- 浏览: 462495 次
- 性别:
- 来自: 广州
文章分类
- 全部博客 (369)
- javascript html (20)
- java (31)
- jquery (15)
- jcrop (0)
- JEECG (1)
- ajax (3)
- 反射 (3)
- VI (1)
- mysql (48)
- easyui (1)
- svn (2)
- MD5 加密 (1)
- spring (14)
- ORACLE (8)
- 经验总结 (1)
- TCP/IP协议 (1)
- ICMP协议 (1)
- eclipse (1)
- Reflect (1)
- linux (21)
- android (5)
- excel 操作 (1)
- java tree (1)
- html (1)
- plupload (1)
- mongodb (9)
- aes (1)
- python (1)
- java relax (1)
- highcharts (2)
- json (2)
- java 多线程 (30)
- maven (2)
- 设计模式 (1)
- jsp+js (2)
- 面向对象 (1)
- jvm (16)
- 缓存 (1)
- proxy (1)
- 聊侃 (1)
- 面经 (1)
- java 字节 (1)
- java 类加载器 (2)
- java 基础 (2)
- java 语法糖 (1)
- java 位运算 (1)
- 排序 (3)
- java 服务器性能优化 (19)
- 网络编程 (2)
- jvm 参数设置 (0)
- jersey (1)
- webservice (2)
- nginx+多tomcat 集成 (5)
- nginx (16)
- squid (3)
- memcached (5)
- 正则表达式 (1)
- 常用免费接口 (1)
- jpa (1)
- win7 (1)
- java处理大文件 (1)
- js正则表达式 (1)
- tomcat (1)
- java 敏感字 (1)
- 系统架构优化 (4)
- 学习 (1)
- 本地测试QQ微博第三方登陆 (1)
- java 错误 (1)
- 微信支付 (1)
- https (1)
- httpclient (1)
- awk (2)
- loadrunner (1)
- sql server 2008 (3)
- git (4)
- sql server2008 (1)
- solr (2)
- centos (1)
- 数据存储架构 (3)
- log4j (1)
- weboffice (1)
- 并发编程 (1)
- postgreSQL (0)
- ssl (1)
- openssl (1)
- activeMQ (2)
- IDEA (1)
- shell (1)
- ansible (4)
- docker (2)
- grafana (1)
- jmeter (1)
- TLS (1)
- 将博客搬至CSDN (1)
最新评论
-
dida1990:
啊喔,过去了这么久,不过还是评一个。谁说uuid的hashCo ...
高并发生成订单号(二) -
annan211:
yclovesun 写道使用了uuid,为什么还要machin ...
高并发生成订单号(二) -
yclovesun:
使用了uuid,为什么还要machineId?uuid已经可以 ...
高并发生成订单号(二) -
u013280917:
太深奥,看不懂
mysql优化特定类型的查询
Ansible 根据主机的不同,有时候需要处理不同的场景,例如存在如下场景,配置多台VM的Compoment 不同的 TLS证书和Password。
inventory 文件
configure.yml 文件
vars 变量文件
common/connector-mqtt-tls-enable.yml
common/connector-http-tls-enable.yml
Result
第二种方式
inventory 文件
vars 变量文件
configure.yml文件
common/connector-mqtt-tls-enable.yml
common/connector-http-tls-enable.yml
结果是一样的
inventory 文件
[dispatcher-connector] 192.168.99.17 192.168.99.5 [dispatcher-manager] 192.168.99.17 [dispatcher-tools] 192.168.99.17
configure.yml 文件
--- - name: tls enable for connector hosts: dispatcher-connector vars_files: - ./vars/dispatcher.yml vars: certs_store_path: "{{ connector_certs_dir }}" configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-connector/conf/connector.properties" become: yes become_user: root tasks: - debug: var=hostvars[inventory_hostname]['ansible_default_ipv4']['address'] - debug: var=connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.keystore.location'] - debug: var={{connector_mqtt_key_store_password_base64[inventory_hostname]}} - name: add mqtt configure tls config include: "{{ playbook_dir }}/common/connector-mqtt-tls-enable.yml" when: connector_mqtt_tls_enable - name: add http configure tls config include: "{{ playbook_dir }}/common/connector-http-tls-enable.yml" when: connector_http_tls_enable tags: dispatcher-connector
vars 变量文件
############################## Dispatcher Installation Basic Info ############### latest_version: 4.1.1 origin_version: 4.1.1 dispatcher_installation_home: /opt/ddi/dispatcher dispatcher_user_name: dispatcher dispatcher_group_name: dispatcher dispatcher_user_home: /home/dispatcher dispatcher_connector_http_host: "{{ groups['dispatcher-connector'][0] }}" ############################## Dispatcher EP Installation Info ################# connector_ep_list: manager_ep_list: connector_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/lib" manager_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/webapps/WEB-INF/lib" certs_from_path: "{{ playbook_dir }}/files" connector_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/conf/certs" manager_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/conf/certs" tools_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-tools/cli/conf/certs" ############################## tls setting for dispatcher ###################### connector_mqtt_tls_enable: true connector_mqtt: 192.168.99.17: key_store_password_base64: MTEyMjMz key_manager_password_base64: MTEyMjMz trust_store_password_base64: Y2hhbmdlaXQ= ssl.keystore.location: "/opt/connector-mqtt.server.keystore.jks" ssl.truststore.location: "/opt/connector-mqtt.server.truststore.jks" 192.168.99.5: key_store_password_base64: MTEyMjMz key_manager_password_base64: MTEyMjMz trust_store_password_base64: Y2hhbmdlaXQ= ssl.keystore.location: "/opt/connector-mqtt.server.keystore.jks" ssl.truststore.location: "/opt/connector-mqtt.server.truststore.jks" connector_http_tls_enable: true connector_http: 192.168.99.17: key_store_password_base64: MTEyMjMz key_manager_password_base64: MTEyMjMz trust_store_password_base64: Y2hhbmdlaXQ= ssl.keystore.location: "{{ playbook_dir }}/files/192.168.99.17/connector-mqtt.server.keystore.jks" ssl.truststore.location: "{{ playbook_dir }}/files/192.168.99.17/connector-mqtt.server.truststore.jks" 192.168.99.5: key_store_password_base64: MTEyMjMz key_manager_password_base64: MTEyMjMz trust_store_password_base64: Y2hhbmdlaXQ= ssl.keystore.location: "{{ playbook_dir }}/files/192.168.99.5/connector-mqtt.server.keystore.jks" ssl.truststore.location: "{{ playbook_dir }}/files/192.168.99.5/connector-mqtt.server.truststore.jks" #connector_mqtt_key_store_password_base64: MTEyMjMz #connector_mqtt_key_manager_password_base64: MTEyMjMz #connector_mqtt_trust_store_password_base64: Y2hhbmdlaXQ= #connector_http_key_store_password_base64: MTEyMjMz #connector_http_key_manager_password_base64: MTEyMjMz #connector_http_trust_store_password_base64: Y2hhbmdlaXQ= connectivity_https_port: 8443 monitor_https_port: 8444 connectivity_http_port: 8080 monitor_http_port: 8161
common/connector-mqtt-tls-enable.yml
--- - name: create certs store directory file: path: "{{ certs_store_path }}" owner: dispatcher group: dispatcher state: directory - name: copy dispatcher-connector keystore certs copy: src: "{{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.keystore.location'] }}" dest: "{{ certs_store_path }}/connector-mqtt.server.keystore.jks" mode: 0644 - name: copy dispatcher-connector truststore certs copy: src: "{{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.truststore.location'] }}" dest: "{{ certs_store_path }}/connector-mqtt.server.truststore.jks" mode: 0644 - name: modify connector keystore path if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+' line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks' backrefs: yes backup: yes state: present - name: add connector keystore path if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+' line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks' insertafter: '^mqtt.authentication.certificate.deviceId.key' state: present - name: modify connector keystore password if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+' line: "mqtt.ssl.key.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}" backrefs: yes backup: yes state: present - name: add connector keystore password if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+' line: "mqtt.ssl.key.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}" insertafter: '^mqtt.ssl.key.store.path' state: present - name: modify connector key manager password if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+' line: "mqtt.ssl.key.manager.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}" backrefs: yes backup: yes state: present - name: add connector keystore password if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+' line: "mqtt.ssl.key.manager.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}" insertafter: '^mqtt.ssl.key.store.password' state: present - name: modify connector truststore path if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+' line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks' backrefs: yes backup: yes state: present - name: add connector truststore path if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+' line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks' insertafter: '^mqtt.ssl.key.manager.password' state: present - name: modify connector truststore password if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+' line: "mqtt.ssl.trust.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}" backrefs: yes backup: yes state: present - name: add connector truststore password if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+' line: "mqtt.ssl.trust.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}" insertafter: '^mqtt.ssl.trust.store.path' state: present
common/connector-http-tls-enable.yml
--- - name: create certs store directory file: path: "{{ certs_store_path }}" owner: dispatcher group: dispatcher state: directory - name: copy dispatcher-connector keystore certs copy: src: "{{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.keystore.location'] }}" dest: "{{ certs_store_path }}/connector-http.server.keystore.jks" mode: 0644 - name: copy dispatcher-connector truststore certs copy: src: "{{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.truststore.location'] }}" dest: "{{ certs_store_path }}/connector-http.server.truststore.jks" mode: 0644 - name: modify connector keystore path if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.store.path=\s*/?\w+' line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks' backrefs: yes backup: yes state: present - name: add connector keystore path if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.store.path=\s*/?\w+' line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks' insertafter: '^mqtt.ssl.trust.store.password' state: present - name: modify connector keystore password if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.store.password=\s*/?\w+' line: "http.ssl.key.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}" backrefs: yes backup: yes state: present - name: add connector keystore password for http if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.store.password=\s*/?\w+' line: "http.ssl.key.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}" insertafter: '^http.ssl.key.store.path' state: present - name: modify connector key manager password for http if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+' line: "http.ssl.key.manager.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}" backrefs: yes backup: yes state: present - name: add connector key manager password for http if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+' line: "http.ssl.key.manager.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}" insertafter: '^http.ssl.key.store.password' state: present - name: modify connector truststore path for http if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+' line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks' backrefs: yes backup: yes state: present - name: add connector truststore path for http if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+' line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks' insertafter: '^http.ssl.key.manager.password' state: present - name: modify connector truststore password for http if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+' line: "http.ssl.trust.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}" backrefs: yes backup: yes state: present - name: add connector truststore password for http if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+' line: "http.ssl.trust.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}" insertafter: '^http.ssl.trust.store.path' state: present
Result
第二种方式
inventory 文件
[dispatcher-connector] 192.168.99.17 192.168.99.5 [dispatcher-manager] 192.168.99.17 [dispatcher-tools] 192.168.99.17
vars 变量文件
--- ############################## Dispatcher Installation Basic Info ############### latest_version: 4.1.1 origin_version: 4.1.1 dispatcher_installation_home: /opt/ddi/dispatcher dispatcher_user_name: dispatcher dispatcher_group_name: dispatcher dispatcher_user_home: /home/dispatcher dispatcher_connector_http_host: "{{ groups['dispatcher-connector'][0] }}" ############################## Dispatcher EP Installation Info ################# connector_ep_list: manager_ep_list: connector_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/lib" manager_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/webapps/WEB-INF/lib" certs_from_path: "{{ playbook_dir }}/files" connector_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/conf/certs" manager_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/conf/certs" tools_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-tools/cli/conf/certs" ############################## tls setting for dispatcher ###################### connector_mqtt_tls_enable: true connector_http_tls_enable: true connector_mqtt_key_store_password_base64: host1: MTEyMjMz1 host2: MTEyMjMz2 connector_mqtt_key_manager_password_base64: host1: MTEyMjMz1 host2: MTEyMjMz2 connector_mqtt_trust_store_password_base64: host1: Y2hhbmdlaXQ=1 host2: Y2hhbmdlaXQ=2 connector_mqtt_ssl_keystore_location: host1: /opt/ssl/connector-mqtt.server.keystore1.jks host2: /opt/ssl/connector-mqtt.server.keystore2.jks connector_mqtt_ssl_truststore_location: host1: /opt/ssl/connector-mqtt.server.truststore1.jks host2: /opt/ssl/connector-mqtt.server.truststore2.jks connector_http_key_store_password_base64: host1: MTEyMjMz1 host2: MTEyMjMz2 connector_http_key_manager_password_base64: host1: MTEyMjMz1 host2: MTEyMjMz2 connector_http_trust_store_password_base64: host1: Y2hhbmdlaXQ=1 host2: Y2hhbmdlaXQ=2 connector_http_ssl_keystore_location: host1: /opt/ssl/connector-http.server.keystore1.jks host2: /opt/ssl/connector-http.server.keystore2.jks connector_http_ssl_truststore_location: host1: /opt/ssl/connector-http.server.truststore1.jks host2: /opt/ssl/connector-http.server.truststore2.jks
configure.yml文件
--- - name: tls enable for connector hosts: dispatcher-connector vars_files: - ./vars/dispatcher.yml vars: certs_store_path: "{{ connector_certs_dir }}" configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-connector/conf/connector.properties" become: yes become_user: root tasks: - name: add kafka tls config include: "{{ playbook_dir }}/common/kafka-tls-enable.yml" when: kafka_tls_enable - name: add cassandra tls config include: "{{ playbook_dir }}/common/cassandra-tls-enable.yml" when: cassandra_tls_enable - name: add mqtt configure tls config include: "{{ playbook_dir }}/common/connector-mqtt-tls-enable.yml" when: connector_mqtt_tls_enable - name: add http configure tls config include: "{{ playbook_dir }}/common/connector-http-tls-enable.yml" when: connector_http_tls_enable tags: dispatcher-connector - name: tls enable for manager hosts: dispatcher-manager vars_files: - ./vars/dispatcher.yml vars: certs_store_path: "{{ manager_certs_dir }}" configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-manager/conf/manager.properties" become: yes become_user: root tasks: - name: add kafka tls config include: "{{ playbook_dir }}/common/kafka-tls-enable.yml" when: kafka_tls_enable - name: add cassandra tls config include: "{{ playbook_dir }}/common/cassandra-tls-enable.yml" when: cassandra_tls_enable tags: dispatcher-manager - name: tls enable for tools hosts: dispatcher-tools vars_files: - ./vars/dispatcher.yml vars: certs_store_path: "{{ tools_certs_dir }}" configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-tools/cli/conf/cli.conf" become: yes become_user: root tasks: - name: add cassandra tls config include: "{{ playbook_dir }}/common/cassandra-tls-enable.yml" when: cassandra_tls_enable tags: dispatcher-tools
common/connector-mqtt-tls-enable.yml
--- - name: create certs store directory file: path: "{{ certs_store_path }}" owner: dispatcher group: dispatcher state: directory - name: copy dispatcher-connector keystore certs copy: src: "{{ connector_mqtt_ssl_keystore_location[inventory_hostname] }}" dest: "{{ certs_store_path }}/connector-mqtt.server.keystore.jks" mode: 0644 - name: copy dispatcher-connector truststore certs copy: src: "{{ connector_mqtt_ssl_truststore_location[inventory_hostname] }}" dest: "{{ certs_store_path }}/connector-mqtt.server.truststore.jks" mode: 0644 - name: modify connector keystore path if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+' line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks' backrefs: yes backup: yes state: present - name: add connector keystore path if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+' line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks' insertafter: '^mqtt.authentication.certificate.deviceId.key' state: present - name: modify connector keystore password if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+' line: "mqtt.ssl.key.store.password={{ connector_mqtt_key_store_password_base64[inventory_hostname] }}" backrefs: yes backup: yes state: present - name: add connector keystore password if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+' line: "mqtt.ssl.key.store.password={{ connector_mqtt_key_store_password_base64[inventory_hostname] }}" insertafter: '^mqtt.ssl.key.store.path' state: present - name: modify connector key manager password if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+' line: "mqtt.ssl.key.manager.password={{ connector_mqtt_key_manager_password_base64[inventory_hostname] }}" backrefs: yes backup: yes state: present - name: add connector key manager password if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+' line: "mqtt.ssl.key.manager.password={{ connector_mqtt_key_manager_password_base64[inventory_hostname] }}" insertafter: '^mqtt.ssl.key.store.password' state: present - name: modify connector truststore path if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+' line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks' backrefs: yes backup: yes state: present - name: add connector truststore path if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+' line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks' insertafter: '^mqtt.ssl.key.manager.password' state: present - name: modify connector truststore password if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+' line: "mqtt.ssl.trust.store.password={{ connector_mqtt_trust_store_password_base64[inventory_hostname] }}" backrefs: yes backup: yes state: present - name: add connector truststore password if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+' line: "mqtt.ssl.trust.store.password={{ connector_mqtt_trust_store_password_base64[inventory_hostname] }}" insertafter: '^mqtt.ssl.trust.store.path' state: present
common/connector-http-tls-enable.yml
--- - name: create certs store directory file: path: "{{ certs_store_path }}" owner: dispatcher group: dispatcher state: directory - name: copy dispatcher-connector keystore certs copy: src: "{{ connector_http_ssl_keystore_location[inventory_hostname] }}" dest: "{{ certs_store_path }}/connector-http.server.keystore.jks" mode: 0644 - name: copy dispatcher-connector truststore certs copy: src: "{{ connector_http_ssl_truststore_location[inventory_hostname] }}" dest: "{{ certs_store_path }}/connector-http.server.truststore.jks" mode: 0644 - name: modify connector keystore path if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.store.path=\s*/?\w+' line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks' backrefs: yes backup: yes state: present - name: add connector keystore path if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.store.path=\s*/?\w+' line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks' insertafter: '^mqtt.ssl.trust.store.password' state: present - name: modify connector keystore password if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.store.password=\s*/?\w+' line: "http.ssl.key.store.password={{ connector_http_key_store_password_base64[inventory_hostname] }}" backrefs: yes backup: yes state: present - name: add connector keystore password for http if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.store.password=\s*/?\w+' line: "http.ssl.key.store.password={{ connector_http_key_store_password_base64[inventory_hostname] }}" insertafter: '^http.ssl.key.store.path' state: present - name: modify connector key manager password for http if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+' line: "http.ssl.key.manager.password={{ connector_http_key_manager_password_base64[inventory_hostname] }}" backrefs: yes backup: yes state: present - name: add connector key manager password for http if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+' line: "http.ssl.key.manager.password={{ connector_http_key_manager_password_base64[inventory_hostname] }}" insertafter: '^http.ssl.key.store.password' state: present - name: modify connector truststore path for http if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+' line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks' backrefs: yes backup: yes state: present - name: add connector truststore path for http if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+' line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks' insertafter: '^http.ssl.key.manager.password' state: present - name: modify connector truststore password for http if exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+' line: "http.ssl.trust.store.password={{ connector_http_trust_store_password_base64[inventory_hostname] }}" backrefs: yes backup: yes state: present - name: add connector truststore password for http if not exists lineinfile: path: "{{ configure_file }}" regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+' line: "http.ssl.trust.store.password={{ connector_http_trust_store_password_base64[inventory_hostname] }}" insertafter: '^http.ssl.trust.store.path' state: present
结果是一样的
相关推荐
Ansible 主机: 10.4.0.57 Mysql Master: 10.4.0.17 Mysql Slave: 10.4.0.22 所有操作都在Ansible主机上进行 执行步骤: 1. 安装ansible 2.9 pip install ansible==2.9 2. 配置 Ansible到Master和Slave主机免密...
本文实例讲述了Python自动化运维之Ansible定义主机与组规则操作。分享给大家供大家参考,具体如下: 一 点睛 Ansible通过定义好的主机与组规则(Inventory)对匹配的目标主机进行远程操作,配置规则文件默认是/etc/...
* 无需安装 agent,与 Chef 和 Puppet 不同,Ansible 是无代理的,这意味着你不必担心在受控节点上安装或配置任何包 * 使用 SSH 进行通信,Ansible 默认使用 SSH 协议在控制节点和受控节点之间进行通信 * 并行执行...
Inventory 是 Ansible 中用于定义目标主机列表的文件,可以是静态的文本文件,也可以是动态的,从其他数据源(如数据库或 EC2 API)获取。它可以指定主机的分组,以及附加的变量,这些变量可以在 playbook 中引用。 ...
6. **Dynamic Inventory**: 动态库存允许 Ansible 根据需要动态地发现和管理主机。这在大规模部署中非常有用,因为你可以基于部署事实动态地调整目标主机列表。 7. **Modules and Plugins**: Ansible 有大量内置...
6. **Ansible执行流程**:在实际操作中,我们将运行`ansible-playbook`命令来执行这个playbook,Ansible会自动处理依赖关系并按照正确的顺序执行任务。 7. **安全考虑**:配置SFTP服务器时,应特别关注安全问题,如...
Ansible:Ansible错误处理与调试.docx
8. **最佳实践**:可能包含使用Ansible在WSL中进行自动化的一些最佳实践和注意事项,例如权限管理、日志记录和错误处理。 总结来说,"Ansible-Ansible-WSL.zip"是一个关于在WSL环境下利用Ansible进行自动化管理的...
4. **添加主机和服务**:通过 Ansible 的 `icinga2` 模块,可以方便地动态添加或更新被监控的主机和服务。 5. **设置用户和权限**:管理 Icinga2 Web2 用户和权限,确保只有授权的用户可以访问监控数据。 6. **集成...
Ansible 的核心思想是基于 agentless 的架构,不需要在被管理的主机上安装任何软件或 agent,从而降低了系统的复杂度和安全风险。 一、Ansible 基础篇 1.Ansible 命令介绍 Ansible 提供了多种命令来实现自动化...
1. **Ansible Playbooks**:Playbooks是Ansible的核心,它们定义了如何对目标主机进行操作。在这个项目中,可能有一个或多个playbook,用于安装etcd,配置集群成员,以及设置安全性和持久化策略。 2. **Ansible ...
Ansible可以通过不同的方式来安装。第一种是源码安装,通过Git从GitHub上克隆Ansible的源代码,然后使用Python的easy_install和pip工具来安装所需的Python包。安装过程中如果遇到依赖问题,比如缺少Python.h头文件,...
5. **inventory**:Ansible的主机清单,列出要处理的主机和它们的分组。 6. **scripts**:可能包含辅助脚本,用于辅助CMDB的生成过程。 使用这个工具,运维人员可以执行以下操作: - 自动化收集远程主机的信息,...
1. **主机清单**:这是 Ansible 中一个非常重要的概念,它是一个文本文件,列出需要管理的服务器列表,可以是静态的也可以是动态的,允许你按组组织主机,便于批量操作。 2. **模块**:Ansible 模块是预定义的代码...
Ansible的核心概念包括主机清单、模块和playbooks,其中playbooks是用YAML语言编写的,用于定义自动化流程。 接下来,我们关注Fluentd。Fluentd是一个数据收集器,设计用于统一日志管理和分析。它的主要功能包括从...
此外,Ansible的模板(Jinja2)功能允许我们根据变量动态生成配置文件,确保配置的一致性和可扩展性。 6. **Inventory管理**:Ansible的Inventory是定义目标主机及其分组的地方,它可以是一个文本文件或动态生成。...
默认通过SSH协议(也可使用其它协议)进行远程命令执行或下发配置,无需部署任何客户端代理软件(agentless)在被管控主机上,并可同时支持多台主机并行管理。Ansible是基于模块工作的,本身没有批量部署的能力,...
可以通过在`/etc/ansible/hosts`中创建不同段落(用方括号包围)来表示主机组,例如: ``` [node1] 192.168.200.129 ``` 5. **Ansible配置文件** Ansible的配置文件通常位于`/etc/ansible/ansible.cfg`,用于...
这些模板可以灵活地根据不同的环境进行定制。 5. **处理程序**:`handlers`目录中的文件定义了当某些事件发生时应执行的任务,比如当Airflow服务需要重启时的处理程序。 6. **依赖管理和版本控制**:如果项目中...
* 内核版本为ctyunos,导致寻常通过可连接外网的centos主机制作的离线ansible.tar.gz在ctyunos内核主机中无法使用(依赖环境差别过大) 解决方案: 在本地通过VMware+ctyunos镜像部署一台ctyunos内核的虚拟机,在...