portal连接ldap;直接在root用户下执行即可

复制代码
#!/bin/bash
set -ex


su - ccp_master<<'EOFCC'
cat>ldaptoportal.sh<<'EOFG'
keystore_pd="Huawei@portal.com"
ldapAdmin_pd="huawei@123"
ldapadmin="root"

LANG="en_US.UTF-8"
cd /opt/huawei/portal/conf/certs/truststore

echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -list -keystore trust.jks || echo file is not exists!

echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -delete  -alias zhc_certs  -keystore trust.jks || echo zhc_certs is not exists!

/opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -import -alias zhc_certs -file /etc/openldap/cacerts/*.crt -keystore trust.jks <<EOF
${keystore_pd}
yes
EOF

echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -list -keystore trust.jks


cd /opt/huawei/portal
source profile.hpc

/usr/bin/expect <<-EOF > ~/logfile.bak
spawn /opt/huawei/portal/ac/1.3.0/bin/kmctool.sh encrypt
set timeout 2
expect "*Enter the password to be encrypted*"
send "${ldapAdmin_pd}\r";
expect eof
EOF

domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}')"
mid_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $2}')"
last_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $3}')"
old_ldapadmin_pd="$(grep ^password  /opt/huawei/portal/conf/ac/ldap.yml |  awk '{print $2}' | sed 's/"//g')"
new_ldapadmin_pd="$(tail -1 ~/logfile.bak| col -b)"

sed  -i.bak -e '/ldap01.huawei.com/ s#ldap01.huawei.com#'"${domain_name}"'#g' \
-e '/^password:/ s#'"${old_ldapadmin_pd}"'#'"${new_ldapadmin_pd}"'#g' \
-e 's#^dn.*#dn: "DC='"${mid_domain_name}"',DC='"${last_domain_name}"'"#g' \
-e 's#^userName.*#userName: "cn='"${ldapadmin}"',dc='"${mid_domain_name}"',dc='"${last_domain_name}"'"#g' /opt/huawei/portal/conf/ac/ldap.yml

cat /opt/huawei/portal/conf/ac/ldap.yml

ldapsearch -x -H ldaps://ldap.huawei.com:636 -b cn=root,dc=huawei,dc=com -D "cn=root,dc=huawei,dc=com" -w huawei@123
EOFG
EOFCC

su - ccp_master <<EOF
bash ldaptoportal.sh
EOF


sed -i.bak '/^hpc.ldap/ s#off#on#g' /opt/huawei/portal/conf/ac/config.properties
sed -i.bak '/^scheduler.policy.online.configure/ s/^scheduler.policy.online.configure.*/scheduler.policy.online.configure=account,resourcepool,resourcepoolpolicy,user,queue,limit/g' /opt/batch/master/conf/master.properties

systemctl restart batch-master && systemctl restart portal
复制代码

 

复制代码
#!/bin/bash
set -ex

su - ccp_master<<'EOFCC'
cat>ldaptoportal.sh<<'EOFG'
keystore_pd="Huawei@portal.com"
ldapAdmin_pd="huawei@123"
ldapadmin="root"
#-----------------------------------------------------
LANG="en_US.UTF-8"
cd /opt/huawei/portal/conf/certs/truststore
echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.2.1/jre/linux_aarch64/bin/keytool -list -keystore trust.jks || echo file is not exists!
echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.2.1/jre/linux_aarch64/bin/keytool -delete  -alias zhc_certs  -keystore trust.jks || echo zhc_certs is not exists!

/opt/huawei/portal/3rdParty/1.2.1/jre/linux_aarch64/bin/keytool -import -alias zhc_certs -file /etc/openldap/cacerts/*.crt -keystore trust.jks <<EOF
${keystore_pd}
yes
EOF

echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.2.1/jre/linux_aarch64/bin/keytool -list -keystore trust.jks
cd /opt/huawei/portal
source profile.hpc

/usr/bin/expect <<-EOF > ~/logfile.bak
spawn /opt/huawei/portal/ac/1.2.1/bin/kmctool.sh encrypt
set timeout 2
expect "*Enter the password to be encrypted*"
send "${ldapAdmin_pd}\r";
expect eof
EOF

domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}')"
mid_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $2}')"
last_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $3}')"
old_ldapadmin_pd="$(grep ^password  /opt/huawei/portal/conf/ac/ldap.yml |  awk '{print $2}' | sed 's/"//g')"
new_ldapadmin_pd="$(tail -1 ~/logfile.bak| col -b)"

sed  -i.bak -e '/ldap01.huawei.com/ s#ldap01.huawei.com#'"${domain_name}"'#g' \
 -e '/^password:/ s#'"${old_ldapadmin_pd}"'#'"${new_ldapadmin_pd}"'#g' \
 -e 's#^dn.*#dn: "DC='"${mid_domain_name}"',DC='"${last_domain_name}"'"#g' \
 -e 's#^userName.*#userName: "cn='"${ldapadmin}"',dc='"${mid_domain_name}"',dc='"${last_domain_name}"'"#g' /opt/huawei/portal/conf/ac/ldap.yml

cat /opt/huawei/portal/conf/ac/ldap.yml

ldapsearch -x -H ldaps://${domain_name}:636 -b cn=${ldapadmin},dc=${mid_domain_name=},dc=${last_domain_name} -D "cn=${ldapadmin},dc=${mid_domain_name=},dc=${last_domain_name}" -w ${ldapAdmin_pd}
EOFG
EOFCC

su - ccp_master <<EOF
bash ldaptoportal.sh
EOF

sed -i.bak '/^hpc.ldap/ s#off#on#g' /opt/huawei/portal/conf/ac/config.properties
sed -i.bak '/^scheduler.policy.online.configure/ s/^scheduler.policy.online.configure.*/scheduler.policy.online.configure=account,resourcepool,resourcepoolpolicy,user,queue,limit/g' /opt/batch/master/conf/master.properties

systemctl restart batch-master
systemctl restart portal
HPC22.0.0 配置portal连接LDAP
复制代码

 

posted @   vmsysjack  阅读(28)  评论(0编辑  收藏  举报
努力加载评论中...
点击右上角即可分享
微信分享提示