SED & AWKコマンドメモ

●ファイルを直接編集するには？

# -i で直接ファイルを上書き。.bak付けるとバックアップも自動取得される
[root@localhost ~]# sed -i.bak -e "/^SELINUX=/s/enforcing/disabled/" /etc/selinux/config
[root@localhost ~]# ls -l /etc/selinux/config*
-rw-r--r--. 1 root root 546 Mar 17 16:08 /etc/selinux/config
-rw-r--r--. 1 root root 547 Mar 17 15:44 /etc/selinux/config.bak

[root@localhost ~]# diff /etc/selinux/config /etc/selinux/config.bak
7c7
< SELINUX=disabled
---
> SELINUX=enforcing

[root@localhost ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

参考：sedコマンドによるファイルの自動編集

https://orebibou.com/2014/05/sed%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89%E3%81%AB%E3%82%88%E3%82%8B%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB%E3%81%AE%E8%87%AA%E5%8B%95%E7%B7%A8%E9%9B%86/

●デリミタを変更するには？

# 接続プロファイル確認
[root@server001 ~]# nmcli device show ens37 | grep GENERAL.CONNECTION:
GENERAL.CONNECTION: Wired connection 1

# awkコマンドの既定デリミタは空白なので、変数などに利用する際は注意
[root@server001 ~]# nmcli device show ens37 | grep GENERAL.CONNECTION: | awk '{print $2}'
Wired

# awkコマンドのデリミタを-Fオプションで変更
[root@server001 ~]# nmcli device show ens37 | grep GENERAL.CONNECTION: | awk -F : '{print $2}'
Wired connection 1

# 先頭フィールドの空白を消したい
[root@server001 ~]# nmcli device show ens37 | grep GENERAL.CONNECTION: | awk -F : '{print $2}' | sed -e 's/^[ \t]*//'
Wired connection 1

# 上記のもう一つのやり方
[root@server001 ~]# nmcli device show ens37 | grep GENERAL.CONNECTION: | awk -F : '{print $2}' | sed -e 's/^ *//'
Wired connection 1

●For文利用する際の注意点

# 生きている接続プロファイル名を取得したい
[root@server002 ~]# nmcli connection show
NAME UUID TYPE DEVICE
Wired connection 1 59bf23a0-c943-3bdb-a932-37a60b1abb3d 802-3-ethernet ens38
ens33 081fc68b-2d5c-4f8c-af62-63acda7d1db0 802-3-ethernet ens33

# 一行目のヘッダを無視するには？
[root@server002 ~]# nmcli connection show | awk '{print $1}'
NAME
Wired
ens33

# 接続プロファイルを正確に取得できないときがあるので、デリミタをスペース2つに
[root@server002 ~]# nmcli connection show | awk -F" " 'NR>1 {print $1}'
Wired connection 1
ens33

# 接続プロファイル名の間に空白があるため、変数に代入する際に意図しないものに。。。
[root@server002 ~]# for a in $(nmcli connection show | awk -F" " 'NR>1 {print $1}')
> do
> echo $a
> done
Wired
connection
1
ens33

# 区切りを一時的に改行コードのみにする
[root@server002 ~]# IFS_BK=$IFS
[root@server002 ~]# IFS='
> '
[root@server002 ~]# for a in $(nmcli connection show | awk -F" " 'NR>1 {print $1}'); do echo $a; done
Wired connection 1
ens33

# 元に戻す
[root@server002 ~]# IFS=$IFS_BK
[root@server002 ~]# for a in $(nmcli connection show | awk -F" " 'NR>1 {print $1}'); do echo $a; done
Wired
connection
1
ens33

MACアドレスとIPアドレス紐づけ

# 関数など共通ロジックを記載

[root@localhost ~]# cat common.cnf

#!/bin/sh

function disable_selinux(){
SELINUX=$(getenforce)
if [ "${SELINUX}" == "Enforcing" ]; then
setenforce 0
sed -i.bak -e "/^SELINUX=/s/enforcing/disabled/" /etc/selinux/config
fi
}

function change_connection_profile_name(){
NIC=$(ip addr | grep -i -B 1 $1 | head -1 | awk '{print $2}' | sed 's/://')
PROFILE="$(nmcli connection show | grep ${NIC} | awk -F " " '{print $1}')"

if [ "$2" == "CUSTOMER" ];then
nmcli connection modify "${PROFILE}" con-name CUSTOMER
nmcli connection down CUSTOMER; nmcli connection up CUSTOMER
fi

if [ "$2" == "MANAGEMENT" ];then
nmcli connection modify "${PROFILE}" con-name MANAGEMENT
nmcli connection down MANAGEMENT; nmcli connection up MANAGEMENT
fi

}

function set_ip(){
NIC=$(ip addr | grep -i -B 1 "$1" | head -1 | awk '{print $2}' | sed -e s/://)
PROFILE="$(nmcli device show ${NIC} | grep GENERAL.CONNECTION: | awk -F : '{print $2}' | sed -e 's/ *//')"
nmcli connection modify "${PROFILE}" connection.autoconnect yes
nmcli connection modify "${PROFILE}" ipv4.addresses ${2}/${3}
if [ $# -ne 4 ]; then
nmcli connection modify "${PROFILE}" ipv4.gateway 192.168.59.2
fi
nmcli connection modify "${PROFILE}" ipv4.dns 192.168.59.2
nmcli connection modify "${PROFILE}" ipv4.method manual
nmcli connection down "${PROFILE}"; nmcli connection up "${PROFILE}"

}

function initialize_FW(){

# zone initialize
firewall-cmd --permanent --get-zones | grep MANAGEMENT
if [ $? -eq 0 ];then
firewall-cmd --permanent --delete-zone=MANAGEMENT
fi

firewall-cmd --permanent --get-zones | grep CUSTOMER
if [ $? -eq 0 ];then
firewall-cmd --permanent --delete-zone=CUSTOMER
fi

firewall-cmd --reload

IFS_BK=$IFS
IFS='
'

# zone map interface initialize
for PROFILE in $(nmcli connection show | awk -F" " 'NR>1 {print $1}')
do
nmcli connection modify "${PROFILE}" connection.zone public
done

IFS=$IFS_BK

# chain initialize
CHAINS_NUM=$(firewall-cmd --direct --permanent --get-all-chains | wc -l)
if [ ${CHAINS_NUM} -gt 0 ]; then
    for CHAIN in $(firewall-cmd --direct --permanent --get-all-chains | awk '{print $3}')
    do
      firewall-cmd --direct --permanent --remove-rules ipv4 filter "${CHAIN}"
      firewall-cmd --direct --permanent --remove-chain ipv4 filter "${CHAIN}"
    done
fi
firewall-cmd --reload

}

function create_FW(){

# create zone
firewall-cmd --permanent --new-zone=CUSTOMER
firewall-cmd --permanent --new-zone=MANAGEMENT

# create direct chain
firewall-cmd --permanent --direct --add-chain ipv4 filter TEST-DIRECT-CUSTOMER-DENY
firewall-cmd --permanent --direct --add-chain ipv4 filter TEST-DIRECT-CUSTOMER-ALLOW
firewall-cmd --permanent --direct --add-chain ipv4 filter TEST-DIRECT-MANAGEMENT-DENY
firewall-cmd --permanent --direct --add-chain ipv4 filter TEST-DIRECT-MANAGEMENT-ALLOW

# map zone and interface
#for PROFILE_OR_ZONE in CUSTOMER MANAGEMENT
#do
# nmcli connection modify ${PROFILE_OR_ZONE} connection.zone ${PROFILE_OR_ZONE}
# nmcli connection down ${PROFILE_OR_ZONE}; nmcli connection up ${PROFILE_OR_ZONE}
#done

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -j TEST-DIRECT-MANAGEMENT-ALLOW
firewall-cmd --permanent --direct --add-rule ipv4 filter TEST-DIRECT-MANAGEMENT-ALLOW 1 -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter TEST-DIRECT-MANAGEMENT-ALLOW 2 -p tcp -m conntrack --ctstate NEW -s 192.168.232.1 --dport 22 -j ACCEPT

firewall-cmd --reload

# map zone and interface
for PROFILE_OR_ZONE in CUSTOMER MANAGEMENT
do
nmcli connection modify ${PROFILE_OR_ZONE} connection.zone ${PROFILE_OR_ZONE}
nmcli connection down ${PROFILE_OR_ZONE}; nmcli connection up ${PROFILE_OR_ZONE}
done

}

# メインスクリプト

[root@localhost ~]# cat main.sh

#!/bin/sh

CUST_MAC="00:0c:29:db:cf:ba"
IP="192.168.59.135"
PREFIX="24"
CUST_FLG="CUSTOMER"

MGMT_MAC="00:0c:29:db:cf:ce"
MGMT_IP="192.168.232.129"
MGMT_PREFIX="24"
MGMT_FLG="MANAGEMENT"

. /root/common.cnf

hostnamectl set-hostname server002

disable_selinux

change_connection_profile_name ${CUST_MAC} ${UST_FLG}
change_connection_profile_name ${MGMT_MAC} ${MGMT_FLG}

initialize_FW

set_ip ${CUST_MAC} ${IP} ${PREFIX}
set_ip ${MGMT_MAC} ${MGMT_IP} ${MGMT_PREFIX} ${MGMT_FLG}

create_FW

# デバッグ

[root@localhost ~]# sh -x ./main.sh
+ CUST_MAC=00:0c:29:db:cf:ba
+ IP=192.168.59.135
+ PREFIX=24
+ CUST_FLG=CUSTOMER
+ MGMT_MAC=00:0c:29:db:cf:ce
+ MGMT_IP=192.168.232.129
+ MGMT_PREFIX=24
+ MGMT_FLG=MANAGEMENT
+ . /root/common.cnf
+ hostnamectl set-hostname server002
+ disable_selinux
++ getenforce
+ SELINUX=Disabled
+ '[' Disabled == Enforcing ']'
+ change_connection_profile_name 00:0c:29:db:cf:ba
++ ip addr
++ grep -i -B 1 00:0c:29:db:cf:ba
++ head -1
++ awk '{print $2}'
++ sed s/://
+ NIC=ens33
++ nmcli connection show
++ grep ens33
++ awk -F ' ' '{print $1}'
+ PROFILE=CUSTOMER
+ '[' '' == CUSTOMER ']'
+ '[' '' == MANAGEMENT ']'
+ change_connection_profile_name 00:0c:29:db:cf:ce MANAGEMENT
++ grep -i -B 1 00:0c:29:db:cf:ce
++ head -1
++ awk '{print $2}'
++ sed s/://
++ ip addr
+ NIC=ens38
++ nmcli connection show
++ grep ens38
++ awk -F ' ' '{print $1}'
+ PROFILE=MANAGEMENT
+ '[' MANAGEMENT == CUSTOMER ']'
+ '[' MANAGEMENT == MANAGEMENT ']'
+ nmcli connection modify MANAGEMENT con-name MANAGEMENT
+ nmcli connection down MANAGEMENT
Connection 'MANAGEMENT' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/12)
+ nmcli connection up MANAGEMENT
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/13)
+ initialize_FW
+ firewall-cmd --permanent --get-zones
+ grep MANAGEMENT
+ '[' 1 -eq 0 ']'
+ firewall-cmd --permanent --get-zones
+ grep CUSTOMER
+ '[' 1 -eq 0 ']'
+ firewall-cmd --reload
success
+ IFS_BK='
'
+ IFS='
'
++ awk '-F ' 'NR>1 {print $1}'
++ nmcli connection show
+ for PROFILE in '$(nmcli connection show | awk -F" " '\''NR>1 {print $1}'\'')'
+ nmcli connection modify CUSTOMER connection.zone public
+ for PROFILE in '$(nmcli connection show | awk -F" " '\''NR>1 {print $1}'\'')'
+ nmcli connection modify MANAGEMENT connection.zone public
+ IFS='
'
++ firewall-cmd --direct --permanent --get-all-chains
++ wc -l
+ CHAINS_NUM=0
+ '[' 0 -gt 0 ']'
+ firewall-cmd --reload
success
+ set_ip 00:0c:29:db:cf:ba 192.168.59.135 24
++ ip addr
++ grep -B 1 00:0c:29:db:cf:ba
++ head -1
++ awk '{print $2}'
++ sed -e s/://
+ NIC=ens33
++ nmcli device show ens33
++ awk -F : '{print $2}'
++ sed -e 's/ *//'
++ grep GENERAL.CONNECTION:
+ PROFILE=CUSTOMER
+ nmcli connection modify CUSTOMER connection.autoconnect yes
+ nmcli connection modify CUSTOMER ipv4.addresses 192.168.59.135/24
+ '[' 3 -ne 4 ']'
+ nmcli connection modify CUSTOMER ipv4.gateway 192.168.59.2
+ nmcli connection modify CUSTOMER ipv4.dns 192.168.59.2
+ nmcli connection modify CUSTOMER ipv4.method manual
+ nmcli connection down CUSTOMER
Connection 'CUSTOMER' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)
+ nmcli connection up CUSTOMER
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14)
+ set_ip 00:0c:29:db:cf:ce 192.168.232.129 24 MANAGEMENT
++ ip addr
++ head -1
++ awk '{print $2}'
++ sed -e s/://
++ grep -B 1 00:0c:29:db:cf:ce
+ NIC=ens38
++ grep GENERAL.CONNECTION:
++ awk -F : '{print $2}'
++ sed -e 's/ *//'
++ nmcli device show ens38
+ PROFILE=MANAGEMENT
+ nmcli connection modify MANAGEMENT connection.autoconnect yes
+ nmcli connection modify MANAGEMENT ipv4.addresses 192.168.232.129/24
+ '[' 4 -ne 4 ']'
+ nmcli connection modify MANAGEMENT ipv4.dns 192.168.59.2
+ nmcli connection modify MANAGEMENT ipv4.method manual
+ nmcli connection down MANAGEMENT
Connection 'MANAGEMENT' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/13)
+ nmcli connection up MANAGEMENT
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15)

文字化けについて

# 接続プロファイルが「????」となっており読めない

[customer@localhost ~]$ nmcli device
DEVICE      TYPE      STATE         CONNECTION
virbr0      bridge    connected     virbr0
ens37       ethernet connected     ???? 1
ens33       ethernet disconnected --
lo          loopback unmanaged     --
virbr0-nic tun       unmanaged     --

# 日本語表示が出来るようにLANG変数を修正

[customer@localhost ~]$ date
Fri Mar 17 14:48:09 JST 2017

[customer@localhost ~]$ export LANG=ja_JP.UTF-8
[customer@localhost ~]$ date
2017年 3月 17日金曜日 14:51:36 JST

# 接続プロファイルが「優先接続 1」と読めるようになったが、

本当は「Wired connection 1」と返ってきてほしい

[customer@localhost ~]$ nmcli device
デバイス    タイプ    状態      接続
virbr0      bridge    接続済み virbr0
ens37       ethernet 接続済み有線接続 1
ens33       ethernet 切断済み --
lo          loopback 管理無し --
virbr0-nic tun       管理無し --

# localectl set-locale LANG= en_US.UTF-8 やってもダメ

# 結局、直す方法が分からず、以下のように再インストール

DATE & TIME：
Asia/Tokyo

Keyboad：
1 Japanese
2 English(US)

※ここが重要

LANGUAGE SUPPORT：
English(US)

Network：

# 接続プロファイルが「ens33」になる

[customer@localhost ~]$ nmcli device
DEVICE TYPE      STATE      CONNECTION
ens33   ethernet connected ens33
lo      loopback unmanaged --

# LANGUAGE SUPPORT：　はどこの設定ファイルにあるのか？
[customer@localhost ~]$ localectl status
   System Locale: LANG=en_US.UTF-8
       VC Keymap: jp
      X11 Layout: jp,us
     X11 Variant: ,

参考：

http://zero-config.com/centos/changelocale-002.html

<< 前ページ次ページ >>

ドラクエ10ブログの予定

ドラクエ10ブログの予定

SED & AWKコマンドメモ

MACアドレスとIPアドレス紐づけ

文字化けについて