重裝伺服器真是一個耗精力的過程,尤其是用ghost做數據全盤備份,數據ghost恢復蝸牛一般的速度,再加上ghost居然人生第一次碰到了軟體會異常問題,真的是讓人痛苦不堪啊。從現在想來,可能不如用imagex來備份數據,imagex至少可以直接mount,省了我不斷的恢復過程啊。回想起來,選ghos ...
重裝伺服器真是一個耗精力的過程,尤其是用ghost做數據全盤備份,數據ghost恢復蝸牛一般的速度,再加上ghost居然人生第一次碰到了軟體會異常問題,真的是讓人痛苦不堪啊。從現在想來,可能不如用imagex來備份數據,imagex至少可以直接mount,省了我不斷的恢復過程啊。回想起來,選ghost唯一的理由,應該是:全盤備份,可以必要時候全盤恢復。不過,這個不是這裡的重點。這裡主要講服務安裝時候,自動化腳本構建。當然,使用構建腳本的方法,可能真的不如直接手動操作,但是,萬一需要第二台或第二次再來一遍呢。當然,程式員對於人肉方法,也是傾向於不屑一顧的。
1. 組織架構
公司轉向了事業部制,大概的公司結構如下: 
基本SVN設計是,每個事業部有一個SVN庫,下麵設一級目錄,HW/FPGA/FW/SW,分別授權不同的工程師訪問。
2. 創建用戶和用戶組
用戶歸屬於事業部,需要創建事業部組,事業部下根據研發性質,在細分成HW/FPGA/FW/SW用戶組,創建用戶用命令“net user”,從Excel生成命令腳本使用Excel的VBA生成,代碼如下:
Sub CreateScript()
Dim row As Integer, i As Integer
Dim tsUsr As TextStream, tsSmtp As TextStream
Dim usr As String, grp As String, cmt As String
Dim outFolder As String
Set fso = CreateObject("Scripting.FileSystemObject")
outFolder = "D:\BYHX\Server\"
Set tsUsr = fso.OpenTextFile(outFolder & "0.servadmin.cmd", ForWriting, True)
Set tsSmtp = fso.OpenTextFile(outFolder & "0.sendmail.ps1", ForWriting, True)
' PowerShell,需要先執行以下的語句,才能執行ps1腳本
tsSmtp.WriteLine "# Execute below command first, then ps1 script will allowed."
tsSmtp.WriteLine "# Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser"
' 創建事業部和大的用戶性質用戶組
For row = 2 To 18
grp = Range("L" & row)
If Left(grp, 2) <> "RD" Then grp = "BU-" & grp
tsUsr.WriteLine "net localgroup " & grp & " /add /comment:""" & Range("M" & row) & """"
Next row
' 創建事業部下研發分類用戶組,以及列出同類研發事業部組列表
For row = 2 To 13
grp = Range("L" & row)
cmt = Range("M" & row)
If Left(grp, 2) <> "RD" Then grp = "BU-" & grp
tsUsr.WriteLine "net localgroup " & grp & "-HW /add /comment:""" & cmt & " 硬體"""
tsUsr.WriteLine "net localgroup " & grp & "-FPGA /add /comment:""" & cmt & " FPGA"""
tsUsr.WriteLine "net localgroup " & grp & "-FW /add /comment:""" & cmt & " 嵌入"""
tsUsr.WriteLine "net localgroup " & grp & "-SW /add /comment:""" & cmt & " 軟體"""
Next row
For row = 2 To 1000
usr = Trim(Range("A" & row).Text)
grp = Trim(Range("D" & row).Text)
' 行的A列為空,表示處理結束
If usr = "" Then Exit For
' 非RD的,添加BU首碼
If Left(grp, 2) <> "RD" Then grp = "BU-" & grp
' 添加用戶
tsUsr.WriteLine "net user " & usr & " """ & Range("B" & row) & """ /add /active:yes /expires:never /fullname:" & Range("C" & row)
' 用戶密碼永不過期
tsUsr.WriteLine "wmic useraccount where name='" & usr & "' set passwordexpires=false"
' 把用戶添加到事業部
tsUsr.WriteLine "net localgroup " & grp & " " & usr & " /add"
' 根據研發內容,添加用戶到事業部研發組
If Range("E" & row).Text = "Y" Then tsUsr.WriteLine "net localgroup " & grp & "-HW " & usr & " /add" & vbCrLf & "net localgroup RD-AllHW " & usr & " /add"
If Range("F" & row).Text = "Y" Then tsUsr.WriteLine "net localgroup " & grp & "-FPGA " & usr & " /add" & vbCrLf & "net localgroup RD-AllFPGA " & usr & " /add"
If Range("G" & row).Text = "Y" Then tsUsr.WriteLine "net localgroup " & grp & "-FW " & usr & " /add" & vbCrLf & "net localgroup RD-AllFW " & usr & " /add"
If Range("H" & row).Text = "Y" Then tsUsr.WriteLine "net localgroup " & grp & "-SW " & usr & " /add" & vbCrLf & "net localgroup RD-AllSW " & usr & " /add"
If Range("I" & row).Text = "Y" Then tsUsr.WriteLine "net localgroup BU-Leader " & usr & " /add"
Next row
tsUsr.Close
tsSmtp.Close
MsgBox "OK"
End Sub
3. 安裝和配置SVN
3.1 建立SVN庫
安裝完畢之後,建立一個Demo庫,手動添加管理賬號的讀寫訪問許可權,拷貝出賬號認證配置文件,再準備好需要的svn的hook文件。 準備好事業部列表文件“1.svn-repo.txt”,每行只有事業部的名稱(從Excel拷貝出來即可),用批處理命令,生成SVN庫,以及離線SVN配置。
for /f %%i in (1.svn-repo.txt) do (
svnadmin create E:\Repositories\%%i
mkdir %%i\conf\
mkdir %%i\hooks\
copy /y VisualSVN-WinAuthz.ini %%i\conf\
copy /y pre-commit.cmd %%i\hooks\
)
3.2 創建一級目錄並配置
用svn命令,管理賬號,創建各個庫的一級目錄:
for /f %%i in (1.svn-repo.txt) do (
svn mkdir https://BYHX-MasterServ:8443/svn/%%i/hw -m "Create hardware folder"
svn mkdir https://BYHX-MasterServ:8443/svn/%%i/fpga -m "Create FPGA folder"
svn mkdir https://BYHX-MasterServ:8443/svn/%%i/fw -m "Create firmware folder"
svn mkdir https://BYHX-MasterServ:8443/svn/%%i/sw -m "Create software folder"
)
用類似的迴圈,用“PsGetsid”工具,獲取用戶的SID信息文件,單個SID信息類似於
SID for my-co-server\whom:
S-1-5-21-316025195-1075053894-3005689260-1012
利用shell腳本,處理SID信息(註意先轉換“sidresult.txt”為unix格式)
cat sidresult.txt | egrep "SID\ for|S\-1" | sed -e 'N;s/\n//g' | sed -e 's/^.*\\//g' > sidlist.txt
處理完信息類似於:
whom:S-1-5-21-316025195-1075053894-3005689260-1012
有了SID信息表之後,用Excel的VBA,處理許可權信息:
Function GetSID(sName As String)
Dim sidFile As TextStream
Dim outFolder As String
Dim str As String, s1 As String
Dim pos As Integer
outFolder = "D:\BYHX\Server\"
Set sidFile = fso.OpenTextFile(outFolder & "sidlist.txt", ForReading)
Do While Not sidFile.AtEndOfStream
str = sidFile.ReadLine
pos = InStr(str, ":")
s1 = Left(str, pos - 1)
If s1 = sName Then
GetSID = mid(str, pos + 1)
Exit Do
End If
Loop
End Function
Sub ModiPrivilege()
Dim row As Integer, i As Integer
Dim outFolder As String
Dim authFile As TextStream
Dim str As String, s1 As String
Dim usr As String, grp As String
Set fso = CreateObject("Scripting.FileSystemObject")
outFolder = "D:\BYHX\Server\"
' 給負責人添加庫的完全許可權
For row = 2 To 1000
usr = Trim(Range("A" & row).Text)
grp = Trim(Range("D" & row).Text)
' 行的A列為空,表示處理結束
If usr = "" Then Exit For
' 非RD的,添加BU首碼
If Left(grp, 2) <> "RD" Then grp = "BU-" & grp
If Range("I" & row).Text = "Y" Then
str = outFolder & grp & "\conf\VisualSVN-WinAuthz.ini"
Set authFile = fso.OpenTextFile(str, ForAppending)
authFile.WriteLine GetSID(usr) & "=rw"
authFile.Close
End If
Next row
' 事業部下研發分類用戶組,設置許可權
For row = 2 To 13
grp = Range("L" & row)
If Left(grp, 2) <> "RD" Then grp = "BU-" & grp
Set authFile = fso.OpenTextFile(outFolder & grp & "\conf\VisualSVN-WinAuthz.ini", ForAppending)
authFile.WriteLine vbCrLf & "[/hw]"
authFile.WriteLine GetSID(grp & "-HW") & "=rw"
authFile.WriteLine vbCrLf & "[/fpga]"
authFile.WriteLine GetSID(grp & "-FPGA") & "=rw"
authFile.WriteLine vbCrLf & "[/fw]"
authFile.WriteLine GetSID(grp & "-FW") & "=rw"
authFile.WriteLine vbCrLf & "[/sw]"
authFile.WriteLine GetSID(grp & "-SW") & "=rw"
authFile.Close
Next row
MsgBox "OK"
End Sub
將離線的SVN配置文件,複製到SVN庫目錄,重啟SVN服務,SVN配置完成。
4. 發送通知郵件
需要把各個賬戶的密碼,通知到各位同仁。將Excel的用戶名和密碼這兩列,複製到文本文件。轉為unix格式。發送郵件腳本如下:
#!/usr/bin/bash
input="mailaccount.txt"
while IFS= read -r line
do
_usr=`echo -n $line | gawk '{printf "%s",$1}'`
_pwd=`echo -n $line | gawk '{printf "%s",$2}' | ./htmlenc.exe`
cat SwithMailSettings.xml | sed -e "s/__to_person__/$_usr/g" -e "s/__password__/$_pwd/g" > account.xml
./SwithMail.exe /s /x account.xml
done < "$input"
命令行郵件工具選擇了“SwithMail”,依據的是7 Command Line Utilities to Easily Send Email Using SMTP的推薦。當然,用PowerShell也可以,就是比較麻煩一點點。
