我正在尝试使用 puppet 来编辑 weblogic config.xml 文件以完成 SSL 配置部分。
在起始 weblogic config.xml 文件下方:
<?xml version="1.0" encoding="UTF-8"?>
<domain ...
...
<server>
<name>AdminServer</name>
<ssl>
<name>AdminServer</name>
<enabled>true</enabled>
<listen-port>7336</listen-port>
</ssl>
以下是我需要得到的:
<?xml version="1.0" encoding="UTF-8"?>
<domain ...
...
<server>
<name>AdminServer</name>
<ssl>
<name>AdminServer</name>
<enabled>true</enabled>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>false</hostname-verification-ignored>
<client-certificate-enforced>false</client-certificate-enforced>
<listen-port>7336</listen-port>
<two-way-ssl-enabled>true</two-way-ssl-enabled>
<server-private-key-alias>...alias...</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>...key-pass-phrase... </server-private-key-pass-phrase-encrypted>
</ssl>
在我的木偶代码下面:
augeas { "ssl_config_${instance}":
lens => "Xml.lns",
require => File["${config_instance}"],
incl => "${config_instance}",
changes => [
"set domain/server/ssl/hostname-verifier/#attribute/xsi:nil true",
"set domain/server/ssl/hostname-verification-ignored/#text false",
"set domain/server/ssl/client-certificate-enforced/#text false",
"set domain/server/ssl/two-way-ssl-enabled/#text true",
"set domain/server/ssl/server-private-key-alias/#text ${server_private_key_alias}",
"set domain/server/ssl/server-private-key-pass-phrase-encrypted/#text ${server_private_key_pass_phrase}",
],
}
以下是我得到的:
...
<ssl>
<name>AdminServer</name>
<enabled>true</enabled>
<listen-port>7336</listen-port>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>false</hostname-verification-ignored>
<client-certificate-enforced>false</client-certificate-enforced>
<two-way-ssl-enabled>true</two-way-ssl-enabled>
<server-private-key-alias>default</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>...key-pass-phrase...
</server-private-key-pass-phrase-encrypted>
</ssl>
如您所见,节点被添加到最后一个节点之后,但通过这种方式,我们将使架构无效。
有没有办法指定应该在哪个位置添加新节点?
提前感谢您的任何反馈问候费普
你必须使用ins ... before/after ...,结合一个onlyif,这不是很实用,因为一般来说,每个你想要设置的值至少需要两个资源(一个使用set命令,另一个使用ins(。文档中有这样的例子。