Introduction
Python is the lingua franca of DevOps. This tutorial provides practical, production-ready Python scripts for common system administration tasks, helping you automate repetitive work and reduce human error.
Setting Up Python Environment
Use Python 3.8+ for modern features. Install via apt: sudo apt install python3 python3-pip. Use virtual environments: python3 -m venv myenv, source myenv/bin/activate. Essential libraries: paramiko (SSH), requests (HTTP), boto3 (AWS), psutil (system monitoring), schedule (task scheduling).
Script 1: Automated Backup with Rotation
Create backup script using shutil and tarfile. Implement backup rotation keeping last 7 daily, 4 weekly, 12 monthly backups. Use python-dotenv for configuration. Add logging with rotating file handler. Example: backup directories, compress with gzip, upload to S3 or remote server via rsync.
Script 2: Log File Analyzer and Alerter
Parse log files to detect errors, rate-limit attacks, or performance issues. Use regex (re module) for pattern matching. Track error rates per minute, send alerts via email/Slack when thresholds exceed. Store metrics in SQLite for trend analysis. Example: detect 500 errors in Nginx access logs.
Script 3: Server Health Monitor
Use psutil for comprehensive monitoring: CPU usage per core, memory (RAM + swap), disk I/O and space, network bandwidth, running processes. Output JSON for Prometheus or send to InfluxDB. Check thresholds: email alert when disk >85% or load average > CPU cores * 1.5.
Script 4: Automated Deployment Script
Fabric or paramiko for SSH commands to multiple servers. Script flow: pull latest code, run tests, build assets, symlink new release, reload service, health check, rollback on failure. Implement blue-green deployment patterns with load balancer reconfiguration.
Script 5: Database Backup and Restoration
MySQL/PostgreSQL backup with python-mysqldb or psycopg2. Implement backup verification (restore to temporary database, run checksums). Encrypt backups with cryptography library. Automate restoration testing in staging environment weekly. Example: backup all databases, compress, upload to Google Cloud Storage.
Script 6: SSL Certificate Expiry Checker
Use ssl, OpenSSL, or socket to check certificate expiry dates across multiple domains. Send Slack notifications 30, 14, 7 days before expiry. Integration with Let's Encrypt renewal scripts. Output CSV report of all domains and expiry dates. Example: parse HSTS preload list, check 5000 domains.
Script 7: File Integrity Monitor
Store SHA256 hashes of critical files (/etc/passwd, /etc/ssh/sshd_config, web app configs) in database. Run daily comparisons to detect unauthorized changes. Alert on modifications. Extend to monitor entire directories, excluding expected changes (logs, cache). Implement whitelist patterns.
Script 8: Automated User Management
LDAP integration, but also simple scripts for local users. Create users from CSV: generate random passwords, set expiry dates, assign groups, create home directories with skeleton files. Implement user deactivation after inactivity. SSH key management: add/revoke keys from authorized_keys.
Script 9: Network Scanner and Inventory
Use python-nmap or raw sockets to scan subnets, discover devices and open ports. Output to JSON inventory with IP, MAC, hostname (via reverse DNS), OS fingerprint (nmap -O). Run weekly, compare for new devices. Integration with CMDB or NetBox for documentation.
Script 10: Automated Security Audit
Python script to check CIS benchmarks: ensure SSH root login disabled, firewall running, unnecessary services not listening, kernel parameters hardened, password policies enforced. Generate HTML report with pass/fail status and remediation commands. Use subprocess for system commands where Python lacks direct support.
Conclusion
Python automation transforms server administration. Start with simple scripts, iterate based on real needs, and gradually build a library of reusable modules. Use configuration files, command-line arguments (argparse), and proper error handling for production-ready scripts.