我想将证书导入主机。我已经为此编写了剧本。keytool位于usr/java/jdk/bin/keytool位置,但会出现以下错误。我已经将下面的两个命令转换为playbook,但$JAVA_HOME无法通过playbook找到。
$JAVA_HOME/bin/keytool-导入-别名Apple_Corporate_Root_CA-密钥库$JAVA_HHOME/jre/lib/security/cacerts-trustcacerts–文件Apple_Corporate_oot_CA.pem
$JAVA_HOME/bin/keytool-导入-别名Apple_Corporate_Root_CA_2-密钥库$JAVA_HHOME/jre/lib/security/cacerts-trustcacerts–文件Apple_Corporate_oot_ca2.pem
playbook:
---
- hosts: test
gather_facts: false
vars:
pack1: /ngs/app/rdrt
pack2: /usr/java/jdk*
pack3: which_keytool.stdout
pack4: !vault |
$ANSIBLE_VAULT;1.1;AES256
39646535636262343133633334366538356361356430613566643162316438366266626135323737
6633316430653038316330653437343535346266356265650a343262643938363631656237326331
31363961323839626533363739623639656662336361633131373765333563333034393963373737
6439663362333164660a313432666333306463616562346564323139303364343539623335373931
6537
tasks:
- name: copy the files
copy:
src: "/Users/sivarami.rc/Downloads/Problem46218229/apple_corporate_root_ca.pem"
dest: "{{ pack1 }}"
- name: copy the files
copy:
src: "/Users/sivarami.rc/Downloads/Problem46218229/apple_corporate_root_ca2.pem"
dest: "{{ pack1 }}"
- name: copy the files
copy:
src: "/Users/sivarami.rc/Downloads/Problem46218229/ca-trust-check-1.0.0.jar"
dest: "{{ pack1 }}"
- name: to register the value of keytool
shell: cd /usr/java/jdk*/bin/|ls|which keytool
register: which_keytool.stdout
- name: Import SSL certificate to a given cacerts keystore
java_cert:
cert_path: "{{ pack1 }}/apple_corporate_root_ca.pem"
cert_alias: Apple_Corporate_Root_CA
cert_port: 443
keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"
keystore_pass: "{{ pack4 }}"
executable: "{{ pack3 }}"
state: present
- name: Import SSL certificate to a cacerts keystore
java_cert:
cert_path: "{{ pack1 }}/apple_corporate_root_ca2.pem"
cert_alias: Apple_Corporate_Root_CA2
cert_port: 443
keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"
keystore_pass: "{{ pack4 }}"
executable: "{{ pack3 }}"
state: present
- name: checking those files trusted or untrusted
shell: "{{ pack2 }}/bin/java -jar {{ pack1 }}/ca-trust-check-1.0.0.jar"
您对ansible以及这里的文件路径有很多误解。
首先,
pack2: /usr/java/jdk**
严格来说并不是错误的,但也没有按照你的期望行事。最重要的是,拥有两颗星并不会让它变得"更加狂野"。单个*
就足以使shell匹配任意glob。
的错误之处在于您在许多后续模块中逐字逐句地使用了{{ pack2 }}
,但我们稍后将讨论这一点。
接下来,
pack3: which_keytool.stdout
不会做你想做的事,因为ansible没有计算表达式的能力,所以{{ pack3 }}
将永远是字符w
h
i
等等。它永远不会是{{ which_keytool.stdout }}
接下来,
shell: cd /usr/java/jdk**/bin/|ls|which keytool
是一些非常奇怪且极不正确的shell脚本。我想也许你的意思是:
shell: /bin/ls -1 {{ pack2 }}/bin/keytool
以便让shell展开**
,然后尝试匹配bin/keytool
子级。
在您的情况下,实际上最好在您的行动手册中早些时候匹配该jdk目录,然后将其分配给jdk_home
事实,这样{{ jdk_home }}/bin/keytool
就会像keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"
一样表现得很理智
另外,这些都是糟糕的变量名。你只是为"未来的你"或你的同事感到心痛。没有人会祈祷记住pack2
的含义。