Ansibleキーツール：コマンド

Question

を見つけていない私は単にリモートホスト上でコマンドを実行するタスクを開発：

- name: generate ssl 
    shell: ./example.sh 
    args: 
    chdir: /tmp/example-pki-scripts 

example.shファイルが順番にいくつかのスクリプトを実行します。https://github.com/floragunncom/search-guard-ssl/tree/master/example-pki-scripts

を、私はこれを展開するときリモートホスト上のタスク次のエラーが表示されます

fatal: [efk1]: FAILED! => { 
    "changed": true, 
    "cmd": "./example.sh", 
    "delta": "0:00:00.213500", 
    "end": "2017-01-20 12:02:10.703895", 
    "failed": true, 
    "invocation": { 
     "module_args": { 
      "_raw_params": "./example.sh", 
      "_uses_shell": true, 
      "chdir": "/tmp/example-pki-scripts", 
      "creates": null, 
      "executable": null, 
      "removes": null, 
      "warn": true 
     }, 
     "module_name": "command" 
    }, 
    "rc": 127, 
    "start": "2017-01-20 12:02:10.490395", 
    "stderr": "Generating a 2048 bit RSA private key\n.+++\n.......+++\nwriting new private key to 'ca/root-ca/private/root-ca.key'\n-----\nUsing configuration from etc/root-ca.conf\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n  Serial Number: 1 (0x1)\n  Validity\n   Not Before: Jan 20 11:02:10 2017 GMT\n   Not After : Jan 20 11:02:10 2027 GMT\n  Subject:\n   domainComponent   = com\n   domainComponent   = example\n   organizationName   = Example Com Inc.\n   organizationalUnitName = Example Com Inc. Root CA\n   commonName    = Example Com Inc. Root CA\n  X509v3 extensions:\n   X509v3 Key Usage: critical\n    Certificate Sign, CRL Sign\n   X509v3 Basic Constraints: critical\n    CA:TRUE\n   X509v3 Subject Key Identifier: \n    EB:DC:70:FA:90:59:4A:C3:09:E3:73:80:92:E0:EE:70:9A:77:48:62\n   X509v3 Authority Key Identifier: \n    keyid:EB:DC:70:FA:90:59:4A:C3:09:E3:73:80:92:E0:EE:70:9A:77:48:62\n\nCertificate is to be certified until Jan 20 11:02:10 2027 GMT (3652 days)\n\nWrite out database with 1 new entries\nData Base Updated\nGenerating a 2048 bit RSA private key\n..............................................................................+++\n......................+++\nwriting new private key to 'ca/signing-ca/private/signing-ca.key'\n-----\nUsing configuration from etc/root-ca.conf\nCheck that the request matches the signature\nSignature ok\nCertificate Details:\n  Serial Number: 2 (0x2)\n  Validity\n   Not Before: Jan 20 11:02:10 2017 GMT\n   Not After : Jan 20 11:02:10 2027 GMT\n  Subject:\n   domainComponent   = com\n   domainComponent   = example\n   organizationName   = Example Com Inc.\n   organizationalUnitName = Example Com Inc. Signing CA\n   commonName    = Example Com Inc. Signing CA\n  X509v3 extensions:\n   X509v3 Key Usage: critical\n    Certificate Sign, CRL Sign\n   X509v3 Basic Constraints: critical\n    CA:TRUE, pathlen:0\n   X509v3 Subject Key Identifier: \n    19:19:0A:28:78:33:A8:04:A9:5F:62:81:CA:3D:9F:8A:1F:97:00:6F\n   X509v3 Authority Key Identifier: \n    keyid:EB:DC:70:FA:90:59:4A:C3:09:E3:73:80:92:E0:EE:70:9A:77:48:62\n\nCertificate is to be certified until Jan 20 11:02:10 2027 GMT (3652 days)\n\nWrite out database with 1 new entries\nData Base Updated\n./gen_root_ca.sh: line 72: keytool: command not found", 
    "stdout": "Root CA generated\nSigning CA generated", 
    "stdout_lines": [ 
     "Root CA generated", 
     "Signing CA generated" 
    ], 
    "warnings": [] 
} 

あなたは問題がライン72であることがわかりCAMようにします。keytool：コマンドが見つかりませんが、私は同じスクリプトを実行しexample.shローカルマシン上で問題なくsslキーを生成します。

ansible stucks正確なラインは次のとおりです。

cat ca/root-ca.pem | keytool \ 
    -import \ 
    -v \ 
    -keystore truststore.jks \ 
    -storepass $TS_PASS \ 
    -noprompt -alias root-ca-chain 

Answer 1

は、スクリプトの中でkeytool実行ファイルへのフルパスを使用してください。

非対話型の非ログインシェルセッションとシェルを使用すると、対話/ログインセッションと同じrcファイルが生成されないため、PATHの値が異なります。

その他の解決方法には、environmentの相殺で手動でPATHを指定するか、bashの呼び出しでコマンドをラップします。