不常用的脚本,收集起来方便以后使用.
动机
都是一些日常很少用到的备份脚本,因为比较少用,所以写完可能过一段时间或者换工作了,就忘了又要重新写,重新百度一遍,这里也是为了以后方便使用才收集起来的。
nginx
idc 机房的 nginx 一般条件好的都会做好几台来负载均衡,条件差的就一台,那就很有必要把配置异地备份,不然万一哪一天虚拟机坏了,就又得重头重新配置,还容易漏。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
#!/bin/bash
# Nginx自动备份脚本
# Nginx 备份地址
LocalBackDir=/data/servers/backups
DataDir=/data/servers/nginx
# 备份日志文件
LogFile=/opt/devops/scripts/Nginx_backup.log
# 新建备份日志文件
touch $LogFile
echo "-------------------------------------------------------------------------" >> $LogFile
echo "Nginx auto backup at local server, start at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
cd $DataDir
tar -czvf $LocalBackDir/dev-nginx-l4-2-198.tar.gz conf
# 查找本地备份目录修改时间为10分钟以内且后缀为.tar的Nginx备份文件
Backfile_Send_To_Remote=`find $LocalBackDir -type f -mmin -10 -name '*.gz' | tail -1` >> $LogFile 2>&1
# 备份到阿里云的oss
cd /opt/devops/scripts
/usr/sbin/ossutil64 cp -f ${Backfile_Send_To_Remote} oss://your-oss-repositry/backups/nginx/ -c ./.ossutilconfig
# 清理备份
find ${LocalBackDir} -type f -mtime +3 -exec rm {} \;
if [ $? -eq 0 ];then
# 追加日志到日志文件
echo "Nginx auto clean backup at local server successed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
else
# 追加日志到日志文件
echo "Nginx auto clean backup at local server failed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
fi
|
confluence
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# Wiki自动备份脚本
# Wiki 备份地址
LocalBackDir=/data1/storage/confluence/backups
# 备份日志文件
LogFile=/opt/devops/scripts/wiki_backup.log
# 新建备份日志文件
touch $LogFile
echo "-------------------------------------------------------------------------" >> $LogFile
# 查找本地备份目录修改时间为10分钟以内且后缀为.tar的Wiki备份文件
Backfile_Send_To_Remote=`find $LocalBackDir -type f -mmin -120 -name '*.zip' | tail -1` >> $LogFile 2>&1
# 备份到阿里云的oss
cd /opt/devops/scripts
/usr/sbin/ossutil64 cp -f ${Backfile_Send_To_Remote} oss://your-oss-repositry/backups/wiki/ -c ./.ossutilconfig
# 清理备份
find ${LocalBackDir} -type f -mtime +3 -exec rm {} \;
if [ $? -eq 0 ];then
# 追加日志到日志文件
echo "Wiki auto clean backup at local server successed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
else
# 追加日志到日志文件
echo "Wiki auto clean backup at local server failed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
fi
|
openldap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
#!/bin/bash
# Ldap自动备份脚本
# Ldap 备份地址
LocalBackDir=/data1/storage/backups/openldap
DataDir=/data1/storage
# 备份日志文件
LogFile=/opt/devops/scripts/ldap_backup.log
# 新建备份日志文件
touch $LogFile
echo "-------------------------------------------------------------------------" >> $LogFile
echo "Ldap auto backup at local server, start at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
cd $DataDir
tar -czvf $LocalBackDir/openldap.tar.gz openldap
# 查找本地备份目录修改时间为10分钟以内且后缀为.tar的Ldap备份文件
Backfile_Send_To_Remote=`find $LocalBackDir -type f -mmin -10 -name '*.gz' | tail -1` >> $LogFile 2>&1
# 备份到阿里云的oss
cd /opt/devops/scripts
/usr/sbin/ossutil64 cp -f ${Backfile_Send_To_Remote} oss://your-oss-repositry/backups/ldap/ -c ./.ossutilconfig
# 清理备份
find ${LocalBackDir} -type f -mtime +3 -exec rm {} \;
if [ $? -eq 0 ];then
# 追加日志到日志文件
echo "Ldap auto clean backup at local server successed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
else
# 追加日志到日志文件
echo "Ldap auto clean backup at local server failed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
fi
|
etcd
1
2
3
|
etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/peer.crt --key=/etc/kubernetes/pki/etcd/peer.key --endpoints=192.168.2.232:2379 snapshot save /opt/devops/etcd_backup/`hostname`-etcd_`date +%Y%m%d%H%M`.db
find /opt/devops/etcd_backup -type f -mtime +3 -exec rm {} \;
|
gitlab
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
# Gitlab自动备份脚本
#Gitlab 备份地址
LocalBackDir=/var/opt/gitlab/backups
#需要手动备份的文件
GitlabRb=/etc/gitlab/gitlab.rb
GitlabSecrets=/etc/gitlab/gitlab-secrets.json
#备份日志文件
LogFile=/opt/devops/scripts/gitlab_backup.log
#新建备份日志文件
touch $LogFile
echo "-------------------------------------------------------------------------" >> $LogFile
#记录本地生成gitlab备份日志
echo "Gitlab auto backup at local server, start at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
#执行gitlab本地备份
gitlab-rake gitlab:backup:create >> $LogFile 2>&1
# $?符号显示上一条命令的返回值,如果为0则代表执行成功,其他表示失败
if [ $? -eq 0 ];then
#追加日志到日志文件
echo "Gitlab auto backup at local server successed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
else
#追加日志到日志文件
echo "Gitlab auto backup at local server failed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
fi
#查找本地备份目录修改时间为10分钟以内且后缀为.tar的Gitlab备份文件
Backfile_Send_To_Remote=`find $LocalBackDir -type f -mmin -10 -name '*.tar' | tail -1` >> $LogFile 2>&1
# 备份到阿里云的oss
cd /opt/devops/scripts
/usr/sbin/ossutil64 cp ${Backfile_Send_To_Remote} oss://your-oss-repositry/backups/gitlab/ -c ./.ossutilconfig
/usr/sbin/ossutil64 cp -f ${GitlabRb} oss://your-oss-repositry/backups/gitlab/ -c ./.ossutilconfig
/usr/sbin/ossutil64 cp -f ${GitlabSecrets} oss://your-oss-repositry/backups/gitlab/ -c ./.ossutilconfig
# 清理备份
find ${LocalBackDir} -type f -mtime +3 -exec rm {} \;
if [ $? -eq 0 ];then
# 追加日志到日志文件
echo "Gitlab auto clean backup at local server successed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
else
# 追加日志到日志文件
echo "Gitlab auto clean backup at local server failed at $(date +"%Y-%m-%d %H:%M:%S")" >> $LogFile
fi
|
ssh加固
这个脚本是很久之前搞的,用的比较笨的方法手工一条条去操作,而且逻辑是先匹配到匹配的行,改为默认值,再删掉,防止多次执行产生多行相同的行,实际上这里可以用 ansible 的 lineinfile 模块去做,更方便,而且他本身就帮你做了去重,有兴趣的朋友可以去了解一下。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
#!/bin/bash
# 创建用户及秘钥
useradd devops -m -u 1000 -p 密码
mkdir /home/devops/.ssh
chmod 700 /home/devops/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCQkYVtARA7RQ/Fy3oe6..." > /home/devops/.ssh/authorized_keys
chmod 600 /home/devops/.ssh/authorized_keys
chown -R devops:devops /home/devops/.ssh
# 配置ssh及profile
sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i '/PermitRootLogin no/d' /etc/ssh/sshd_config
sed -i '$a\PermitRootLogin no' /etc/ssh/sshd_config
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i '/PasswordAuthentication yes/d' /etc/ssh/sshd_config
sed -i '$a\PasswordAuthentication no' /etc/ssh/sshd_config
sed -i 's/^PermitEmptyPasswords yes/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sed -i '/PermitEmptyPasswords no/d' /etc/ssh/sshd_config
sed -i '$a\PermitEmptyPasswords no' /etc/ssh/sshd_config
sed -i 's/^PubkeyAuthentication yes/PubkeyAuthentication no/' /etc/ssh/sshd_config
sed -i '/PubkeyAuthentication no/d' /etc/ssh/sshd_config
sed -i '$a\PubkeyAuthentication yes' /etc/ssh/sshd_config
sed -i '/MaxAuthTries/d' /etc/ssh/sshd_config
sed -i '$a\MaxAuthTries 5' /etc/ssh/sshd_config
sed -i '/Protocol/d' /etc/ssh/sshd_config
sed -i '$a\Protocol 2' /etc/ssh/sshd_config
sed -i 's/X11Forwarding yes/X11Forwarding no/' /etc/ssh/sshd_config
sed -i '/AllowTcpForwarding no/d' /etc/ssh/sshd_config
sed -i '$a\AllowTcpForwarding no' /etc/ssh/sshd_config
sed -i '/TMOUT=3600/d' /etc/profile
sed -i '$a\TMOUT=3600' /etc/profile
sed -i '/HISTTIMEFORMAT/d' /etc/profile
sed -i '$a\export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S] [${USER_IP}${LOGNAME}] "' /etc/profile
sed -i '/HISTSIZE=3000/d' /etc/profile
sed -i '$a\HISTSIZE=3000' /etc/profile
source /etc/profile
systemctl restart sshd
|
最后
后续有新的脚本会继续在这里更新。