运用shell脚本自动化部署LAMP环境
1.安装Apache
2.安装数据库服务
3.安装php
(1)使用IP访问/phpinfo.php
4.安装phpMyAdmin
(1)使用IP访问phpmyadmin
5.使用防火墙规则使三台虚拟机互不相连
(1)修改SSH端口为10022,增加HTTP端口为10080,修改phpMdAmin端口为学号后五位。
(2)只允许10080访问Myadmin,三个IP互不ping通
环境准备
(ip为10.0.0.120的虚拟机为主机,然后分别克隆两台ip为10.0.0.121的客户机和ip为10.0.0.122的测试机;主机需安装Apache,PHP和phpMyAdmin,客户机需安装Mysql,且三台虚拟机都能进行远程连接即开启SSH服务)
主机名及IP
主机名 |
IP地址 |
localhost(主机) |
10.0.0.120 |
localhost(客户机) |
10.0.0.121 |
localhost(测试机) |
10.0.0.122 |
对于该需求编写了以下脚本。下面将挨个展示编写的脚本。
main.sh(主函数)
#!/bin/bash
while true; do
clear
echo -e "Welcome\n"
echo "1. Apache"
echo "2. php/php-fpm"
echo "3. phpMyAdmin"
echo "4. Database"
echo "5. firewalld(web)"
echo "6. firewalld(Database)"
echo "7. firewalld(test)"
echo "8. exit"
read -p "请输入您的选择: " choice
case $choice in
1)
./Apache.sh
;;
2)
./php.sh
;;
3)
./phpMyAdmin.sh
;;
4)
./Database.sh
;;
5)
./firewalldweb.sh
;;
6)
./firewalldDatabase.sh
;;
7)
./firewalldtest.sh
;;
8)
echo -e "\n退出中..."
exit 0
;;
*)
echo -e "\n无效的选择。请输入1到8之间的数字。\n"
;;
esac
read -n1 -r -p "按任意键继续..."
done
main.sh使用一个“菜单”的模式用户按需选择自动化安装的服务。
Apache.sh
#!/bin/bash
# 检查是否已经安装Apache
function apachecheck(){
echo "[INFO] 检查是否已经安装Apache..."
if command -v httpd &> /dev/null; then
echo "[INFO] Apache 已安装."
read -p "是否要删除已安装的Apache? (Y/N): " confirm
if [[ $confirm == [Yy] ]]; then
echo "[INFO] 删除已安装的httpd..."
systemctl stop httpd
yum remove -y httpd
else
echo "[INFO] 保留已安装的Apache, 退出脚本."
exit 0
fi
fi
}
#安装Apache
function apacheinstall(){
echo "[INFO] 开始Apache安装, 请等待..."
yum install -y httpd
systemctl start httpd
systemctl status httpd
systemctl enable httpd
}
#修改Apache端口
function apachefix(){
setenforce 0
systemctl stop firewalld
echo "[INFO] 开始修改Apache端口, 请等待..."
echo ' Listen 10080' | sudo tee -a /etc/httpd/conf/httpd.conf >/dev/null
systemctl restart httpd
netstat -tuln
}
#主函数
main(){
apachecheck
apacheinstall
apachefix
}
main
Apache.sh使用户可以按需安装Apache(开放源码的网页服务器,跨平台、安全、流行,支持众多网站运行。)
php.sh
#!/bin/bash
# 检查是否已经安装php
function phpcheck(){
echo "[INFO] 检查是否已经安装php..."
if command -v php &> /dev/null; then
echo "[INFO] php 已安装."
read -p "是否要删除已安装的php? (Y/N): " confirm
if [[ $confirm == [Yy] ]]; then
echo "[INFO] 删除已安装的php..."
yum remove -y php
yum remove -y php-mysqli
yum remove -y php-fpm
else
echo "[INFO] 保留已安装的php, 退出脚本."
exit 0
fi
fi
}
#安装php
function phpinstall(){
echo "[INFO] 开始php安装, 请等待..."
yum install -y php
php -v
yum remove -y php*
yum install -y yum-utils
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum-config-manager --disable 'remi-php*'
sudo yum-config-manager --enable remi-php80
sudo yum install -y php
sudo yum install -y php-{extension_name}
php -v
yum install -y php-mysqli
yum install -y php-fpm
systemctl start httpd
systemctl status httpd
}
#修改php配置文件
function phpfix(){
setenforce 0
systemctl stop firewalld
echo "[INFO] 开始修改php配置文件, 请等待..."
touch /var/www/html/phpinfo.php
echo '<?php
phpinfo();
?>' | sudo tee -a /var/www/html/phpinfo.php >/dev/null
systemctl restart httpd
systemctl status httpd
}
#主函数
main(){
phpcheck
phpinstall
phpfix
}
Main
用户可按需安装php(PHP是开源的服务器端脚本语言,适用于Web开发,简单易学且功能强大。)
phpMyAdmin.sh
#!/bin/bash
# 检查是否已经安装phpMyAdmin
function phpMyAdmincheck() {
echo "[INFO] 检查是否已经安装phpMyAdmin..."
if [ -d "/var/www/html/phpMyAdmin" ]; then
echo "[INFO] phpMyAdmin 已安装."
read -p "是否要删除已安装的phpMyAdmin? (Y/N): " confirm
if [[ $confirm == [Yy] ]]; then
echo "[INFO] 删除已安装的phpMyAdmin..."
# 注意:这里使用 rm -rf 需要非常小心,因为它会递归地删除目录及其内容
# 在生产环境中,建议先进行备份
rm -rf /var/www/html/phpMyAdmin
echo "[INFO] phpMyAdmin 已删除."
else
echo "[INFO] 保留已安装的phpMyAdmin, 退出脚本."
exit 0
fi
else
echo "[INFO] phpMyAdmin 未安装."
fi
}
#安装phpMyAdmin
function phpMyAdmininstall(){
echo "[INFO] 开始phpMyAdmin安装, 请等待..."
wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz
cd /var/www/html/
mkdir phpMyAdmin
tar -xvzf /root/phpMyAdmin-latest-all-languages.tar.gz -C /var/www/html/phpMyAdmin --strip-components 1
yum install php-mbstring php-xml -y
systemctl restart httpd.service
systemctl restart php-fpm.service
}
# 配置phpMyAdmin
function phpMyAdminfix() {
setenforce 0
systemctl stop firewalld
cd /var/www/html/phpMyAdmin
cp config.sample.inc.php config.inc.php
# 设置配置文件路径
CONFIG_FILE="/var/www/html/phpMyAdmin/config.inc.php"
# 备份原始文件
cp "$CONFIG_FILE" "$CONFIG_FILE.bak"
# 索引值,phpMyAdmin通常使用1作为默认服务器索引
I=1
# 新的数据库连接信息
HOST='10.0.0.121'
USER='ymy'
PASSWORD='123456'
PORT='30317'
# 检查配置项是否存在,如果不存在则追加到文件末尾
function append_if_not_exists() {
local key="$1"
local value="$2"
grep -qF "\$cfg['Servers'][$I]['$key'] = $value;" "$CONFIG_FILE" || echo "\$cfg['Servers'][$I]['$key'] = $value;" >> "$CONFIG_FILE"
}
# 使用函数追加配置项
append_if_not_exists 'host' "'$HOST'"
append_if_not_exists 'compress' 'false'
append_if_not_exists 'AllowNoPassword' 'false'
append_if_not_exists 'user' "'$USER'"
append_if_not_exists 'password' "'$PASSWORD'"
append_if_not_exists 'port' "'$PORT'"
append_if_not_exists 'socket' "''"
systemctl restart php-fpm
systemctl restart httpd
setenforce 0
systemctl stop firewalld.service
}
#主函数
main(){
phpMyAdmincheck
phpMyAdmininstall
phpMyAdminfix
}
Main
用户可按需安装phpMyAdmin(phpMyAdmin 是一个基于 web 的 MySQL 数据库管理工具。它允许用户通过 web 界面来管理 MySQL 数据库,执行 SQL 查询,管理数据库表、字段、索引、关系等,以及进行数据的增删改查等操作。)。脚本中填写的用户信息与端口需与数据库一一对应,所连IP也是数据库的。
Database.sh
#!/bin/bash
# date: 2024-01-21
# file: mysql5.7.sh
# info: 安装mysql5.7
########################################################################
binDir='/usr/local/mysql' # mysql程序安装目录
dataDir='/bigdata/mysql/mysqldata' # mysql数据存储目录
mysqlPassword='123456' # mysql超级用户密码
########################################################################
BASE=$(cd `dirname $0` && pwd)
cd $BASE
check() {
# 检查路径变量, 附上rm -fr误删
keyword='/mysql'
if ! echo "${binDir}" |grep ${keyword} &>/dev/null; then
echo "[ERROR] ${binDir}配置错误, 没有包含${keyword}"
exit 1
fi
if ! echo "${dataDir}" |grep ${keyword} &>/dev/null; then
echo "[ERROR] ${dataDir}配置错误, 没有包含${keyword}"
exit 1
fi
}
installmysql() {
# 解压
echo "[INFO] 开始解压mysql安装包, 请等待..."
tar zxf mysql-5.7.25-linux-glibc2.12-x86_64.tar.gz && mv mysql-5.7.25-linux-glibc2.12-x86_64 ${binDir}
}
mkdirmysql() {
setenforce 0
systemctl stop firewalld
# 添加用户组
echo "[INFO] 创建mysql组与用户..."
groupadd mysql 2>/dev/null
useradd -r -g mysql mysql 2>/dev/null
# 创建数据目录
echo "[INFO] 创建mysql数据目录..."
mkdir -p ${dataDir} && chown -R mysql:mysql ${dataDir}
chown -R mysql:mysql ${binDir}
# 创建mysql配置文件
echo "[INFO] 创建mysql配置文件:/etc/my.cnf ..."
read -p "输入mysql连接的端口" PORT
cat >/etc/my.cnf <<EOF
[mysqld]
character-set-server=utf8
server-id = 1
lower_case_table_names=1
basedir=${binDir}
datadir=${dataDir}
user=mysql
symbolic-links=0
federated
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
port=$PORT
[client]
default-character-set=utf8
[mysqld_safe]
default-storage-engine=INNODB
character-set-server=utf8
collation-server=utf8_general_ci
EOF
}
usemysql() {
# 初始化mysql
echo "[INFO] 初始化mysql..."
${binDir}/bin/mysqld --defaults-file=/etc/my.cnf --basedir=${binDir} --datadir=${dataDir} --user=mysql --initialize-insecure
# 添加开机启动
echo "[INFO] 添加mysql服务, 以及开机启动..."
ln -sf ${binDir}/bin/mysql /usr/local/bin/mysql
ln -sf ${binDir}/support-files/mysql.server /etc/init.d/mysql
/usr/bin/systemctl enable mysql
# 启动mysql
echo "[INFO] 启动mysql服务..."
service mysql start
if [ $? -ne 0 ];then
echo "[ERROR] mysql启动失败, 查看mysql日志: ${dataDir}下的.err文件"
exit 2
fi
}
adduser(){
read -p "请输入想要添加的用户名:" name
read -p "请输入想要添加的密码:" passwd
read -p "请输入想要添加的IP:" ip
echo "[INFO] 修改mysql用户密码..."
${binDir}/bin/mysql -uroot <<EOF
SET PASSWORD = PASSWORD('${mysqlPassword}');
ALTER USER 'root'@'localhost' PASSWORD EXPIRE NEVER;
create database $name;
create user '$name' identified by '$passwd';
grant all on *.* to $name@"$ip" identified by "$passwd";
UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
FLUSH PRIVILEGES;
EOF
}
#检查Mysql是否存在
checkmysql() {
if command -v mysql &> /dev/null; then
echo "MySQL服务已安装。"
# 清理mysql进程
echo "[INFO] 停止mysql进程, 并清理目录: ${binDir}, ${dataDir}..."
service mysql stop &>/dev/null
test -d ${binDir}
rm -rf ${binDir}
test -d ${dataDir}
rm -rf ${dataDir}
check
installmysql
mkdirmysql
usemysql
adduser
else
echo "MySQL服务未安装,现在开始安装"
check
installmysql
mkdirmysql
usemysql
adduser
echo "[INFO] 安装完成"
exit 0
fi
}
checkmysql
用户可按需下载数据库,安装完成后可自定义创建用户与数据库连接IP及数据库所连端口
Firewalldweb.sh
#!/bin/bash
#修改ssh端口
fix_ssh(){
# 备份SELinux配置文件
cp /etc/selinux/config /etc/selinux/config.bak
echo "[INFO] SELinux配置文件已备份为/etc/selinux/config.bak"
# 修改SELinux状态为disabled
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
echo "[INFO] SELinux状态已设置为disabled"
# 询问用户是否立即重启系统
read -p "SELinux状态已更改,是否现在重启系统?(y/n) " answer
case $answer in
y|Y )
echo "[INFO] 正在重启系统..."
sudo reboot
;;
n|N )
echo "[INFO] 系统未重启,SELinux状态将在下次重启时生效。"
;;
* )
echo "错误:无效的输入,请输入y或n。"
;;
esac
#修改ssh端口
echo "[INFO] 修改ssh端口号..."
echo ' Port 10022' | sudo tee -a /etc/ssh/sshd_config >/dev/null
#重启mysql
service sshd restart
}
# 检查并添加防火墙规则的函数
add_firewall_rule() {
local rule=$1
if firewall-cmd --permanent --query-rich-rule="$rule"; then
echo "规则已存在: $rule"
exit 0
else
firewall-cmd --permanent --add-rich-rule="$rule"
echo "添加成功: $rule"
fi
}
# 配置 Web 端防火墙
configure_web_firewall() {
echo "配置 Web 端防火墙..."
systemctl start firewalld.service
systemctl restart firewalld.service
firewall-cmd --list-all
firewall-cmd --add-port=10022/tcp --permanent
add_firewall_rule 'rule family="ipv4" source address="10.0.0.122" port protocol="tcp" port="10080" accept'
add_firewall_rule 'rule family="ipv4" source address="10.0.0.122" port protocol="tcp" port="80" reject'
firewall-cmd --reload
add_firewall_rule 'rule family="ipv4" source address="10.0.0.122" port protocol="tcp" port="10022" reject'
add_firewall_rule 'rule family="ipv4" source address="10.0.0.121" port protocol="tcp" port="10022" reject'
firewall-cmd --reload
firewall-cmd --list-all
}
#主函数
main(){
fix_ssh
add_firewall_rule
configure_web_firewall
}
main
firewalldweb.sh将Slinux状态修改为disable,添加SSH端口为10022,且保障了与另外两台虚拟机(IP分别为10.0.0.121和10.0.0.122)的不联通性。
firewalldtest.sh
#!/bin/bash
#修改ssh端口
fix_ssh(){
# 备份SELinux配置文件
cp /etc/selinux/config /etc/selinux/config.bak
echo "[INFO] SELinux配置文件已备份为/etc/selinux/config.bak"
# 修改SELinux状态为disabled
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
echo "[INFO] SELinux状态已设置为disabled"
# 询问用户是否立即重启系统
read -p "SELinux状态已更改,是否现在重启系统?(y/n) " answer
case $answer in
y|Y )
echo "[INFO] 正在重启系统..."
sudo reboot
;;
n|N )
echo "[INFO] 系统未重启,SELinux状态将在下次重启时生效。"
;;
* )
echo "错误:无效的输入,请输入y或n。"
;;
esac
#修改ssh端口
echo "[INFO] 修改ssh端口号..."
echo ' Port 10022' | sudo tee -a /etc/ssh/sshd_config >/dev/null
#重启mysql
service sshd restart
}
# 检查并添加防火墙规则的函数
add_firewall_rule() {
local rule=$1
if firewall-cmd --permanent --query-rich-rule="$rule"; then
echo "规则已存在: $rule"
exit 0
else
firewall-cmd --permanent --add-rich-rule="$rule"
echo "添加成功: $rule"
fi
}
# 配置 Test 端防火墙
configure_test_firewall() {
systemctl start firewalld.service
systemctl restart firewalld.service
echo "配置 Test 端防火墙..."
firewall-cmd --add-port=10022/tcp --permanent
add_firewall_rule 'rule family="ipv4" source address="10.0.0.121" port protocol="tcp" port="10022" reject'
add_firewall_rule 'rule family="ipv4" source address="10.0.0.120" port protocol="tcp" port="10022" reject'
firewall-cmd --reload
firewall-cmd --list-all
}
#主函数
main(){
fix_ssh
add_firewall_rule
configure_test_firewall
}
main
Firewalldtest.sh将Slinux状态修改为disable,添加SSH端口为10022,且保障了与另外两台虚拟机(IP分别为10.0.0.120和10.0.0.121)的不联通性。
firewalldDatabase.sh
#!/bin/bash
#修改ssh端口
fix_ssh(){
# 备份SELinux配置文件
cp /etc/selinux/config /etc/selinux/config.bak
echo "[INFO] SELinux配置文件已备份为/etc/selinux/config.bak"
# 修改SELinux状态为disabled
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
echo "[INFO] SELinux状态已设置为disabled"
# 询问用户是否立即重启系统
read -p "SELinux状态已更改,是否现在重启系统?(y/n) " answer
case $answer in
y|Y )
echo "[INFO] 正在重启系统..."
sudo reboot
;;
n|N )
echo "[INFO] 系统未重启,SELinux状态将在下次重启时生效。"
;;
* )
echo "错误:无效的输入,请输入y或n。"
;;
esac
#修改ssh端口
echo "[INFO] 修改ssh端口号..."
echo ' Port 10022' | sudo tee -a /etc/ssh/sshd_config >/dev/null
#重启mysql
service sshd restart
}
# 检查并添加防火墙规则的函数
add_firewall_rule() {
local rule=$1
if firewall-cmd --permanent --query-rich-rule="$rule"; then
echo "规则已存在: $rule"
exit 0
else
firewall-cmd --permanent --add-rich-rule="$rule"
echo "添加成功: $rule"
fi
}
# 配置 MySQL 端防火墙
configure_mysql_firewall() {
echo "配置 MySQL 端防火墙..."
systemctl start firewalld.service
systemctl restart firewalld.service
firewall-cmd --add-port=10022/tcp --permanent
add_firewall_rule 'rule family="ipv4" source address="10.0.0.120" port protocol="tcp" port="30317" accept'
add_firewall_rule 'rule family="ipv4" source address="10.0.0.122" port protocol="tcp" port="10022" reject'
add_firewall_rule 'rule family="ipv4" source address="10.0.0.120" port protocol="tcp" port="10022" reject'
firewall-cmd --reload
firewall-cmd --list-all
}
#主函数
main(){
fix_ssh
add_firewall_rule
configure_mysql_firewall
}
main
FirewalldDatabase.sh将Slinux状态修改为disable,添加SSH端口为10022,且保障了与另外两台虚拟机(IP分别为10.0.0.120和10.0.0.122)的不联通性。还只运行10080端口访问phpMyAdmin,80端口不允许访问。
脚本测试
三台虚拟机都将保存以上脚本并赋予执行权限。
主机(IP为10.0.0.120)执行main.sh,并安装Apache,php,phpMyAdmin
测试机(IP为10.0.0.121)执行main.sh,安装Database并创建用户“ymy”密码为123456,数据库连接IP为10.0.0.120(web),所连端口30317
在虚拟机内打开测试机查看所安装服务是否配置成功。
三台虚拟机执行相应防火墙设置
在配置中添加三台虚拟机ssh端口远程连接端口为10022
打开测试机查看是否只有10080端口可访问网站
输入命令测试三台虚拟机的连通性