2017-02-13 110 views
1

我開發了一個任務,簡單地遠程主機上執行命令:Ansible密鑰工具:找不到命令

- name: generate ssl 
    shell: ./example.sh 
    args: 
    chdir: /tmp/example-pki-scripts 

的example.sh文件,以執行一些腳本:https://github.com/floragunncom/search-guard-ssl/tree/master/example-pki-scripts

然後當我部署此在遠程主機上的任務出現以下錯誤:

fatal: [efk1]: FAILED! => { 
    "changed": true, 
    "cmd": "./example.sh", 
    "delta": "0:00:00.213500", 
    "end": "2017-01-20 12:02:10.703895", 
    "failed": true, 
    "invocation": { 
     "module_args": { 
      "_raw_params": "./example.sh", 
      "_uses_shell": true, 
      "chdir": "/tmp/example-pki-scripts", 
      "creates": null, 
      "executable": null, 
      "removes": null, 
      "warn": true 
     }, 
     "module_name": "command" 
    }, 
    "rc": 127, 
    "start": "2017-01-20 12:02:10.490395", 
    "stderr": "Generating a 2048 bit RSA private key\n.+++\n.......+++\nwriting new private key to 'ca/root-ca/private/root-ca.key'\n-----\nUsing configuration from etc/root-ca.conf\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n  Serial Number: 1 (0x1)\n  Validity\n   Not Before: Jan 20 11:02:10 2017 GMT\n   Not After : Jan 20 11:02:10 2027 GMT\n  Subject:\n   domainComponent   = com\n   domainComponent   = example\n   organizationName   = Example Com Inc.\n   organizationalUnitName = Example Com Inc. Root CA\n   commonName    = Example Com Inc. Root CA\n  X509v3 extensions:\n   X509v3 Key Usage: critical\n    Certificate Sign, CRL Sign\n   X509v3 Basic Constraints: critical\n    CA:TRUE\n   X509v3 Subject Key Identifier: \n    EB:DC:70:FA:90:59:4A:C3:09:E3:73:80:92:E0:EE:70:9A:77:48:62\n   X509v3 Authority Key Identifier: \n    keyid:EB:DC:70:FA:90:59:4A:C3:09:E3:73:80:92:E0:EE:70:9A:77:48:62\n\nCertificate is to be certified until Jan 20 11:02:10 2027 GMT (3652 days)\n\nWrite out database with 1 new entries\nData Base Updated\nGenerating a 2048 bit RSA private key\n..............................................................................+++\n......................+++\nwriting new private key to 'ca/signing-ca/private/signing-ca.key'\n-----\nUsing configuration from etc/root-ca.conf\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n  Serial Number: 2 (0x2)\n  Validity\n   Not Before: Jan 20 11:02:10 2017 GMT\n   Not After : Jan 20 11:02:10 2027 GMT\n  Subject:\n   domainComponent   = com\n   domainComponent   = example\n   organizationName   = Example Com Inc.\n   organizationalUnitName = Example Com Inc. Signing CA\n   commonName    = Example Com Inc. Signing CA\n  X509v3 extensions:\n   X509v3 Key Usage: critical\n    Certificate Sign, CRL Sign\n   X509v3 Basic Constraints: critical\n    CA:TRUE, pathlen:0\n   X509v3 Subject Key Identifier: \n    19:19:0A:28:78:33:A8:04:A9:5F:62:81:CA:3D:9F:8A:1F:97:00:6F\n   X509v3 Authority Key Identifier: \n    keyid:EB:DC:70:FA:90:59:4A:C3:09:E3:73:80:92:E0:EE:70:9A:77:48:62\n\nCertificate is to be certified until Jan 20 11:02:10 2027 GMT (3652 days)\n\nWrite out database with 1 new entries\nData Base Updated\n./gen_root_ca.sh: line 72: keytool: command not found", 
    "stdout": "Root CA generated\nSigning CA generated", 
    "stdout_lines": [ 
     "Root CA generated", 
     "Signing CA generated" 
    ], 
    "warnings": [] 
} 

所以你看到凸輪的問題是行72:密鑰工具:找不到命令,但是當我執行相同的腳本example.sh在本地機器上它生成沒有問題的ssl密鑰。

確切行,其中ansible stucks是:

cat ca/root-ca.pem | keytool \ 
    -import \ 
    -v \ 
    -keystore truststore.jks \ 
    -storepass $TS_PASS \ 
    -noprompt -alias root-ca-chain 

回答

4

使用腳本中keytool可執行文件的完整路徑。

Ansible使用非交互式非登錄shell會話,並且shell不會獲得與交互/登錄會話相同的rc文件,因此PATH的值有所不同。

其他解決方案包括:在environment分割中手動指定PATH,或將命令封裝到bash的調用中。