iaas-pre-host.sh脚本详解

iaas-pre-host.sh

#!/bin/bash
source /etc/iaas-openstack/openrc.sh  # 自动生成环境变量

#selinux
sed -i 's/SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config # 将 selinux 的状态为 permissive （永久关闭）
setenforce 0  # 临时设置 selinux 模式为 permissive （临时关闭）

#firewalld
systemctl stop firewalld  # 关闭防火墙
systemctl disable firewalld  >> /dev/null 2>&1  # 防火墙开机不启动

#NetworkManager
systemctl stop NetworkManager >> /dev/null 2>&1   # 关闭 NetworkManager 服务
systemctl disable NetworkManager >> /dev/null 2>&1   # NetworkManager 服务开机不启动
yum remove -y NetworkManager firewalld  # 删除 NetworkManager 和 firewalld 服务
systemctl restart network   # 重启网络服务

#iptables
yum install  iptables-services  -y  # 安装 iptables-services 服务
if [ 0  -ne  $? ]; then   # 查看 iptables 是否安装成功，失败就直接退出并打印以下
    echo -e "\033[31mThe installation source configuration errors\033[0m"
    exit 1
fi
systemctl restart iptables  # 重启 iptables 服务
iptables -F  # 清除所有规则
iptables -X  # 清除所有自定义规则
iptables -Z  # 计数器清零
/usr/sbin/iptables-save  # 保存修改
systemctl stop iptables  # 关闭 iptables
systemctl disable iptables  # 禁用 iptables

# install package 
sed -i -e 's/#UseDNS yes/UseDNS no/g' -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config  # 关闭 dns 域名解析，关闭 gssapi 认证(提高SSH的连接速度)
yum upgrade -y  # 升级所有包
yum install python-openstackclient openstack-selinux openstack-utils crudini expect -y # 安装openstack的python的openstack客户端、openstack安全组件、openstack工具、ini编辑器、交互式编辑语

#hosts
# 设置主机名
if [[ `ip a |grep -w $HOST_IP ` != '' ]];then 
    hostnamectl set-hostname $HOST_NAME
elif [[ `ip a |grep -w $HOST_IP_NODE ` != '' ]];then 
    hostnamectl set-hostname $HOST_NAME_NODE
else
    hostnamectl set-hostname $HOST_NAME
fi
# 配置主机名映射
sed -i -e "/$HOST_NAME/d" -e "/$HOST_NAME_NODE/d" /etc/hosts
echo "$HOST_IP $HOST_NAME" >> /etc/hosts
echo "$HOST_IP_NODE $HOST_NAME_NODE" >> /etc/hosts

#ssh
# 生成密钥在传给另一个结点的ssh
if [[ ! -s ~/.ssh/id_rsa.pub ]];then
    ssh-keygen  -t rsa -N '' -f ~/.ssh/id_rsa -q -b 2048
fi
name=`hostname`
if [[ $name == $HOST_NAME ]];then
expect -c "set timeout -1;
               spawn ssh-copy-id  -i /root/.ssh/id_rsa $HOST_NAME_NODE;
               expect {
                   *password:* {send -- $HOST_PASS_NODE\r;
                        expect {
                            *denied* {exit 2;}
                            eof}
                    }
                   *(yes/no)* {send -- yes\r;exp_continue;}
                   eof         {exit 1;}
               }
               "
else
expect -c "set timeout -1;
               spawn ssh-copy-id  -i /root/.ssh/id_rsa $HOST_NAME;
               expect {
                   *password:* {send -- $HOST_PASS\r;
                        expect {
                            *denied* {exit 2;}
                            eof}
                    }
                   *(yes/no)* {send -- yes\r;exp_continue;}
                   eof         {exit 1;}
               }
               "
fi

#chrony
# 配置时间同步
yum install -y chrony
if [[ $name == $HOST_NAME ]];then
        sed -i '3,6s/^/#/g' /etc/chrony.conf
        sed -i '7s/^/server controller iburst/g' /etc/chrony.conf
        echo "allow $network_segment_IP" >> /etc/chrony.conf
        echo "local stratum 10" >> /etc/chrony.conf
else
        sed -i '3,6s/^/#/g' /etc/chrony.conf
        sed -i '7s/^/server controller iburst/g' /etc/chrony.conf
fi

systemctl restart chronyd
systemctl enable chronyd

#DNS
# 配置DNS服务
if [[ $name == $HOST_NAME ]];then
yum install bind -y
sed -i -e '13,14s/^/\/\//g' \
-e '19s/^/\/\//g' \
-e '37,42s/^/\/\//g' \
-e 's/recursion yes/recursion no/g' \
-e 's/dnssec-enable yes/dnssec-enable no/g' \
-e 's/dnssec-validation yes/dnssec-validation no/g' /etc/named.conf 
systemctl start named.service
systemctl enable named.service
fi
printf "\033[35mPlease Reboot or Reconnect the terminal\n\033[0m"