我需要使用 ansible 为 openam 安装 nginx 代理。
安装 nginx_agent 时会询问运行脚本时出现多个问题,
************************************************************************
Welcome to the OpenSSO Policy Agent for NGINX
************************************************************************
Enter the URL where the OpenAM server is running.
Please include the deployment URI also as shown below:
(http://opensso.sample.com:58080/opensso)
**OpenSSO server URL: sss**
Enter the Agent profile name
**Agent Profile Name: sss**
Enter the password to be used for identifying the Agent.
*THIS IS NOT PASSWORD FILE*
**Agent Password:**
-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
OpenSSO server URL : sss
Agent Profile name : sss
Agent Password: sss
**Continue with Installation?
[y/N]: y**
我已经在 ansible 中使用了 expect 模块:
- expect:
command: sh /opt/nginx_agent/bin/agentadmin.sh
responses:
OpenSSO server URL: "http://openam.test.mobi:8080/openam"
Agent Profile Name: "nginx"
Agent Password: "test.mobi2"
(^Con[^\n]*\n+[^\n]*)+: "y"
但是,它的是否继续安装?[y/N]:
需要,OpenSSO 服务器 URL:值看到,
参考:
"stdout_lines": [
"************************************************************************",
"Welcome to the OpenSSO Policy Agent for NGINX",
"************************************************************************",
"",
"Enter the URL where the OpenAM server is running.",
"Please include the deployment URI also as shown below:",
"(http://opensso.sample.com:58080/opensso)",
"OpenSSO server URL: Enter the Agent profile name",
"Agent Profile Name: Enter the password to be used for identifying the Agent.",
"*THIS IS NOT PASSWORD FILE*",
"Agent Password: ",
"-----------------------------------------------",
"SUMMARY OF YOUR RESPONSES",
"-----------------------------------------------",
"OpenSSO server URL : http://openam.test.mobi:8080/openam",
"Agent Profile name : nginx",
"Agent Password: test.mobi2",
"Continue with Installation?",
"[y/N]: http://openam.test.mobi:8080/openam",
"test.mobi2"
]
我在这个配置中遗漏了什么?
答案1
我会尝试忽略Continue with Installation?并只匹配该[y/N]行。
(^Con[^\n]*\n+[^\n]*)+: "y"用。。。来代替'y/N' : 'y'
Ansible 使用的 pexpect 模块并不总是能按照您的预期执行。例如,EOL 是'\r\n',而不是'\n'。
查看文档在这里。
以下是一个快速测试:
/root/junk.sh
echo 'Enter the Agent profile name'
read -p "Agent Profile Name: " AGENT_PROFILE_NAME
echo $AGENT_PROFILE_NAME > junk.dat
echo "Continue with installation"
read -p "[y/N] : " CONFIRM
echo $CONFIRM >> junk.dat
play:
- expect:
command: sh /root/junk.sh
responses:
'Profile Name' : "oook"
'y/N' : 'y'
这是一种无需使用 expect 的更简单的方法。
如果你查看 agentadmin.sh 脚本,你会发现所有问题的答案都存储在环境变量中,即
while [ -z ${OPENAM_URL} ]; do
如果你预先定义它们在剧本的环境部分脚本应该无需任何用户干预即可运行。无需期待。
因此类似于:
environment:
OPENAM_URL: whatever_1
AGENT_PROFILE_NAME: whatever_2
AGENT_PASSWORD: whatever_3
CONFIRM: y
- shell: /opt/nginx_agent/bin/agentadmin.sh
答案2
工作于ansible 2.7.7和ubuntu 18.04:
---
- name: Install pexpect 4 Ubuntu
when:
- ansible_distribution == 'Ubuntu'
become: yes
block:
- apt:
name:
- python-pexpect
- python3-pexpect
- python-setuptools
# https://stackoverflow.com/a/51998238
- python-pip
state: latest
install_recommends: yes
tags:
- linux
- ubuntu
- python
- pip
- expect
- apt
- name: Install pexpect using pip
when:
- ansible_system == 'Linux'
pip:
name: pexpect
state: latest
tags:
- linux
- python
- pip
- expect