#自动脚本
cat cjjuly_ips_update.sh
#!/bin/bash
#Author:royoy
#Date:2017/02
#Version:0.0.5
#Desc:jjuly ips add delete query script
#Usage:cjjuly_ips_update.sh (-a frontend_ips|backoffice_ips|frontend_backoffice_ips|block_ips || -d ... || -q ...) IPs
#Eg:cjjuly_ips_update.sh -d frontend_ips 8.8.8.8 9.9.9.9
# Common vars
salt_cmd="/usr/bin/salt"
node_group="jjuly_web"
sls_dir="jjuly_nginx_sls"
conf_file_dir="/srv/salt/sources/jjuly/nginx"
frontend_conf="${conf_file_dir}/frontend_allow.zone"
backoffice_conf="${conf_file_dir}/backoffice.zone"
blockips_conf="${conf_file_dir}/blockips.zone"
current_time="$(date +"%F %T")"
lock_file="/var/lock/subsys/cjjuly_ips_update.lock"
log_file="/var/log/cjj_ip_rsync.log"
tmp_log="/var/log/cjjuly_tmp.log"
exec_func=""
ips=""
ips_comments=""
flag=0
##########################
# Check if root user
[ `id -u` -ne 0 ] && {
echo "Must use the root account"
exit
}
##########################
# Check if lock_file exsit
[ -f "$lock_file" ] && {
echo "ERROR! 程序已经有人在执行";exit
} || {
touch "$lock_file"
}
#####################
# Format function
format_output_start(){
echo -e "\n\n" >> $log_file
echo "=============================== ${current_time} ==============================" >> $log_file
}
format_output_end(){
echo "===================================== End ========================================" >> $log_file
}
######################
# Exit clear func
exit_clear(){
[ -f "$lock_file" ] && rm -f $lock_file
[ -f "$tmp_log" ] && rm -f $tmp_log
exit
}
######################
# Update local file
rsync_local_file(){
local zone_url="http://jjuly.update.org"
local zone_file="frontend_allow.zone backoffice.zone blockips.zone"
local local_dir="/opt/update/jjuly"
$salt_cmd 'jjuly-WEB-ADMIN3-HUIDU' cmd.run '/usr/local/bin/jjuly_update' &>/dev/null
rsync_status="$?"
wait
salt 'jjuly_WebProxy_168.36.23.77' cmd.run '/usr/local/bin/jjuly_update' &>/dev/null
curl_status="$?"
wait
[ "$(($rsync_status + $curl_status))" -eq 0 ] && {
for i in $zone_file
do
[ "200" -eq `curl -s -w "%{http_code}" ${zone_url}/$i -o /dev/null` ] && {
wget ${zone_url}/$i -O ${local_dir}/$i &>/dev/null
} || {
echo "wget file failed" ; return 6
}
done
/bin/cp -f /opt/update/jjuly/{frontend_allow.zone,backoffice.zone,blockips.zone} /srv/salt/sources/jjuly/nginx/
} || echo "rsync local file failed"
}
######################
# Check if IP is valid
check_ip_func(){
local flag=0
for IP in $ips
do
while :
do
echo "$IP" | egrep -q '^([0-9]{1,3}(\.\b|$)){4}$'
[ $? -eq 0 ] && {
valid=1
for number in ${IP//./ }
do
[ $number -gt 255 ] && valid=0 && break
done
[ $valid -eq 1 ] && break
}
echo "Incorrect IP format [ $IP ]"
flag=$((flag+1))
break
done
done
[ $flag -gt 0 ] && {
echo "There are $flag invalid IPs.";exit_clear
}
}
#######################
# Exec function module
#######################
#Rsync function
exec_rsync(){
[ $flag -ne 0 ] && {
$salt_cmd -N "$node_group" state.sls saltenv="update" ${sls_dir}.nginx_file_manage >> $tmp_log ; wait
[ "`awk '/Failed:/{if($2 != 0)print "ERROR"}' $tmp_log | egrep "ERROR"`" ] && {
format_output_start; echo -e "Error!!!\n日志如下:"; cat $tmp_log | tee -a "$log_file"; format_output_end; exit_clear;
} || {
format_output_start; cat $tmp_log >> $log_file; echo -e "Finished!\n\nIP:" | tee -a "$log_file"
echo "${ips}" | xargs -n1 | tee -a "$log_file"
echo -e "\nOK!" | tee -a "$log_file"; format_output_end
}
}
}
#Pre query module for add
preQuery_module(){
[ "`grep "$IP" "$1"`" ] && {
echo "[ $IP ] "$2"已存在,跳过"
continue
} || {
echo "准备添加 $IP 到"$2"" ;flag=1
}
}
preQuery_module_2(){
[ "`grep "$IP" "$frontend_conf"`" ] && {
echo "[ $IP ] 前台已存在,跳过"
} || {
echo "准备添加 $IP 到前台" ;flag=1
echo -e "allow $IP;\t\t#$current_time $ips_comments" >> $frontend_conf
}
[ "`grep "$IP" "$backoffice_conf"`" ] && {
echo "[ $IP ] 后台已存在,跳过"
} || {
echo "准备添加 $IP 到后台" ;flag=1
sed -i "/deny all/i allow $IP;\ #$current_time $ips_comments" $backoffice_conf
}
}
#Add function module
add_module(){
for IP in $ips
do
[ "$1" == "deny" ] && {
preQuery_module "$blockips_conf" "黑名单"
echo -e "deny $IP;\t\t#$current_time $ips_comments" >> $blockips_conf
}
[ "$1" == "frontend" ] && {
preQuery_module "$frontend_conf" "前台"
echo -e "allow $IP;\t\t#$current_time $ips_comments" >> $frontend_conf
}
[ "$1" == "backoffice" ] && {
preQuery_module "$backoffice_conf" "后台"
sed -i "/deny all/i allow $IP;\ #$current_time $ips_comments" $backoffice_conf
}
[ "$1" == "frontend_backoffice" ] && {
preQuery_module_2
}
done
exec_rsync
}
#Delete function module
delete_module(){
for IP in $ips
do
[ "$1" == "frontend" ] && {
[ "`grep "$IP" "$frontend_conf"`" ] && { sed -i "/$IP/d" "$frontend_conf" ;flag=1; }
}
[ "$1" == "backoffice" ] && {
[ "`grep "$IP" "$backoffice_conf"`" ] && { sed -i "/$IP/d" "$backoffice_conf" ;flag=1; }
}
[ "$1" == "frontend_backoffice" ] && {
[ "`grep "$IP" "$frontend_conf"`" ] && { sed -i "/$IP/d" "$frontend_conf" ;flag=1; }
[ "`grep "$IP" "$backoffice_conf"`" ] && { sed -i "/$IP/d" "$backoffice_conf" ;flag=1; }
}
[ "$1" == "deny" ] && {
[ "`grep "$IP" "$blockips_conf"`" ] && { sed -i "/$IP/d" "$blockips_conf" ;flag=1; }
}
done
exec_rsync
}
#Query function module
query_module(){
local ips_number="`echo $ips | awk '{print NF}'`"
local ips_value="`echo $ips |awk '{print $0+0}'`"
[ "$ips_number" -le 1 2>/dev/null -a "$ips_value" -ge 0 2>/dev/null ] && {
local default_number="10"
[ "$ips_value" -ne 0 ] && default_number="$ips_value"
[ "$1" == "frontend" ] && {
echo "前台白名单 [$default_number] 条记录如下:" ;tail -n "$default_number" "$frontend_conf"
}
[ "$1" == "backoffice" ] && {
echo "后台白名单 [$default_number] 条记录如下:" ;tail -n "$default_number" "$backoffice_conf"
}
[ "$1" == "frontend_backoffice" ] && {
echo "前台白名单 [$default_number] 条记录如下:" ;tail -n "$default_number" "$frontend_conf" ;echo
echo "后台白名单 [$default_number] 条记录如下:" ;tail -n "$default_number" "$backoffice_conf"
}
[ "$1" == "deny" ] && {
echo "平台黑名单 [$default_number] 条记录如下:" ;tail -n "$default_number" "$blockips_conf"
}
echo "OK. Query finished!";return
}
echo -e "OK. Query finished!\n$ips"
check_ip_func
for IP in $ips
do
[ "$1" == "frontend" ] && {
[ "`grep "$IP" "$frontend_conf"`" ] && echo "前台 $IP 已存在" || echo "前台 $IP 不存在"
}
[ "$1" == "backoffice" ] && {
[ "`grep "$IP" "$backoffice_conf"`" ] && echo "后台 $IP 已存在" || echo "后台 $IP 不存在"
}
[ "$1" == "frontend_backoffice" ] && {
[ "`grep "$IP" "$frontend_conf"`" ] && echo "前台 $IP 已存在" || echo "前台 $IP 不存在"
[ "`grep "$IP" "$backoffice_conf"`" ] && echo "后台 $IP 已存在" || echo "后台 $IP 不存在"
}
[ "$1" == "deny" ] && {
[ "`grep "$IP" "$blockips_conf"`" ] && echo "黑名单 $IP 已存在" || echo "黑名单 $IP 不存在"
}
done
}
#Add ips function
add_func(){
check_ip_func
add_module $1
}
#Delete ips function
delete_func(){
check_ip_func
delete_module $1
}
#Query ips function
query_func(){
query_module $1
}
######################
# Main function module
ARGS=`getopt -o :a:d:q: -l comments:: -- "$@"`
eval set -- "${ARGS}"
while :
do
case "$1" in
-a)
case $2 in
frontend_ips)
exec_func="add_func frontend"
shift 2
;;
backoffice_ips)
exec_func="add_func backoffice"
shift 2
;;
frontend_backoffice_ips)
exec_func="add_func frontend_backoffice"
shift 2
;;
block_ips)
exec_func="add_func deny"
shift 2
;;
*)
echo "Invalid arguments \"$2\"!"
exit_clear
esac
;;
-d)
case $2 in
frontend_ips)
exec_func="delete_func frontend"
shift 2
;;
backoffice_ips)
exec_func="delete_func backoffice"
shift 2
;;
frontend_backoffice_ips)
exec_func="delete_func frontend_backoffice"
shift 2
;;
block_ips)
exec_func="delete_func deny"
shift 2
;;
*)
echo "Invalid arguments \"$2\"!"
exit_clear
esac
;;
-q)
case $2 in
frontend_ips)
exec_func="query_func frontend"
shift 2
;;
backoffice_ips)
exec_func="query_func backoffice"
shift 2
;;
frontend_backoffice_ips)
exec_func="query_func frontend_backoffice"
shift 2
;;
block_ips)
exec_func="query_func deny"
shift 2
;;
*)
echo "Invalid arguments \"$2\"!"
exit_clear
esac
;;
--comments)
case "$2" in
"")
shift 2
;;
*)
ips_comments="$2"
shift 2
;;
esac
;;
--)
shift
break
;;
*)
echo "Invalid option!"
exit_clear
;;
esac
done
ips="$@"
rsync_local_file
$exec_func
exit_clear
#Script end
