portal连接ldap;直接在root用户下执行即可
#!/bin/bash set -ex su - ccp_master<<'EOFCC' cat>ldaptoportal.sh<<'EOFG' keystore_pd="Huawei@portal.com" ldapAdmin_pd="huawei@123" ldapadmin="root" LANG="en_US.UTF-8" cd /opt/huawei/portal/conf/certs/truststore echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -list -keystore trust.jks || echo file is not exists! echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -delete -alias zhc_certs -keystore trust.jks || echo zhc_certs is not exists! /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -import -alias zhc_certs -file /etc/openldap/cacerts/*.crt -keystore trust.jks <<EOF ${keystore_pd} yes EOF echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -list -keystore trust.jks cd /opt/huawei/portal source profile.hpc /usr/bin/expect <<-EOF > ~/logfile.bak spawn /opt/huawei/portal/ac/1.3.0/bin/kmctool.sh encrypt set timeout 2 expect "*Enter the password to be encrypted*" send "${ldapAdmin_pd}\r"; expect eof EOF domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}')" mid_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $2}')" last_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $3}')" old_ldapadmin_pd="$(grep ^password /opt/huawei/portal/conf/ac/ldap.yml | awk '{print $2}' | sed 's/"//g')" new_ldapadmin_pd="$(tail -1 ~/logfile.bak| col -b)" sed -i.bak -e '/ldap01.huawei.com/ s#ldap01.huawei.com#'"${domain_name}"'#g' \ -e '/^password:/ s#'"${old_ldapadmin_pd}"'#'"${new_ldapadmin_pd}"'#g' \ -e 's#^dn.*#dn: "DC='"${mid_domain_name}"',DC='"${last_domain_name}"'"#g' \ -e 's#^userName.*#userName: "cn='"${ldapadmin}"',dc='"${mid_domain_name}"',dc='"${last_domain_name}"'"#g' /opt/huawei/portal/conf/ac/ldap.yml cat /opt/huawei/portal/conf/ac/ldap.yml ldapsearch -x -H ldaps://ldap.huawei.com:636 -b cn=root,dc=huawei,dc=com -D "cn=root,dc=huawei,dc=com" -w huawei@123 EOFG EOFCC su - ccp_master <<EOF bash ldaptoportal.sh EOF sed -i.bak '/^hpc.ldap/ s#off#on#g' /opt/huawei/portal/conf/ac/config.properties sed -i.bak '/^scheduler.policy.online.configure/ s/^scheduler.policy.online.configure.*/scheduler.policy.online.configure=account,resourcepool,resourcepoolpolicy,user,queue,limit/g' /opt/batch/master/conf/master.properties systemctl restart batch-master && systemctl restart portal

#!/bin/bash set -ex su - ccp_master<<'EOFCC' cat>ldaptoportal.sh<<'EOFG' keystore_pd="Huawei@portal.com" ldapAdmin_pd="huawei@123" ldapadmin="root" #----------------------------------------------------- LANG="en_US.UTF-8" cd /opt/huawei/portal/conf/certs/truststore echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.2.1/jre/linux_aarch64/bin/keytool -list -keystore trust.jks || echo file is not exists! echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.2.1/jre/linux_aarch64/bin/keytool -delete -alias zhc_certs -keystore trust.jks || echo zhc_certs is not exists! /opt/huawei/portal/3rdParty/1.2.1/jre/linux_aarch64/bin/keytool -import -alias zhc_certs -file /etc/openldap/cacerts/*.crt -keystore trust.jks <<EOF ${keystore_pd} yes EOF echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.2.1/jre/linux_aarch64/bin/keytool -list -keystore trust.jks cd /opt/huawei/portal source profile.hpc /usr/bin/expect <<-EOF > ~/logfile.bak spawn /opt/huawei/portal/ac/1.2.1/bin/kmctool.sh encrypt set timeout 2 expect "*Enter the password to be encrypted*" send "${ldapAdmin_pd}\r"; expect eof EOF domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}')" mid_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $2}')" last_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $3}')" old_ldapadmin_pd="$(grep ^password /opt/huawei/portal/conf/ac/ldap.yml | awk '{print $2}' | sed 's/"//g')" new_ldapadmin_pd="$(tail -1 ~/logfile.bak| col -b)" sed -i.bak -e '/ldap01.huawei.com/ s#ldap01.huawei.com#'"${domain_name}"'#g' \ -e '/^password:/ s#'"${old_ldapadmin_pd}"'#'"${new_ldapadmin_pd}"'#g' \ -e 's#^dn.*#dn: "DC='"${mid_domain_name}"',DC='"${last_domain_name}"'"#g' \ -e 's#^userName.*#userName: "cn='"${ldapadmin}"',dc='"${mid_domain_name}"',dc='"${last_domain_name}"'"#g' /opt/huawei/portal/conf/ac/ldap.yml cat /opt/huawei/portal/conf/ac/ldap.yml ldapsearch -x -H ldaps://${domain_name}:636 -b cn=${ldapadmin},dc=${mid_domain_name=},dc=${last_domain_name} -D "cn=${ldapadmin},dc=${mid_domain_name=},dc=${last_domain_name}" -w ${ldapAdmin_pd} EOFG EOFCC su - ccp_master <<EOF bash ldaptoportal.sh EOF sed -i.bak '/^hpc.ldap/ s#off#on#g' /opt/huawei/portal/conf/ac/config.properties sed -i.bak '/^scheduler.policy.online.configure/ s/^scheduler.policy.online.configure.*/scheduler.policy.online.configure=account,resourcepool,resourcepoolpolicy,user,queue,limit/g' /opt/batch/master/conf/master.properties systemctl restart batch-master systemctl restart portal
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步