EN
注册
我要评分
文档获取效率
文档正确性
内容完整性
文档易理解
在线提单
论坛求助
鲲鹏小智

KDC配置脚本文件

kdc_distribute.sh

#!/bin/bash
# ***********************************************************************
# Copyright: (c) Huawei Technologies Co., Ltd. 2021. All rights reserved.
# script for building kdc distribute
# version: 1.0.0
# change log:
# ***********************************************************************

set -e
set +x
set +o history

LOCAL_DIR=$(cd $(dirname $0); pwd)
SSH_LOGIN_RUN="ssh_and_run_cmd"
EXPECT=/usr/bin/expect

REALM=""
NODE_LIST="node_list"
export OPS_PWD=""
export OPS_USER=""
RUN_USER=""
SPARK_USER=""
ZK_USER=""
OCK_HOME=""

HFAIL=1
HOK=0
GREP=/bin/grep

function ssh_and_run_cmd() {
    local  targetip=$1
    local  username=$2
    read -s password
    local  command=$4
    local expect_res=""
    local res_code=""

expect_res=$(expect <<-EOF
    set timeout 300
    spawn ssh -l $username $targetip
    expect {
      "(yes/no*)?" {
        send "yes\n";exp_continue
      }
      "*assword:" {
        send "${password}\n";exp_continue
      }
      "Permission denied, please try again.*" {
        exit 1;
      }
      "]*" {
        send "export HISTFILE=/dev/null\r"
      }
    }
    expect "]*"
    send "${command}\r"
    expect "]*"
    send "echo return:\$?\r"
    expect "]*"
    send "exit\r"
    expect eof
EOF
)
    res_code=$(echo "${expect_res}" | grep -c "return:0")
    if [ ${res_code} -eq 1 ];then
        return ${HOK}
    else
        echo "[err] node($targetip) cmd(${command})"
        exit ${HFAIL}
    fi
}


function copy_file_to_remote() {
    if [[ $# -ne 5 ]]; then
        echo "Params Error. Usage: copy_file_to_remote <local_file> <remote_ip> <remote_user> <remote_password> <remote_path>"
        return ${HFAIL}
    fi

    local local_file=$1
    local remote_ip=$2
    local remote_user=$3
    read -s remote_password
    local remote_path=$5

    expect <<-EOF >/dev/null 2>&1
    set timeout 300
    spawn scp -p ${local_file} ${remote_user}@${remote_ip}:${remote_path}
    expect {
      "(yes/no*)?" {
        send "yes\n";exp_continue
      }
      "*assword:" {
        send "${remote_password}\n";exp_continue
      }
      "Permission denied, please try again.*" {
        exit 1;
      }
      "100%" {
        exit 0;
      }
    }
    exit 1
    close
    expect eof
EOF

    if [ $? -ne 0 ]; then
        echo "scp file ${local_file} to ${remote_ip} failed."
        exit ${HFAIL}
    fi
    return ${HOK}
}

function gen_meta_whitelist() {

    echo "{" >> ./whitelist/meta_whitelist
    echo "    \"ock\":" >> ./whitelist/meta_whitelist
    echo "    [" >> ./whitelist/meta_whitelist

    cat ${NODE_LIST} | while read subline || [[ -n "${subline}" ]]
    do
        local params_arr=(${subline})
        local node_ip=${params_arr[0]}
        local node_user=${params_arr[1]}
        local node_meta=${params_arr[2]}

        local server_principal="ock_server/${node_user}@${REALM}"
        local client_principal="ock_client/${node_user}@${REALM}"

        echo "        {" >> ./whitelist/meta_whitelist
        echo "            \"user\": \"${server_principal}\"," >> ./whitelist/meta_whitelist
        echo "            \"allow\": true" >> ./whitelist/meta_whitelist
        echo "        }," >> ./whitelist/meta_whitelist

        echo "        {" >> ./whitelist/meta_whitelist
        echo "            \"user\": \"${client_principal}\"," >> ./whitelist/meta_whitelist
        echo "            \"allow\": true" >> ./whitelist/meta_whitelist
        echo "        }," >> ./whitelist/meta_whitelist
    done

    return ${HOK}
}

function gen_server_whitelist() {

    echo "{" >> ./whitelist/server_whitelist
    echo "    \"ock\":" >> ./whitelist/server_whitelist
    echo "    [" >> ./whitelist/server_whitelist

    cat ${NODE_LIST} | while read subline || [[ -n "${subline}" ]]
    do
        local params_arr=(${subline})
        local node_ip=${params_arr[0]}
        local node_user=${params_arr[1]}
        local node_meta=${params_arr[2]}

        local server_principal="ock_server/${node_user}@${REALM}"
        echo "server_principal="${server_principal}

        if [ ${node_meta:0:1} == "1" ]; then
            echo "        {" >> ./whitelist/server_whitelist
            echo "            \"user\": \"ock_client/${node_user}@${REALM}\"," >> ./whitelist/server_whitelist
            echo "            \"allow\": true" >> ./whitelist/server_whitelist
            echo "        }," >> ./whitelist/server_whitelist
        fi

        echo "        {" >> ./whitelist/server_whitelist
        echo "            \"user\": \"${server_principal}\"," >> ./whitelist/server_whitelist
        echo "            \"allow\": true" >> ./whitelist/server_whitelist
        echo "        }," >> ./whitelist/server_whitelist
    done

    return ${HOK}
}

function gen_and_distribute() {
    KEYTABDSTPATH="${OCK_HOME}/security/kdc/"
    WHITELISTDSTPATH="${OCK_HOME}/security/authorization/"
    local remote_home=""
    local spark_home=""
    local zk_home=""

    if [[ "${SPARK_USER}" == "root" ]];then
            spark_home="/root"
    else
        spark_home="/home/${SPARK_USER}"
    fi
    if [[ "${RUN_USER}" == "root" ]];then
        remote_home="/root"
    else
        remote_home="/home/${RUN_USER}"
    fi
    if [[ "${ZK_USER}" == "root" ]];then
        zk_home="/root"
    else
        zk_home="/home/${ZK_USER}"
    fi

    local spark_kmc_dir=${spark_home}/huawei/ock/security/pmt
    local spark_kdc_dir=${spark_home}/huawei/ock/security/kdc
    local zk_kmc_dir=${zk_home}/huawei/ock/security/pmt
    local zk_kdc_dir=${zk_home}/huawei/ock/security/kdc

    cat ${NODE_LIST} | while read line || [[ -n "${line}" ]]
    do
        local params_arr=(${line})
        local node_ip=${params_arr[0]}
        local node_user=${params_arr[1]}
        local node_meta=${params_arr[2]}

        echo "node_ip="${node_ip}
        echo "node_user="${node_user}
        echo "node_meta="${node_meta}

        ########### generate whitelist ###########

        if [ ${node_meta:0:1} == "0" ]; then
            echo "copy server"
            cp ${LOCAL_DIR}/whitelist/server_whitelist ${LOCAL_DIR}/whitelist/whitelist
        else
            echo "copy meta"
            cp ${LOCAL_DIR}/whitelist/meta_whitelist ${LOCAL_DIR}/whitelist/whitelist
        fi

        local principal_sdk="ock_client/${node_user}@${REALM}"
        echo "principal_sdk="${principal_sdk}

        echo "        {" >> ./whitelist/whitelist
        echo "            \"user\": \"${principal_sdk}\"," >> ./whitelist/whitelist
        echo "            \"allow\": true" >> ./whitelist/whitelist
        echo "        }" >> ./whitelist/whitelist

        echo "    ]" >> ./whitelist/whitelist
        echo "}" >> ./whitelist/whitelist

        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -rf ${spark_kmc_dir}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${SPARK_USER} -c 'mkdir -p ${spark_kmc_dir}/master && chmod -R 700 ${spark_kmc_dir}/master'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${SPARK_USER} -c 'mkdir -p ${spark_kmc_dir}/standby && chmod -R 700 ${spark_kmc_dir}/standby'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -rf ${spark_kdc_dir}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${SPARK_USER} -c 'mkdir -p ${spark_kdc_dir} && chmod 700 ${spark_kdc_dir}'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -rf ${zk_kmc_dir}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${ZK_USER} -c 'mkdir -p ${zk_kmc_dir}/master && chmod -R 700 ${zk_kmc_dir}/master'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${ZK_USER} -c 'mkdir -p ${zk_kmc_dir}/standby && chmod -R 700 ${zk_kmc_dir}/standby'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -rf ${zk_kdc_dir}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${ZK_USER} -c 'mkdir -p ${zk_kdc_dir} && chmod 700 ${zk_kdc_dir}'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -rf ${WHITELISTDSTPATH}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -rf ${KEYTABDSTPATH}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${RUN_USER} -c 'mkdir -p ${WHITELISTDSTPATH} && chmod 700 ${WHITELISTDSTPATH}'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${RUN_USER} -c 'mkdir -p ${KEYTABDSTPATH} && chmod 700 ${KEYTABDSTPATH}'" <<<"${OPS_PWD}"
	    ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -rf ${OCK_HOME}/security/pmt" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${RUN_USER} -c 'mkdir -p ${OCK_HOME}/security/pmt/master && chmod 700 ${OCK_HOME}/security/pmt/master'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${RUN_USER} -c 'mkdir -p ${OCK_HOME}/security/pmt/standby && chmod 700 ${OCK_HOME}/security/pmt/standby'" <<<"${OPS_PWD}"

        copy_file_to_remote "${LOCAL_DIR}/whitelist/whitelist" ${node_ip:1} ${OPS_USER} stdin ${WHITELISTDSTPATH} <<<"${OPS_PWD}"
        rm -rf "${LOCAL_DIR}/whitelist/whitelist"

        #zookeeper security#
        if /usr/local/sbin/kadmin.local listprincs | grep "zookeeper/${node_user}@${REALM}";then
            echo "principal:zookeeper/${node_user}@${REALM} already exists, no need to add"
        else
            /usr/local/sbin/kadmin.local addprinc -randkey "zookeeper/${node_user}@${REALM}"
            if [ $? -ne 0 ]; then
                echo "addprinc failed"
            fi
        fi

        if /usr/local/sbin/kadmin.local listprincs | grep "zkcli/${node_user}@${REALM}";then
            echo "principal:zkcli/${node_user}@${REALM} already exists, no need to add"
        else
            /usr/local/sbin/kadmin.local addprinc -randkey "zkcli/${node_user}@${REALM}"
            if [ $? -ne 0 ]; then
                echo "addprinc failed"
            fi
        fi

        /usr/local/sbin/kadmin.local ktadd -k "${LOCAL_DIR}/keytab/zookeeper.keytab" -norandkey "zookeeper/${node_user}@${REALM}"
        if [ $? -ne 0 ]; then
            echo "ktadd failed"
            return ${HFAIL}
        fi
        /usr/local/sbin/kadmin.local ktadd -k "${LOCAL_DIR}/keytab/krb5-client.keytab" -norandkey "zkcli/${node_user}@${REALM}"
        if [ $? -ne 0 ]; then
            echo "ktadd failed"
            return ${HFAIL}
        fi
        /usr/local/sbin/kadmin.local ktadd -k "${LOCAL_DIR}/keytab/krb5-server.keytab" -norandkey "zkcli/${node_user}@${REALM}"
        if [ $? -ne 0 ]; then
            echo "ktadd failed"
            return ${HFAIL}
        fi

        if /usr/local/sbin/kadmin.local listprincs | grep "ock_client/${node_user}@${REALM}";then
            echo "principal:ock_client/${node_user}@${REALM} already exists, no need to add"
        else
            /usr/local/sbin/kadmin.local addprinc -randkey "ock_client/${node_user}@${REALM}"
            if [ $? -ne 0 ]; then
                echo "addprinc failed"
            fi
        fi

        if /usr/local/sbin/kadmin.local listprincs | grep "ock_server/${node_user}@${REALM}";then
            echo "principal:ock_server/${node_user}@${REALM} already exists, no need to add"
        else
            /usr/local/sbin/kadmin.local addprinc -randkey "ock_server/${node_user}@${REALM}"
            if [ $? -ne 0 ]; then
                echo "addprinc failed"
            fi
        fi

        /usr/local/sbin/kadmin.local ktadd -k "${LOCAL_DIR}/keytab/krb5-client.keytab" -norandkey "ock_client/${node_user}@${REALM}"
        if [ $? -ne 0 ]; then
            echo "ktadd failed"
            return ${HFAIL}
        fi
        /usr/local/sbin/kadmin.local ktadd -k "${LOCAL_DIR}/keytab/krb5-server.keytab" -norandkey "ock_server/${node_user}@${REALM}"
        if [ $? -ne 0 ]; then
            echo "ktadd failed"
            return ${HFAIL}
        fi

        copy_file_to_remote "${LOCAL_DIR}/keytab/krb5-client.keytab" ${node_ip:1} ${OPS_USER} stdin ${spark_kdc_dir} <<<"${OPS_PWD}"
        copy_file_to_remote "${LOCAL_DIR}/keytab/krb5-server.keytab" ${node_ip:1} ${OPS_USER} stdin ${KEYTABDSTPATH} <<<"${OPS_PWD}"
        copy_file_to_remote "${LOCAL_DIR}/keytab/zookeeper.keytab" ${node_ip:1} ${OPS_USER} stdin ${zk_kdc_dir} <<<"${OPS_PWD}"

        rm -rf "${LOCAL_DIR}/keytab/krb5-client.keytab"
        rm -rf "${LOCAL_DIR}/keytab/krb5-server.keytab"

        copy_file_to_remote "${LOCAL_DIR}/kdc_kmc_encrypt_kt_client.sh" ${node_ip:1} ${OPS_USER} stdin ${spark_kdc_dir} <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${SPARK_USER}:${RUN_GROUP} ${spark_kdc_dir}/kdc_kmc_encrypt_kt_client.sh" <<<"${OPS_PWD}"
	    ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${SPARK_USER}:${RUN_GROUP} ${spark_kdc_dir}/krb5-client.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -f ${spark_home}/en_keytab_client" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${SPARK_USER} -c 'sh ${spark_kdc_dir}/kdc_kmc_encrypt_kt_client.sh'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "mv ${spark_home}/en_keytab_client ${spark_kdc_dir}/krb5-client_en.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${SPARK_USER} -c 'cp ${spark_home}/tools/pmt/master/ksf* ${spark_kmc_dir}/master/'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${SPARK_USER} -c 'cp ${spark_home}/tools/pmt/standby/ksf* ${spark_kmc_dir}/standby/'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${SPARK_USER}:${RUN_GROUP} ${spark_kdc_dir}/krb5-client_en.keytab" <<<"${OPS_PWD}"
	    ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 500 ${spark_kdc_dir}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 500 ${spark_kmc_dir}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod -R 500 ${spark_kmc_dir}/master" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod -R 500 ${spark_kmc_dir}/standby" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 400 ${spark_kdc_dir}/krb5-client_en.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 400 ${spark_kmc_dir}/master/ksf*" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 400 ${spark_kmc_dir}/standby/ksf*" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -f ${spark_kdc_dir}/kdc_kmc_encrypt_kt_client.sh" <<<"${OPS_PWD}"
	    
        copy_file_to_remote "${LOCAL_DIR}/kdc_kmc_encrypt_kt_server.sh" ${node_ip:1} ${OPS_USER} stdin ${KEYTABDSTPATH} <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${RUN_USER}:${RUN_GROUP} ${KEYTABDSTPATH}kdc_kmc_encrypt_kt_server.sh" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${RUN_USER}:${RUN_GROUP} ${KEYTABDSTPATH}krb5-server.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -f ${remote_home}/en_keytab_server" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${RUN_USER} -c 'sh ${KEYTABDSTPATH}kdc_kmc_encrypt_kt_server.sh'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "mv ${remote_home}/en_keytab_server ${KEYTABDSTPATH}krb5-server_en.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${RUN_USER} -c 'cp ${remote_home}/tools/pmt/master/ksf* ${OCK_HOME}/security/pmt/master/'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${RUN_USER} -c 'cp ${remote_home}/tools/pmt/standby/ksf* ${OCK_HOME}/security/pmt/standby/'" <<<"${OPS_PWD}"
	    ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${RUN_USER}:${RUN_GROUP} ${KEYTABDSTPATH}/krb5-server_en.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 500 ${KEYTABDSTPATH}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod -R 500 ${OCK_HOME}/security/pmt" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 400 ${KEYTABDSTPATH}krb5-server_en.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 400 ${OCK_HOME}/security/pmt/master/ksf*" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 400 ${OCK_HOME}/security/pmt/standby/ksf*" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -f ${KEYTABDSTPATH}kdc_kmc_encrypt_kt_server.sh" <<<"${OPS_PWD}"

        copy_file_to_remote "${LOCAL_DIR}/kdc_kmc_encrypt_zookeeper_kt.sh" ${node_ip:1} ${OPS_USER} stdin ${zk_kdc_dir} <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${ZK_USER}:${RUN_GROUP} ${zk_kdc_dir}/kdc_kmc_encrypt_zookeeper_kt.sh" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${ZK_USER}:${RUN_GROUP} ${zk_kdc_dir}/zookeeper.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -f ${zk_home}/en_keytab_server" <<<"${OPS_PWD}"
	    ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${ZK_USER} -c 'sh ${zk_kdc_dir}/kdc_kmc_encrypt_zookeeper_kt.sh'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "mv ${zk_home}/en_keytab_server ${zk_kdc_dir}/zookeeper_en.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${ZK_USER} -c 'cp ${zk_home}/tools/pmt/master/ksf* ${zk_kmc_dir}/master/'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${ZK_USER} -c 'cp ${zk_home}/tools/pmt/standby/ksf* ${zk_kmc_dir}/standby/'" <<<"${OPS_PWD}"
	    ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${ZK_USER}:${RUN_GROUP} ${zk_kdc_dir}/zookeeper_en.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 700 ${zk_kdc_dir}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod -R 500 ${zk_kmc_dir}/master" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod -R 500 ${zk_kmc_dir}/standby" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 400 ${zk_kmc_dir}/master/ksf*" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 400 ${zk_kmc_dir}/standby/ksf*" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 600 ${zk_kdc_dir}/zookeeper_en.keytab" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -f ${zk_kdc_dir}/kdc_kmc_encrypt_zookeeper_kt.sh" <<<"${OPS_PWD}"

        copy_file_to_remote "${LOCAL_DIR}/kdc_kmc_encrypt_wt.sh" ${node_ip:1} ${OPS_USER} stdin ${WHITELISTDSTPATH} <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown -R ${RUN_USER}:${RUN_GROUP} ${WHITELISTDSTPATH}" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -f ${remote_home}/en_whitelist" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "su - ${RUN_USER} -c 'sh ${WHITELISTDSTPATH}kdc_kmc_encrypt_wt.sh'" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "mv ${remote_home}/en_whitelist ${WHITELISTDSTPATH}whitelist_en" <<<"${OPS_PWD}"
	    ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chown ${RUN_USER}:${RUN_GROUP} ${WHITELISTDSTPATH}whitelist_en" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 400 ${WHITELISTDSTPATH}whitelist_en" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "rm -f ${WHITELISTDSTPATH}kdc_kmc_encrypt_wt.sh" <<<"${OPS_PWD}"
        ${SSH_LOGIN_RUN} ${node_ip:1} ${OPS_USER} stdin "chmod 500 ${WHITELISTDSTPATH}" <<<"${OPS_PWD}"

    done
    return ${HOK}
}

function main() {

    echo "Enter OPS_USER:"
    read OPS_USER
    echo "Enter OPS_PWD:"
    read -s OPS_PWD
    echo "Enter RUN_USER:"
    read RUN_USER
    echo "Enter RUN_GROUP:"
    read RUN_GROUP
    echo "Enter SPARK_USER:"
    read SPARK_USER
    echo "Enter ZK_USER:"
    read ZK_USER
    echo "OCK_HOME:"
    read OCK_HOME
    echo "Enter REALM:"
    read REALM

    rm -rf whitelist
    rm -rf keytab

    mkdir -p whitelist
    mkdir -p keytab

    gen_meta_whitelist
    gen_server_whitelist

    gen_and_distribute

    /usr/local/sbin/krb5kdc
    /usr/local/sbin/kadmind

    rm -rf whitelist
    rm -rf keytab

    return $?
}

main $@ 2>&1
ret_code=$?
if [[ $ret_code -eq 0 ]]
then
    echo "SUCCESS"
else
    echo "FAILED"
fi
exit $ret_code

kdc_kmc_encrypt_kt_client.sh

#!/bin/bash
# ***********************************************************************
# Copyright: (c) Huawei Technologies Co., Ltd. 2021. All rights reserved.
# script for building kdc kmc encrypt keytab
# version: 1.0.0
# change log:
# ***********************************************************************

set -e
set +x

LOCAL_DIR=$(cd $(dirname $0); pwd)		# 获取脚本的当前路径

HFAIL=1
HOK=0
GREP=/bin/grep

set +e
source ~/.bashrc
set -e
KMC_LIB_PATH="LD_LIBRARY_PATH=${OCK_HOME}/ucache/${OCK_VERSION}/linux-$(arch)/lib/common"
KMC_TOOL="${OCK_HOME}/ucache/${OCK_VERSION}/linux-$(arch)/bin/kmc_tool"

KEYTAB_SERVER_ENCRYPT="2 --fileEncrypt"
KEYTAB_CLIENT_ENCRYPT="3 --fileEncrypt"

function kmc_encrypt_keytab() {

    export ${KMC_LIB_PATH}

    ${KMC_TOOL} ${KEYTAB_CLIENT_ENCRYPT} "${LOCAL_DIR}/krb5-client.keytab"
    if [ $? -ne 0 ]; then
        echo "kmc encrypt failed"
        rm -rf "${LOCAL_DIR}/krb5-client.keytab"
        return ${HFAIL}
    fi

    rm -rf "${LOCAL_DIR}/krb5-client.keytab"
    if [ $? -ne 0 ]; then
        echo "rm krb5-client.keytab failed"
        return ${HFAIL}
    fi
    return ${HOK}
}

function main() {

    kmc_encrypt_keytab

    return $?
}

main $@ 2>&1
ret_code=$?
if [[ $ret_code -eq 0 ]]
then
    echo "SUCCESS"
else
    echo "FAILED"
fi
exit $ret_code

kdc_kmc_encrypt_kt_server.sh

#!/bin/bash
# ***********************************************************************
# Copyright: (c) Huawei Technologies Co., Ltd. 2021. All rights reserved.
# script for building kdc kmc encrypt keytab
# version: 1.0.0
# change log:
# ***********************************************************************

set -e
set +x

LOCAL_DIR=$(cd $(dirname $0); pwd)		# 获取脚本的当前路径

HFAIL=1
HOK=0
GREP=/bin/grep

set +e
source ~/.bashrc
set -e
KMC_LIB_PATH="LD_LIBRARY_PATH=${OCK_HOME}/ucache/${OCK_VERSION}/linux-$(arch)/lib/common"
KMC_TOOL="${OCK_HOME}/ucache/${OCK_VERSION}/linux-$(arch)/bin/kmc_tool"

KEYTAB_SERVER_ENCRYPT="2 --fileEncrypt"
KEYTAB_CLIENT_ENCRYPT="3 --fileEncrypt"

function kmc_encrypt_keytab() {

    export ${KMC_LIB_PATH}

    ${KMC_TOOL} ${KEYTAB_SERVER_ENCRYPT} "${LOCAL_DIR}/krb5-server.keytab"
    if [ $? -ne 0 ]; then
        echo "kmc encrypt failed"
        rm -rf "${LOCAL_DIR}/krb5-server.keytab"
        return ${HFAIL}
    fi

    rm -rf "${LOCAL_DIR}/krb5-server.keytab"
    if [ $? -ne 0 ]; then
        echo "rm krb5-server.keytab failed"
        return ${HFAIL}
    fi

    return ${HOK}
}

function main() {

    kmc_encrypt_keytab

    return $?
}

main $@ 2>&1
ret_code=$?
if [[ $ret_code -eq 0 ]]
then
    echo "SUCCESS"
else
    echo "FAILED"
fi
exit $ret_code

kdc_kmc_encrypt_wt.sh

#!/bin/bash
# ***********************************************************************
# Copyright: (c) Huawei Technologies Co., Ltd. 2021. All rights reserved.
# script for building kdc kmc encrypt whitelist
# version: 1.0.0
# change log:
# ***********************************************************************

set -e
set +x

LOCAL_DIR=$(cd $(dirname $0); pwd)		# 获取脚本的当前路径

HFAIL=1
HOK=0
GREP=/bin/grep

set +e
source ~/.bashrc
set -e
KMC_LIB_PATH="LD_LIBRARY_PATH=${OCK_HOME}/ucache/${OCK_VERSION}/linux-$(arch)/lib/common"
KMC_TOOL="${OCK_HOME}/ucache/${OCK_VERSION}/linux-$(arch)/bin/kmc_tool"

WHITELIST_ENCRYPT="1 --fileEncrypt"

function kmc_encrypt_whitelist() {

    export ${KMC_LIB_PATH}

    ${KMC_TOOL} ${WHITELIST_ENCRYPT} "${LOCAL_DIR}/whitelist"
    if [ $? -ne 0 ]; then
        echo "kmc encrypt failed"
        rm -rf "${LOCAL_DIR}/whitelist"
        return ${HFAIL}
    fi

    rm -rf "${LOCAL_DIR}/whitelist"
    if [ $? -ne 0 ]; then
        echo "rm whitelist failed"
        return ${HFAIL}
    fi

    return ${HOK}
}

function main() {

    kmc_encrypt_whitelist

    return $?
}

main $@ 2>&1
ret_code=$?
if [[ $ret_code -eq 0 ]]
then
    echo "SUCCESS"
else
    echo "FAILED"
fi
exit $ret_code

kdc_kmc_encrypt_zookeeper_kt.sh

#!/bin/bash
# ***********************************************************************
# Copyright: (c) Huawei Technologies Co., Ltd. 2021. All rights reserved.
# script for building kdc kmc encrypt zookeeper keytab
# version: 1.0.0
# change log:
# ***********************************************************************

set -e
set +x

LOCAL_DIR=$(cd $(dirname $0); pwd)		# 获取脚本的当前路径

HFAIL=1
HOK=0
GREP=/bin/grep

set +e
source ~/.bashrc
set -e
KMC_LIB_PATH="LD_LIBRARY_PATH=${OCK_HOME}/ucache/${OCK_VERSION}/linux-$(arch)/lib/common"
KMC_TOOL="${OCK_HOME}/ucache/${OCK_VERSION}/linux-$(arch)/bin/kmc_tool"

KEYTAB_SERVER_ENCRYPT="2 --fileEncrypt"
KEYTAB_CLIENT_ENCRYPT="3 --fileEncrypt"

function kmc_encrypt_keytab() {

    export ${KMC_LIB_PATH}

    ${KMC_TOOL} ${KEYTAB_SERVER_ENCRYPT} "${LOCAL_DIR}/zookeeper.keytab"
    if [ $? -ne 0 ]; then
        echo "kmc encrypt failed"
        rm -rf "${LOCAL_DIR}/zookeeper.keytab"
        return ${HFAIL}
    fi

    rm -rf "${LOCAL_DIR}/zookeeper.keytab"
    if [ $? -ne 0 ]; then
        echo "rm zookeeper.keytab failed"
        return ${HFAIL}
    fi

    return ${HOK}
}

function main() {

    kmc_encrypt_keytab

    return $?
}

main $@ 2>&1
ret_code=$?
if [[ $ret_code -eq 0 ]]
then
    echo "SUCCESS"
else
    echo "FAILED"
fi
exit $ret_code
搜索结果
找到“0”个结果

当前产品无相关内容

未找到相关内容,请尝试其他搜索词