阿里云IP遭受DDOS攻击快速切换IP实践 - ToB企服应用市场:ToB评测及商务社交产业平台

# 域名
domain_name="elvin.vip"
domain_sub="k8s-lb"
if ping -c 1 $domain_sub.$domain_name &> /dev/null; then
echo "$(date +'%F %T') $domain_sub.$domain_name is online"
else
echo "$(date +'%F %T') $domain_sub.$domain_name is not online."
fi

复制代码

#安装aliyun cli
wget https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz
tar -zxf aliyun-cli-linux-latest-amd64.tgz -C /usr/local/bin/
rm -f aliyun-cli-linux-latest-amd64.tgz
# 设置阿里云访问密钥和区域ID
export ALICLOUD_ACCESS_KEY_ID='key_id_xxx'
export ALICLOUD_ACCESS_KEY_SECRET='key_secret_xxx'
export ALICLOUD_REGION_ID='cn-shanghai'

复制代码

#负载均衡实例id
LOAD_BALANCER_ID="lb-xxxxxxxx"
# 查询绑定LB的EIP
EIP_INFO=$(aliyun vpc DescribeEipAddresses --RegionId $ALICLOUD_REGION_ID | jq --arg lb_id "$LOAD_BALANCER_ID" '.EipAddresses.EipAddress[] | select(.InstanceId == $lb_id and .InstanceType == "SlbInstance")')
# 提取EIP的ID和IP地址
OLD_EIP_IP=$(echo $EIP_INFO | jq -r '.IpAddress')
OLD_EIP_ID=$(echo $EIP_INFO | jq -r '.AllocationId')

复制代码

# 创建EIP 按量付费模式峰值带宽100M
EIP_OUTPUT=$(aliyun vpc AllocateEipAddress --RegionId $ALICLOUD_REGION_ID --InternetChargeType PayByTraffic --Bandwidth 100 --Name $domain_sub)
# 获取EIP的ID和IP地址
EIP_ID=$(echo $EIP_OUTPUT | jq -r '.AllocationId')
EIP_IP=$(echo $EIP_OUTPUT | jq -r '.EipAddress')

复制代码

# 解绑现有的EIP
aliyun vpc UnassociateEipAddress --RegionId $ALICLOUD_REGION_ID --AllocationId $OLD_EIP_ID --InstanceId $LOAD_BALANCER_ID --InstanceType SlbInstance
# 绑定EIP到负载均衡器
ASSOCIATE_OUTPUT=$(aliyun vpc AssociateEipAddress --RegionId $ALICLOUD_REGION_ID --AllocationId $EIP_ID --InstanceId $LOAD_BALANCER_ID --InstanceType SlbInstance)
# 释放旧的EIP
aliyun vpc ReleaseEipAddress --AllocationId $OLD_EIP_ID

复制代码

# 获取域名RecordId
RECORD_ID=$(aliyun alidns DescribeDomainRecords --DomainName $domain_name | jq -r --arg rr "$domain_sub" '.DomainRecords.Record[] | select(.RR == $rr) | .RecordId')
# 更新域名的A记录
aliyun alidns UpdateDomainRecord --RecordId $RECORD_ID --RR $domain_sub --Type A --Value $EIP_IP

复制代码

#!/bin/bash# aliyun.lb.eip.update.sh# */12 * * * * bash /opt/aliyun.lb.eip.update.sh# 域名和负载均衡相干信息domain_name="elvin.vip"domain_sub="k8s-lb"LOAD_BALANCER_ID="lb-xxxxxxxx"#file[ -d /data/txt ] || mkdir -p /data/txtckFile=/data/txt/$domain_sub.$domain_name.ckrunLog=/data/txt/$domain_sub.$domain_name.log#跳过一次实行if [ -f $ckFile ]; then now_time=$(date +%s) file_time=$(stat -c %Y $ckFile) time_diff=$((now_time - file_time)) # 判断是否凌驾10分钟 if [ $time_diff -ge 600 ]; then rm -f $ckFile echo "$(date +'%F %T') skip run once" >>$runLog exit 0 fifi# 检测域名是否可达,错误时连续检查3次for((i=1; i /dev/null; then echo "$(date +'%F %T') $domain_sub.$domain_name is online" >>$runLog nk=99 i=99 exit 0 else echo "$(date +'%F %T') $domain_sub.$domain_name is not online. Retrying..." >>$runLog sleep 5 fidoneif [ "$nk" = "99" ];then exit 0else echo "$(date +'%F %T') Domain is not reachable after 3 attempts." >>$runLogfi# 设置阿里云访问密钥和区域IDexport ALICLOUD_ACCESS_KEY_ID='key_id_xxx'export ALICLOUD_ACCESS_KEY_SECRET='key_secret_xxx'export ALICLOUD_REGION_ID='cn-shanghai'# 查询绑定LB的EIPEIP_INFO=$(aliyun vpc DescribeEipAddresses --RegionId $ALICLOUD_REGION_ID | jq --arg lb_id "$LOAD_BALANCER_ID" '.EipAddresses.EipAddress[] | select(.InstanceId == $lb_id and .InstanceType == "SlbInstance")')# 提取EIP的ID和IP地址OLD_EIP_IP=$(echo $EIP_INFO | jq -r '.IpAddress')OLD_EIP_ID=$(echo $EIP_INFO | jq -r '.AllocationId')# 验证结果if [ -z "$OLD_EIP_IP" ]; then echo "$(date +'%F %T') Failed to find OLD_EIP_IP" >>$runLog exit 1fiecho "$(date +'%F %T') Old EIP: $OLD_EIP_IP" >>$runLog# 创建EIP 按量付费模式峰值带宽100M
EIP_OUTPUT=$(aliyun vpc AllocateEipAddress --RegionId $ALICLOUD_REGION_ID --InternetChargeType PayByTraffic --Bandwidth 100 --Name $domain_sub)
# 获取EIP的ID和IP地址
EIP_ID=$(echo $EIP_OUTPUT | jq -r '.AllocationId')
EIP_IP=$(echo $EIP_OUTPUT | jq -r '.EipAddress')# 验证EIP创建if [ -z "$EIP_ID" ] || [ -z "$EIP_IP" ]; then echo "$(date +'%F %T') Test Failed: Failed to create EIP." >>$runLog echo "eip_create: $EIP_OUTPUT" >>$runLog exit 1fiecho "$(date +'%F %T') New EIP: $EIP_IP" >>$runLog# 解绑现有的EIPecho "$(date +'%F %T') Remove LB-EIP" >>$runLog >>$runLogaliyun vpc UnassociateEipAddress --RegionId $ALICLOUD_REGION_ID --AllocationId $OLD_EIP_ID --InstanceId $LOAD_BALANCER_ID --InstanceType SlbInstance >>$runLogsleep 2# 绑定EIP到负载均衡器ASSOCIATE_OUTPUT=$(aliyun vpc AssociateEipAddress --RegionId $ALICLOUD_REGION_ID --AllocationId $EIP_ID --InstanceId $LOAD_BALANCER_ID --InstanceType SlbInstance)# 验证绑定if [ $? -ne 0 ]; then echo "$(date +'%F %T') EIP add to LB Failed." >>$runLog echo "eip_update: $ASSOCIATE_OUTPUT" >>$runLog exit 1else # echo "EIP add to LB successfully." echo "$(date +'%F %T') eip_update: $ASSOCIATE_OUTPUT" >>$runLogfisleep 2# 开释旧的EIPecho "$(date +'%F %T') Release old EIP $OLD_EIP_ID" >>$runLogaliyun vpc ReleaseEipAddress --AllocationId $OLD_EIP_ID >>$runLog# 获取域名RecordIdRECORD_ID=$(aliyun alidns DescribeDomainRecords --DomainName $domain_name | jq -r --arg rr "$domain_sub" '.DomainRecords.Record[] | select(.RR == $rr) | .RecordId')# 更新域名的A记录echo "$(date +'%F %T') Update IP: $domain_sub.$domain_name $EIP_IP" >>$runLogaliyun alidns UpdateDomainRecord --RecordId $RECORD_ID --RR $domain_sub --Type A --Value $EIP_IP >>$runLog#notie msg#dingtalkexport ddtxt="notice from ip-update \n$domain_sub.$domain_name \n$EIP_IP"export ddtoken="10b70b4fcb8a5ddad86b7a4396183639a6a99c2660xxxxxx"curl -ks -m 5 http://files.elvin.vip/shell/ddmsg.url.txt.sh |bash#larkexport txtmsg="notice from ip-update \n$domain_sub.$domain_name \n$EIP_IP"export larktoken="f6bfc69d-2617-46d7-a42b-123xxxxxx"curl -ks -m 5 http://files.elvin.vip/shell/lkmsg.txt.sh |bash# 记录完成时间date +"%F %T" >$ckFileexit 0

复制代码