我正在尝试运行一些openssl命令来验证Ansible playbook中的pri / pub键,但是当我手动运行vs Ansible时,我得到的结果不一致。
以下是我的Ansible剧本的片段:
# Do a sanity check on the private key files against the public key pem files to check they belong to each other ------
- name: Do sanity check on the pri key and pub key pem files
shell: |
/usr/bin/openssl pkey -in $(hostname).key -pubout -outform pem | sha256sum > hash.$(date +%Y%m%d)
/usr/bin/openssl x509 -in $(hostname).pem -pubkey -noout -outform pem | sha256sum >> hash.$(date +%Y%m%d)
如果在bash中手动运行命令(并且两个pri / pub密钥都有效),则散列是相同的(如预期的那样)。但是,如果我尝试在playbook中运行相同的命令,则哈希结果会有所不同。怎么会这样?
手动bash命令运行的示例输出(哈希值相同):
cfe2a1ae4dea66e86bfb9afb1f6fc5f05812d7967e03342a7ec310d1d685f88f -
cfe2a1ae4dea66e86bfb9afb1f6fc5f05812d7967e03342a7ec310d1d685f88f -
VS
Ansible(即使pri / pub键未更改,哈希也不同):
cfe2a1ae4dea66e86bfb9afb1f6fc5f05812d7967e03342a7ec310d1d685f88f -
e3b0c55298fc1c149afbf4a8996fb92427ae41e4649b934dc495881b7852b855 -
有什么想法吗?
感谢。
答案 0 :(得分:0)
感谢您的积极评价。我设法通过使用命令模块使其工作,这在远程框上提供了一致的结果。我首先用命令创建了一个小脚本:
#!/bin/bash
cd /etc/pki/p1
/usr/bin/openssl pkey -in $(hostname).key -pubout -outform pem | sha256sum > hash.$(date +%Y%m%d)
/usr/bin/openssl x509 -in $(hostname).pem -pubkey -noout -outform pem | sha256sum >> hash.$(date +%Y%m%d)
然后将脚本复制到远程框并在playbook中运行脚本,如下所示:
# Copy the sshValidate.sh script to each box in /etc/pki/p1 ---------------------------------
- name: Copy the sshValidate.sh script to each box in /etc/pki/p1
copy:
src: "{{ item }}"
dest: /etc/pki/p1/ # Copy the file here
owner: root
group: root
mode: 0700
with_items:
- /home/ansible/sslValidate.sh # This is the source file
# Do a sanity check on the private key files against the public key pem files to check they belong to each other ------
- name: Do sanity check on the pri key and pub key pem files
command: bash /etc/pki/p1/sslValidate.sh
我确实尝试使用脚本模块,但这对我来说效果不佳。
感谢。