170 lines
5.0 KiB
Bash
170 lines
5.0 KiB
Bash
#!/bin/bash
|
|
|
|
# HCP 集群先决条件检查脚本
|
|
# 检查所有客户端节点的 HashiCorp 软件包安装状态
|
|
|
|
set -e
|
|
|
|
# 客户端节点列表
|
|
CLIENT_NODES=(
|
|
"ash2e.tailnet-68f9.ts.net"
|
|
"ash1d.tailnet-68f9.ts.net"
|
|
"hcp1.tailnet-68f9.ts.net"
|
|
"influxdb.tailnet-68f9.ts.net"
|
|
"ash3c.tailnet-68f9.ts.net"
|
|
"ch4.tailnet-68f9.ts.net"
|
|
"warden.tailnet-68f9.ts.net"
|
|
"browser.tailnet-68f9.ts.net"
|
|
)
|
|
|
|
SSH_OPTS="-o StrictHostKeyChecking=no -o ConnectTimeout=5"
|
|
PASSWORD="3131"
|
|
|
|
echo "=== HCP 集群先决条件检查开始 ==="
|
|
echo "检查时间: $(date)"
|
|
echo
|
|
|
|
# 检查函数
|
|
check_node_prerequisites() {
|
|
local node=$1
|
|
echo "检查节点: $node"
|
|
|
|
# 检查网络连通性
|
|
if ! ping -c 1 -W 2 "$node" >/dev/null 2>&1; then
|
|
echo " ❌ 网络不通"
|
|
return 1
|
|
fi
|
|
|
|
# 检查 SSH 连接
|
|
if ! sshpass -p "$PASSWORD" ssh $SSH_OPTS ben@"$node" "echo 'SSH OK'" >/dev/null 2>&1; then
|
|
echo " ❌ SSH 连接失败"
|
|
return 1
|
|
fi
|
|
|
|
echo " ✅ 网络和 SSH 连接正常"
|
|
|
|
# 检查 HashiCorp 软件源配置
|
|
echo " 检查 HashiCorp 软件源..."
|
|
sshpass -p "$PASSWORD" ssh $SSH_OPTS ben@"$node" "
|
|
if [ -f /etc/apt/sources.list.d/hashicorp.list ]; then
|
|
echo ' ✅ HashiCorp 软件源文件存在'
|
|
if grep -q 'trusted=yes' /etc/apt/sources.list.d/hashicorp.list; then
|
|
echo ' ✅ 已配置 trusted=yes'
|
|
else
|
|
echo ' ⚠️ 未配置 trusted=yes'
|
|
fi
|
|
cat /etc/apt/sources.list.d/hashicorp.list | sed 's/^/ /'
|
|
else
|
|
echo ' ❌ HashiCorp 软件源文件不存在'
|
|
fi
|
|
"
|
|
|
|
# 检查二进制文件安装
|
|
echo " 检查 HashiCorp 二进制文件..."
|
|
sshpass -p "$PASSWORD" ssh $SSH_OPTS ben@"$node" "
|
|
for binary in nomad consul vault; do
|
|
if command -v \$binary >/dev/null 2>&1; then
|
|
version=\$(\$binary version | head -n1)
|
|
echo \" ✅ \$binary: \$version\"
|
|
else
|
|
echo \" ❌ \$binary: 未安装\"
|
|
fi
|
|
done
|
|
"
|
|
|
|
# 检查系统服务状态
|
|
echo " 检查系统服务状态..."
|
|
sshpass -p "$PASSWORD" ssh $SSH_OPTS ben@"$node" "
|
|
for service in nomad consul; do
|
|
if systemctl is-enabled \$service >/dev/null 2>&1; then
|
|
status=\$(systemctl is-active \$service)
|
|
echo \" \$service: \$status\"
|
|
else
|
|
echo \" \$service: 未配置\"
|
|
fi
|
|
done
|
|
"
|
|
|
|
echo
|
|
}
|
|
|
|
# 修复软件源配置的函数
|
|
fix_hashicorp_sources() {
|
|
local node=$1
|
|
echo "修复节点 $node 的 HashiCorp 软件源配置..."
|
|
|
|
sshpass -p "$PASSWORD" ssh $SSH_OPTS ben@"$node" "
|
|
echo '修复 HashiCorp 软件源配置...'
|
|
|
|
# 备份现有配置
|
|
if [ -f /etc/apt/sources.list.d/hashicorp.list ]; then
|
|
echo '$PASSWORD' | sudo -S cp /etc/apt/sources.list.d/hashicorp.list /etc/apt/sources.list.d/hashicorp.list.bak
|
|
fi
|
|
|
|
# 创建新的软件源配置 (trusted=yes)
|
|
echo '$PASSWORD' | sudo -S tee /etc/apt/sources.list.d/hashicorp.list > /dev/null << 'EOF'
|
|
deb [arch=amd64 trusted=yes] https://apt.releases.hashicorp.com jammy main
|
|
EOF
|
|
|
|
# 更新软件包列表
|
|
echo '$PASSWORD' | sudo -S apt update
|
|
|
|
echo '✅ HashiCorp 软件源配置已修复'
|
|
"
|
|
}
|
|
|
|
# 安装缺失软件包的函数
|
|
install_missing_packages() {
|
|
local node=$1
|
|
echo "在节点 $node 上安装 HashiCorp 软件包..."
|
|
|
|
sshpass -p "$PASSWORD" ssh $SSH_OPTS ben@"$node" "
|
|
echo '安装 HashiCorp 软件包...'
|
|
echo '$PASSWORD' | sudo -S apt install -y nomad consul vault
|
|
echo '✅ HashiCorp 软件包安装完成'
|
|
"
|
|
}
|
|
|
|
# 主检查流程
|
|
main() {
|
|
local failed_nodes=()
|
|
local needs_source_fix=()
|
|
local needs_package_install=()
|
|
|
|
# 第一轮:检查所有节点
|
|
for node in "${CLIENT_NODES[@]}"; do
|
|
if ! check_node_prerequisites "$node"; then
|
|
failed_nodes+=("$node")
|
|
fi
|
|
done
|
|
|
|
# 汇总报告
|
|
echo "=== 检查结果汇总 ==="
|
|
if [ ${#failed_nodes[@]} -eq 0 ]; then
|
|
echo "✅ 所有节点先决条件检查通过"
|
|
else
|
|
echo "⚠️ 以下节点需要修复:"
|
|
for node in "${failed_nodes[@]}"; do
|
|
echo " - $node"
|
|
done
|
|
|
|
echo
|
|
echo "是否要自动修复这些节点? (y/N)"
|
|
read -r response
|
|
if [[ "$response" =~ ^[Yy]$ ]]; then
|
|
for node in "${failed_nodes[@]}"; do
|
|
echo "修复节点: $node"
|
|
fix_hashicorp_sources "$node"
|
|
install_missing_packages "$node"
|
|
echo
|
|
done
|
|
|
|
echo "=== 重新检查修复后的节点 ==="
|
|
for node in "${failed_nodes[@]}"; do
|
|
check_node_prerequisites "$node"
|
|
done
|
|
fi
|
|
fi
|
|
}
|
|
|
|
main "$@" |