如何在Ansible mongodb_用户模块中指定CA证书
我试图使用Ansible模块为AWS DocumentDB创建其他用户。但问题是,模块没有提供指定pem密钥文件的选项,我会得到建议我如何在Ansible mongodb_用户模块中指定CA证书,ansible,pymongo,Ansible,Pymongo,我试图使用Ansible模块为AWS DocumentDB创建其他用户。但问题是,模块没有提供指定pem密钥文件的选项,我会得到建议我包含ssl\u ca\u证书的结果(我发现消息是从第301行抛出的) 我在谷歌上搜索了一些关键词,比如:Ansible mongodb_用户模块ca证书,但没有运气 你们能提供一些建议吗?多谢各位 详情如下: 剧本的一部分 - name: create DocumentDB users for applications mongodb_user:
包含ssl\u ca\u证书的结果(我发现消息是从第301行抛出的)
我在谷歌上搜索了一些关键词,比如:Ansible mongodb_用户模块ca证书,但没有运气
你们能提供一些建议吗?多谢各位
详情如下:
剧本的一部分
- name: create DocumentDB users for applications
mongodb_user:
login_host: "{{ docdb_admin_credential.host }}"
login_port: "{{ docdb_admin_credential.port }}"
login_user: "{{ docdb_admin_credential.username }}"
login_password: "{{ docdb_admin_credential.password }}"
database: "{{ secrets.docdb.dbClusterIdentifier }}"
ssl: true
name: "{{ item.stdout | from_json | json_query('username') }}"
password: "{{ item.stdout | from_json | json_query('password') }}"
roles:
- db: admin
role: dbAdminAnyDatabase
- db: admin
role: readWriteAnyDatabase
- db: admin
role: clusterAdmin
state: present
loop: "{{ docdb_apps_credential_literal.results }}"
返回消息
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /jenkins/.ansible/tmp/ansible-tmp-1583824780.93-93703492324988/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_tkYezV/ansible_module_mongodb_user.py", line 401, in main
client = MongoClient(**connection_params)
File "/var/lib/jenkins/jobs/< hidden for stackoverflow >/workspace/env/lib/python2.7/site-packages/pymongo/mongo_client.py", line 315, in __init__
raise ConfigurationError("If `ssl_cert_reqs` is not "
ConfigurationError: If `ssl_cert_reqs` is not `ssl.CERT_NONE` then you must include `ssl_ca_certs` to be able to validate the server.
failed: [localhost] (item={'_ansible_parsed': True, 'stderr_lines': [], '_ansible_item_result': True, u'end': u'2020-03-10 07:19:40.354132', '_ansible_no_log': False, u'stdout': u'{"dbClusterIdentifier":"< hidden for stackoverflow >","password":"< hidden for stackoverflow >","engine":"mongo","port":"< hidden for stackoverflow >","host":"< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com","ssl":true,"username":"< hidden for stackoverflow >"}', u'cmd': u'aws secretsmanager get-secret-value --secret-id < hidden for stackoverflow > --query SecretString --output text', u'rc': 0, 'item': {u'username': u'< hidden for stackoverflow >', u'cfnname': u'< hidden for stackoverflow >', u'name': u'< hidden for stackoverflow >', u'desc': u'< hidden for stackoverflow >'}, u'delta': u'0:00:00.552866', u'stderr': u'', u'changed': True, u'invocation': {u'module_args': {u'creates': None, u'executable': None, u'_uses_shell': True, u'_raw_params': u'aws secretsmanager get-secret-value --secret-id < hidden for stackoverflow > --query SecretString --output text', u'removes': None, u'warn': True, u'chdir': None, u'stdin': None}}, 'stdout_lines': [u'{"dbClusterIdentifier":"< hidden for stackoverflow >","password":"< hidden for stackoverflow >","engine":"mongo","port":"< hidden for stackoverflow >","host":"< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com","ssl":true,"username":"< hidden for stackoverflow >"}'], u'start': u'2020-03-10 07:19:39.801266', '_ansible_ignore_errors': None, 'failed': False}) => {
"changed": false,
"invocation": {
"module_args": {
"database": "< hidden for stackoverflow >",
"login_database": null,
"login_host": "< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com",
"login_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"login_port": "< hidden for stackoverflow >",
"login_user": "< hidden for stackoverflow >",
"name": "< hidden for stackoverflow >",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"replica_set": null,
"roles": [
{
"db": "admin",
"role": "dbAdminAnyDatabase"
},
{
"db": "admin",
"role": "readWriteAnyDatabase"
},
{
"db": "admin",
"role": "clusterAdmin"
}
],
"ssl": true,
"ssl_cert_reqs": "CERT_REQUIRED",
"state": "present",
"update_password": "always"
}
},
"item": {
"changed": true,
"cmd": "aws secretsmanager get-secret-value --secret-id < hidden for stackoverflow > --query SecretString --output text",
"delta": "0:00:00.552866",
"end": "2020-03-10 07:19:40.354132",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "aws secretsmanager get-secret-value --secret-id < hidden for stackoverflow > --query SecretString --output text",
"_uses_shell": true,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"warn": true
}
},
"item": {
"cfnname": "< hidden for stackoverflow >",
"desc": "< hidden for stackoverflow >",
"name": "< hidden for stackoverflow >",
"username": "< hidden for stackoverflow >"
},
"rc": 0,
"start": "2020-03-10 07:19:39.801266",
"stderr": "",
"stderr_lines": [],
"stdout": "{\"dbClusterIdentifier\":\"< hidden for stackoverflow >\",\"password\":\"< hidden for stackoverflow >*\",\"engine\":\"mongo\",\"port\":\"< hidden for stackoverflow >\",\"host\":\"< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com\",\"ssl\":true,\"username\":\"< hidden for stackoverflow >\"}",
"stdout_lines": [
"{\"dbClusterIdentifier\":\"< hidden for stackoverflow >\",\"password\":\"< hidden for stackoverflow >*\",\"engine\":\"mongo\",\"port\":\"< hidden for stackoverflow >\",\"host\":\"< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com\",\"ssl\":true,\"username\":\"< hidden for stackoverflow >\"}"
]
},
"msg": "unable to connect to database: If `ssl_cert_reqs` is not `ssl.CERT_NONE` then you must include `ssl_ca_certs` to be able to validate the server."
}
EXEC/bin/sh-c'rm-f-r/jenkins/.ansible/tmp/ansible-tmp-1583824780.93-93703492324988/>/dev/null 2>&1&&0
完整回溯是:
回溯(最近一次呼叫最后一次):
文件“/tmp/ansible_tkYezV/ansible_module_mongodb_user.py”,第401行,主文件
客户端=MongoClient(**连接参数)
文件“/var/lib/jenkins/jobs//workspace/env/lib/python2.7/site packages/pymongo/mongo_client.py”,第315行,在__
引发配置错误(“如果“ssl证书要求”不是”
配置错误:如果'ssl\u cert\u reqs'不是'ssl.cert\u NONE',则必须包含'ssl\u ca\u certs',才能验证服务器。
失败:[localhost](item={u ansible\u parsed':True,'stderr\u line':[],'ansible\u item\u result':True,u'end':u'2020-03-10 07:19:40.354132','ansible\u no\u log':False,u'stdout:'u'{“dbClusterIdentifier”:“,“password”:“,“引擎”:“mongo”,“port”:“,“host”:“.us-east-1.docdb.amazonaws.com”,“ssl”:true,“username”:“”,u'cmd”:u'aws secretsmanager get secret value--secret id--查询SecretString--输出文本,'rc':0,'item':{u'username':u'<为stackoverflow隐藏>',u'cfnname':u'<为stackoverflow隐藏>',u'name':u'<为stackoverflow隐藏>',u'desc':u'<为stackoverflow隐藏>',u'delta':u'0:00:00.552866',u'stderr':u'',u'changed':True,u'invocation':{u'module args':{u'creates':None,u'executable':None,u'chdir':None,u'stdin':None},'stdout'lines':[u'{“dbClusterIdentifier”:“”--query SecretString--output text',u'removes':None,u'warn':True,u'chdir':None,u'stdin':None},'stdout'lines:[u'{“dbClusterIdentifier”:“,“password”:”,“引擎”:“mongo”,“端口”:“”,“主机”:“.us-east-1.docdb.amazonaws.com”,“ssl”:true,“用户名”:“”,“开始”:u'2020-03-10 07:19:39.801266',“ansible\u忽略错误”:无,“失败”:False=>{
“更改”:错误,
“调用”:{
“模块参数”:{
“数据库”:“”,
“登录_数据库”:空,
“登录主机”:“.us-east-1.docdb.amazonaws.com”,
“登录密码”:“没有日志参数中指定的值”,
“登录端口”:“”,
“登录用户”:“”,
“名称”:“”,
“密码”:“没有日志参数中指定的值”,
“副本集”:空,
“角色”:[
{
“db”:“admin”,
“角色”:“DBAdminDatabase”
},
{
“db”:“admin”,
“角色”:“读写数据库”
},
{
“db”:“admin”,
“角色”:“clusterAdmin”
}
],
“ssl”:正确,
“ssl证书要求”:“需要证书”,
“国家”:“目前”,
“更新密码”:“始终”
}
},
“项目”:{
“改变”:对,
“cmd”:“aws secretsmanager获取机密值--secret id<隐藏用于stackoverflow>--查询SecretString--输出文本”,
“增量”:“0:00:00.552866”,
“结束”:“2020-03-10 07:19:40.354132”,
“失败”:错误,
“调用”:{
“模块参数”:{
“_raw_params”:“aws secretsmanager获取秘密值--secret id<隐藏用于stackoverflow>--查询SecretString--输出文本”,
“_使用_外壳”:正确,
“chdir”:空,
“创建”:null,
“可执行文件”:null,
“删除”:null,
“stdin”:空,
“警告”:正确
}
},
“项目”:{
“cfnname”:“”,
“desc”:“”,
“名称”:“”,
“用户名”:“<为stackoverflow隐藏>”
},
“rc”:0,
“开始”:“2020-03-10 07:19:39.801266”,
“标准”:“,
“标准行”:[],
“stdout”:“{”dbClusterIdentifier\”:“”,“password\”:“*”,“engine\”:“mongo\”,“port\”:“”,“host\”:“.us-east-1.docdb.amazonaws.com\”,“ssl\”,“ssl\”:true,““username\”:“”,
“标准线”:[
“{\'dbClusterIdentifier\”:“”,“password\”:“*”,“engine\”:“mongo\”,“port\”:“”,“host\”:“.us-east-1.docdb.amazonaws.com\,“ssl\”:true,“,“username\:“”
]
},
“msg”:“无法连接到数据库:如果'ssl\u cert\u reqs'不是'ssl.cert\u NONE',则必须包含'ssl\u ca\u certs',才能验证服务器。”
}
我相信我也遇到了同样的问题。Ansible不断返回错误
SSL:CER