1
我開發了一個任務,簡單地遠程主機上執行命令:Ansible密鑰工具:找不到命令
- name: generate ssl
shell: ./example.sh
args:
chdir: /tmp/example-pki-scripts
的example.sh文件,以執行一些腳本:https://github.com/floragunncom/search-guard-ssl/tree/master/example-pki-scripts
然後當我部署此在遠程主機上的任務出現以下錯誤:
fatal: [efk1]: FAILED! => {
"changed": true,
"cmd": "./example.sh",
"delta": "0:00:00.213500",
"end": "2017-01-20 12:02:10.703895",
"failed": true,
"invocation": {
"module_args": {
"_raw_params": "./example.sh",
"_uses_shell": true,
"chdir": "/tmp/example-pki-scripts",
"creates": null,
"executable": null,
"removes": null,
"warn": true
},
"module_name": "command"
},
"rc": 127,
"start": "2017-01-20 12:02:10.490395",
"stderr": "Generating a 2048 bit RSA private key\n.+++\n.......+++\nwriting new private key to 'ca/root-ca/private/root-ca.key'\n-----\nUsing configuration from etc/root-ca.conf\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n Serial Number: 1 (0x1)\n Validity\n Not Before: Jan 20 11:02:10 2017 GMT\n Not After : Jan 20 11:02:10 2027 GMT\n Subject:\n domainComponent = com\n domainComponent = example\n organizationName = Example Com Inc.\n organizationalUnitName = Example Com Inc. Root CA\n commonName = Example Com Inc. Root CA\n X509v3 extensions:\n X509v3 Key Usage: critical\n Certificate Sign, CRL Sign\n X509v3 Basic Constraints: critical\n CA:TRUE\n X509v3 Subject Key Identifier: \n EB:DC:70:FA:90:59:4A:C3:09:E3:73:80:92:E0:EE:70:9A:77:48:62\n X509v3 Authority Key Identifier: \n keyid:EB:DC:70:FA:90:59:4A:C3:09:E3:73:80:92:E0:EE:70:9A:77:48:62\n\nCertificate is to be certified until Jan 20 11:02:10 2027 GMT (3652 days)\n\nWrite out database with 1 new entries\nData Base Updated\nGenerating a 2048 bit RSA private key\n..............................................................................+++\n......................+++\nwriting new private key to 'ca/signing-ca/private/signing-ca.key'\n-----\nUsing configuration from etc/root-ca.conf\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n Serial Number: 2 (0x2)\n Validity\n Not Before: Jan 20 11:02:10 2017 GMT\n Not After : Jan 20 11:02:10 2027 GMT\n Subject:\n domainComponent = com\n domainComponent = example\n organizationName = Example Com Inc.\n organizationalUnitName = Example Com Inc. Signing CA\n commonName = Example Com Inc. Signing CA\n X509v3 extensions:\n X509v3 Key Usage: critical\n Certificate Sign, CRL Sign\n X509v3 Basic Constraints: critical\n CA:TRUE, pathlen:0\n X509v3 Subject Key Identifier: \n 19:19:0A:28:78:33:A8:04:A9:5F:62:81:CA:3D:9F:8A:1F:97:00:6F\n X509v3 Authority Key Identifier: \n keyid:EB:DC:70:FA:90:59:4A:C3:09:E3:73:80:92:E0:EE:70:9A:77:48:62\n\nCertificate is to be certified until Jan 20 11:02:10 2027 GMT (3652 days)\n\nWrite out database with 1 new entries\nData Base Updated\n./gen_root_ca.sh: line 72: keytool: command not found",
"stdout": "Root CA generated\nSigning CA generated",
"stdout_lines": [
"Root CA generated",
"Signing CA generated"
],
"warnings": []
}
所以你看到凸輪的問題是行72:密鑰工具:找不到命令,但是當我執行相同的腳本example.sh在本地機器上它生成沒有問題的ssl密鑰。
確切行,其中ansible stucks是:
cat ca/root-ca.pem | keytool \
-import \
-v \
-keystore truststore.jks \
-storepass $TS_PASS \
-noprompt -alias root-ca-chain