欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

ansible 根据主机处理不同case 博客分类: ansible  

程序员文章站 2024-03-19 20:09:52
...
Ansible 根据主机的不同,有时候需要处理不同的场景,例如存在如下场景,配置多台VM的Compoment 不同的 TLS证书和Password。

inventory 文件

[dispatcher-connector]
192.168.99.17
192.168.99.5

[dispatcher-manager]
192.168.99.17

[dispatcher-tools]
192.168.99.17



configure.yml 文件
---
- name: tls enable for connector
  hosts: dispatcher-connector
  vars_files:
    - ./vars/dispatcher.yml
  vars:
    certs_store_path: "{{ connector_certs_dir }}"
    configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-connector/conf/connector.properties"
  become: yes
  become_user: root  
  tasks:        
    - debug: var=hostvars[inventory_hostname]['ansible_default_ipv4']['address']   
    - debug: var=connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.keystore.location']
    - debug: var={{connector_mqtt_key_store_password_base64[inventory_hostname]}}              
    
    - name: add mqtt configure tls config
      include: "{{ playbook_dir }}/common/connector-mqtt-tls-enable.yml"
      when: connector_mqtt_tls_enable

    - name: add http configure tls config
      include: "{{ playbook_dir }}/common/connector-http-tls-enable.yml"
      when: connector_http_tls_enable
  tags: dispatcher-connector




vars 变量文件
############################## Dispatcher Installation Basic Info ###############
latest_version: 4.1.1
origin_version: 4.1.1
dispatcher_installation_home: /opt/ddi/dispatcher
dispatcher_user_name: dispatcher
dispatcher_group_name: dispatcher
dispatcher_user_home: /home/dispatcher
dispatcher_connector_http_host: "{{ groups['dispatcher-connector'][0] }}"

############################## Dispatcher EP Installation Info #################
connector_ep_list:
manager_ep_list:
connector_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/lib"
manager_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/webapps/WEB-INF/lib"

certs_from_path: "{{ playbook_dir }}/files"
connector_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/conf/certs"
manager_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/conf/certs"
tools_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-tools/cli/conf/certs"


############################## tls setting for dispatcher ######################
connector_mqtt_tls_enable: true

connector_mqtt:
  192.168.99.17:
    key_store_password_base64: MTEyMjMz
    key_manager_password_base64: MTEyMjMz
    trust_store_password_base64: Y2hhbmdlaXQ=
    ssl.keystore.location: "/opt/connector-mqtt.server.keystore.jks"
    ssl.truststore.location: "/opt/connector-mqtt.server.truststore.jks"
  192.168.99.5:
    key_store_password_base64: MTEyMjMz
    key_manager_password_base64: MTEyMjMz
    trust_store_password_base64: Y2hhbmdlaXQ=
    ssl.keystore.location: "/opt/connector-mqtt.server.keystore.jks"
    ssl.truststore.location: "/opt/connector-mqtt.server.truststore.jks"

connector_http_tls_enable: true

connector_http:
  192.168.99.17:
    key_store_password_base64: MTEyMjMz
    key_manager_password_base64: MTEyMjMz
    trust_store_password_base64: Y2hhbmdlaXQ=
    ssl.keystore.location: "{{ playbook_dir }}/files/192.168.99.17/connector-mqtt.server.keystore.jks"
    ssl.truststore.location: "{{ playbook_dir }}/files/192.168.99.17/connector-mqtt.server.truststore.jks"
  192.168.99.5:
    key_store_password_base64: MTEyMjMz
    key_manager_password_base64: MTEyMjMz
    trust_store_password_base64: Y2hhbmdlaXQ=
    ssl.keystore.location: "{{ playbook_dir }}/files/192.168.99.5/connector-mqtt.server.keystore.jks"
    ssl.truststore.location: "{{ playbook_dir }}/files/192.168.99.5/connector-mqtt.server.truststore.jks"

#connector_mqtt_key_store_password_base64: MTEyMjMz
#connector_mqtt_key_manager_password_base64: MTEyMjMz
#connector_mqtt_trust_store_password_base64: Y2hhbmdlaXQ=

#connector_http_key_store_password_base64: MTEyMjMz
#connector_http_key_manager_password_base64: MTEyMjMz
#connector_http_trust_store_password_base64: Y2hhbmdlaXQ=
connectivity_https_port: 8443
monitor_https_port: 8444
connectivity_http_port: 8080
monitor_http_port: 8161



common/connector-mqtt-tls-enable.yml

---
- name: create certs store directory
  file:
    path: "{{ certs_store_path }}"
    owner: dispatcher
    group: dispatcher
    state: directory

- name: copy dispatcher-connector keystore certs
  copy:
    src: "{{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.keystore.location'] }}"
    dest: "{{ certs_store_path }}/connector-mqtt.server.keystore.jks"
    mode: 0644

- name: copy dispatcher-connector truststore certs
  copy:
    src: "{{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.truststore.location'] }}"
    dest: "{{ certs_store_path }}/connector-mqtt.server.truststore.jks"
    mode: 0644

- name: modify connector keystore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+'
    line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+'
    line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks'
    insertafter: '^mqtt.authentication.certificate.deviceId.key'
    state: present

- name: modify connector keystore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+'
    line: "mqtt.ssl.key.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+'
    line: "mqtt.ssl.key.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}"
    insertafter: '^mqtt.ssl.key.store.path'
    state: present

- name: modify connector key manager password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+'
    line: "mqtt.ssl.key.manager.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+'
    line: "mqtt.ssl.key.manager.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}"
    insertafter: '^mqtt.ssl.key.store.password'
    state: present

- name: modify connector truststore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+'
    line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+'
    line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks'
    insertafter: '^mqtt.ssl.key.manager.password'
    state: present

- name: modify connector truststore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+'
    line: "mqtt.ssl.trust.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+'
    line: "mqtt.ssl.trust.store.password={{ connector_mqtt[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}"
    insertafter: '^mqtt.ssl.trust.store.path'
    state: present



common/connector-http-tls-enable.yml

---
- name: create certs store directory
  file:
    path: "{{ certs_store_path }}"
    owner: dispatcher
    group: dispatcher
    state: directory

- name: copy dispatcher-connector keystore certs
  copy:
    src: "{{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.keystore.location'] }}"
    dest: "{{ certs_store_path }}/connector-http.server.keystore.jks"
    mode: 0644

- name: copy dispatcher-connector truststore certs
  copy:
    src: "{{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['ssl.truststore.location'] }}"
    dest: "{{ certs_store_path }}/connector-http.server.truststore.jks"
    mode: 0644

- name: modify connector keystore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.path=\s*/?\w+'
    line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.path=\s*/?\w+'
    line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks'
    insertafter: '^mqtt.ssl.trust.store.password'
    state: present

- name: modify connector keystore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.password=\s*/?\w+'
    line: "http.ssl.key.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password  for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.password=\s*/?\w+'
    line: "http.ssl.key.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_store_password_base64'] }}"
    insertafter: '^http.ssl.key.store.path'
    state: present

- name: modify connector key manager password  for http if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+'
    line: "http.ssl.key.manager.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector key manager password  for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+'
    line: "http.ssl.key.manager.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['key_manager_password_base64'] }}"
    insertafter: '^http.ssl.key.store.password'
    state: present

- name: modify connector truststore path for http  if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+'
    line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore path for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+'
    line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks'
    insertafter: '^http.ssl.key.manager.password'
    state: present

- name: modify connector truststore password for http if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+'
    line: "http.ssl.trust.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore password for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+'
    line: "http.ssl.trust.store.password={{ connector_http[hostvars[inventory_hostname]['ansible_default_ipv4']['address']]['trust_store_password_base64'] }}"
    insertafter: '^http.ssl.trust.store.path'
    state: present


Result

ansible 根据主机处理不同case
            
    
    博客分类: ansible  


第二种方式

inventory 文件

[dispatcher-connector]
192.168.99.17
192.168.99.5

[dispatcher-manager]
192.168.99.17

[dispatcher-tools]
192.168.99.17




vars 变量文件
---

############################## Dispatcher Installation Basic Info ###############
latest_version: 4.1.1
origin_version: 4.1.1
dispatcher_installation_home: /opt/ddi/dispatcher
dispatcher_user_name: dispatcher
dispatcher_group_name: dispatcher
dispatcher_user_home: /home/dispatcher
dispatcher_connector_http_host: "{{ groups['dispatcher-connector'][0] }}"

############################## Dispatcher EP Installation Info #################
connector_ep_list:
manager_ep_list:
connector_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/lib"
manager_lib_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/webapps/WEB-INF/lib"

certs_from_path: "{{ playbook_dir }}/files"
connector_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-connector/conf/certs"
manager_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-manager/conf/certs"
tools_certs_dir: "{{ dispatcher_installation_home }}/dispatcher-{{ latest_version }}/dispatcher-tools/cli/conf/certs"


############################## tls setting for dispatcher ######################
connector_mqtt_tls_enable: true
connector_http_tls_enable: true

connector_mqtt_key_store_password_base64:
  host1: MTEyMjMz1
  host2: MTEyMjMz2

connector_mqtt_key_manager_password_base64:
  host1: MTEyMjMz1
  host2: MTEyMjMz2

connector_mqtt_trust_store_password_base64:
  host1: Y2hhbmdlaXQ=1
  host2: Y2hhbmdlaXQ=2

connector_mqtt_ssl_keystore_location:
  host1: /opt/ssl/connector-mqtt.server.keystore1.jks
  host2: /opt/ssl/connector-mqtt.server.keystore2.jks

connector_mqtt_ssl_truststore_location:
  host1: /opt/ssl/connector-mqtt.server.truststore1.jks
  host2: /opt/ssl/connector-mqtt.server.truststore2.jks

connector_http_key_store_password_base64:
  host1: MTEyMjMz1
  host2: MTEyMjMz2

connector_http_key_manager_password_base64:
  host1: MTEyMjMz1
  host2: MTEyMjMz2

connector_http_trust_store_password_base64:
  host1: Y2hhbmdlaXQ=1
  host2: Y2hhbmdlaXQ=2

connector_http_ssl_keystore_location:
  host1: /opt/ssl/connector-http.server.keystore1.jks
  host2: /opt/ssl/connector-http.server.keystore2.jks

connector_http_ssl_truststore_location:
  host1: /opt/ssl/connector-http.server.truststore1.jks
  host2: /opt/ssl/connector-http.server.truststore2.jks




configure.yml文件

---
- name: tls enable for connector
  hosts: dispatcher-connector
  vars_files:
    - ./vars/dispatcher.yml
  vars:
    certs_store_path: "{{ connector_certs_dir }}"
    configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-connector/conf/connector.properties"
  become: yes
  become_user: root
  tasks:
    - name: add kafka tls config
      include: "{{ playbook_dir }}/common/kafka-tls-enable.yml"
      when: kafka_tls_enable

    - name: add cassandra tls config
      include: "{{ playbook_dir }}/common/cassandra-tls-enable.yml"
      when: cassandra_tls_enable

    - name: add mqtt configure tls config
      include: "{{ playbook_dir }}/common/connector-mqtt-tls-enable.yml"
      when: connector_mqtt_tls_enable

    - name: add http configure tls config
      include: "{{ playbook_dir }}/common/connector-http-tls-enable.yml"
      when: connector_http_tls_enable

  tags: dispatcher-connector

- name: tls enable for manager
  hosts: dispatcher-manager
  vars_files:
    - ./vars/dispatcher.yml
  vars:
    certs_store_path: "{{ manager_certs_dir }}"
    configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-manager/conf/manager.properties"
  become: yes
  become_user: root
  tasks:
    - name: add kafka tls config
      include: "{{ playbook_dir }}/common/kafka-tls-enable.yml"
      when: kafka_tls_enable

    - name: add cassandra tls config
      include: "{{ playbook_dir }}/common/cassandra-tls-enable.yml"
      when: cassandra_tls_enable
  tags: dispatcher-manager

- name: tls enable for tools
  hosts: dispatcher-tools
  vars_files:
    - ./vars/dispatcher.yml
  vars:
    certs_store_path: "{{ tools_certs_dir }}"
    configure_file: "{{ dispatcher_installation_home }}/dispatcher/dispatcher-tools/cli/conf/cli.conf"
  become: yes
  become_user: root
  tasks:
    - name: add cassandra tls config
      include: "{{ playbook_dir }}/common/cassandra-tls-enable.yml"
      when: cassandra_tls_enable
  tags: dispatcher-tools




common/connector-mqtt-tls-enable.yml
---
- name: create certs store directory
  file:
    path: "{{ certs_store_path }}"
    owner: dispatcher
    group: dispatcher
    state: directory

- name: copy dispatcher-connector keystore certs
  copy:
    src: "{{ connector_mqtt_ssl_keystore_location[inventory_hostname] }}"
    dest: "{{ certs_store_path }}/connector-mqtt.server.keystore.jks"
    mode: 0644

- name: copy dispatcher-connector truststore certs
  copy:
    src: "{{ connector_mqtt_ssl_truststore_location[inventory_hostname] }}"
    dest: "{{ certs_store_path }}/connector-mqtt.server.truststore.jks"
    mode: 0644

- name: modify connector keystore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+'
    line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.path=\s*/?\w+'
    line: 'mqtt.ssl.key.store.path={{ certs_store_path }}/connector-mqtt.server.keystore.jks'
    insertafter: '^mqtt.authentication.certificate.deviceId.key'
    state: present

- name: modify connector keystore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+'
    line: "mqtt.ssl.key.store.password={{ connector_mqtt_key_store_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.store.password=\s*/?\w+'
    line: "mqtt.ssl.key.store.password={{ connector_mqtt_key_store_password_base64[inventory_hostname] }}"
    insertafter: '^mqtt.ssl.key.store.path'
    state: present

- name: modify connector key manager password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+'
    line: "mqtt.ssl.key.manager.password={{ connector_mqtt_key_manager_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector key manager password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.key.manager.password=\s*/?\w+'
    line: "mqtt.ssl.key.manager.password={{ connector_mqtt_key_manager_password_base64[inventory_hostname] }}"
    insertafter: '^mqtt.ssl.key.store.password'
    state: present

- name: modify connector truststore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+'
    line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.path=\s*/?\w+'
    line: 'mqtt.ssl.trust.store.path={{ certs_store_path }}/connector-mqtt.server.truststore.jks'
    insertafter: '^mqtt.ssl.key.manager.password'
    state: present

- name: modify connector truststore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+'
    line: "mqtt.ssl.trust.store.password={{ connector_mqtt_trust_store_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore password if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*mqtt.ssl.trust.store.password=\s*/?\w+'
    line: "mqtt.ssl.trust.store.password={{ connector_mqtt_trust_store_password_base64[inventory_hostname] }}"
    insertafter: '^mqtt.ssl.trust.store.path'
    state: present




common/connector-http-tls-enable.yml

---
- name: create certs store directory
  file:
    path: "{{ certs_store_path }}"
    owner: dispatcher
    group: dispatcher
    state: directory

- name: copy dispatcher-connector keystore certs
  copy:
    src: "{{ connector_http_ssl_keystore_location[inventory_hostname] }}"
    dest: "{{ certs_store_path }}/connector-http.server.keystore.jks"
    mode: 0644

- name: copy dispatcher-connector truststore certs
  copy:
    src: "{{ connector_http_ssl_truststore_location[inventory_hostname] }}"
    dest: "{{ certs_store_path }}/connector-http.server.truststore.jks"
    mode: 0644

- name: modify connector keystore path if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.path=\s*/?\w+'
    line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore path if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.path=\s*/?\w+'
    line: 'http.ssl.key.store.path={{ certs_store_path }}/connector-http.server.keystore.jks'
    insertafter: '^mqtt.ssl.trust.store.password'
    state: present

- name: modify connector keystore password if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.password=\s*/?\w+'
    line: "http.ssl.key.store.password={{ connector_http_key_store_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector keystore password  for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.store.password=\s*/?\w+'
    line: "http.ssl.key.store.password={{ connector_http_key_store_password_base64[inventory_hostname] }}"
    insertafter: '^http.ssl.key.store.path'
    state: present

- name: modify connector key manager password  for http if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+'
    line: "http.ssl.key.manager.password={{ connector_http_key_manager_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector key manager password  for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.key.manager.password=\s*/?\w+'
    line: "http.ssl.key.manager.password={{ connector_http_key_manager_password_base64[inventory_hostname] }}"
    insertafter: '^http.ssl.key.store.password'
    state: present

- name: modify connector truststore path for http  if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+'
    line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks'
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore path for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.path=\s*/?\w+'
    line: 'http.ssl.trust.store.path={{ certs_store_path }}/connector-http.server.truststore.jks'
    insertafter: '^http.ssl.key.manager.password'
    state: present

- name: modify connector truststore password for http if exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+'
    line: "http.ssl.trust.store.password={{ connector_http_trust_store_password_base64[inventory_hostname] }}"
    backrefs: yes
    backup: yes
    state: present

- name: add connector truststore password for http if not exists
  lineinfile:
    path: "{{ configure_file }}"
    regexp: '^\s*http.ssl.trust.store.password=\s*/?\w+'
    line: "http.ssl.trust.store.password={{ connector_http_trust_store_password_base64[inventory_hostname] }}"
    insertafter: '^http.ssl.trust.store.path'
    state: present



结果是一样的
  • ansible 根据主机处理不同case
            
    
    博客分类: ansible  
  • 大小: 31.7 KB