Skip to content

U
ubains-module-test
提交 bcb0ae3d authored 作者: 陈泽健's avatar 陈泽健
浏览文件
操作

feat(middleware): 增强中间件检测功能并优化部署脚本 

- 在EMQX容器启动时添加安全认证配置和固定容器名称
- 实现中间件检测脚本返回详细信息包括版本号和运行状态
- 添加防火墙检测功能支持shell模式和powershell模式
- 增强系统资源检测脚本输出操作系统详细信息
- 改进中间件检测脚本支持多种网络模式和详细状态信息
- 优化报告模块兼容不同模式下的防火墙状态显示
- 添加新的防火墙检测shell脚本实现完整的防火墙状态监控
上级 7fbf0aff
展开全部 显示空白字符变更
内嵌 并排
正在显示 包含 483 行增加81 行删除
AuxiliaryTool/ScriptTool/ServiceSelfInspection/check_server_health.ps1
浏览文件 @ bcb0ae3d
......@@ -715,8 +715,22 @@ function Convert-ResourceCheckToStandard {
$memTotalMB = 0
$memUsedMB = 0
# 系统信息变量
$osName = ""
$osVersion = ""
$systemArch = ""
$kernelVersion = ""
foreach ($item in $ParsedResults) {
switch ($item.Category) {
"系统信息" {
switch ($item.Item) {
"操作系统" { $osName = $item.Value }
"系统版本" { $osVersion = $item.Value }
"系统架构" { $systemArch = $item.Value }
"内核版本" { $kernelVersion = $item.Value }
}
}
"CPU" {
switch ($item.Item) {
"核心数" { $cpuCores = [int]$item.Value }
......@@ -809,16 +823,17 @@ function Convert-ResourceCheckToStandard {
}
}
# 添加默认OS和架构信息
# 添加OS和架构信息
$osInfo = if ($osName -and $osVersion) { "$osName $osVersion" } elseif ($osName) { $osName } else { "Linux" }
$results.OS = @{
Info = "Linux"
Info = $osInfo
Status = "正常"
Success = $true
}
$results.Architecture = @{
Arch = "x86_64"
Kernel = "unknown"
Arch = if ($systemArch) { $systemArch } else { "x86_64" }
Kernel = if ($kernelVersion) { $kernelVersion } else { "unknown" }
Status = "正常"
Success = $true
}
......@@ -848,8 +863,45 @@ function Parse-ResourceCheckText {
continue
}
# 系统信息
if ($trimmed -match '^操作系统:\s*(.+)$') {
$osName = $matches[1].Trim()
$results += [PSCustomObject]@{
Category = "系统信息"
Item = "操作系统"
Value = $osName
Status = "正常"
}
}
elseif ($trimmed -match '^系统版本:\s*(.+)$') {
$osVersion = $matches[1].Trim()
$results += [PSCustomObject]@{
Category = "系统信息"
Item = "系统版本"
Value = $osVersion
Status = "正常"
}
}
elseif ($trimmed -match '^系统架构:\s*(.+)$') {
$arch = $matches[1].Trim()
$results += [PSCustomObject]@{
Category = "系统信息"
Item = "系统架构"
Value = $arch
Status = "正常"
}
}
elseif ($trimmed -match '^内核版本:\s*(.+)$') {
$kernel = $matches[1].Trim()
$results += [PSCustomObject]@{
Category = "系统信息"
Item = "内核版本"
Value = $kernel
Status = "正常"
}
}
# CPU信息
if ($trimmed -match '^核心数:\s*(\d+)') {
elseif ($trimmed -match '^核心数:\s*(\d+)') {
$cores = $matches[1]
$results += [PSCustomObject]@{
Category = "CPU"
......@@ -1144,7 +1196,17 @@ function Test-DNSResolution-Shell {
}
}
Write-Log -Level "INFO" -Message "DNS服务器: $($data.dns_server)"
# 添加DNS服务器信息到结果中
$dnsServer = if ($data.dns_server) { $data.dns_server } else { "unknown" }
$results += [PSCustomObject]@{
Check = "DNS配置"
Status = "正常"
Details = "DNS服务器: $dnsServer"
Success = $true
Type = "DNSConfig"
}
Write-Log -Level "INFO" -Message "DNS服务器: $dnsServer"
Write-Log -Level "INFO" -Message "========== 结束DNS检测 (Shell模式) =========="
return $results
}
......@@ -1220,6 +1282,60 @@ export LANG=C && cat /etc/chrony.conf 2>/dev/null | grep '^server ' | awk '{prin
return $results
}
# 防火墙检测(Shell模式)
function Test-Firewall-Shell {
param(
[Parameter(Mandatory=$true)] [hashtable]$Server
)
Write-Host ""
Write-Log -Level "INFO" -Message "========== 开始防火墙检测 (Shell模式) =========="
# 检测防火墙状态
$cmd = "export LANG=C && systemctl is-active firewalld 2>/dev/null || echo 'inactive'"
$result = Invoke-SSHCommand -HostName $Server.IP -User $Server.User -Pass $Server.Pass -Port $Server.Port -Command $cmd
$firewallStatus = "unknown"
$firewallDescription = "未知"
if ($result.Output) {
$output = if ($result.Output -is [array]) { $result.Output -join "" } else { $result.Output.ToString() }
$output = $output.Trim()
if ($output -eq "active") {
$firewallStatus = "active"
$firewallDescription = "已启用 (firewalld)"
Write-Log -Level "INFO" -Message " 防火墙状态: $firewallDescription"
} elseif ($output -eq "inactive") {
$firewallStatus = "inactive"
$firewallDescription = "未启用"
Write-Log -Level "WARN" -Message " 防火墙状态: $firewallDescription"
}
}
# 获取开放的端口和服务
$openPorts = ""
if ($firewallStatus -eq "active") {
$cmd2 = "export LANG=C && firewall-cmd --list-ports 2>/dev/null && firewall-cmd --list-services 2>/dev/null"
$result2 = Invoke-SSHCommand -HostName $Server.IP -User $Server.User -Pass $Server.Pass -Port $Server.Port -Command $cmd2
if ($result2.Output) {
$portsOutput = if ($result2.Output -is [array]) { $result2.Output -join " " } else { $result2.Output.ToString() }
$openPorts = $portsOutput -replace "`n", " " -replace "\s+", " "
Write-Log -Level "INFO" -Message " 开放端口/服务: $openPorts"
}
}
$results = @{
Status = $firewallStatus
Description = $firewallDescription
OpenPorts = $openPorts
}
Write-Log -Level "INFO" -Message "========== 结束防火墙检测 (Shell模式) =========="
return $results
}
# 配置IP检测(Shell模式)
function Test-ConfigIPs-Shell {
param(
......@@ -2189,6 +2305,12 @@ function Main {
Write-Host ""
if ($global:UseShellMode) {
$resourceResults = Test-ServerResources-Shell -Server $server
# 防火墙检测(Shell模式)
$firewallResults = Test-Firewall-Shell -Server $server
# 将防火墙结果添加到资源结果中
if ($firewallResults) {
$resourceResults.Firewall = $firewallResults
}
}
else {
$resourceResults = Test-ServerResources -Server $server
......
AuxiliaryTool/ScriptTool/ServiceSelfInspection/lib/shell/firewall_check.sh 0 → 100644
浏览文件 @ bcb0ae3d
#!/bin/bash
# ==============================================================================
# firewall_check.sh
# ------------------------------------------------------------------------------
# 防火墙状态检测Shell脚本
#
# .SYNOPSIS
# 检测防火墙状态和开放端口
#
# .DESCRIPTION
# 检测firewalld防火墙状态、开放的端口和服务。
#
# .PARAMETERS
# --format 输出格式(json/text,默认json)
#
# .EXAMPLE
# ./firewall_check.sh
#
# .OUTPUTS
# JSON格式检测结果
#
# .NOTES
# 版本:1.0.0
# 创建日期:2026-05-13
#
# ==============================================================================
# 加载基础函数库
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/common.sh"
# ================================
# 参数解析
# ================================
OUTPUT_FORMAT="json"
while [[ $# -gt 0 ]]; do
case $1 in
--format)
OUTPUT_FORMAT="$2"
shift 2
;;
*)
shift
;;
esac
done
# ================================
# 检测函数
# ================================
# 检测防火墙状态
check_firewall_status() {
# 检查firewalld是否安装
if ! command -v firewall-cmd &> /dev/null; then
echo "not_installed"
return
fi
# 检查firewalld是否运行
if systemctl is-active --quiet firewalld 2>/dev/null; then
echo "active"
else
echo "inactive"
fi
}
# 获取防火墙状态描述
get_firewall_description() {
local status=$(check_firewall_status)
case "$status" in
active)
echo "已启用 (firewalld)"
;;
inactive)
echo "未启用"
;;
not_installed)
echo "未安装"
;;
*)
echo "未知"
;;
esac
}
# 获取开放的端口和服务
get_firewall_rules() {
# 检查firewalld是否运行
if ! systemctl is-active --quiet firewalld 2>/dev/null; then
echo ""
return
fi
# 获取开放的端口
local ports=$(firewall-cmd --list-ports 2>/dev/null | tr '\n' ' ')
# 获取开放的服务
local services=$(firewall-cmd --list-services 2>/dev/null | tr '\n' ' ')
# 合并结果
if [ -n "$ports" ] && [ -n "$services" ]; then
echo "$ports$services"
elif [ -n "$ports" ]; then
echo "$ports"
elif [ -n "$services" ]; then
echo "$services"
else
echo ""
fi
}
# ================================
# 输出函数
# ================================
output_json() {
local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
local status=$(check_firewall_status)
local description=$(get_firewall_description)
local rules=$(get_firewall_rules)
echo "{"
json_kv "check_type" "firewall_check"
json_kv "timestamp" "$timestamp"
json_kv "status" "$status"
json_kv "description" "$description"
json_kv "rules" "$rules" false
echo "}"
}
output_text() {
local description=$(get_firewall_description)
local rules=$(get_firewall_rules)
echo "========== 防火墙状态检测 =========="
echo "状态: $description"
if [ -n "$rules" ]; then
echo "开放端口/服务: $rules"
else
echo "开放端口/服务: 无"
fi
echo "========== 检测完成 =========="
}
# ================================
# 主函数
# ================================
main() {
if [ "$OUTPUT_FORMAT" = "text" ]; then
output_text
else
output_json
fi
}
# 执行主函数
main
AuxiliaryTool/ScriptTool/ServiceSelfInspection/lib/shell/resource_check.sh
浏览文件 @ bcb0ae3d
......@@ -129,9 +129,9 @@ check_swap_usage() {
# 磁盘检测函数
# ================================
# 检测磁盘使用情况
# 检测磁盘使用情况(过滤overlayfs等临时挂载点)
check_disk_usage() {
df -h | grep -vE '^Filesystem|tmpfs|cdrom|udev' | awk '{print $1"|"$2"|"$3"|"$4"|"$5"|"$6}'
df -h | grep -vE '^Filesystem|tmpfs|cdrom|udev|overlayfs|/data/dockers/rootfs' | awk '{print $1"|"$2"|"$3"|"$4"|"$5"|"$6}'
}
# 检测磁盘Inode使用情况
......@@ -164,6 +164,24 @@ check_network_connections() {
# 输出函数
# ================================
# 获取操作系统信息
get_os_info() {
local os_name="Linux"
local os_version=""
local kernel=$(uname -r)
# 检测操作系统类型和版本
if [ -f /etc/redhat-release ]; then
os_version=$(cat /etc/redhat-release)
os_name=$(echo "$os_version" | awk '{print $1}')
elif [ -f /etc/os-release ]; then
os_name=$(grep ^NAME= /etc/os-release | cut -d'"' -f2)
os_version=$(grep ^VERSION= /etc/os-release | cut -d'"' -f2)
fi
echo "${os_name}|${os_version}|${kernel}"
}
# 输出JSON格式结果
output_json() {
local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
......@@ -172,6 +190,17 @@ output_json() {
json_kv "check_type" "resource_check"
json_kv "timestamp" "$timestamp" false
# 操作系统信息
local os_info=$(get_os_info)
IFS='|' read -r os_name os_version kernel <<< "$os_info"
echo " \"os\": {"
echo " \"name\": \"$os_name\","
echo " \"version\": \"$os_version\","
echo " \"kernel\": \"$kernel\","
echo " \"arch\": \"$(get_system_arch)\""
echo " },"
# CPU信息
if [ "$CHECK_TYPE" = "all" ] || [ "$CHECK_TYPE" = "cpu" ]; then
local cpu_usage=$(check_cpu_usage)
......@@ -259,6 +288,20 @@ output_text() {
echo "========== 系统资源检测 =========="
echo ""
# 操作系统信息
if [ "$CHECK_TYPE" = "all" ]; then
echo "--- 系统信息 ---"
local os_info=$(get_os_info)
IFS='|' read -r os_name os_version kernel <<< "$os_info"
echo "操作系统: $os_name"
if [ -n "$os_version" ]; then
echo "系统版本: $os_version"
fi
echo "系统架构: $(get_system_arch)"
echo "内核版本: $kernel"
echo ""
fi
# CPU信息
if [ "$CHECK_TYPE" = "all" ] || [ "$CHECK_TYPE" = "cpu" ]; then
echo "--- CPU ---"
......
AuxiliaryTool/ScriptTool/ServiceSelfInspection/modules/Report.psm1
浏览文件 @ bcb0ae3d
......@@ -188,6 +188,24 @@ function Show-HealthReport {
# 防火墙详细时间线
if ($ResourceResults.Firewall) {
# 检查是否为Shell模式结果(有Description字段)- 兼容hashtable和PSCustomObject
$isShellMode = if ($ResourceResults.Firewall -is [hashtable]) {
$ResourceResults.Firewall.ContainsKey('Description')
} else {
$ResourceResults.Firewall.PSObject.Properties['Description'] -ne $null
}
if ($isShellMode) {
# Shell模式
$fwIcon = if ($ResourceResults.Firewall.Status -eq "active") { "🟢" } else { "🔴" }
Write-Host " 防火墙状态: $($ResourceResults.Firewall.Description)"
$md += "- $fwIcon 防火墙状态: $($ResourceResults.Firewall.Description)"
if ($ResourceResults.Firewall.OpenPorts -and $ResourceResults.Firewall.Status -eq "active") {
Write-Host " 开放端口/服务: $($ResourceResults.Firewall.OpenPorts)"
$md += " - 开放端口/服务: $($ResourceResults.Firewall.OpenPorts)"
}
} else {
# PowerShell模式
$fwIcon = if ($ResourceResults.Firewall.Active) { "🟢" } else { "🔴" }
Write-Host " 防火墙状态: $($ResourceResults.Firewall.Status) ($($ResourceResults.Firewall.Type))"
$md += "- $fwIcon 防火墙状态: $($ResourceResults.Firewall.Status) ($($ResourceResults.Firewall.Type))"
......@@ -224,6 +242,7 @@ function Show-HealthReport {
if ($ResourceResults.Firewall.OpenPorts) { $md += " - 修复后端口/服务: $($ResourceResults.Firewall.OpenPorts)" }
}
}
}
$md += ""
Write-Host ""
}
......
自动化部署脚本/arm架构/新统一平台/arm_auto_middleware_install.sh
浏览文件 @ bcb0ae3d
......@@ -332,13 +332,18 @@ function emqx_arm()
# ------------------- 启动 EMQX 容器 -------------------
log "INFO" "🚀 正在启动 EMQX 容器: $container_name ..."
$sudoset docker run -d \
--name "$container_name" \
--name uemqx \
--mac-address="02:42:ac:12:00:06" \
--privileged \
--restart=always \
-p 1883:1883 \
-p 8083:8083 \
-p 8883:8883 \
-e EMQX_ALLOW_ANONYMOUS=false \
-e EMQX_AUTHENTICATION__1__ENABLE=true \
-e EMQX_AUTHENTICATION__1__MECHANISM=password_based \
-e EMQX_AUTHENTICATION__1__BACKEND=built_in_database \
-e EMQX_AUTHENTICATION__1__PASSWORD_HASH_ALGORITHM__NAME=sha256 \
-v "$host_config_dir/emqx.conf:/opt/emqx/etc/emqx.conf:ro" \
-v "$host_config_dir/auth-built-in-db-bootstrap.csv:/opt/emqx/etc/auth-built-in-db-bootstrap.csv:ro" \
-v "$host_config_dir/acl.conf:/opt/emqx/etc/acl.conf:ro" \
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论