linuxea:变量实值与文件变量替换 我知道这个主题已经过时了，但我有一个需求需要来做，当我收集了这些后发现非常有趣，我觉得可以将这些记录下来，这是非常棒的一件事。我们将环境变量中的变量实际值通过几种方式替换到文件中环境变量，假如我的环境变量如下：[root@linuxea ~]$ env version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80我的test.conf文件中的环境变量如下：我需要实现的目的是：如果变量存在就替换，如果不存在就使用默认值USER ${USER:-nginx}; server_name ${SERVER_NAME:-linuxea.com}; listen ${NGINX_PORT:-88}; root ${WWWPATH:-/var/www/html}; access ${access:-/var/logs/www.log};第一种方式[root@linuxea ~]$ ( echo "cat <<EOF" ; cat test.conf ; echo EOF ) | sh USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access /var/logs/www.log;如果是在shell脚本中，它看起来像：#!/bin/sh cat > FILE <<EOF USER ${USER:-nginx}; server_name ${SERVER_NAME:-linuxea.com}; listen ${NGINX_PORT:-88}; root ${WWWPATH:-/var/www/html}; access ${access:-/var/logs/www.log}; EOF或者这样[root@linuxea ~]$ eval "echo \"$(cat test.conf)\"" USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access /var/logs/www.log;如果ENV的这些值在文件中，则可以这样[root@linuxea ~]$ cat .env version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80如：[root@linuxea ~]$ (. .env && eval "echo \"$(cat test.conf)\"") USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access /var/logs/www.log;或者直接进行替换[root@linuxea ~]$ envsubst < .env > test.conf [root@linuxea ~]$ cat test.conf version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80第二种方式如果test.conf文件中仅仅只是变量，如：[root@linuxea ~]$ cat test.conf USER $USER; server_name $SERVER_NAME; listen $NGINX_PORT; root $WWWPATH; access $access;替换的方式则可以如下进行：全部替换1：变量为空，则会替换为空[root@linuxea ~]$ envsubst < test.conf USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access ;[root@linuxea ~]$ perl -pe 's/\$(\{)?([a-zA-Z_]\w*)(?(1)\})/$ENV{$2}/g' < test.conf USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access ;全部替换2：变量不存在，则不替换[root@linuxea ~]$ perl -pe 's/\$([_A-Z]+)/$ENV{$1}/g' < test.conf USER www; server_name meftp.linuxea.com; listen 80; root /data/wwwroot; access $access;部分替换倘若我只想替换指定的$NGINX_PORT,$SERVER_NAME的变量，而不是所有的，则可以将被替换的单引号引起来，如下：[root@linuxea ~]$ envsubst '$NGINX_PORT,$SERVER_NAME' < test.conf USER $USER; server_name meftp.linuxea.com; listen 80; root $WWWPATH; access $access;如果有多个可以换行，如:[root@linuxea ~]$ envsubst '$NGINX_PORT, $SERVER_NAME' < test.conf USER $USER; server_name meftp.linuxea.com; listen 80; root $WWWPATH; access $access;也可以使用反斜杠：[root@linuxea ~]$ envsubst \$NGINX_PORT,\$SERVER_NAME < test.conf USER $USER; server_name meftp.linuxea.com; listen 80; root $WWWPATH; access $access精确声明替换当在使用一些系统敏感的变量替换的时候就会出现问题， 由此我们可以使用envsubst SHELL_FORMAT参数限制要在输入中替换的变量字符串（避免输入中的字符串意外替换为常见的shell变量值 - 例如$ HOME）。此刻我.env文件中有HOME变量=linuxea.com，如下：[root@linuxea ~]$ cat .env version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80 HOME=linuxea.com而系统中的$HOME[root@linuxea ~]$ echo $HOME /root使用envsubst SHELL_FORMAT[root@linuxea ~]$ envsubst "$HOME" < .env > test.conf [root@linuxea ~]$ cat test.conf version=1.9.9 WWWPATH=/data/wwwroot USER=www SERVER_NAME=meftp.linuxea.com NGINX_PORT=80 HOME=linuxea.com如果你有多个，可以envsubst "$HOME,$HOSTNAME" < .env > test.conf 延伸阅读：https://unix.stackexchange.com/questions/294835/replace-environment-variables-in-a-file-with-their-actual-values https://unix.stackexchange.com/questions/294378/replacing-only-specific-variables-with-envsubst https://www.gnu.org/software/gettext/manual/html_node/envsubst-Invocation.html https://www.gnu.org/software/gettext/manual/gettext.html#sh_002dformat https://stackoverflow.com/questions/14155596/how-to-substitute-shell-variables-in-complex-text-files

判断字符为字母 判断输入的字符为字母[root@LinuxEA awk]# cat linuxea.com #!/bin/sh read linuxea if [[ $linuxea =~ ^[a-zA-Z]+$ ]]; then echo "ok" else echo "error" fi [root@LinuxEA awk]# 执行如下：[root@LinuxEA awk]# bash linuxea.com 123 error [root@LinuxEA awk]# bash linuxea.com acB ok [root@LinuxEA awk]# bash linuxea.com 1A error [root@LinuxEA awk]# bash linuxea.com A1 error [root@LinuxEA awk]# bash linuxea.com aa ok

nginx日志切割脚本 [root@Rsync ~]# cat nginx_log.sh #!/bin/sh Dateformat=`date +%Y-%m-%d` ------->时间 Basedir="/var/log/nginx" ---->nginx目录 Nginxlogdir="$Basedir/wwwlog" ----->nginx日志目录 Logname="access_www" ------>nginx日志名称 [ -d $Nginxlogdir ] && cd $Nginxlogdir||exit 1 ---------->如果存在目录则切换进去 [ -f ${Logname}.log ]||exit 1 /bin/mv ${Logname}.log ${Dateformat}_${Logname}.log ----->修改名称 /etc/init.d/nginx reload >/dev/null 2>%1 ------>reload #$Basedir/sbin/nginx -s reload ------>编译指定目录reload即可查看[root@Rsync ~]# ls /var/log/nginx/wwwlog/ 2015-12-27_access_www.log 2015-12-28_access_www.log access_www.log [root@Rsync ~]# 00 00 * /bin/sh /data/nginx_log.sh 如果需要小时或者分钟切割则修改计划任务时间和脚本中时间格式即可！

expect解决登录交互问题 expect语言，解决交互式输入密码的问题1，安装expectyum install expect -y 2,编写expect脚本[root@NFS-server tmp]# cat sshexpect.exp #!/usr/bin/expect if { $argc != 2 } { send_user "usage: expect EXPECT.exp file host\n" exit } #define var set file [lindex $argv 0] set host [lindex $argv 1] set password "123.com" spawn ssh-copy-id -i $file "-p 22 root@$host" expect { "yes/no" {send "yes\r";exp_continue} "*password" {send "$password\r"} } expect eof [root@NFS-server tmp]# 3，编写shell调用[root@NFS-server tmp]# cat 1.sh #！/bin/sh . /etc/init.d/functions for ip in 53 54 55 do expect sshexpect.exp ~/.ssh/id_dsa.pub 10.0.0.$ip &>/dev/null if [ $? -eq 0 ];then action "$ip" /bin/true else action "$ip" /bin/false fi done [root@NFS-server tmp]# 4, 测试，给10.0.0.53/55发id_dsa.pub[root@NFS-server tmp]# expect sshfile.exp ~/.ssh/id_dsa.pub 10.0.0.54 spawn ssh-copy-id -i /root/.ssh/id_dsa.pub -p 22 root@10.0.0.54 The authenticity of host '10.0.0.54 (10.0.0.54)' can't be established. RSA key fingerprint is b8:e2:26:b5:fb:b4:42:31:11:f8:15:45:71:0b:68:61. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.54' (RSA) to the list of known hosts. root@10.0.0.54's password: Now try logging into the machine, with "ssh '-p 22 root@10.0.0.54'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@NFS-server tmp]# ls 1.sh pulse-75mVmxEZuktI sshfile.exp VMwareDnD vmware-root [root@NFS-server tmp]# vim 1.sh [root@NFS-server tmp]# vim 1.sh [root@NFS-server tmp]# mv sshfile.exp sshexpect.exp [root@NFS-server tmp]# bash 1.sh 53 [ OK ] 54 [ OK ] 55 [ OK ] 5，登录测试[root@NFS-server tmp]# ssh 10.0.0.53 Last login: Sat Dec 26 09:17:40 2015 from 10.0.0.250 [root@NFS-WEB1 ~]# exit logout Connection to 10.0.0.53 closed. [root@NFS-server tmp]# ssh 10.0.0.54 Last login: Sat Dec 26 02:10:43 2015 from 10.0.0.52 [root@NFS-WEB2 ~]# exit logout Connection to 10.0.0.54 closed. [root@NFS-server tmp]# ssh 10.0.0.55 Last login: Sat Dec 26 02:12:57 2015 from 10.0.0.250 [root@NFS-BACKUP ~]# exit logout Connection to 10.0.0.55 closed. [root@NFS-server tmp]#

shell实现跳板机 shell跳板机（触发信号后屏蔽信号）1，ssh key验证2，实现传统的远程连接菜单选择脚本3，利用linux信号防止用户在跳板机上操作4，用户登录后即调用脚本试验拓扑：3台机器node10------------node11--------------node1210.0.0.10---------10.0.0.11-----------10.0.0.12准备1，在node11和node12上创建用户2，生成秘钥3，将node1key传递到node12上4，创建脚本#!/bin/bash function trapper(){ trap '' INT QUIT TSTP TERM HUP } function menu(){ cat <<-EOF echo "=========Host List================" echo -e "\t1)10.0.0.12 " echo -e "\t2)10.0.0.10 " echo -e "\t6)exit " echo "==================================" EOF } function host(){ case "$1" in 1) ssh -p22 $user@10.0.0.12 ;; 2) ssh $user@10.0.0.10 ;; 3) ssh $user@ ;; 6|*) exit esac } function main(){ while true do trapper clear menu read -p "Please select:" num host $num done } main 5,调用脚本6，跳板机加固1，使用vpn链接至跳板机2，禁止跳板机从外网IP登录，只能从内网IP登录，禁止root用户登录，只允许跳板机账户登录listenAddress IP也可以写iptables规则只允许内网的IP段通过ssh登录3,其他服务器如果有外网IP也需要禁止，并且禁止root的密码登录，只允许key修改/etc/ssh/sshd_configpasswordAuthentication yes 改为PasswordAuthentication no