案例1 自动化服务部署与健康检查
#!/bin/bash
set -euo pipefail # 严格错误处理
DEPLOY_DIR="/opt/app"
VERSION="2.3.1"
REMOTE_FILE="app-${VERSION}.tar.gz"
HEALTH_CHECK_URL="http://localhost:8080/health"
# 安全下载并校验哈希
download_app() {
local url="https://repo.example.com/${REMOTE_FILE}"
wget -nv "${url}" -P /tmp || { echo "下载失败"; exit 1; }
echo "6a8f3d4... /tmp/${REMOTE_FILE}" | sha256sum -c - || exit 1
}
deploy() {
tar -xzf "/tmp/${REMOTE_FILE}" -C "${DEPLOY_DIR}" --overwrite
systemctl restart app-service
}
# 健康检查 (重试机制)
check_health() {
for i in {1..5}; do
if curl -sSf --connect-timeout 5 "${HEALTH_CHECK_URL}" | grep -q "OK"; then
echo "服务启动成功"
return 0
fi
sleep 10
done
echo "健康检查失败!"
return 1
}
main() {
download_app
deploy
check_health || {
echo "回滚到版本 2.2.0"
rollback_to "2.2.0"
}
}
main
案例2 日志实时分析告警
#!/bin/bash
# 监控Nginx日志,高频访问IP告警
LOG="/var/log/nginx/access.log"
ALERT_THRESHOLD=100 # 每分钟100次请求
tail -Fn0 "$LOG" | while read line; do
# 实时提取IP并计数
awk '{print $1}' | \
sort | uniq -c | \
while read count ip; do
if [ "$count" -gt "$ALERT_THRESHOLD" ]; then
echo "[$(date +%F\ %T)] 异常IP: $ip 请求次数: $count" \
| mail -s "DDoS告警" admin@example.com
# 自动封禁IP
iptables -A INPUT -s "$ip" -j DROP
fi
done
done
应用场景:
实时检测CC攻击
自动触发邮件告警
联动iptables动态封禁
案例3 多服务器批量操作框架
#!/bin/bash
# 集群批量执行工具
HOSTS=("web1" "web2" "db1" "192.168.1.10")
SSH_USER="admin"
COMMAND="$1"
parallel_exec() {
local host="$1"
ssh -o ConnectTimeout=5 -T "${SSH_USER}@${host}" "$COMMAND"
local exit_code=$?
[ $exit_code -ne 0 ] && echo "[$host] 执行失败! Code:$exit_code"
}
# 使用进程池并行执行
export -f parallel_exec
export SSH_USER COMMAND
printf "%s\n" "${HOSTS[@]}" | xargs -P 10 -I{} bash -c 'parallel_exec "$@"' _ {}案例4 数据库自动备份与加密
#!/bin/bash
# MySQL全库备份加密
BACKUP_DIR="/backup/mysql"
PASSWORD="$(openssl rand -base64 32)" # 随机密码
ENCRYPTED_FILE="db-$(date +%F).sql.gz.gpg"
mysqldump --all-databases | \
gzip | \
gpg --batch --passphrase "$PASSWORD" \
--output "${BACKUP_DIR}/${ENCRYPTED_FILE}" \
--symmetric
# 密码安全存储
echo "$PASSWORD" | gpg --encrypt -r backup@example.com > "${BACKUP_DIR}/key.gpg"
# 清理7天前备份
find "$BACKUP_DIR" -name "*.gpg" -mtime +7 -exec rm -f {} \;
安全实践:
实用GPG对称加密
随机密码+非对称加密存储
管道操作避免磁盘明文
案例5 容器化环境自愈脚本
#!/bin/bash
# Kubernetes Pod异常自愈
NAMESPACE="production"
MAX_RESTARTS=5
kubectl get pods -n $NAMESPACE -o json | \
jq -r '.items[] | select(.status.containerStatuses[].restartCount > '$MAX_RESTARTS') | .metadata.name' | \
while read pod; do
echo "[CRITICAL] $pod 重启超过${MAX_RESTARTS}次,触发重建"
kubectl delete pod "$pod" -n $NAMESPACE
# 通知钉钉机器人
curl -sSX POST "https://oapi.dingtalk.com/robot/send?access_token=xxx" \
-H "Content-Type: application/json" \
-d "{\"text\":\"自愈操作: 重建异常Pod $pod\"}"
done
适用场景:
自动处理K8s僵尸Pod
对接监控告警系统
结合CI(Continuous Integration,持续集成)/CD(Continuous Deployment,持续部署)流水线
高级编程技巧总结
错误防御
set -euo pipefail# 必须加载脚本开头trap 'cleanup $?' EXIT#退出时执行清理
性能优化
while read -r line; do# 避免for循环处理文本done < <(grep "ERROR" huge.log)# 进程替换代替管道
安全加固
rm -rf "${DIR:?}/"*#防止误删根目录
跨平台兼容
[[ "$OSTYPE" == "linux-gnu"* ]] && linux_command || mac_command
日志标准化
log() {
echo "[$(date '+%F %T.%3N')] $1" >> /var/log/ops.log
}