ansible转义证书内容
ansible escaping certificate content
我对 ansible 有疑问。我正在尝试安装一些需要自动生成证书的软件。每次安装 运行 时都会自动生成证书。
I 运行 从设置文件中提取证书的命令。
bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
证书中似乎有转义字符,每次都会出现问题。
证书输出为:
:~$ bosh int ./creds.yml --path /director_ssl/ca
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIRALV4CbzZnmM/DpVWtV0QpXAwDQYJKoZIhvcNAQELBQAw
MzEMMAoGA1UEBhMDVVNBMRYwFAYDVQQKEw1DbG91ZCBGb3VuZHJ5MQswCQYDVQQD
EwJjYTAeFw0xNzA2MjMxMjI1MzNaFw0xODA2MjMxMjI1MzNaMDMxDDAKBgNVBAYT
A1VTQTEWMBQGA1UEChMNQ2xvdWQgRm91bmRyeTELMAkGA1UEAxMCY2EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB7PNn3J3RayZp32cSWofTsNAj5VjD
h0dl8cpPxEgmrRjGDbKMplP1IqgfudxeJLlNzhNBRmrfqXc9RLvLCp9+foeq/ErC
nKzLKPYsu2bHXsVFqTFDotl7TL9TSd9JGeKKom4RwzlZ5deXlfZIduYwdMAOGfOL
hAqsbO9BewdlNWTFJIRsR+KHPlvxs1kvQohIxzPRv5MjyRm6ylUwuWNs0bEQixIs
C34379sba12FFlN8dO3okZKH26rnIMCzpIOH7IBZsEPLFWl1T3NkWITzFpsg4wiX
ajiK/LI441cFld28g4TgqvfCMFtmmsYcnpNAC7RKGSYkvAkXKSbKkagLAgMBAAGj
IzAhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4IBAQCTTJHimCiXniG/UwbQ2ZPS1gMGnjWHvvnroA3sg0Jnv3Se3opxhlro
lbaJqMfR46d3bRyILjtiTD3aDC71aUu8CIeaVlzRIOW0BSWQFZB67y/ZkLe96wg0
8LafcTh2UqYw77Xlt9fwRoZTAwFjnXW/SV0DpKfTmMdCN9M/rtPLiJSsVN8Z1get
/p2YHYAJ6OU3ClKNfVgcmC1IFauQb77ctMsd0sY2t6XMY7HY6RACYNidfHJM14tL
YCtkuvFs8ZP8TpHQY0C5FuNk0nPHcbUiHaD3KAuWRoGkFNvnD54v4IX13zy/iWgU
1TU2nomKujmt5lEB8NZF7jzfW2vlxprA
-----END CERTIFICATE-----
Succeeded
我得到的错误是:
TASK [set env vars for login to director...] ***********************************
fatal: [51.xxx.xxx.xxx]: FAILED! => {"changed": true, "cmd": "bosh alias-env boshdir -e boshdir --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)", "delta": "0:00:00.001721", "end": "2017-06-26 09:16:49.854271", "failed": true, "rc": 2, "start": "2017-06-26 09:16:49.852550", "stderr": "/bin/sh: 1: Syntax error: \"(\" unexpected", "stderr_lines": ["/bin/sh: 1: Syntax error: \"(\" unexpected"], "stdout": "", "stdout_lines": []}
我尝试从 shell、Command 和 RAW 切换 ansible shells。和 raw 似乎适用于摄取证书值,但似乎无法访问我在上一个任务中设置的其他环境变量。有谁知道如何转义出证书内容?
这部分设置的 ansible 脚本 运行 是:
---
- hosts: all
gather_facts: no
tasks:
- name: Update director creds file on deployment server
copy: src="files/bosh-creds.yml" dest="/home/bosher/creds.yml" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Update state file on deployment server
copy: src="files/bosh-state.json" dest="/home/bosher/state.json" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Update bosh concourse Manifest on deployment server
copy: src="files/temp-con-man.yml" dest="/home/bosher/con-man.yml" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Update bosh cloud config on deployment server
copy: src="files/temp-con-cloud-azure.yml" dest="/home/bosher/cloud-config.yml" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Download bosh exe and place in path location
get_url: url="https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-2.0.16-linux-amd64" dest="/usr/local/bin/bosh" mode="0755"
become: true
- name: set jumpbox host file for dns of director...
shell: |
sudo chmod 777 /etc/hosts
sudo echo "10.0.0.6 boshdir" >> /etc/hosts
sudo chmod 644 /etc/hosts
- name: set env vars for login to director...
shell: |
export BOSH_CLIENT=admin
export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
- name: set env vars for login to director...
shell: bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
- name: upload stemcells and releases to director...
shell: |
bosh -e director us "https://s3.amazonaws.com/bosh-core-stemcells/azure/bosh-stemcell-3421-azure-hyperv-ubuntu-trusty-go_agent.tgz"
bosh -e director ur "http://bosh.io/d/github.com/concourse/concourse"
bosh -e director ur "https://s3.amazonaws.com/bosh-compiled-release-tarballs/garden-runc-1.6.0-ubuntu-trusty-3363.20-20170505-155950-147762079-20170505155956.tgz?versionId=DNopG3gqI9AbTzMddjmAIvIJetuuh6LY"
echo y | bosh -e director ucc "~/cloud-config.yml"
- name: run the concourse install...
shell: echo y | sudo bosh -e director -d "concourse" deploy "./manifest.yml"
这似乎让我很烦,我似乎无法让它工作。有人可以指出我在这里做错了什么吗?
你的错误是 shell 使用的 (/bin/sh) 不处理 '<(cmd)' 语法
$ /bin/sh -c 'cat <(echo foo)'
/bin/sh: 1: Syntax error: "(" unexpected
$ /bin/bash -c 'cat <(echo foo)'
foo
您可以将另一个 shell 与 shell 模块的 executable 参数一起使用。
但是
任务之间不共享环境:每个任务通过 SSH 启动一个独立的 shell。
您有 2 个选择:
仅在 1 个任务中启动所有 bosh 准备和命令
- name: launch all bosh commands
shell: |
export BOSH_CLIENT=admin
export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
bosh -e director us "https://s3.amazonaws.com/bosh-core-stemcells/azure/bosh-stemcell-3421-azure-hyperv-ubuntu-trusty-go_agent.tgz"
bosh -e director ur "http://bosh.io/d/github.com/concourse/concourse"
bosh -e director ur "https://s3.amazonaws.com/bosh-compiled-release-tarballs/garden-runc-1.6.0-ubuntu-trusty-3363.20-20170505-155950-147762079-20170505155956.tgz?versionId=DNopG3gqI9AbTzMddjmAIvIJetuuh6LY"
echo y | bosh -e director ucc "~/cloud-config.yml"
echo y | sudo bosh -e director -d "concourse" deploy "./manifest.yml"
args:
executable: /bin/bash
使用environment键设置environment on tasks。您还必须注册命令的输出,以便稍后将它们用作环境变量。
- name: Get secret for login to director...
shell: bosh int ./creds.yml --path /admin_password
environment:
BOSH_CLIENT: admin
register: bosh_client_secret
- name: set env vars for login to director...
shell: bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
args:
executable: /bin/bash
environment:
BOSH_CLIENT: admin
BOSH_CLIENT_SECRET: "{{ bosh_client_secret.stdout }}"
...
我对 ansible 有疑问。我正在尝试安装一些需要自动生成证书的软件。每次安装 运行 时都会自动生成证书。
I 运行 从设置文件中提取证书的命令。
bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
证书中似乎有转义字符,每次都会出现问题。
证书输出为:
:~$ bosh int ./creds.yml --path /director_ssl/ca
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIRALV4CbzZnmM/DpVWtV0QpXAwDQYJKoZIhvcNAQELBQAw
MzEMMAoGA1UEBhMDVVNBMRYwFAYDVQQKEw1DbG91ZCBGb3VuZHJ5MQswCQYDVQQD
EwJjYTAeFw0xNzA2MjMxMjI1MzNaFw0xODA2MjMxMjI1MzNaMDMxDDAKBgNVBAYT
A1VTQTEWMBQGA1UEChMNQ2xvdWQgRm91bmRyeTELMAkGA1UEAxMCY2EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB7PNn3J3RayZp32cSWofTsNAj5VjD
h0dl8cpPxEgmrRjGDbKMplP1IqgfudxeJLlNzhNBRmrfqXc9RLvLCp9+foeq/ErC
nKzLKPYsu2bHXsVFqTFDotl7TL9TSd9JGeKKom4RwzlZ5deXlfZIduYwdMAOGfOL
hAqsbO9BewdlNWTFJIRsR+KHPlvxs1kvQohIxzPRv5MjyRm6ylUwuWNs0bEQixIs
C34379sba12FFlN8dO3okZKH26rnIMCzpIOH7IBZsEPLFWl1T3NkWITzFpsg4wiX
ajiK/LI441cFld28g4TgqvfCMFtmmsYcnpNAC7RKGSYkvAkXKSbKkagLAgMBAAGj
IzAhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4IBAQCTTJHimCiXniG/UwbQ2ZPS1gMGnjWHvvnroA3sg0Jnv3Se3opxhlro
lbaJqMfR46d3bRyILjtiTD3aDC71aUu8CIeaVlzRIOW0BSWQFZB67y/ZkLe96wg0
8LafcTh2UqYw77Xlt9fwRoZTAwFjnXW/SV0DpKfTmMdCN9M/rtPLiJSsVN8Z1get
/p2YHYAJ6OU3ClKNfVgcmC1IFauQb77ctMsd0sY2t6XMY7HY6RACYNidfHJM14tL
YCtkuvFs8ZP8TpHQY0C5FuNk0nPHcbUiHaD3KAuWRoGkFNvnD54v4IX13zy/iWgU
1TU2nomKujmt5lEB8NZF7jzfW2vlxprA
-----END CERTIFICATE-----
Succeeded
我得到的错误是:
TASK [set env vars for login to director...] ***********************************
fatal: [51.xxx.xxx.xxx]: FAILED! => {"changed": true, "cmd": "bosh alias-env boshdir -e boshdir --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)", "delta": "0:00:00.001721", "end": "2017-06-26 09:16:49.854271", "failed": true, "rc": 2, "start": "2017-06-26 09:16:49.852550", "stderr": "/bin/sh: 1: Syntax error: \"(\" unexpected", "stderr_lines": ["/bin/sh: 1: Syntax error: \"(\" unexpected"], "stdout": "", "stdout_lines": []}
我尝试从 shell、Command 和 RAW 切换 ansible shells。和 raw 似乎适用于摄取证书值,但似乎无法访问我在上一个任务中设置的其他环境变量。有谁知道如何转义出证书内容?
这部分设置的 ansible 脚本 运行 是:
---
- hosts: all
gather_facts: no
tasks:
- name: Update director creds file on deployment server
copy: src="files/bosh-creds.yml" dest="/home/bosher/creds.yml" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Update state file on deployment server
copy: src="files/bosh-state.json" dest="/home/bosher/state.json" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Update bosh concourse Manifest on deployment server
copy: src="files/temp-con-man.yml" dest="/home/bosher/con-man.yml" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Update bosh cloud config on deployment server
copy: src="files/temp-con-cloud-azure.yml" dest="/home/bosher/cloud-config.yml" owner="bosher" group="bosher" mode="0755"
become: yes
- name: Download bosh exe and place in path location
get_url: url="https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-2.0.16-linux-amd64" dest="/usr/local/bin/bosh" mode="0755"
become: true
- name: set jumpbox host file for dns of director...
shell: |
sudo chmod 777 /etc/hosts
sudo echo "10.0.0.6 boshdir" >> /etc/hosts
sudo chmod 644 /etc/hosts
- name: set env vars for login to director...
shell: |
export BOSH_CLIENT=admin
export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
- name: set env vars for login to director...
shell: bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
- name: upload stemcells and releases to director...
shell: |
bosh -e director us "https://s3.amazonaws.com/bosh-core-stemcells/azure/bosh-stemcell-3421-azure-hyperv-ubuntu-trusty-go_agent.tgz"
bosh -e director ur "http://bosh.io/d/github.com/concourse/concourse"
bosh -e director ur "https://s3.amazonaws.com/bosh-compiled-release-tarballs/garden-runc-1.6.0-ubuntu-trusty-3363.20-20170505-155950-147762079-20170505155956.tgz?versionId=DNopG3gqI9AbTzMddjmAIvIJetuuh6LY"
echo y | bosh -e director ucc "~/cloud-config.yml"
- name: run the concourse install...
shell: echo y | sudo bosh -e director -d "concourse" deploy "./manifest.yml"
这似乎让我很烦,我似乎无法让它工作。有人可以指出我在这里做错了什么吗?
你的错误是 shell 使用的 (/bin/sh) 不处理 '<(cmd)' 语法
$ /bin/sh -c 'cat <(echo foo)'
/bin/sh: 1: Syntax error: "(" unexpected
$ /bin/bash -c 'cat <(echo foo)'
foo
您可以将另一个 shell 与 shell 模块的 executable 参数一起使用。
但是
任务之间不共享环境:每个任务通过 SSH 启动一个独立的 shell。
您有 2 个选择:
仅在 1 个任务中启动所有 bosh 准备和命令
- name: launch all bosh commands shell: | export BOSH_CLIENT=admin export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password` bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca) bosh -e director us "https://s3.amazonaws.com/bosh-core-stemcells/azure/bosh-stemcell-3421-azure-hyperv-ubuntu-trusty-go_agent.tgz" bosh -e director ur "http://bosh.io/d/github.com/concourse/concourse" bosh -e director ur "https://s3.amazonaws.com/bosh-compiled-release-tarballs/garden-runc-1.6.0-ubuntu-trusty-3363.20-20170505-155950-147762079-20170505155956.tgz?versionId=DNopG3gqI9AbTzMddjmAIvIJetuuh6LY" echo y | bosh -e director ucc "~/cloud-config.yml" echo y | sudo bosh -e director -d "concourse" deploy "./manifest.yml" args: executable: /bin/bash使用
environment键设置environment on tasks。您还必须注册命令的输出,以便稍后将它们用作环境变量。- name: Get secret for login to director... shell: bosh int ./creds.yml --path /admin_password environment: BOSH_CLIENT: admin register: bosh_client_secret - name: set env vars for login to director... shell: bosh alias-env director -e director --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca) args: executable: /bin/bash environment: BOSH_CLIENT: admin BOSH_CLIENT_SECRET: "{{ bosh_client_secret.stdout }}" ...