~/cnt - HackMD

--- tags: BASH --- -------------------- # ~/cnt --- ## confog - 設定所有程式會使用到的環境變數。 >$ nano config ```bash= HN=gw02 UR=bigred DR=~/cnt master_ip=192.168.20.10 CLUSTER="mas01 wka01 wka02 wka03 wka04 ds01" GW=$(route -n | grep -e "^0.0.0.0 ") GWIF=${GW##* } IPS=$(ifconfig $GWIF | grep 'inet ') IP=$(echo $IPS | cut -d' ' -f2) HTTPORT=8888 ``` --- ## startcnt - xxx >$ ~/bin/startcnt ```bash= #!/bin/bash source config cat /etc/os-release | grep 'NAME="Ubuntu"' &>/dev/null [ "$?" != "0" ] && echo "the system is not Ubuntu" && exit 1 [ `hostname` != "${HN}" ] && echo "wrong hostname" && exit 1 [ `whoami` != "${UR}" ] && echo "wrong user" && exit 1 [ `pwd` != "${DR}" ] && echo "pls move to cnt" && exit 1 echo "`hostname` is updating" sudo apt update &>/dev/null echo "${HN} update ok" which sshpass &>/dev/null [ "$?" != "0" ] && sudo apt-get install sshpass &>/dev/null && echo "sshpass install ok" which ./busybox &>/dev/null [ "$?" != "0" ] && wget https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-x86_64 &>/dev/null && echo "busybox install ok" && sudo chmod +x busybox-x86_64 && mv busybox-x86_64 busybox ps aux | grep -v grep | grep "busybox httpd -p ${HTTPORT}" &>/dev/null if [ "$?" = "0" ];then echo "busybox httpd started" else ./busybox httpd -p ${HTTPORT} -h www fi echo "prefly is beginning" for n in $CLUSTER do nc -w 1 -z $n 22 &>/dev/null if [ $? = 0 ] ; then sshpass -p "root" ssh root@${n} grep bigred /etc/passwd &>/dev/null if [ $? != 0 ] ; then sshpass -p "root" ssh -q root@${n} "apk add curl" &>/dev/null sshpass -p "root" ssh root@${n} "curl ${IP}:${HTTPORT}/set/prefly.sh| sh" &>/dev/null echo "${n} system prefly ok" else echo "$n bigred exist" fi else echo "$n not exist" fi done ``` --- ## stopcnt - xxx >$ ~/bin/stopcnt ```bash= #!/bin/bash fuser -k ./busybox &>/dev/null if [ $? = 0 ] ; then echo "cnt stop ok" else echo "httpd not found" fi ``` --- ## sysprep.sh - xxx >$ ~/bin/sysprep.sh ```bash= #!/bin/bash source ~/cnt/config [ `hostname` != "${HN}" ] && echo "wrong hostname" && exit 1 [ `whoami` != "${UR}" ] && echo "wrong user" && exit 1 [ `pwd` != "${DR}" ] && echo "pls move to ${DR}" && exit 1 echo '' | ssh-keygen -t rsa -P '' &>/dev/null cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys for n in ${CLUSTER} do nc -w 1 -z $n 22 &>/dev/null if [ "$?" == "0" ];then sshpass -p 'bigred' ssh $n ls ~/.ssh/id_rsa &>/dev/null if [ "$?" != "0" ];then sshpass -p 'bigred' ssh -q $n cat /etc/os-release|grep 'NAME="Alpine Linux"' &>/dev/null if [ $? != 0 ];then echo "$n system is not alpine" else sshpass -p 'bigred' ssh $n 'sudo rm -r ~/.ssh/ &>/dev/null' sshpass -p 'bigred' ssh $n 'mkdir -p ~/.ssh' sshpass -p 'bigred' scp -r ~/.ssh/ $n:~ sshpass -p 'bigred' ssh $n 'chmod -R 700 .ssh/' sshpass -p 'bigred' ssh $n 'rm ~/.ssh/known_hosts' fi echo "$n system prepare ok" else echo "$n .ssh created" fi fi done ``` --- ## clusterinfo.sh - xxx >$ ~/bin/clusterinfo.sh ```bash= #!/bin/bash source config [ `hostname` != "${HN}" ] && echo "wrong hostname" && exit 1 [ `whoami` != "${UR}" ] && echo "wrong user" && exit 1 [ `pwd` != ${DR} ] && echo "pls move to cnt2" && exit 1 for n in ${CLUSTER} do nc -w 1 -z $n 22 &>/dev/null if [ "$?" == "0" ];then ssh $n "curl -s http://${IP}:${HTTPORT}/sysinfo.sh | bash" fi done ``` --- ## mku.sh - xxx >$ ~/bin/mku.sh ```bash= #!/bin/bash [ -z ${mas_ip} ] && echo "pls export mas_ip" && exit 1 which envsubst &>/dev/null [ $? != 0 ] && sudo apk add gettext &>dev/null which kubectl &>/dev/null [ $? != 0 ] && curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" && echo "kubectl ok" [ ! -d ".kube" ] && mkdir .kube && scp mas01:/etc/rancher/k3s/k3s.yaml .kube/config &>/dev/null for n in $(seq $2 $3) do export stu=${1}${n} if [ ! -d /home/${stu} ];then sudo adduser -s /bin/bash -h /home/${stu} -D ${stu} echo -e "${stu}\n${stu}\n" | sudo passwd ${stu} &> /dev/null echo "${stu} ready" ssh mas01 ls ~/class/${stu}.key &> /dev/null if [ $? = 0 ]; then mkdir ${stu} scp mas01:~/class/${stu}.* ${stu}/ &>/dev/null sudo mv ${stu} /home/${stu}/ &>/dev/null sudo chmod 700 /home/${stu}/${stu}/${stu}.* else echo "${stu} key not exist" fi sudo mkdir -p /home/${stu}/.kube cat .kube/config | head -n 4 > ${stu}.config cat config.temp | envsubst >> ${stu}.config sudo mv ${stu}.config /home/${stu}/.kube/config sudo chown -R ${stu}:${stu} /home/${stu} else echo "${stu} is exist" fi done ``` --- ## context.temp - xxx >$ ~/bin/context.temp ```bash= server: https://${mas_ip}:6443 name: default contexts: - context: cluster: default namespace: ${stu} user: ${stu} name: ${stu}-context current-context: ${stu}-context kind: Config preferences: {} users: - name: ${stu} user: client-certificate: /home/${stu}/${stu}/${stu}.crt client-key: /home/${stu}/${stu}/${stu}.key ``` --- ## rb.sh - xxx >$ ~/bin/rb.sh ```bash= #!/bin/bash source config for i in $CLUSTER do ssh $i 'sudo reboot' echo "$i reboot ok" done ``` - install busybox -------------------- # ~/cnt/bin --- ## class-clean - xxx >$ nano ~/cnt/bin/class-clean ```bash= #!/bin/bash read -p "Are You Sure ?(YES/NO)" ans [ ${ans} != "YES" ] && echo "Sorry Sorry Sorry..." && exit 1 [ -d ~/class/student ] && rm ~/class/student/*.* kubectl get csr | grep $1 &>/dev/null [ $? == 0 ] && kubectl delete csr --all #kubectl config get-users | grep $1 &>/dev/null #[ $? != 0 ] && exit 1 #for i in $(seq $2 $3) #do # kubectl config get-users | grep $1 &>/dev/null # [ $? == 0 ] && kubectl config delete-user #done ``` ## csr.yaml - xxx >$ nano ~/cnt/bin/csr.yaml ```yaml= apiVersion: certificates.k8s.io/v1beta1 kind: CertificateSigningRequest metadata: name: ${stu}-csr spec: groups: - system:authenticated request: ${BASE64_CSR} usages: - digital signature - key encipherment - server auth - client auth ``` --- ## k3s.sh - xxx >$ nano ~/cnt/bin/k3s.sh ```bash= #!/bin/bash which envsubst &>/dev/null [ $? = 1 ] && sudo apk add gettext &>/dev/null for n in $(seq $2 $3) do export stu=${1}${n} ./bin/mkubeuser.sh ${1} ./bin/mkcontext.sh done ``` --- ## mkcontext.sh - xxx >$ nano ~/cnt/bin/mkcontext.sh ```bash= #!/bin/bash kubectl get namespace ${stu} &>/dev/null if [ $? = 0 ] ; then echo "namespace ${stu} is exist" else kubectl create namespace ${stu} sudo kubectl config set-context ${stu}-context --cluster=default --namespace=${stu} --user=${stu} &>/dev/null kubectl config view | grep -B 4 ${stu}-context cat ~/class/bin/role.yaml | envsubst | kubectl apply -f - cat ~/class/bin/rolebind.yaml | envsubst | kubectl apply -f - fi ``` --- ## mkubeuser.sh - xxx >$ nano ~/cnt/bin/mkubeuser.sh ```bash= #!/bin/bash if [ -f ${stu}.key ]; then echo "${stu}.key is exist" else openssl genrsa -out ~/class/student/${stu}.key 2048 &>/dev/null openssl req -new -key ~/class/student/${stu}.key -out ~/class/student/${stu}.csr -subj "/CN=${stu}/O=${1}" export BASE64_CSR=$(cat ~/class/student/${stu}.csr | base64 | tr -d '\n') cat ~/class/bin/csr.yaml | envsubst | kubectl apply -f - &>/dev/null kubectl certificate approve ${stu}-csr kubectl get csr ${stu}-csr -o jsonpath='{.status.certificate}' | base64 -d > /home/bigred/class/student/${stu}.crt sudo kubectl config set-credentials ${stu} --client-certificate=/home/bigred/class/student/${stu}.crt --client-key=/home/bigred/class/student/${stu}.key &>/dev/null kubectl config view | grep -A 3 "name: ${stu}" fi ``` --- ## role.yaml - xxx >$ nano ~/cnt/bin/role.yaml ```yaml= kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: ${stu} name: ${stu}-reader rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods", "services", "nodes", "persistentvolumeclaims", "persistentvolume"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] - apiGroups: ["apps"] resources: ["deployments", "replicasets", "statefulsets"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] - apiGroups: ["autoscaling"] resources: ["horizontalpodautoscalers"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] ``` --- ## rolebind.yaml - xxx > $ nano ~/cnt/bin/olebind.yaml ```yaml= kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: ${stu}-read-access namespace: ${stu} subjects: - kind: User name: ${stu} apiGroup: rbac.authorization.k8s.io roleRef: kind: Role #this must be Role or ClusterRole name: ${stu}-reader apiGroup: rbac.authorization.k8s.io ``` --- # ~/cnt/www --- ## prefly.sh - xxx >$ nano ~/cnt/www/set/prefly.sh ```bash= #!/bin/bash apk update &> /dev/null apk upgrade &> /dev/null [ $? = 0 ] && echo "system upgrade ok" for ap in nano bash curl tree sudo grep procps do which $ap &>/dev/null [ "$?" != "0" ] && apk add ${ap} &> /dev/null [ $? = 0 ] && echo "${ap} add ok" done echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers [ $? = 0 ] && echo "sudo Nopasswd OK" echo 'StrictHostKeyChecking no' >> /etc/ssh/ssh_config if [ ! -d /home/bigred ];then adduser -s /bin/bash -h /home/bigred -D bigred addgroup bigred wheel echo -e "bigred\nbigred\n" | passwd bigred &> /dev/null echo "bigred ready" else echo "bigred exist" fi ``` --- ## sysinfo - 顯示系統硬體設備資料 >$ nano ~/cnt/www/sysinfo ```bash= #!/bin/bash gw=$(route -n | grep -e "^0.0.0.0 ") GWIF=${gw##* } ips=$(ifconfig $GWIF | grep 'inet ') IP=$(echo $ips | cut -d' ' -f2) NETID=${IP%.*} GW=$(route -n | grep -e '^0.0.0.0' | tr -s \ - | cut -d ' ' -f2) echo "[`hostname`]" echo "--------------------------------------------------------" os=$(cat /etc/os-release | grep -E "^NAME" | cut -d'=' -f 2) vs=$(cat /etc/os-release | grep VERSION_ID | cut -d'=' -f 2) echo "OS : $os" echo "VERSION : $vs" cn=$(cat /proc/cpuinfo | grep 'model name' | head -n 1 | cut -d ':' -f2 | tr -s ' ') echo -n "CPU : $cn (core: " cn=$(cat /proc/cpuinfo | grep 'model name' | wc -l) echo "$cn)" m=$(free -mh | grep Mem:) echo -n "Memory : " echo $m | cut -d' ' -f2 | sed 's/.$//' echo "IP Address : $IP" echo "Default Gateway : $GW" echo "" java -version &> /tmp/java [ "$?" != "0" ] && echo 'JAVA NOT FOUND' || cat /tmp/java echo "" ``` ---