image.png

自动检测 自动更新 设置crontab 定时每10分钟执行一下sh if-public-net.sh 检测脚本即可

[11:16:17root@Test /opt/hxkj]#cat if-public-net.sh 
#!/bin/bash
old_ip=$(cat old.log)
new_ip=$(curl -s https://ipw.cn/api/ip/myip)
echo oldip:$old_ip
echo newip:$new_ip
if [ "$old_ip" != "$new_ip" ];then
    python3 /opt/hxkj/aliyun-update-ip-test.py
    python3 /opt/hxkj/aliyun-update-ip-prod.py
    curl -s https://ipw.cn/api/ip/myip > old.log
else
     exit 0
fi
[11:17:22root@Test /opt/hxkj]#cat aliyun-update-ip-test.py 
#!/usr/local/bin/python3
#coding=utf-8
import re
from urllib import request
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.acs_exception.exceptions import ClientException
from aliyunsdkcore.acs_exception.exceptions import ServerException
from aliyunsdkecs.request.v20140526.RevokeSecurityGroupRequest import RevokeSecurityGroupRequest
from aliyunsdkecs.request.v20140526.AuthorizeSecurityGroupRequest import AuthorizeSecurityGroupRequest


# 获取当前公网ip
def GetCompanyPublicIp():
    req = request.Request('https://ipw.cn/api/ip/myip')
    # req.add_header('User-Agent', 'curl/7.53.1')   ## 用curl方式请求，会少很多html页面。
    req.add_header('User-Agent',
                   'Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1')
    f = request.urlopen(req)
    ip_str = f.read().decode('utf-8')
    ip = re.findall(r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b", ip_str)
    return ip[0]


# 获取历史公网ip
def GetCompanyOldIp():
    try:
        f = open('ip.txt', 'r')
        oldIP = f.read().strip()
        return oldIP
    except IOError:
        print("Error: 没有找到文件或读取文件失败")
    else:
        f.close()


# 写入新的ip到本地
def IputCompanyNewIp(ip):
    try:
        f = open('ip.txt', 'w')
        f.write(ip)
    except IOError:
        print("Error: 没有找到文件或读取文件失败")
    else:
        print("写入NewIp成功")
        f.close()
# 此处分别填写创建的RAM子账号的AccessKeyId，子账号的AccessKeySecret，以及要管理的大区
client = AcsClient('111111', '111111', 'cn-111111')

def DelGroup(SourceCidrIp):
    request = RevokeSecurityGroupRequest()
    request.set_accept_format('json')
    request.set_SecurityGroupId("sg-111111")
    request.set_PortRange("1/65535")
    request.set_IpProtocol("tcp")
    request.set_SourceCidrIp(SourceCidrIp)
    response = client.do_action_with_exception(request)
    request.set_Description("公司出网端口")
    print(str(response, encoding='utf-8'))
# 添加规则
def AddGroup(SourceCidrIp):
    request = AuthorizeSecurityGroupRequest()
    request.set_accept_format('json')
    request.set_SecurityGroupId("sg-111111")  # 安全组ID
    request.set_IpProtocol("tcp")
    request.set_PortRange("1/65535")
    request.set_Description("公司出网端口")
    request.set_SourceCidrIp(SourceCidrIp)
    response = client.do_action_with_exception(request)
    print(str(response, encoding='utf-8'))
# AddGroup(ip)
if __name__ == '__main__':
    NewIp = GetCompanyPublicIp()
    OldIp = GetCompanyOldIp()
    if NewIp == OldIp:
        print('公司出口ip没有发生变化')
    else:
        print('公司出口ip发生变化：', NewIp)
        IputCompanyNewIp(NewIp)
        DelGroup(OldIp)
        AddGroup(NewIp)

image.png

# 本文使用的Python版本为Python 3.7
pip install aliyun-python-sdk-core-v3
pip install aliyun-python-sdk-ecs

# 脚本如下：
#!/usr/bin/python3
#coding=utf-8
'''
当办公室的公网ip改变时，调用阿里云的API放行当前的公网IP和指定的端口
'''
import json
import re
import requests
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest


def get_ip(url):
    """
    定义http head伪装成curl浏览器获取IP数据
    """
    headers = { 'User-Agent': "curl/10.0","Content-type":"application/x-www-form-urlencoded","Accept":"text/plain"}
    r = requests.get(url,headers=headers)
    text = re.search(r'(\d+\.\d+\.\d+\.\d+)',r.text).group(1)
    return (text)

def get_old_ip(log_file):
    """
    获取文件中的IP地址
    """
    try:
        open_files = open(log_file, "r")
        old_ip = open_files.read()
        open_files.close()
        return (old_ip)
    except:
        return 0

def change_ip(log_file):

    try:
        open_files = open(log_file, "w+")
        open_files.write(new_ip)
        open_files.close()
    except:
        pass

def Get_sourceIP(RegionId,SecurityGroupId,Port):
   '''
   获取已存在的安全组的IP
   '''
   request.set_action_name('DescribeSecurityGroupAttribute')
   request.add_query_param('RegionId', RegionId)
   request.add_query_param('SecurityGroupId', SecurityGroupId)
   request.add_query_param('NicType', 'intranet')
   request.add_query_param('Direction', 'all')
   response = client.do_action_with_exception(request)      #调用阿里云api返回安全组所有规则

   text = (re.match(r'^b\'(.*?)\'$' ,str(response)).group(1))  #将获取到的bytes数据转换成str并用正则去掉b前缀

   text = json.loads(text)    #将数据用json解码
   #len_text = len(text)
   for i in range(0,len(text)):     #获取text列表的长度，并以此开始循环遍历
      if text['Permissions']['Permission'][i]['PortRange'] == Port:
         ip = (text['Permissions']['Permission'][i]['SourceCidrIp'])
         break
   #遍历列表，当PortRange等于所定义的端口时，返回IP并跳出循环
   # print(text['Permissions']['Permission'][]['SourceCidrIp'])
   return (ip)



def Remove(RegionId,SecurityGroupId,IpProtocol,PortRange,SourceCidrIp):
   '''
   RevokeSecurityGroup：从指定的安全组删除一条规则
   '''
   request.set_action_name('RevokeSecurityGroup')
   request.add_query_param('RegionId', RegionId)
   request.add_query_param('SecurityGroupId', SecurityGroupId)
   request.add_query_param('IpProtocol', IpProtocol)
   request.add_query_param('PortRange', PortRange)
   request.add_query_param('SourceCidrIp', SourceCidrIp)
   request.add_query_param('NicType', 'intranet')
   response = client.do_action_with_exception(request)
   #print(response)

def Add_NewIP(RegionId,SecurityGroupId,IpProtocol,PortRange,SourceCidrIp):
   '''
   AuthorizeSecurityGroup：添加一个规则到指定的安全组
   '''
   request.set_action_name('AuthorizeSecurityGroup')
   request.add_query_param('RegionId', RegionId)
   request.add_query_param('SecurityGroupId', SecurityGroupId)
   request.add_query_param('IpProtocol', IpProtocol)
   request.add_query_param('PortRange', PortRange)
   request.add_query_param('SourceCidrIp', SourceCidrIp)
   request.add_query_param('NicType', 'intranet')
   request.add_query_param('Description', 'PythonScriptCreated')
   response = client.do_action_with_exception(request)

if __name__ == "__main__":
    request = CommonRequest()
    request.set_accept_format('json')               #阿里云返回的数据类型为json格式
    request.set_domain('ecs.aliyuncs.com')
    request.set_method('POST')
    request.set_version('2014-05-26')               #api版本
    client = AcsClient('填写AccessKeyID', '填写AccessKeySecret', 'cn-shenzhen')
   #阿里云api固定认证格式：AccessKeyID，AccessKeySecret，RegionId

    RegionId = 'cn-shenzhen'                                         #区域
    SecurityGroupId = ['填写安全组id']         #安全组ID
    IpProtocol = 'tcp'                                               #协议类型
    PortRange = ['38848/38848']                                #端口

    log_file = 'ip.log'                     #将IP地址保存至一个文件中
    new_ip = get_ip("https://ipv4.ngx.hk")       #获取当前IP的URL https://ipv4.ngx.hk http://ip.42.pl/raw
    old_ip = get_old_ip(log_file)
    NewIP = new_ip

    if new_ip != old_ip:
        change_ip(log_file)
        for i in SecurityGroupId:
            for j in PortRange:
                try:
                    OldIP = Get_sourceIP(RegionId=RegionId, SecurityGroupId=i, Port='38848/38848')
                    # 调用Get_sourceIP函数获取旧的IP。若IP不存在或对应的端口不对，则抛出异常，直接执行添加
                    Remove(RegionId=RegionId, SecurityGroupId=i, IpProtocol=IpProtocol, PortRange=j, SourceCidrIp=OldIP)
                    Add_NewIP(RegionId=RegionId, SecurityGroupId=i, IpProtocol=IpProtocol, PortRange=j, SourceCidrIp=NewIP)
                except:
                    Add_NewIP(RegionId=RegionId, SecurityGroupId=i, IpProtocol=IpProtocol, PortRange=j, SourceCidrIp=NewIP)

image.png