portal连接ldap-526互联

#!/bin/bash
set -ex


su - ccp_master<<'EOFCC'
cat>ldaptoportal.sh<<'EOFG'
keystore_pd="Huawei@portal.com"
ldapAdmin_pd="huawei@123"
ldapadmin="root"

LANG="en_US.UTF-8"
cd /opt/huawei/portal/conf/certs/truststore

echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -list -keystore trust.jks || echo file is not exists!

echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -delete  -alias zhc_certs  -keystore trust.jks || echo zhc_certs is not exists!

/opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -import -alias zhc_certs -file /etc/openldap/cacerts/*.crt -keystore trust.jks <<EOF
${keystore_pd}
yes
EOF

echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -list -keystore trust.jks


cd /opt/huawei/portal
source profile.hpc

/usr/bin/expect <<-EOF > ~/logfile.bak
spawn /opt/huawei/portal/ac/1.3.0/bin/kmctool.sh encrypt
set timeout 2
expect "*Enter the password to be encrypted*"
send "${ldapAdmin_pd}\r";
expect eof
EOF

domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}')"
mid_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $2}')"
last_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $3}')"
old_ldapadmin_pd="$(grep ^password  /opt/huawei/portal/conf/ac/ldap.yml |  awk '{print $2}' | sed 's/"//g')"
new_ldapadmin_pd="$(tail -1 ~/logfile.bak| col -b)"

sed  -i.bak -e '/ldap01.huawei.com/ s#ldap01.huawei.com#'"${domain_name}"'#g' \
-e '/^password:/ s#'"${old_ldapadmin_pd}"'#'"${new_ldapadmin_pd}"'#g' \
-e 's#^dn.*#dn: "DC='"${mid_domain_name}"',DC='"${last_domain_name}"'"#g' \
-e 's#^userName.*#userName: "cn='"${ldapadmin}"',dc='"${mid_domain_name}"',dc='"${last_domain_name}"'"#g' /opt/huawei/portal/conf/ac/ldap.yml

cat /opt/huawei/portal/conf/ac/ldap.yml

ldapsearch -x -H ldaps://ldap.huawei.com:636 -b cn=root,dc=huawei,dc=com -D "cn=root,dc=huawei,dc=com" -w huawei@123
EOFG
EOFCC

su - ccp_master <<EOF
bash ldaptoportal.sh
EOF


sed -i.bak '/^hpc.ldap/ s#off#on#g' /opt/huawei/portal/conf/ac/config.properties
sed -i.bak '/^scheduler.policy.online.configure/ s/^scheduler.policy.online.configure.*/scheduler.policy.online.configure=account,resourcepool,resourcepoolpolicy,user,queue,limit/g' /opt/batch/master/conf/master.properties

systemctl restart batch-master && systemctl restart portal