深入浅出Fedora自动化部署脚本编写从基础命令到高级应用全面解析

威震华夏关云长 · 发表于 2025-9-3 12:20:00

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。

您需要登录才可以下载或查看，没有账号？立即注册

x

引言

Fedora作为一款功能强大的Linux发行版，广泛应用于服务器环境和个人开发工作站。在大规模部署和管理Fedora系统时，手动配置不仅耗时耗力，而且容易出错。自动化部署脚本能够显著提高效率，减少人为错误，确保配置的一致性。本文将从基础命令开始，逐步深入到高级应用，全面解析Fedora自动化部署脚本的编写技巧。

基础命令篇

在编写自动化部署脚本之前，我们需要掌握一些基础的Linux命令。这些命令是构建复杂脚本的基础模块。

文件和目录操作

# 创建目录
mkdir /path/to/directory
# 递归创建目录
mkdir -p /path/to/nested/directory
# 复制文件或目录
cp source_file destination_file
cp -r source_directory destination_directory
# 移动/重命名文件或目录
mv old_name new_name
# 删除文件
rm file_name
# 递归删除目录及其内容
rm -r directory_name
# 强制删除，不提示确认
rm -f file_name
rm -rf directory_name
# 创建空文件或更新文件时间戳
touch file_name
# 查看文件内容
cat file_name
# 分页查看文件内容
less file_name
more file_name
# 查看文件头部内容
head -n 10 file_name
# 查看文件尾部内容
tail -n 10 file_name
tail -f file_name # 实时查看文件更新

复制代码

文本处理

# 搜索文本
grep "pattern" file_name
# 递归搜索目录中的文件
grep -r "pattern" directory_name
# 替换文本
sed 's/old_text/new_text/g' file_name
# 排序
sort file_name
# 去重
sort file_name | uniq
# 统计行数、单词数和字符数
wc file_name
# 提取列
cut -d',' -f1,3 file_name # 使用逗号作为分隔符，提取第1和第3列

复制代码

权限管理

# 修改文件权限
chmod 755 file_name # rwxr-xr-x
chmod u+x file_name # 给文件所有者添加执行权限
# 修改文件所有者
chown user:group file_name
# 修改文件所属组
chgrp group file_name

复制代码

软件包管理（DNF）

# 安装软件包
dnf install package_name
# 卸载软件包
dnf remove package_name
# 更新所有软件包
dnf update
# 搜索软件包
dnf search keyword
# 显示软件包信息
dnf info package_name
# 列出已安装的软件包
dnf list installed
# 清理缓存
dnf clean all

复制代码

系统服务管理

# 启动服务
systemctl start service_name
# 停止服务
systemctl stop service_name
# 重启服务
systemctl restart service_name
# 重新加载服务配置
systemctl reload service_name
# 启用服务开机自启
systemctl enable service_name
# 禁用服务开机自启
systemctl disable service_name
# 查看服务状态
systemctl status service_name
# 查看所有服务状态
systemctl list-units --type=service

复制代码

网络配置

# 显示网络接口信息
ip addr show
# 显示路由表
ip route show
# 测试网络连通性
ping host_name_or_ip
# 显示网络连接
ss -tuln
# 下载文件
wget URL
curl -O URL
# 安全复制文件
scp user@remote_host:/path/to/remote/file /path/to/local/directory

复制代码

Shell脚本基础

掌握了基础命令后，我们可以开始学习如何将这些命令组合成Shell脚本。

脚本的基本结构

一个基本的Shell脚本包含以下元素：

#!/bin/bash
# 脚本说明：这是一个简单的示例脚本
# 作者：Your Name
# 日期：YYYY-MM-DD
# 定义变量
GREETING="Hello, World!"
# 主逻辑
echo $GREETING
# 退出脚本
exit 0

复制代码

• #!/bin/bash：称为shebang，告诉系统使用Bash解释器执行此脚本
• 注释：以#开头的行是注释，用于解释代码
• 变量：用于存储数据，使用=赋值，引用时使用$符号
• exit 0：表示脚本成功执行并退出

变量和参数

#!/bin/bash
# 定义变量
NAME="Fedora"
VERSION="35"
# 使用变量
echo "Operating System: $NAME"
echo "Version: $VERSION"
# 特殊变量
echo "Script name: $0" # 脚本名称
echo "First parameter: $1" # 第一个参数
echo "Second parameter: $2" # 第二个参数
echo "All parameters: $@" # 所有参数
echo "Number of parameters: $#" # 参数个数
echo "Process ID: $$" # 当前进程ID
# 命令替换
CURRENT_DIR=$(pwd)
echo "Current directory: $CURRENT_DIR"
# 算术运算
SUM=$((5 + 3))
echo "5 + 3 = $SUM"

复制代码

用户输入

#!/bin/bash
# 读取用户输入
echo "Enter your name:"
read NAME
echo "Hello, $NAME!"
# 带提示的读取
read -p "Enter your age: " AGE
echo "You are $AGE years old."
# 密码输入（不显示）
read -s -p "Enter your password: " PASSWORD
echo -e "\nPassword received."
# 选择菜单
echo "Select an option:"
echo "1) Option 1"
echo "2) Option 2"
echo "3) Option 3"
read -p "Enter your choice [1-3]: " CHOICE
case $CHOICE in
1)
echo "You selected Option 1"
;;
2)
echo "You selected Option 2"
;;
3)
echo "You selected Option 3"
;;
*)
echo "Invalid option"
;;
esac

复制代码

中级应用

掌握了基础之后，我们可以学习更复杂的脚本编写技巧。

条件判断

#!/bin/bash
# 文件测试
FILE="/etc/fedora-release"
if [ -f "$FILE" ]; then
echo "$FILE exists and is a regular file."
else
echo "$FILE does not exist or is not a regular file."
fi
# 数字比较
NUM1=10
NUM2=20
if [ $NUM1 -eq $NUM2 ]; then
echo "$NUM1 is equal to $NUM2"
elif [ $NUM1 -lt $NUM2 ]; then
echo "$NUM1 is less than $NUM2"
else
echo "$NUM1 is greater than $NUM2"
fi
# 字符串比较
STRING1="Fedora"
STRING2="fedora"
if [ "$STRING1" = "$STRING2" ]; then
echo "Strings are equal"
else
echo "Strings are not equal"
fi
# 逻辑运算
AGE=25
if [ $AGE -gt 18 ] && [ $AGE -lt 65 ]; then
echo "You are an adult"
fi
if [ $AGE -le 18 ] || [ $AGE -ge 65 ]; then
echo "You are not in the typical working age"
fi
# 测试命令是否存在
if command -v dnf >/dev/null 2>&1; then
echo "DNF package manager is available"
else
echo "DNF package manager is not available"
fi

复制代码

循环结构

#!/bin/bash
# for循环 - 遍历列表
echo "Fruits:"
for FRUIT in apple banana cherry; do
echo " $FRUIT"
done
# for循环 - 数字范围
echo "Counting to 5:"
for i in {1..5}; do
echo " $i"
done
# C风格for循环
echo "Counting down from 10:"
for ((i=10; i>=0; i--)); do
echo " $i"
done
# while循环
COUNT=0
echo "Counting to 5 with while loop:"
while [ $COUNT -le 5 ]; do
echo " $COUNT"
COUNT=$((COUNT + 1))
done
# until循环
COUNT=0
echo "Counting to 5 with until loop:"
until [ $COUNT -gt 5 ]; do
echo " $COUNT"
COUNT=$((COUNT + 1))
done
# break和continue
echo "Even numbers up to 10:"
for i in {1..10}; do
if [ $((i % 2)) -ne 0 ]; then
continue # 跳过奇数
fi
echo " $i"
if [ $i -eq 8 ]; then
break # 在8处停止
fi
done
# 遍历文件
echo "Files in current directory:"
for FILE in *; do
if [ -f "$FILE" ]; then
echo " $FILE"
fi
done
# 读取文件行
echo "Reading /etc/os-release:"
while IFS= read -r LINE; do
echo " $LINE"
done < /etc/os-release

复制代码

函数

#!/bin/bash
# 定义简单函数
hello() {
echo "Hello, World!"
}
# 调用函数
hello
# 带参数的函数
greet() {
echo "Hello, $1!"
}
greet "Fedora User"
# 带返回值的函数
add() {
local SUM=$(( $1 + $2 ))
echo $SUM
}
RESULT=$(add 10 20)
echo "10 + 20 = $RESULT"
# 使用return返回状态码
check_file() {
if [ -f "$1" ]; then
return 0 # 成功
else
return 1 # 失败
fi
}
check_file "/etc/fedora-release"
if [ $? -eq 0 ]; then
echo "File exists"
else
echo "File does not exist"
fi
# 局部变量和全局变量
GLOBAL_VAR="I am global"
demo_scope() {
local LOCAL_VAR="I am local"
GLOBAL_VAR="Modified global"
echo "Inside function:"
echo " Global: $GLOBAL_VAR"
echo " Local: $LOCAL_VAR"
}
demo_scope
echo "Outside function:"
echo " Global: $GLOBAL_VAR"
echo " Local: $LOCAL_VAR" # 这将是空的
# 递归函数
factorial() {
if [ $1 -le 1 ]; then
echo 1
else
local TEMP=$(factorial $(( $1 - 1 )))
echo $(( $1 * TEMP ))
fi
}
echo "Factorial of 5 is $(factorial 5)"

复制代码

数组操作

#!/bin/bash
# 定义数组
DISTROS=("Fedora" "Ubuntu" "Debian" "CentOS" "Arch")
# 访问数组元素
echo "First distro: ${DISTROS[0]}"
echo "Second distro: ${DISTROS[1]}"
# 访问所有元素
echo "All distros: ${DISTROS[@]}"
echo "All distros: ${DISTROS[*]}"
# 获取数组长度
echo "Number of distros: ${#DISTROS[@]}"
# 遍历数组
echo "List of distros:"
for DISTRO in "${DISTROS[@]}"; do
echo " $DISTRO"
done
# 添加元素到数组
DISTROS+=("openSUSE")
echo "After adding openSUSE: ${DISTROS[@]}"
# 从数组中删除元素
unset DISTROS[2] # 删除Debian
echo "After removing Debian: ${DISTROS[@]}"
# 数组切片
echo "First three distros: ${DISTROS[@]:0:3}"
# 关联数组（类似字典）
declare -A PACKAGE_MANAGER
PACKAGE_MANAGER["Fedora"]="dnf"
PACKAGE_MANAGER["Ubuntu"]="apt"
PACKAGE_MANAGER["Arch"]="pacman"
echo "Package manager for Fedora: ${PACKAGE_MANAGER["Fedora"]}"
echo "Package manager for Ubuntu: ${PACKAGE_MANAGER["Ubuntu"]}"
# 遍历关联数组
echo "Package managers:"
for DISTRO in "${!PACKAGE_MANAGER[@]}"; do
echo " $DISTRO: ${PACKAGE_MANAGER[$DISTRO]}"
done

复制代码

高级应用

现在我们进入更高级的主题，这些技巧将使你的脚本更加健壮和专业。

错误处理

#!/bin/bash
# 使用set命令增强错误处理
set -e # 任何命令返回非零状态时立即退出
set -u # 使用未定义的变量时报错
set -o pipefail # 管道中任何命令失败时，整个管道失败
# 自定义错误处理
error_handler() {
echo "Error occurred in script at line: $1"
echo "Command exited with status: $2"
exit $2
}
# 使用trap捕获错误
trap 'error_handler $LINENO $?' ERR
# 示例：尝试创建目录
echo "Creating directory..."
mkdir -p /tmp/test_dir || {
echo "Failed to create directory"
exit 1
}
# 检查命令是否存在
command_exists() {
command -v "$1" >/dev/null 2>&1
}
if ! command_exists "dnf"; then
echo "DNF package manager is not installed"
exit 1
fi
# 安全地执行命令
safe_execute() {
echo "Executing: $*"
if "$@"; then
echo "Command executed successfully"
else
echo "Command failed with exit code: $?"
return 1
fi
}
# 使用安全执行
safe_execute dnf check-update || echo "Update check failed, but continuing..."
# 临时禁用错误处理
echo "This command might fail, but we'll continue anyway"
set +e
command_that_might_fail
set -e
# 自定义错误消息
die() {
echo "ERROR: $*" >&2
exit 1
}
# 使用自定义错误消息
[ -f "/etc/fedora-release" ] || die "Fedora release file not found. This script requires Fedora."
echo "Script completed successfully"

复制代码

日志记录

#!/bin/bash
# 配置日志
LOG_FILE="/var/log/fedora_deploy.log"
MAX_LOG_SIZE=1048576 # 1MB
# 日志函数
log() {
local LEVEL=$1
shift
local MESSAGE="$*"
local TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S")
echo "[$TIMESTAMP] [$LEVEL] $MESSAGE" | tee -a "$LOG_FILE"
}
info() {
log "INFO" "$@"
}
warn() {
log "WARN" "$@"
}
error() {
log "ERROR" "$@"
}
debug() {
if [ "$DEBUG" = "true" ]; then
log "DEBUG" "$@"
fi
}
# 检查并轮转日志
rotate_log() {
if [ -f "$LOG_FILE" ] && [ $(stat -c%s "$LOG_FILE") -gt $MAX_LOG_SIZE ]; then
mv "$LOG_FILE" "${LOG_FILE}.old"
touch "$LOG_FILE"
info "Log file rotated"
fi
}
# 初始化日志
init_logging() {
# 确保日志目录存在
mkdir -p "$(dirname "$LOG_FILE")"
# 检查日志大小并轮转
rotate_log
# 记录脚本启动
info "===== Script started ====="
info "Running as user: $(whoami)"
info "Script PID: $$"
}
# 示例使用
init_logging
info "Starting Fedora deployment"
debug "Debug information: DNF version is $(dnf --version | head -1)"
# 模拟一个操作
if dnf check-update; then
info "Package check completed successfully"
else
error "Package check failed"
fi
warn "This is a warning message"
info "Script completed"

复制代码

配置管理

#!/bin/bash
# 配置文件路径
CONFIG_FILE="/etc/fedora_deploy.conf"
# 默认配置
DEFAULT_CONFIG=(
"INSTALL_GUI=false"
"INSTALL_DEV_TOOLS=true"
"SETUP_FIREWALL=true"
"CREATE_USER=true"
"USER_NAME=fedorauser"
"ENABLE_SSH=true"
"SSH_PORT=22"
)
# 加载配置文件
load_config() {
# 如果配置文件不存在，创建默认配置文件
if [ ! -f "$CONFIG_FILE" ]; then
info "Configuration file not found. Creating default configuration."
create_default_config
fi
# 加载配置文件
source "$CONFIG_FILE"
info "Configuration loaded from $CONFIG_FILE"
}
# 创建默认配置文件
create_default_config() {
{
echo "# Fedora Deployment Configuration"
echo "# Generated on $(date)"
echo ""
for setting in "${DEFAULT_CONFIG[@]}"; do
echo "$setting"
done
} > "$CONFIG_FILE"
# 设置适当的权限
chmod 644 "$CONFIG_FILE"
}
# 验证配置
validate_config() {
local errors=0
# 检查必需的配置项
if [ -z "$USER_NAME" ]; then
error "USER_NAME is not configured"
errors=$((errors + 1))
fi
# 验证SSH端口
if ! [[ "$SSH_PORT" =~ ^[0-9]+$ ]] || [ "$SSH_PORT" -lt 1 ] || [ "$SSH_PORT" -gt 65535 ]; then
error "Invalid SSH_PORT: $SSH_PORT"
errors=$((errors + 1))
fi
# 验证布尔值
for var in INSTALL_GUI INSTALL_DEV_TOOLS SETUP_FIREWALL CREATE_USER ENABLE_SSH; do
if [ "${!var}" != "true" ] && [ "${!var}" != "false" ]; then
error "Invalid value for $var: ${!var}. Must be 'true' or 'false'."
errors=$((errors + 1))
fi
done
if [ $errors -gt 0 ]; then
error "Configuration validation failed with $errors errors"
exit 1
fi
info "Configuration validation passed"
}
# 显示当前配置
show_config() {
echo "Current configuration:"
echo " INSTALL_GUI: $INSTALL_GUI"
echo " INSTALL_DEV_TOOLS: $INSTALL_DEV_TOOLS"
echo " SETUP_FIREWALL: $SETUP_FIREWALL"
echo " CREATE_USER: $CREATE_USER"
echo " USER_NAME: $USER_NAME"
echo " ENABLE_SSH: $ENABLE_SSH"
echo " SSH_PORT: $SSH_PORT"
}
# 更新配置项
update_config() {
local key=$1
local value=$2
# 检查配置文件是否存在
if [ ! -f "$CONFIG_FILE" ]; then
error "Configuration file does not exist"
return 1
fi
# 临时文件
local temp_config=$(mktemp)
# 更新配置项
if grep -q "^$key=" "$CONFIG_FILE"; then
sed "s/^$key=.*/$key=$value/" "$CONFIG_FILE" > "$temp_config"
else
cp "$CONFIG_FILE" "$temp_config"
echo "$key=$value" >> "$temp_config"
fi
# 替换原文件
mv "$temp_config" "$CONFIG_FILE"
info "Configuration updated: $key=$value"
}
# 示例使用
load_config
validate_config
show_config
# 更新配置
update_config "INSTALL_GUI" "true"
# 重新加载配置
load_config
show_config

复制代码

信号处理

#!/bin/bash
# 信号处理函数
cleanup() {
echo "Caught signal, cleaning up..."
# 在这里执行清理操作
if [ -n "$TEMP_DIR" ] && [ -d "$TEMP_DIR" ]; then
echo "Removing temporary directory: $TEMP_DIR"
rm -rf "$TEMP_DIR"
fi
# 停止后台进程
if [ -n "$BG_PID" ]; then
echo "Stopping background process (PID: $BG_PID)"
kill $BG_PID 2>/dev/null
fi
echo "Cleanup completed"
exit 1
}
# 设置信号处理
trap cleanup SIGINT SIGTERM
# 创建临时目录
TEMP_DIR=$(mktemp -d)
echo "Created temporary directory: $TEMP_DIR"
# 模拟长时间运行的任务
long_running_task() {
echo "Starting long running task..."
# 模拟工作
for i in {1..30}; do
echo "Working... $i/30"
sleep 1
done
echo "Long running task completed"
}
# 在后台运行任务
long_running_task &
BG_PID=$!
# 等待后台任务完成
wait $BG_PID
# 如果脚本正常完成，也进行清理
echo "Script completed normally"
cleanup
exit 0

复制代码

实际案例：Fedora自动化部署脚本

现在，让我们将前面学到的知识组合起来，创建一个完整的Fedora自动化部署脚本。

#!/bin/bash
# Fedora 自动化部署脚本
# 作者: System Admin
# 日期: $(date +%Y-%m-%d)
# 设置严格模式
set -euo pipefail
# 配置
CONFIG_FILE="/etc/fedora_deploy.conf"
LOG_FILE="/var/log/fedora_deploy.log"
MAX_LOG_SIZE=1048576 # 1MB
# 默认配置
DEFAULT_CONFIG=(
"INSTALL_GUI=false"
"INSTALL_DEV_TOOLS=true"
"SETUP_FIREWALL=true"
"CREATE_USER=true"
"USER_NAME=fedorauser"
"ENABLE_SSH=true"
"SSH_PORT=22"
)
# 全局变量
TEMP_DIR=""
BG_PID=""
# =============================================================================
# 函数定义
# =============================================================================
# 日志函数
log() {
local LEVEL=$1
shift
local MESSAGE="$*"
local TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S")
echo "[$TIMESTAMP] [$LEVEL] $MESSAGE" | tee -a "$LOG_FILE"
}
info() {
log "INFO" "$@"
}
warn() {
log "WARN" "$@"
}
error() {
log "ERROR" "$@"
}
debug() {
if [ "${DEBUG:-false}" = "true" ]; then
log "DEBUG" "$@"
fi
}
# 错误处理
error_handler() {
local LINE_NO=$1
local EXIT_CODE=$2
error "Script failed at line $LINE_NO with exit code $EXIT_CODE"
cleanup
exit $EXIT_CODE
}
# 设置错误处理
trap 'error_handler $LINENO $?' ERR
# 清理函数
cleanup() {
debug "Starting cleanup"
# 清理临时目录
if [ -n "$TEMP_DIR" ] && [ -d "$TEMP_DIR" ]; then
debug "Removing temporary directory: $TEMP_DIR"
rm -rf "$TEMP_DIR"
fi
# 停止后台进程
if [ -n "$BG_PID" ]; then
debug "Stopping background process (PID: $BG_PID)"
kill $BG_PID 2>/dev/null || true
fi
debug "Cleanup completed"
}
# 设置信号处理
trap cleanup SIGINT SIGTERM
# 检查并轮转日志
rotate_log() {
if [ -f "$LOG_FILE" ] && [ $(stat -c%s "$LOG_FILE" 2>/dev/null || echo 0) -gt $MAX_LOG_SIZE ]; then
mv "$LOG_FILE" "${LOG_FILE}.old"
touch "$LOG_FILE"
info "Log file rotated"
fi
}
# 创建默认配置文件
create_default_config() {
info "Creating default configuration file"
mkdir -p "$(dirname "$CONFIG_FILE")"
{
echo "# Fedora Deployment Configuration"
echo "# Generated on $(date)"
echo ""
for setting in "${DEFAULT_CONFIG[@]}"; do
echo "$setting"
done
} > "$CONFIG_FILE"
chmod 644 "$CONFIG_FILE"
}
# 加载配置
load_config() {
if [ ! -f "$CONFIG_FILE" ]; then
info "Configuration file not found. Creating default configuration."
create_default_config
fi
source "$CONFIG_FILE"
info "Configuration loaded from $CONFIG_FILE"
}
# 验证配置
validate_config() {
info "Validating configuration"
local errors=0
# 检查必需的配置项
if [ -z "$USER_NAME" ]; then
error "USER_NAME is not configured"
errors=$((errors + 1))
fi
# 验证SSH端口
if ! [[ "$SSH_PORT" =~ ^[0-9]+$ ]] || [ "$SSH_PORT" -lt 1 ] || [ "$SSH_PORT" -gt 65535 ]; then
error "Invalid SSH_PORT: $SSH_PORT"
errors=$((errors + 1))
fi
# 验证布尔值
for var in INSTALL_GUI INSTALL_DEV_TOOLS SETUP_FIREWALL CREATE_USER ENABLE_SSH; do
if [ "${!var}" != "true" ] && [ "${!var}" != "false" ]; then
error "Invalid value for $var: ${!var}. Must be 'true' or 'false'."
errors=$((errors + 1))
fi
done
if [ $errors -gt 0 ]; then
error "Configuration validation failed with $errors errors"
exit 1
fi
info "Configuration validation passed"
}
# 检查是否以root运行
check_root() {
if [ "$(id -u)" -ne 0 ]; then
error "This script must be run as root"
exit 1
fi
info "Running as root"
}
# 更新系统
update_system() {
info "Updating system packages"
# 更新DNF缓存
dnf makecache || warn "Failed to update DNF cache"
# 系统更新
dnf update -y || {
error "Failed to update system packages"
return 1
}
info "System updated successfully"
}
# 安装基础软件包
install_base_packages() {
info "Installing base packages"
local BASE_PACKAGES=(
"vim"
"wget"
"curl"
"git"
"tar"
"gzip"
"unzip"
"htop"
"ncdu"
"tmux"
"nmap"
"tcpdump"
"bind-utils"
"net-tools"
)
for package in "${BASE_PACKAGES[@]}"; do
info "Installing $package"
dnf install -y "$package" || warn "Failed to install $package"
done
info "Base packages installation completed"
}
# 安装GUI（如果配置为true）
install_gui() {
if [ "$INSTALL_GUI" != "true" ]; then
info "GUI installation skipped (disabled in configuration)"
return 0
fi
info "Installing GUI packages"
local GUI_PACKAGES=(
"@graphical-environment"
"@base-x"
"gnome-shell"
"gnome-terminal"
"nautilus"
)
for package in "${GUI_PACKAGES[@]}"; do
info "Installing $package"
dnf install -y "$package" || warn "Failed to install $package"
done
# 设置默认目标为图形界面
systemctl set-default graphical.target || warn "Failed to set default target to graphical"
info "GUI installation completed"
}
# 安装开发工具（如果配置为true）
install_dev_tools() {
if [ "$INSTALL_DEV_TOOLS" != "true" ]; then
info "Development tools installation skipped (disabled in configuration)"
return 0
fi
info "Installing development tools"
local DEV_PACKAGES=(
"@development-tools"
"gcc"
"gcc-c++"
"make"
"cmake"
"python3"
"python3-pip"
"nodejs"
"npm"
"golang"
"docker"
"postgresql"
"postgresql-server"
"redis"
)
for package in "${DEV_PACKAGES[@]}"; do
info "Installing $package"
dnf install -y "$package" || warn "Failed to install $package"
done
# 启用并启动Docker服务
if command -v docker >/dev/null 2>&1; then
systemctl enable --now docker || warn "Failed to enable and start Docker"
fi
info "Development tools installation completed"
}
# 设置防火墙（如果配置为true）
setup_firewall() {
if [ "$SETUP_FIREWALL" != "true" ]; then
info "Firewall setup skipped (disabled in configuration)"
return 0
fi
info "Setting up firewall"
# 安装firewalld
dnf install -y firewalld || {
error "Failed to install firewalld"
return 1
}
# 启用并启动firewalld
systemctl enable --now firewalld || {
error "Failed to enable and start firewalld"
return 1
}
# 如果启用了SSH，打开SSH端口
if [ "$ENABLE_SSH" = "true" ]; then
firewall-cmd --permanent --add-port="${SSH_PORT}/tcp" || warn "Failed to open SSH port in firewall"
firewall-cmd --reload || warn "Failed to reload firewall rules"
fi
info "Firewall setup completed"
}
# 创建用户（如果配置为true）
create_user() {
if [ "$CREATE_USER" != "true" ]; then
info "User creation skipped (disabled in configuration)"
return 0
fi
info "Creating user: $USER_NAME"
# 检查用户是否已存在
if id "$USER_NAME" &>/dev/null; then
warn "User $USER_NAME already exists"
return 0
fi
# 创建用户
useradd -m -s /bin/bash "$USER_NAME" || {
error "Failed to create user $USER_NAME"
return 1
}
# 设置密码（这里使用随机密码，实际应用中可能需要其他方式）
local PASSWORD=$(openssl rand -base64 12)
echo "$USER_NAME:$PASSWORD" | chpasswd || {
error "Failed to set password for user $USER_NAME"
return 1
}
# 将用户添加到wheel组（sudo权限）
usermod -aG wheel "$USER_NAME" || warn "Failed to add user $USER_NAME to wheel group"
# 保存密码到文件（实际应用中可能需要更安全的方式）
echo "User: $USER_NAME, Password: $PASSWORD" > "/home/$USER_NAME/credentials.txt"
chmod 600 "/home/$USER_NAME/credentials.txt"
chown "$USER_NAME:$USER_NAME" "/home/$USER_NAME/credentials.txt"
info "User $USER_NAME created successfully"
}
# 设置SSH（如果配置为true）
setup_ssh() {
if [ "$ENABLE_SSH" != "true" ]; then
info "SSH setup skipped (disabled in configuration)"
return 0
fi
info "Setting up SSH"
# 安装OpenSSH服务器
dnf install -y openssh-server || {
error "Failed to install OpenSSH server"
return 1
}
# 备份原始配置文件
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
# 配置SSH
cat > /etc/ssh/sshd_config << EOF
Port $SSH_PORT
PermitRootLogin no
PasswordAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/libexec/openssh/sftp-server
EOF
# 如果创建了用户，为用户设置SSH目录
if [ "$CREATE_USER" = "true" ] && [ -d "/home/$USER_NAME" ]; then
mkdir -p "/home/$USER_NAME/.ssh"
touch "/home/$USER_NAME/.ssh/authorized_keys"
chmod 700 "/home/$USER_NAME/.ssh"
chmod 600 "/home/$USER_NAME/.ssh/authorized_keys"
chown -R "$USER_NAME:$USER_NAME" "/home/$USER_NAME/.ssh"
fi
# 启用并启动SSH服务
systemctl enable --now sshd || {
error "Failed to enable and start SSH service"
return 1
}
info "SSH setup completed"
}
# 优化系统性能
optimize_system() {
info "Optimizing system performance"
# 创建sysctl配置文件
cat > /etc/sysctl.d/99-sysctl.conf << EOF
# Increase file descriptor limit
fs.file-max = 100000
# Network optimization
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 65536
# Swap optimization
vm.swappiness = 10
vm.vfs_cache_pressure = 50
EOF
# 应用sysctl设置
sysctl -p /etc/sysctl.d/99-sysctl.conf || warn "Failed to apply sysctl settings"
# 设置文件描述符限制
echo "* soft nofile 100000" >> /etc/security/limits.conf
echo "* hard nofile 100000" >> /etc/security/limits.conf
info "System optimization completed"
}
# 显示部署摘要
show_summary() {
info "Deployment Summary"
info "=================="
info "System: $(cat /etc/fedora-release)"
info "Kernel: $(uname -r)"
info "Architecture: $(uname -m)"
info ""
if [ "$INSTALL_GUI" = "true" ]; then
info "GUI: Installed"
else
info "GUI: Not installed"
fi
if [ "$INSTALL_DEV_TOOLS" = "true" ]; then
info "Development Tools: Installed"
else
info "Development Tools: Not installed"
fi
if [ "$SETUP_FIREWALL" = "true" ]; then
info "Firewall: Enabled"
else
info "Firewall: Not enabled"
fi
if [ "$CREATE_USER" = "true" ]; then
info "User: $USER_NAME created"
if [ -f "/home/$USER_NAME/credentials.txt" ]; then
info "Credentials saved to /home/$USER_NAME/credentials.txt"
fi
else
info "User: Not created"
fi
if [ "$ENABLE_SSH" = "true" ]; then
info "SSH: Enabled on port $SSH_PORT"
else
info "SSH: Not enabled"
fi
info ""
info "Deployment completed successfully!"
}
# =============================================================================
# 主函数
# =============================================================================
main() {
# 初始化
rotate_log
info "Starting Fedora deployment script"
# 检查运行环境
check_root
# 加载并验证配置
load_config
validate_config
# 创建临时目录
TEMP_DIR=$(mktemp -d)
debug "Created temporary directory: $TEMP_DIR"
# 执行部署步骤
update_system
install_base_packages
install_gui
install_dev_tools
setup_firewall
create_user
setup_ssh
optimize_system
# 显示部署摘要
show_summary
# 清理
cleanup
info "Fedora deployment script completed successfully"
exit 0
}
# 运行主函数
main

复制代码

最佳实践和注意事项

在编写Fedora自动化部署脚本时，遵循一些最佳实践可以帮助你创建更可靠、更安全的脚本。

代码组织和可读性

1. 使用函数模块化代码：将相关功能组织到函数中，使代码更易于理解和维护。

# 不好的做法
echo "Updating system..."
dnf update -y
echo "Installing packages..."
dnf install -y package1 package2
# 好的做法
update_system() {
echo "Updating system..."
dnf update -y
}
install_packages() {
echo "Installing packages..."
dnf install -y package1 package2
}
update_system
install_packages

复制代码

1. 使用有意义的变量名：避免使用单字母变量名，使用描述性名称。

# 不好的做法
d=$1
f=$2
# 好的做法
DIRECTORY=$1
FILENAME=$2

复制代码

1. 添加注释：为复杂的代码段添加注释，解释其功能和目的。

# 检查文件是否存在并可读
if [ -f "$CONFIG_FILE" ] && [ -r "$CONFIG_FILE" ]; then
source "$CONFIG_FILE"
fi

复制代码

错误处理和健壮性

1. 使用set命令：使用set -euo pipefail使脚本在遇到错误时立即退出。

#!/bin/bash
set -euo pipefail

复制代码

1. 检查命令是否存在：在使用命令前检查它是否存在。

if command -v dnf >/dev/null 2>&1; then
dnf update -y
else
echo "DNF package manager not found"
exit 1
fi

复制代码

1. 验证输入：验证用户输入和配置参数。

# 验证端口号
if ! [[ "$PORT" =~ ^[0-9]+$ ]] || [ "$PORT" -lt 1 ] || [ "$PORT" -gt 65535 ]; then
echo "Invalid port number: $PORT"
exit 1
fi

复制代码

安全性考虑

1. 避免硬编码敏感信息：不要在脚本中硬编码密码、API密钥等敏感信息。

# 不好的做法
PASSWORD="secret123"
# 好的做法
read -s -p "Enter password: " PASSWORD

复制代码

1. 安全地处理临时文件：使用mktemp创建临时文件，并在使用后删除。

TEMP_FILE=$(mktemp)
# 使用临时文件...
rm -f "$TEMP_FILE"

复制代码

1. 限制文件权限：确保敏感文件具有适当的权限。

touch "$CONFIG_FILE"
chmod 600 "$CONFIG_FILE" # 仅所有者可读写

复制代码

性能优化

1. 避免不必要的命令：减少不必要的命令调用，特别是在循环中。

# 不好的做法
for i in {1..100}; do
CURRENT_DIR=$(pwd)
echo "Processing in $CURRENT_DIR"
done
# 好的做法
CURRENT_DIR=$(pwd)
for i in {1..100}; do
echo "Processing in $CURRENT_DIR"
done

复制代码

1. 使用内置Shell功能：优先使用Shell内置功能，而不是外部命令。

# 不好的做法
LENGTH=$(echo "$STRING" | wc -c)
# 好的做法
LENGTH=${#STRING}

复制代码

1. 并行处理：对于可以并行执行的任务，使用后台处理。

# 顺序处理
process_file file1
process_file file2
process_file file3
# 并行处理
process_file file1 &
process_file file2 &
process_file file3 &
wait # 等待所有后台任务完成

复制代码

可维护性和可扩展性

1. 使用配置文件：将配置参数与脚本逻辑分离，使用外部配置文件。

# 加载配置文件
if [ -f "$CONFIG_FILE" ]; then
source "$CONFIG_FILE"
else
echo "Configuration file not found: $CONFIG_FILE"
exit 1
fi

复制代码

1. 提供帮助信息：为脚本添加帮助信息，说明如何使用。

show_help() {
echo "Usage: $0 [OPTIONS]"
echo "Options:"
echo " -c, --config FILE Use specified configuration file"
echo " -h, --help Show this help message"
echo " -v, --verbose Enable verbose output"
}
# 解析命令行参数
while [[ $# -gt 0 ]]; do
case "$1" in
-c|--config)
CONFIG_FILE="$2"
shift 2
;;
-h|--help)
show_help
exit 0
;;
-v|--verbose)
VERBOSE=true
shift
;;
*)
echo "Unknown option: $1"
show_help
exit 1
;;
esac
done

复制代码

1. 版本控制：使用版本控制系统（如Git）管理脚本，记录变更历史。

测试和调试

1. 添加调试模式：为脚本添加调试模式，输出详细的执行信息。

DEBUG=false
debug() {
if [ "$DEBUG" = "true" ]; then
echo "DEBUG: $*" >&2
fi
}
# 使用调试
debug "Processing file: $FILENAME"

复制代码

1. 使用shellcheck：使用shellcheck工具检查脚本中的常见问题。

# 安装shellcheck
dnf install -y shellcheck
# 检查脚本
shellcheck your_script.sh

复制代码

1. 分步测试：在部署到生产环境之前，先在测试环境中分步测试脚本。

# 在脚本中添加测试模式
if [ "$TEST_MODE" = "true" ]; then
echo "Running in test mode"
# 添加测试逻辑...
fi

复制代码

结论

Fedora自动化部署脚本是系统管理员和开发人员的强大工具，能够显著提高部署效率，减少人为错误，确保系统配置的一致性。本文从基础命令开始，逐步深入到高级应用，全面解析了Fedora自动化部署脚本的编写技巧。

通过掌握这些技术，你可以创建功能强大、健壮可靠的自动化部署脚本，满足各种复杂的部署需求。记住，好的脚本不仅要能够完成任务，还要易于维护、扩展和理解。遵循最佳实践，持续改进你的脚本，它们将成为你管理Fedora系统的得力助手。

随着技术的不断发展，自动化部署领域也在不断演进。保持学习，探索新的工具和技术，如Ansible、Docker和Kubernetes，将帮助你构建更加现代化、高效的部署解决方案。无论技术如何变化，本文介绍的基本原则和技巧都将是你宝贵的财富。

	通知：关于部分勋章领取条件及购买价格调整的通知	05-18 21:22
	通知：本站资源由网友上传分享，如有违规等问题请到版务模块进行投诉，资源失效请在帖子内回复要求补档，会尽快处理！	10-23 09:31

活动公告

深入浅出Fedora自动化部署脚本编写从基础命令到高级应用全面解析

马上注册，结交更多好友，享用更多功能，让你轻松玩转社区。

浏览过的版块

塔罗

立华奏

站长推荐 /1

友情链接

Tencent QQ