脚本


#!/bin/bash

function update7(){
        sudo  yum  update -y  389-ds-base 389-ds-base-libs 389-ds-base-snmp accountsservice accountsservice-libs adwaita-cursor-theme adwaita-gtk2-theme adwaita-icon-theme appstream-data atk at-spi2-atk at-spi2-core augeas-libs baobab bash bind-libs bind-libs-lite bind-license bind-utils binutils binutils-devel bluez bluez-libs bpftool cairo cairo-gobject cheese cheese-libs control-center control-center-filesystem  cups cups-libs curl dbus-glib dconf dhclient dhcp-common dhcp-libs dnsmasq  elfutils elfutils-default-yama-scope elfutils-libelf elfutils-libs emacs-filesystem empathy eog evince evince-libs evince-nautilus evolution-data-server expat expat-devel file-roller file-roller-nautilus  flac folks fontconfig freeglut freerdp-libs freetype freetype-devel gcr gdk-pixbuf2 gdm gedit geoclue2 geocode-glib gettext gettext-common-devel gettext-devel gettext-libs ghostscript ghostscript-cups  gjs glade-libs glib2 glibc glibc-common glibc-devel glibc-headers glibc-utils glibmm24 glib-networking glusterfs glusterfs-api glusterfs-cli glusterfs-client-xlators glusterfs-fuse glusterfs-libs glusterfs-rdma glx-utils  gnutls gobject-introspection gom graphite2 grilo grilo-plugins grub2 grub2-common grub2-pc grub2-pc-modules grub2-tools grub2-tools-extra grub2-tools-minimal gsettings-desktop-schemas gssdp gstreamer1-plugins-base gstreamer1-plugins-good gstreamer-plugins-good gtk3 gtk3-immodule-xim gtksourceview3 gtk-update-icon-cache gtk-vnc2 gucharmap gupnp gupnp-igd  gvnc harfbuzz harfbuzz-icu hivex ImageMagick ImageMagick-c++ ImageMagick-perl jasper jasper-libs  json-glib keepalived kernel kernel-devel kernel-headers kernel-tools kernel-tools-libs libappstream-glib libarchive libcacard libcdio libchamplain libchamplain-gtk libcroco libcurl libcurl-devel libdrm libepoxy libevdev libexif libfontenc libgdata libgee libgnomekbd libgtop2 libgudev1 libgweather libgxps libical libICE libipa_hbac libjpeg-turbo liblouis liblouis-python libmediaart libnl3 libnl3-cli libnm-gtk libosinfo libpeas libpng libproxy libproxy-bin libproxy-python libpurple librsvg2 librsvg2-tools libsecret libsmbclient libsoup libssh2 libsss_autofs libsss_certmap libsss_idmap libsss_nss_idmap libsss_sudo libtasn1 libtiff libtirpc libvirt libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-kvm libvirt-libs libvncserver libvpx libwacom libwacom-data libwayland-client libwayland-cursor libwayland-server libwbclient libwebp libwnck3 libX11 libX11-common libX11-devel libXaw libxcb libxcb-devel libXcursor libXdmcp libXfixes libXfixes-devel libXfont libXi libXi-devel libxkbfile libxml2 libxml2-devel libxml2-python libXpm libXrandr libXrender libXres libxslt libXt libXtst libXtst-devel libXv libXvMC libXxf86vm log4j mailx mesa-dri-drivers mesa-filesystem mesa-libEGL mesa-libgbm mesa-libGL mesa-libglapi mesa-libwayland-egl mesa-libxatracker mesa-private-llvm mod_session mod_ssl mutter net-snmp net-snmp-agent-libs net-snmp-libs net-snmp-utils nettle NetworkManager NetworkManager-adsl NetworkManager-config-server NetworkManager-glib NetworkManager-libnm NetworkManager-libreswan NetworkManager-libreswan-gnome NetworkManager-ppp NetworkManager-team NetworkManager-tui NetworkManager-wifi nm-connection-editor nscd nspr nss nss-pem nss-softokn nss-softokn-freebl nss-sysinit nss-tools nss-util ntp ntpdate openslp openslp-server osinfo-db PackageKit PackageKit-command-not-found PackageKit-glib PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-yum pango patch pcp pcp-conf pcp-libs pcp-selinux pcre pcre-devel pcs perf perl perl-Archive-Extract perl-Archive-Tar perl-CGI perl-Compress-Raw-Bzip2 perl-Compress-Raw-Zlib perl-Compress-Zlib perl-core perl-CPAN perl-CPANPLUS perl-devel perl-Digest-SHA perl-ExtUtils-CBuilder perl-ExtUtils-Embed perl-ExtUtils-Install perl-ExtUtils-MakeMaker perl-ExtUtils-ParseXS perl-File-Fetch perl-Git perl-Git-SVN perl-hivex perl-IO-Compress-Base perl-IO-Compress-Bzip2 perl-IO-Compress-Zlib perl-IO-Zlib perl-IPC-Cmd perl-libs perl-Locale-Maketext-Simple perl-Log-Message perl-Log-Message-Simple perl-macros perl-Module-Build perl-Module-CoreList perl-Module-Load perl-Module-Load-Conditional perl-Module-Loaded perl-Module-Pluggable perl-Object-Accessor perl-Package-Constants perl-Params-Check perl-parent perl-Parse-CPAN-Meta perl-Pod-Escapes perl-Pod-Simple perl-Term-UI perl-Test-Harness perl-tests perl-Test-Simple perl-Time-HiRes perl-Time-Piece perl-version pidgin policycoreutils policycoreutils-python polkit poppler poppler-glib poppler-utils ppp procmail procps-ng python python-devel python-libipa_hbac python-libs python-perf python-sssdconfig python-sss-murmur qemu-img  redhat-logos rest rpcbind rpm rpm-libs rpm-python rsyslog ruby rubygem-bigdecimal rubygem-io-console rubygem-json rubygem-psych rubygem-rdoc rubygems ruby-irb ruby-libs  SDL slf4j sssd sssd-ad sssd-client sssd-common sssd-common-pac sssd-dbus sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy  sudo systemd systemd-devel systemd-libs systemd-python systemd-sysv tcpdump  upower vim-common vim-enhanced vim-filesystem vim-minimal vim-X11 vino vte291 vte-profile wget xkeyboard-config xorg-x11-drv-ati xorg-x11-drv-dummy xorg-x11-drv-evdev xorg-x11-drv-fbdev xorg-x11-drv-intel xorg-x11-drv-nouveau xorg-x11-drv-qxl xorg-x11-drv-synaptics xorg-x11-drv-v4l xorg-x11-drv-vesa xorg-x11-drv-vmmouse xorg-x11-drv-vmware xorg-x11-drv-void xorg-x11-drv-wacom xorg-x11-font-utils xorg-x11-proto-devel xorg-x11-server-common xorg-x11-server-Xorg xorg-x11-utils xorg-x11-xkb-utils xterm xulrunner yelp yelp-libs yelp-xsl yum-plugin-fastestmirror yum-utils zenity zsh
}


function update6()
{
        sudo   yum  update -y abrt abrt-addon-ccpp abrt-addon-kerneloops abrt-addon-python abrt-cli abrt-libs abrt-tui bash bind-libs bind-libs-lite bind-license bind-utils bluez bluez-libs busybox cups cups-libs curl dbus-glib dhclient dhcp-common dnsmasq expat expat-devel file file-libs flac foomatic ghostscript git glibc glibc-common glibc-devel glibc-headers glibc-utils gnutls gstreamer-plugins-good  ImageMagick ImageMagick-c++ ImageMagick-perl ipa-client ipa-python jasper jasper-libs  kernel kernel-devel kernel-firmware kernel-headers krb5-libs krb5-workstation ksh libcurl libexif libpng libproxy libproxy-bin libproxy-python libpurple libreport libreport-cli libreport-gtk libreport-newt libreport-plugin-kerneloops libreport-plugin-logger libreport-plugin-mailx libreport-plugin-reportuploader libreport-plugin-rhtsupport libreport-python libsmbclient libssh2 libtiff libtirpc libuser libuser-python libvirt-client libvncserver libwbclient libXfont libxml2 libxml2-devel libxml2-python mailx  net-snmp-libs nscd nss nss-sysinit nss-tools nss-util ntp ntpdate openjpeg-libs  pacemaker pacemaker-cli pacemaker-cluster-libs pacemaker-libs pcs perf perl perl-Archive-Extract perl-Archive-Tar perl-CGI perl-Compress-Raw-Bzip2 perl-Compress-Raw-Zlib perl-Compress-Zlib perl-core perl-CPAN perl-CPANPLUS perl-devel perl-Digest-SHA perl-ExtUtils-CBuilder perl-ExtUtils-Embed perl-ExtUtils-MakeMaker perl-ExtUtils-ParseXS perl-File-Fetch perl-Git perl-IO-Compress-Base perl-IO-Compress-Bzip2 perl-IO-Compress-Zlib perl-IO-Zlib perl-IPC-Cmd perl-libs perl-Locale-Maketext-Simple perl-Log-Message perl-Log-Message-Simple perl-Module-Build perl-Module-CoreList perl-Module-Load perl-Module-Load-Conditional perl-Module-Loaded perl-Module-Pluggable perl-Object-Accessor perl-Package-Constants perl-Params-Check perl-parent perl-Parse-CPAN-Meta perl-Pod-Escapes perl-Pod-Simple perl-Term-UI perl-Test-Harness perl-Test-Simple perl-Time-HiRes perl-Time-Piece perl-version pidgin pixman policycoreutils policycoreutils-python polkit polkit-desktop-policy  ppp procps python python-libs python-paramiko redhat-release-server rpcbind rpm rpm-libs rpm-python rsyslog  sqlite sudo vim-common vim-enhanced vim-filesystem vim-minimal vino wget xulrunner yelp yum-plugin-fastestmirror yum-plugin-security yum-utils
        
}


function ubuntu()
{
        sudo apt-get update && sudo apt-get install --only-upgrade -y apache2-bin apache2-data apache2-utils apparmor apt binutils bluez bluez-obexd busybox-initramfs busybox-static bzip2 curl dnsmasq-base gettext git keepalived libx11-data linux-generic linux-headers-generic linux-image-generic ntfs-3g perl perl-base perl-modules-5.22 policykit-1 python2.7 python2.7-minimal python3.5 python3.5-dev python3.5-minimal snapd sudo systemd vim vim-common vim-runtime wget wpasupplicant xserver-common xserver-xorg-core xserver-xorg-legacy
}

#取消http代理
#unset  http_proxy
#unset  https_proxy

#定义系统版本变量
ver=$(cat /etc/redhat-release |tr -d "a-zA-Z()' '"  |cut  -c1)        
ver2=$(cat  /etc/issue |head -n 1 |cut -d " " -f1)


#对系统版本判断,并更新yum源-更新补丁-重启
if  [[ $ver == 7 ]];then
                mkdir /etc/yum.repos.d/"$(date +"%Y-%m-%d")"  &&  mv /etc/yum.repos.d/*.repo  /etc/yum.repos.d/"$(date +"%Y-%m-%d")"
                sudo curl -o /etc/yum.repos.d/centos7repo   http://172.31.1.24/Linux/Centos/centos7.repo                        
                yum clean all ;yum repolist
                update7  && shutdown -r now

elif  [[ $ver == '6' ]];then
                mkdir /etc/yum.repos.d/"$(date +"%Y-%m-%d")"  &&  mv /etc/yum.repos.d/*.repo  /etc/yum.repos.d/"$(date +"%Y-%m-%d")"
                curl -o /etc/yum.repos.d/centos6.repo  http://172.31.1.24/Linux/Centos/centos6.repo                        
                yum clean all ;yum repolist
                update6   &&  shutdown -r now
        
elif [[ $ver2 == 'Ubuntu' ]]; then
                ln -snf /bin/bash /bin/sh
                cd  /etc/apt  && mkdir `date +%Y%m%d`_bak   
                mv sources.list  `date +%Y%m%d`_bak
                curl -o    /etc/apt/sources.list  http://172.31.1.213/ubuntu/16.04/sources.list
                apt-key update && apt-get update
                ubuntu &&  ln -snf /bin/dash /bin/sh
                shutdown -r now
fi


exit

package说明
1.根据安全组提供的中高危补丁修复execl表格排序,分类ubuntu,centos系统
2.根据修复命令汇总所有需要更新的软件包
#过滤更新命令,只要包名称
cat ubuntu |sed “s/sudo apt-get update && sudo apt-get install --only-upgrade -y//g” > ubuntu2
cat centos|sed “s/sudo yum update -y//g” >centos2

3以空格为换行符拆分行
sed -i “s/ /\n/g” ubuntu2
sed -i “s/ /\n/g” centos2

4.排序后再去一次重复
cat ubuntu2 |sort |uniq >ubuntu3
cat centos2 |sort |uniq >centos3

5.将多行合并成一行,方便后续统一使用脚本更新
paste -d" " -s - < ubuntu3 >package_ubuntu
paste -d" " -s - < centos3 >package_centos

ansible批量推送更新

主机清单文件:/etc/ansible/lixinyuan.host

[lixy:vars]
ansible_ssh_user='zabbix'
ansible_ssh_pass='密码'

[lixy]
受控客户机ip
ansible
推送脚本
ansible  lixy --inventory=/etc/ansible/lixinyuan.host -m copy -a "src=/etc/ansible/all_update.sh dest=/tmp/"
执行
ansible lixy --inventory=/etc/ansible/lixinyuan.host -m shell -a "nohup sh /tmp/all_update.sh"

脚本更新的过程中发现的问题

1.有些业务配置了yum代理配置,导致内网yum源失效

2.磁盘已无剩余空间,yum下载包过程中提示无可用空间报错

3.yum 更新提示有包冲突重复的报错

4.fstab文件有异常,还有些机器挂载了NAS网络存储,defaults后面应当加上,_netdev  ; 也可以在脚本中yum update更新命令前面加上mount -a &&

5.云上机器重启有可能会导致resolv文件被云厂商重置,重启更新前应当加锁 chattr +i  /etc/resolv.conf

更新前应使用ansible批量检查上述问题

检查yum代理
ansible  lixy --inventory=/etc/ansible/lixinyuan.host -m shell -a "sudo grep 'proxy' /etc/yum.conf"
ansible  lixy --inventory=/etc/ansible/lixinyuan.host -m shell -a "sudo grep 'proxy' /etc/profile"
ansible  lixy --inventory=/etc/ansible/lixinyuan.host -m shell -a "sudo sed  -i '/^proxy/ s/^/#/' /etc/yum.conf"

检查fstab和磁盘
ansible  lixy --inventory=/etc/ansible/lixinyuan.host -m shell -a "sudo cat /etc/fstab"
ansible  lixy --inventory=/etc/ansible/lixinyuan.host -m shell -a "sudo df -h"

加锁resolv文件
ansible lixy --inventory=/etc/ansible/lixinyuan.host -m shell -a "sudo chattr +i  /etc/resolv.conf"  

检查 是否上锁
ansible lixy --inventory=/etc/ansible/lixinyuan.host -m shell -a "sudo lsattr  /etc/resolv.conf"  

解锁
ansible lixy --inventory=/etc/ansible/lixinyuan.host -m shell -a "sudo chattr -i  /etc/resolv.conf"

yum更新提示包冲突重复报错
解决方法
yum install yum-utils -y
package-cleanup --dupes
package-cleanup --cleandupes