我对ansible有疑问。我正在尝试安装一些需要自动生成证书的软件。每次运行安装时都会自动生成证书。
我运行命令将证书从设置文件中提取出来。
bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
证书中似乎存在转义字符,并且每次都会出现问题。
证书输出是:
:~$ bosh int ./creds.yml --path /director_ssl/ca
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIRALV4CbzZnmM/DpVWtV0QpXAwDQYJKoZIhvcNAQELBQAw
MzEMMAoGA1UEBhMDVVNBMRYwFAYDVQQKEw1DbG91ZCBGb3VuZHJ5MQswCQYDVQQD
EwJjYTAeFw0xNzA2MjMxMjI1MzNaFw0xODA2MjMxMjI1MzNaMDMxDDAKBgNVBAYT
A1VTQTEWMBQGA1UEChMNQ2xvdWQgRm91bmRyeTELMAkGA1UEAxMCY2EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB7PNn3J3RayZp32cSWofTsNAj5VjD
h0dl8cpPxEgmrRjGDbKMplP1IqgfudxeJLlNzhNBRmrfqXc9RLvLCp9+foeq/ErC
nKzLKPYsu2bHXsVFqTFDotl7TL9TSd9JGeKKom4RwzlZ5deXlfZIduYwdMAOGfOL
hAqsbO9BewdlNWTFJIRsR+KHPlvxs1kvQohIxzPRv5MjyRm6ylUwuWNs0bEQixIs
C34379sba12FFlN8dO3okZKH26rnIMCzpIOH7IBZsEPLFWl1T3NkWITzFpsg4wiX
ajiK/LI441cFld28g4TgqvfCMFtmmsYcnpNAC7RKGSYkvAkXKSbKkagLAgMBAAGj
IzAhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4IBAQCTTJHimCiXniG/UwbQ2ZPS1gMGnjWHvvnroA3sg0Jnv3Se3opxhlro
lbaJqMfR46d3bRyILjtiTD3aDC71aUu8CIeaVlzRIOW0BSWQFZB67y/ZkLe96wg0
8LafcTh2UqYw77Xlt9fwRoZTAwFjnXW/SV0DpKfTmMdCN9M/rtPLiJSsVN8Z1get
/p2YHYAJ6OU3ClKNfVgcmC1IFauQb77ctMsd0sY2t6XMY7HY6RACYNidfHJM14tL
YCtkuvFs8ZP8TpHQY0C5FuNk0nPHcbUiHaD3KAuWRoGkFNvnD54v4IX13zy/iWgU
1TU2nomKujmt5lEB8NZF7jzfW2vlxprA
-----END CERTIFICATE-----
Succeeded
我得到的错误是:
TASK [set env vars for login to director...] ***********************************
fatal: [51.xxx.xxx.xxx]: FAILED! => {"changed": true, "cmd": "bosh alias-env boshdir -e boshdir --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)", "delta": "0:00:00.001721", "end": "2017-06-26 09:16:49.854271", "failed": true, "rc": 2, "start": "2017-06-26 09:16:49.852550", "stderr": "/bin/sh: 1: Syntax error: \"(\" unexpected", "stderr_lines": ["/bin/sh: 1: Syntax error: \"(\" unexpected"], "stdout": "", "stdout_lines": []}
我尝试从shell,Command和RAW切换ansible shell。和raw似乎适用于摄取证书值,但似乎无法访问我在上一个任务中设置的其他env变量。有谁知道如何逃避证书内容?
我为这部分设置运行的ansible脚本是:
---
- hosts: all
gather_facts: no
tasks:
- name: Update director creds file on deployment server
copy: src="files/bosh-creds.yml" dest="/home/bosher/creds.yml" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Update state file on deployment server
copy: src="files/bosh-state.json" dest="/home/bosher/state.json" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Update bosh concourse Manifest on deployment server
copy: src="files/temp-con-man.yml" dest="/home/bosher/con-man.yml" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Update bosh cloud config on deployment server
copy: src="files/temp-con-cloud-azure.yml" dest="/home/bosher/cloud-config.yml" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Download bosh exe and place in path location
get_url: url="https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-2.0.16-linux-amd64" dest="/usr/local/bin/bosh" mode="0755"
become: true
- name: set jumpbox host file for dns of director...
shell: |
sudo chmod 777 /etc/hosts
sudo echo "10.0.0.6 boshdir" >> /etc/hosts
sudo chmod 644 /etc/hosts
- name: set env vars for login to director...
shell: |
export BOSH_CLIENT=admin
export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
- name: set env vars for login to director...
shell: bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
- name: upload stemcells and releases to director...
shell: |
bosh -e director us "https://s3.amazonaws.com/bosh-core-stemcells/azure/bosh-stemcell-3421-azure-hyperv-ubuntu-trusty-go_agent.tgz"
bosh -e director ur "http://bosh.io/d/github.com/concourse/concourse"
bosh -e director ur "https://s3.amazonaws.com/bosh-compiled-release-tarballs/garden-runc-1.6.0-ubuntu-trusty-3363.20-20170505-155950-147762079-20170505155956.tgz?versionId=DNopG3gqI9AbTzMddjmAIvIJetuuh6LY"
echo y | bosh -e director ucc "~/cloud-config.yml"
- name: run the concourse install...
shell: echo y | sudo bosh -e director -d "concourse" deploy "./manifest.yml"
这似乎在踢我,我似乎无法让它发挥作用。有人可以指出我在这里做错了吗?
答案 0 :(得分:0)
您的错误是所使用的shell(/bin/sh)无法处理'&lt;(cmd)'语法
$ /bin/sh -c 'cat <(echo foo)'
/bin/sh: 1: Syntax error: "(" unexpected
$ /bin/bash -c 'cat <(echo foo)'
foo
您可以使用shell模块executable参数的另一个shell。
<强> BUT
任务之间不共享环境:每个任务都通过SSH启动一个独立的shell。
您有两个选择:
仅在1个任务中启动所有bosh准备和命令
- name: launch all bosh commands
shell: |
export BOSH_CLIENT=admin
export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
bosh -e director us "https://s3.amazonaws.com/bosh-core-stemcells/azure/bosh-stemcell-3421-azure-hyperv-ubuntu-trusty-go_agent.tgz"
bosh -e director ur "http://bosh.io/d/github.com/concourse/concourse"
bosh -e director ur "https://s3.amazonaws.com/bosh-compiled-release-tarballs/garden-runc-1.6.0-ubuntu-trusty-3363.20-20170505-155950-147762079-20170505155956.tgz?versionId=DNopG3gqI9AbTzMddjmAIvIJetuuh6LY"
echo y | bosh -e director ucc "~/cloud-config.yml"
echo y | sudo bosh -e director -d "concourse" deploy "./manifest.yml"
args:
executable: /bin/bash
使用environment键设置environment on tasks。您还必须注册命令输出,以便稍后将它们用作envvar。
- name: Get secret for login to director...
shell: bosh int ./creds.yml --path /admin_password
environment:
BOSH_CLIENT: admin
register: bosh_client_secret
- name: set env vars for login to director...
shell: bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
args:
executable: /bin/bash
environment:
BOSH_CLIENT: admin
BOSH_CLIENT_SECRET: "{{ bosh_client_secret.stdout }}"
...