`
annan211
  • 浏览: 462495 次
  • 性别: Icon_minigender_1
  • 来自: 广州
社区版块
存档分类
最新评论

ansible 根据主机处理不同case

 
阅读更多
Ansible 根据主机的不同,有时候需要处理不同的场景,例如存在如下场景,配置多台VM的Compoment 不同的 TLS证书和Password。

inventory 文件

[dispatcher-connector]
192.168.99.17
192.168.99.5

[dispatcher-manager]
192.168.99.17

[dispatcher-tools]
192.168.99.17



configure.yml 文件
---
- name: tls enable for connector
  hosts: dispatcher-connector
  vars_files:
    - ./vars/dispatcher.yml
  vars:
    certs_store_path: "{{ connector_certs_dir }}"
    configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-connector/conf/connector.properties"
  become: yes
  become_user: root  
  tasks:        
    - debug: var=hostvars[inventory_hostname]['ansible_default_ipv4']['address']   
    - debug: var=connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.keystore.location']
    - debug: var={{connector_mqtt_key_store_password_base64[inventory_hostname]}}              
    
    - name: add mqtt configure tls config
      include: "{{ playbook_dir }}/common/connector-mqtt-tls-enable.yml"
      when: connector_mqtt_tls_enable

    - name: add http configure tls config
      include: "{{ playbook_dir }}/common/connector-http-tls-enable.yml"
      when: connector_http_tls_enable
  tags: dispatcher-connector




vars 变量文件
############################## Dispatcher Installation Basic Info ###############
latest_version: 4.1.1
origin_version: 4.1.1
dispatcher_installation_home: /opt/ddi/dispatcher
dispatcher_user_name: dispatcher
dispatcher_group_name: dispatcher
dispatcher_user_home: /home/dispatcher
dispatcher_connector_http_host: "{{ groups['dispatcher-connector'][0] }}"

############################## Dispatcher EP Installation Info #################
connector_ep_list:
manager_ep_list:
connector_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/lib"
manager_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/webapps/WEB-INF/lib"

certs_from_path: "{{ playbook_dir }}/files"
connector_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/conf/certs"
manager_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/conf/certs"
tools_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-tools/cli/conf/certs"


############################## tls setting for dispatcher ######################
connector_mqtt_tls_enable: true

connector_mqtt:
  192.168.99.17:
    key_store_password_base64: MTEyMjMz
    key_manager_password_base64: MTEyMjMz
    trust_store_password_base64: Y2hhbmdlaXQ=
    ssl.keystore.location: "/opt/connector-mqtt.server.keystore.jks"
    ssl.truststore.location: "/opt/connector-mqtt.server.truststore.jks"
  192.168.99.5:
    key_store_password_base64: MTEyMjMz
    key_manager_password_base64: MTEyMjMz
    trust_store_password_base64: Y2hhbmdlaXQ=
    ssl.keystore.location: "/opt/connector-mqtt.server.keystore.jks"
    ssl.truststore.location: "/opt/connector-mqtt.server.truststore.jks"

connector_http_tls_enable: true

connector_http:
  192.168.99.17:
    key_store_password_base64: MTEyMjMz
    key_manager_password_base64: MTEyMjMz
    trust_store_password_base64: Y2hhbmdlaXQ=
    ssl.keystore.location: "{{ playbook_dir }}/files/192.168.99.17/connector-mqtt.server.keystore.jks"
    ssl.truststore.location: "{{ playbook_dir }}/files/192.168.99.17/connector-mqtt.server.truststore.jks"
  192.168.99.5:
    key_store_password_base64: MTEyMjMz
    key_manager_password_base64: MTEyMjMz
    trust_store_password_base64: Y2hhbmdlaXQ=
    ssl.keystore.location: "{{ playbook_dir }}/files/192.168.99.5/connector-mqtt.server.keystore.jks"
    ssl.truststore.location: "{{ playbook_dir }}/files/192.168.99.5/connector-mqtt.server.truststore.jks"

#connector_mqtt_key_store_password_base64: MTEyMjMz
#connector_mqtt_key_manager_password_base64: MTEyMjMz
#connector_mqtt_trust_store_password_base64: Y2hhbmdlaXQ=

#connector_http_key_store_password_base64: MTEyMjMz
#connector_http_key_manager_password_base64: MTEyMjMz
#connector_http_trust_store_password_base64: Y2hhbmdlaXQ=
connectivity_https_port: 8443
monitor_https_port: 8444
connectivity_http_port: 8080
monitor_http_port: 8161



common/connector-mqtt-tls-enable.yml

---
- name: create certs store directory
  file:
    path: "{{ certs_store_path }}"
    owner: dispatcher
    group: dispatcher
    state: directory

- name: copy dispatcher-connector keystore certs
  copy:
    src: "{{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.keystore.location'] }}"
    dest: "{{ certs_store_path }}/connector-mqtt.server.keystore.jks"
    mode: 0644

- name: copy dispatcher-connector truststore certs
  copy:
    src: "{{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.truststore.location'] }}"
    dest: "{{ certs_store_path }}/connector-mqtt.server.truststore.jks"
    mode: 0644

- name: modify connector keystore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+'
    line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+'
    line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks'
    insertafter: '^mqtt.authentication.certificate.deviceId.key'
    state: present

- name: modify connector keystore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+'
    line: "mqtt.ssl.key.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+'
    line: "mqtt.ssl.key.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}"
    insertafter: '^mqtt.ssl.key.store.path'
    state: present

- name: modify connector key manager password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+'
    line: "mqtt.ssl.key.manager.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+'
    line: "mqtt.ssl.key.manager.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}"
    insertafter: '^mqtt.ssl.key.store.password'
    state: present

- name: modify connector truststore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+'
    line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+'
    line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks'
    insertafter: '^mqtt.ssl.key.manager.password'
    state: present

- name: modify connector truststore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+'
    line: "mqtt.ssl.trust.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+'
    line: "mqtt.ssl.trust.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}"
    insertafter: '^mqtt.ssl.trust.store.path'
    state: present



common/connector-http-tls-enable.yml

---
- name: create certs store directory
  file:
    path: "{{ certs_store_path }}"
    owner: dispatcher
    group: dispatcher
    state: directory

- name: copy dispatcher-connector keystore certs
  copy:
    src: "{{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.keystore.location'] }}"
    dest: "{{ certs_store_path }}/connector-http.server.keystore.jks"
    mode: 0644

- name: copy dispatcher-connector truststore certs
  copy:
    src: "{{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.truststore.location'] }}"
    dest: "{{ certs_store_path }}/connector-http.server.truststore.jks"
    mode: 0644

- name: modify connector keystore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.path=\s*/?\w+'
    line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.path=\s*/?\w+'
    line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks'
    insertafter: '^mqtt.ssl.trust.store.password'
    state: present

- name: modify connector keystore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.password=\s*/?\w+'
    line: "http.ssl.key.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password  for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.password=\s*/?\w+'
    line: "http.ssl.key.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}"
    insertafter: '^http.ssl.key.store.path'
    state: present

- name: modify connector key manager password  for http if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+'
    line: "http.ssl.key.manager.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector key manager password  for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+'
    line: "http.ssl.key.manager.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}"
    insertafter: '^http.ssl.key.store.password'
    state: present

- name: modify connector truststore path for http  if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+'
    line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore path for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+'
    line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks'
    insertafter: '^http.ssl.key.manager.password'
    state: present

- name: modify connector truststore password for http if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+'
    line: "http.ssl.trust.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore password for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+'
    line: "http.ssl.trust.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}"
    insertafter: '^http.ssl.trust.store.path'
    state: present


Result




第二种方式

inventory 文件

[dispatcher-connector]
192.168.99.17
192.168.99.5

[dispatcher-manager]
192.168.99.17

[dispatcher-tools]
192.168.99.17




vars 变量文件
---

############################## Dispatcher Installation Basic Info ###############
latest_version: 4.1.1
origin_version: 4.1.1
dispatcher_installation_home: /opt/ddi/dispatcher
dispatcher_user_name: dispatcher
dispatcher_group_name: dispatcher
dispatcher_user_home: /home/dispatcher
dispatcher_connector_http_host: "{{ groups['dispatcher-connector'][0] }}"

############################## Dispatcher EP Installation Info #################
connector_ep_list:
manager_ep_list:
connector_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/lib"
manager_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/webapps/WEB-INF/lib"

certs_from_path: "{{ playbook_dir }}/files"
connector_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/conf/certs"
manager_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/conf/certs"
tools_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-tools/cli/conf/certs"


############################## tls setting for dispatcher ######################
connector_mqtt_tls_enable: true
connector_http_tls_enable: true

connector_mqtt_key_store_password_base64:
  host1: MTEyMjMz1
  host2: MTEyMjMz2

connector_mqtt_key_manager_password_base64:
  host1: MTEyMjMz1
  host2: MTEyMjMz2

connector_mqtt_trust_store_password_base64:
  host1: Y2hhbmdlaXQ=1
  host2: Y2hhbmdlaXQ=2

connector_mqtt_ssl_keystore_location:
  host1: /opt/ssl/connector-mqtt.server.keystore1.jks
  host2: /opt/ssl/connector-mqtt.server.keystore2.jks

connector_mqtt_ssl_truststore_location:
  host1: /opt/ssl/connector-mqtt.server.truststore1.jks
  host2: /opt/ssl/connector-mqtt.server.truststore2.jks

connector_http_key_store_password_base64:
  host1: MTEyMjMz1
  host2: MTEyMjMz2

connector_http_key_manager_password_base64:
  host1: MTEyMjMz1
  host2: MTEyMjMz2

connector_http_trust_store_password_base64:
  host1: Y2hhbmdlaXQ=1
  host2: Y2hhbmdlaXQ=2

connector_http_ssl_keystore_location:
  host1: /opt/ssl/connector-http.server.keystore1.jks
  host2: /opt/ssl/connector-http.server.keystore2.jks

connector_http_ssl_truststore_location:
  host1: /opt/ssl/connector-http.server.truststore1.jks
  host2: /opt/ssl/connector-http.server.truststore2.jks




configure.yml文件

---
- name: tls enable for connector
  hosts: dispatcher-connector
  vars_files:
    - ./vars/dispatcher.yml
  vars:
    certs_store_path: "{{ connector_certs_dir }}"
    configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-connector/conf/connector.properties"
  become: yes
  become_user: root
  tasks:
    - name: add kafka tls config
      include: "{{ playbook_dir }}/common/kafka-tls-enable.yml"
      when: kafka_tls_enable

    - name: add cassandra tls config
      include: "{{ playbook_dir }}/common/cassandra-tls-enable.yml"
      when: cassandra_tls_enable

    - name: add mqtt configure tls config
      include: "{{ playbook_dir }}/common/connector-mqtt-tls-enable.yml"
      when: connector_mqtt_tls_enable

    - name: add http configure tls config
      include: "{{ playbook_dir }}/common/connector-http-tls-enable.yml"
      when: connector_http_tls_enable

  tags: dispatcher-connector

- name: tls enable for manager
  hosts: dispatcher-manager
  vars_files:
    - ./vars/dispatcher.yml
  vars:
    certs_store_path: "{{ manager_certs_dir }}"
    configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-manager/conf/manager.properties"
  become: yes
  become_user: root
  tasks:
    - name: add kafka tls config
      include: "{{ playbook_dir }}/common/kafka-tls-enable.yml"
      when: kafka_tls_enable

    - name: add cassandra tls config
      include: "{{ playbook_dir }}/common/cassandra-tls-enable.yml"
      when: cassandra_tls_enable
  tags: dispatcher-manager

- name: tls enable for tools
  hosts: dispatcher-tools
  vars_files:
    - ./vars/dispatcher.yml
  vars:
    certs_store_path: "{{ tools_certs_dir }}"
    configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-tools/cli/conf/cli.conf"
  become: yes
  become_user: root
  tasks:
    - name: add cassandra tls config
      include: "{{ playbook_dir }}/common/cassandra-tls-enable.yml"
      when: cassandra_tls_enable
  tags: dispatcher-tools




common/connector-mqtt-tls-enable.yml
---
- name: create certs store directory
  file:
    path: "{{ certs_store_path }}"
    owner: dispatcher
    group: dispatcher
    state: directory

- name: copy dispatcher-connector keystore certs
  copy:
    src: "{{ connector_mqtt_ssl_keystore_location[inventory_hostname] }}"
    dest: "{{ certs_store_path }}/connector-mqtt.server.keystore.jks"
    mode: 0644

- name: copy dispatcher-connector truststore certs
  copy:
    src: "{{ connector_mqtt_ssl_truststore_location[inventory_hostname] }}"
    dest: "{{ certs_store_path }}/connector-mqtt.server.truststore.jks"
    mode: 0644

- name: modify connector keystore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+'
    line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+'
    line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks'
    insertafter: '^mqtt.authentication.certificate.deviceId.key'
    state: present

- name: modify connector keystore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+'
    line: "mqtt.ssl.key.store.password={{ connector_mqtt_key_store_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+'
    line: "mqtt.ssl.key.store.password={{ connector_mqtt_key_store_password_base64[inventory_hostname] }}"
    insertafter: '^mqtt.ssl.key.store.path'
    state: present

- name: modify connector key manager password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+'
    line: "mqtt.ssl.key.manager.password={{ connector_mqtt_key_manager_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector key manager password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+'
    line: "mqtt.ssl.key.manager.password={{ connector_mqtt_key_manager_password_base64[inventory_hostname] }}"
    insertafter: '^mqtt.ssl.key.store.password'
    state: present

- name: modify connector truststore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+'
    line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+'
    line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks'
    insertafter: '^mqtt.ssl.key.manager.password'
    state: present

- name: modify connector truststore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+'
    line: "mqtt.ssl.trust.store.password={{ connector_mqtt_trust_store_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+'
    line: "mqtt.ssl.trust.store.password={{ connector_mqtt_trust_store_password_base64[inventory_hostname] }}"
    insertafter: '^mqtt.ssl.trust.store.path'
    state: present




common/connector-http-tls-enable.yml

---
- name: create certs store directory
  file:
    path: "{{ certs_store_path }}"
    owner: dispatcher
    group: dispatcher
    state: directory

- name: copy dispatcher-connector keystore certs
  copy:
    src: "{{ connector_http_ssl_keystore_location[inventory_hostname] }}"
    dest: "{{ certs_store_path }}/connector-http.server.keystore.jks"
    mode: 0644

- name: copy dispatcher-connector truststore certs
  copy:
    src: "{{ connector_http_ssl_truststore_location[inventory_hostname] }}"
    dest: "{{ certs_store_path }}/connector-http.server.truststore.jks"
    mode: 0644

- name: modify connector keystore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.path=\s*/?\w+'
    line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.path=\s*/?\w+'
    line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks'
    insertafter: '^mqtt.ssl.trust.store.password'
    state: present

- name: modify connector keystore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.password=\s*/?\w+'
    line: "http.ssl.key.store.password={{ connector_http_key_store_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password  for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.password=\s*/?\w+'
    line: "http.ssl.key.store.password={{ connector_http_key_store_password_base64[inventory_hostname] }}"
    insertafter: '^http.ssl.key.store.path'
    state: present

- name: modify connector key manager password  for http if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+'
    line: "http.ssl.key.manager.password={{ connector_http_key_manager_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector key manager password  for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+'
    line: "http.ssl.key.manager.password={{ connector_http_key_manager_password_base64[inventory_hostname] }}"
    insertafter: '^http.ssl.key.store.password'
    state: present

- name: modify connector truststore path for http  if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+'
    line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore path for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+'
    line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks'
    insertafter: '^http.ssl.key.manager.password'
    state: present

- name: modify connector truststore password for http if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+'
    line: "http.ssl.trust.store.password={{ connector_http_trust_store_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore password for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+'
    line: "http.ssl.trust.store.password={{ connector_http_trust_store_password_base64[inventory_hostname] }}"
    insertafter: '^http.ssl.trust.store.path'
    state: present



结果是一样的
  • 大小: 31.7 KB
分享到:
评论

相关推荐

    Ansible部署Mysql 5.7.28主从

    Ansible 主机: 10.4.0.57  Mysql Master: 10.4.0.17 Mysql Slave: 10.4.0.22 所有操作都在Ansible主机上进行 执行步骤: 1. 安装ansible 2.9  pip install ansible==2.9 2. 配置 Ansible到Master和Slave主机免密...

    Python自动化运维之Ansible定义主机与组规则操作详解

    本文实例讲述了Python自动化运维之Ansible定义主机与组规则操作。分享给大家供大家参考,具体如下: 一 点睛 Ansible通过定义好的主机与组规则(Inventory)对匹配的目标主机进行远程操作,配置规则文件默认是/etc/...

    教你在 Centos8 中安装并使用 Ansible.doc

    * 无需安装 agent,与 Chef 和 Puppet 不同,Ansible 是无代理的,这意味着你不必担心在受控节点上安装或配置任何包 * 使用 SSH 进行通信,Ansible 默认使用 SSH 协议在控制节点和受控节点之间进行通信 * 并行执行...

    Ansible-Ansible-roles.zip

    Inventory 是 Ansible 中用于定义目标主机列表的文件,可以是静态的文本文件,也可以是动态的,从其他数据源(如数据库或 EC2 API)获取。它可以指定主机的分组,以及附加的变量,这些变量可以在 playbook 中引用。 ...

    Ansible-ansible-deployment-facts.zip

    6. **Dynamic Inventory**: 动态库存允许 Ansible 根据需要动态地发现和管理主机。这在大规模部署中非常有用,因为你可以基于部署事实动态地调整目标主机列表。 7. **Modules and Plugins**: Ansible 有大量内置...

    Ansible-ansible-sftp.zip

    6. **Ansible执行流程**:在实际操作中,我们将运行`ansible-playbook`命令来执行这个playbook,Ansible会自动处理依赖关系并按照正确的顺序执行任务。 7. **安全考虑**:配置SFTP服务器时,应特别关注安全问题,如...

    Ansible:Ansible错误处理与调试.docx

    Ansible:Ansible错误处理与调试.docx

    Ansible-Ansible-WSL.zip

    8. **最佳实践**:可能包含使用Ansible在WSL中进行自动化的一些最佳实践和注意事项,例如权限管理、日志记录和错误处理。 总结来说,"Ansible-Ansible-WSL.zip"是一个关于在WSL环境下利用Ansible进行自动化管理的...

    Ansible-ansible-playbooks.zip

    4. **添加主机和服务**:通过 Ansible 的 `icinga2` 模块,可以方便地动态添加或更新被监控的主机和服务。 5. **设置用户和权限**:管理 Icinga2 Web2 用户和权限,确保只有授权的用户可以访问监控数据。 6. **集成...

    Ansible 自动化运维工具笔记

    Ansible 的核心思想是基于 agentless 的架构,不需要在被管理的主机上安装任何软件或 agent,从而降低了系统的复杂度和安全风险。 一、Ansible 基础篇 1.Ansible 命令介绍 Ansible 提供了多种命令来实现自动化...

    Ansible-ansible-etcd.zip

    1. **Ansible Playbooks**:Playbooks是Ansible的核心,它们定义了如何对目标主机进行操作。在这个项目中,可能有一个或多个playbook,用于安装etcd,配置集群成员,以及设置安全性和持久化策略。 2. **Ansible ...

    ansible中文手册

    Ansible可以通过不同的方式来安装。第一种是源码安装,通过Git从GitHub上克隆Ansible的源代码,然后使用Python的easy_install和pip工具来安装所需的Python包。安装过程中如果遇到依赖问题,比如缺少Python.h头文件,...

    Ansible-ansible-cmdb.zip

    5. **inventory**:Ansible的主机清单,列出要处理的主机和它们的分组。 6. **scripts**:可能包含辅助脚本,用于辅助CMDB的生成过程。 使用这个工具,运维人员可以执行以下操作: - 自动化收集远程主机的信息,...

    ansible6.zip

    1. **主机清单**:这是 Ansible 中一个非常重要的概念,它是一个文本文件,列出需要管理的服务器列表,可以是静态的也可以是动态的,允许你按组组织主机,便于批量操作。 2. **模块**:Ansible 模块是预定义的代码...

    Ansible-ansible-fluentd.zip

    Ansible的核心概念包括主机清单、模块和playbooks,其中playbooks是用YAML语言编写的,用于定义自动化流程。 接下来,我们关注Fluentd。Fluentd是一个数据收集器,设计用于统一日志管理和分析。它的主要功能包括从...

    Ansible-ansible-grafana.zip

    此外,Ansible的模板(Jinja2)功能允许我们根据变量动态生成配置文件,确保配置的一致性和可扩展性。 6. **Inventory管理**:Ansible的Inventory是定义目标主机及其分组的地方,它可以是一个文本文件或动态生成。...

    Ansible-2.9.27离线安装包

    默认通过SSH协议(也可使用其它协议)进行远程命令执行或下发配置,无需部署任何客户端代理软件(agentless)在被管控主机上,并可同时支持多台主机并行管理。Ansible是基于模块工作的,本身没有批量部署的能力,...

    Ansible学习笔记.pdf

    可以通过在`/etc/ansible/hosts`中创建不同段落(用方括号包围)来表示主机组,例如: ``` [node1] 192.168.200.129 ``` 5. **Ansible配置文件** Ansible的配置文件通常位于`/etc/ansible/ansible.cfg`,用于...

    Ansible-ansible-role-airflow.zip

    这些模板可以灵活地根据不同的环境进行定制。 5. **处理程序**:`handlers`目录中的文件定义了当某些事件发生时应执行的任务,比如当Airflow服务需要重启时的处理程序。 6. **依赖管理和版本控制**:如果项目中...

    内网ctyunos主机通过pip部署ansible具体部署文档可私信

    * 内核版本为ctyunos,导致寻常通过可连接外网的centos主机制作的离线ansible.tar.gz在ctyunos内核主机中无法使用(依赖环境差别过大) 解决方案: 在本地通过VMware+ctyunos镜像部署一台ctyunos内核的虚拟机,在...

Global site tag (gtag.js) - Google Analytics