关键工具是Ansible无法识别位置

时间:2018-12-21 12:19:37

标签: ansible

我想将证书导入主机。我已经为此写了剧本。keytool在 usr / java / jdk / bin / keytool 位置,但是出现以下错误。 我已将这两个命令下面的内容转换为剧本,但$ JAVA_HOME无法由剧本找到。

$ JAVA_HOME / bin / keytool-导入-别名Apple_Corporate_Root_CA-密钥库$ JAVA_HOME / jre / lib / security / cacerts -trustcacerts-文件apple_corporate_root_ca.pem

$ JAVA_HOME / bin / keytool-导入-别名Apple_Corporate_Root_CA_2-密钥库$ JAVA_HOME / jre / lib / security / cacerts -trustcacerts-文件apple_corporate_root_ca2.pem 

playbook:

    ---
- hosts: test
  gather_facts: false
  vars:
      pack1: /ngs/app/rdrt
      pack2: /usr/java/jdk*
      pack3: which_keytool.stdout
      pack4:  !vault |
          $ANSIBLE_VAULT;1.1;AES256
          39646535636262343133633334366538356361356430613566643162316438366266626135323737
          6633316430653038316330653437343535346266356265650a343262643938363631656237326331
          31363961323839626533363739623639656662336361633131373765333563333034393963373737
          6439663362333164660a313432666333306463616562346564323139303364343539623335373931
          6537

  tasks:
    - name: copy the files
      copy:
         src: "/Users/sivarami.rc/Downloads/Problem46218229/apple_corporate_root_ca.pem"
         dest: "{{ pack1 }}"

    - name: copy the files
      copy:
         src: "/Users/sivarami.rc/Downloads/Problem46218229/apple_corporate_root_ca2.pem"
         dest: "{{ pack1 }}"

    - name: copy the files
      copy:
         src: "/Users/sivarami.rc/Downloads/Problem46218229/ca-trust-check-1.0.0.jar"
         dest: "{{ pack1 }}"

    - name: to register the value of keytool
      shell: cd /usr/java/jdk*/bin/|ls|which keytool
      register: which_keytool.stdout

    - name: Import SSL certificate to a given cacerts keystore
      java_cert:
         cert_path: "{{ pack1 }}/apple_corporate_root_ca.pem"
         cert_alias: Apple_Corporate_Root_CA
         cert_port: 443
         keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"
         keystore_pass: "{{ pack4 }}"
         executable: "{{ pack3  }}"
         state: present

    - name: Import SSL certificate to a cacerts keystore
      java_cert:
         cert_path: "{{ pack1 }}/apple_corporate_root_ca2.pem"
         cert_alias: Apple_Corporate_Root_CA2
         cert_port: 443
         keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"
         keystore_pass: "{{ pack4 }}"
         executable: "{{ pack3 }}"
         state: present

    - name: checking those files trusted or untrusted
      shell: "{{ pack2 }}/bin/java -jar {{ pack1 }}/ca-trust-check-1.0.0.jar"

1 个答案:

答案 0 :(得分:1)

您对ansible有很多误解,而且这里还有文件路径。

首先

  pack2: /usr/java/jdk**

严格说来不是错误,但也没有做您期望的事情。最重要的是,拥有两颗星并不能使其变得“更加狂野”。单个*就足以使shell匹配任意glob。

的错误之处在于您在许多后续模块中使用了{{ pack2 }}逐字记录,但我们将在稍后介绍。

下一步

      pack3: which_keytool.stdout

将不会执行您想要的操作,因为ansible无法评估表达式,因此{{ pack3 }}将永远是字符w h i等。永远不会是{{ which_keytool.stdout }}

下一步

  shell: cd /usr/java/jdk**/bin/|ls|which keytool

是一些非常奇怪且非常不正确的Shell脚本。我想也许你是说:

shell: /bin/ls -1 {{ pack2 }}/bin/keytool

为了使您的外壳扩展**,然后尝试匹配一个bin/keytool子代。

在您的情况下,实际上最好先在剧本中匹配该jdk目录,然后将其分配给jdk_home事实,以使{{ jdk_home }}/bin/keytool的行为与{{ 1}}

另外,那些是可怕的变量名。您只是为“未来的您”或您的同事而感到心痛。没有人祈祷记住keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"的含义。

相关问题
最新问题