh_host=' at the same time before the ip address 10.17.6

[root@ansible /etc]# sed -i 's/10.17.6/ansible_ssh_host=&/' hosts-ansible.txt 

Through 5 and 6, the format of ip+hostname of /etc/hosts can be easily converted into the format of hostname+ansible_ssh_host=+ip to meet the format requirements of ansible for hostname

Through 5 and 6, the format of ip+hostname of /etc/hosts can be easily converted into the format of hostname+ansible_ssh_host=+ip to meet the format requirements of ansible for hostname

7.find, xargs, rm delete found files

Requirements: Use find to find files that meet the conditions and delete them

[root@ansible /]# find ./ -name *[0-9]\*.bak
./home/a001.bak
./opt/04.txt.bak
./opt/03.bak
./tmp/09.bak
./tmp/10.txt.bak
./usr/05.bak
./usr/06.txt.bak
./var/07.bak
./var/08.txt.bak
./root/02.txt.bak
./root/01.bak
[root@ansible /]# find ./ -name *[0-9]\*.bak|xargs rm -rf
[root@ansible /]# find ./ -name *[0-9]\*.bak

Find all files starting with a number and ending with .bak, then delete

8.sed, find, grep delete/replace specified characters in files

Requirements: Find the string containing'loong576' in all files and replace or delete

before fixing:

[root@ansible-awx os-check]# find .|xargs grep -rl 'loong576'                                  
./defaults/main.yaml
./files/check_linux.sh
./tasks/main.yaml
./defaults/main.yaml
./defaults/main.yaml
./files/check_linux.sh
./files/check_linux.sh
./tasks/main.yaml
./tasks/main.yaml
[root@ansible-awx os-check]# find .|xargs grep -ri 'loong576'                                
./defaults/main.yaml:# Created by loong576 2020.05 
./files/check_linux.sh:# Created by loong576 2020.05 
./tasks/main.yaml:# Created by loong576 2020.05 
./defaults/main.yaml:# Created by loong576 2020.05 
./defaults/main.yaml:# Created by loong576 2020.05 
./files/check_linux.sh:# Created by loong576 2020.05 
./files/check_linux.sh:# Created by loong576 2020.05 
./tasks/main.yaml:# Created by loong576 2020.05 
./tasks/main.yaml:# Created by loong576 2020.05 

Find the list of files containing the word loong576 and point out the specific characters contained in the file

After modification: Change the comment of'Created by loong576 2020.05' to'Created by loong576 2021.01'

[root@ansible-awx os-check]# sed -i "s/2020.05/2021.01/g"  `find .|xargs grep -rl 'loong576'` 
[root@ansible-awx os-check]# find .|xargs grep -ri 'loong576'                                 
./defaults/main.yaml:# Created by loong576 2021.01 
./files/check_linux.sh:# Created by loong576 2021.01 
./tasks/main.yaml:# Created by loong576 2021.01 
./defaults/main.yaml:# Created by loong576 2021.01 
./defaults/main.yaml:# Created by loong576 2021.01 
./files/check_linux.sh:# Created by loong576 2021.01 
./files/check_linux.sh:# Created by loong576 2021.01 
./tasks/main.yaml:# Created by loong576 2021.01 
./tasks/main.yaml:# Created by loong576 2021.01 

Delete time:

[root@ansible-awx os-check]# sed -i "s/2021.01//g"  `find .|xargs grep -rl 'loong576'`               
[root@ansible-awx os-check]# find .|xargs grep -ri 'loong576'                          
./defaults/main.yaml:# Created by loong576  
./files/check_linux.sh:# Created by loong576  
./tasks/main.yaml:# Created by loong576  
./defaults/main.yaml:# Created by loong576  
./defaults/main.yaml:# Created by loong576  
./files/check_linux.sh:# Created by loong576  
./files/check_linux.sh:# Created by loong576  
./tasks/main.yaml:# Created by loong576  
./tasks/main.yaml:# Created by loong576

9. Specify a character to add characters to the front and the previous line, and add a new line to the last line

Requirement: When configuring ntp server, you need to add a new line on the specified character in the configuration file /etc/ntp.conf, comment some default configurations (add # before the specified character), and add a new line at the end of the configuration file /etc/hosts

Add a new line on the specified character:

[root@ansible ~]# sed -i '/driftfile/i server ntpserver iburst' /etc/ntp.conf 

Add'server ntpserver iburst' to the specified line of driftfile

Note some default configurations (add # before the specified characters):

[root@ansible ~]# sed -i '/centos.pool.ntp.org/s/^/#/' /etc/ntp.conf

Comment'server [0..3].centos.pool.ntp.org iburst'

Before the change:

After the change:

Add in the last line:

[root@ansible ~]# sed -i '$a 172.16.7.157    ntpserver' /etc/hosts

4. Summary of this article

This article mainly introduces some commonly used shell use cases, involving daily search, replacement, file transfer, etc. The commands used mainly include find, sed, xargs, scp, etc. The shell script is to logically combine the various commands according to the unusable purpose, and mastering these commands will have a multiplier effect on the subsequent scripting.

 

 

For more please pay attention: shell topic