我有一本包含OpenShift CLI登录名的Ansible剧本:
def archive(initial_index, final_index):
for i in range(initial_index, final_index):
while True:
try:
res = requests.get('https://www.example.com/?id='+str(i))
parseAndWrite(res.text)
print(i, ' archived')
except requests.exceptions.ConnectionError:
print("[-] Connection lost. ")
continue
except:
exit(1)
break
archive(1, 10000)
它失败,并且(主机名已在下面替换):
- name: "OpenShift CLI login"
shell: oc login -u kubeadmin -p $(cat /root/auth/kubeadmin-password) https://{{ groups['boot'][0] }}:6443
但是,如果我直接运行该命令,它将起作用:
fatal: [<host>]: FAILED! => {"changed": true, "cmd": "oc login -u kubeadmin -p $(cat /root/auth/kubeadmin-password) https://<host>:6443", "delta": "0:00:00.228068", "end": "2020-02-19 09:47:32.651617", "msg": "non-zero return code", "rc": 1, "start": "2020-02-19 09:47:32.423549", "stderr": "error: The server is using a certificate that does not match its hostname: x509: certificate is valid for kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, openshift, openshift.default, openshift.default.svc, openshift.default.svc.cluster.local, 172.30.0.1, not <host>", "stderr_lines": ["error: The server is using a certificate that does not match its hostname: x509: certificate is valid for kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, openshift, openshift.default, openshift.default.svc, openshift.default.svc.cluster.local, 172.30.0.1, not <host>"], "stdout": "", "stdout_lines": []}
有什么想法为什么在Ansible下会失败? Ansible版本是2.4.2.0。
答案 0 :(得分:0)
shell模块运行/ bin / sh shell。
您可能正在运行/ bin / bash,并且.bashrc中有未激活的配置。
尝试这样的事情:
- name: "OpenShift CLI login"
shell: /bin/bash oc login -u kubeadmin -p $(cat /root/auth/kubeadmin-password) https://{{ groups['boot'][0] }}:6443
答案 1 :(得分:0)
这似乎与OCP中安装的证书有关。我可以使用--insecure-skip-tls-verify=true命令上的标志oc login绕过该问题。与我们的OCP管理员交谈...