Using Ansible Playbook how to copy Java certs to hosts?

1
votes

Using Ansible Playbook how to copy Java certs to hosts? Each host is having different JDK installed. I need to verify in all hosts which JDK is running and copy those certificate to all the hosts.

I have written the below playbook and the error that I'm getting. Please help me with figuring out what's wrong.

---
- hosts: test
  vars:
      pack1: /ngs/app/rdrt
      pack2: /usr/java/jdk*

  tasks:
    - name: copy the files
      copy:
         src: "/Users/sivarami.rc/Downloads/Problem46218229/apple_corporate_root_ca.pem"
         dest: "{{ pack1 }}"
    - name: copy the files
      copy:
         src: "/Users/sivarami.rc/Downloads/Problem46218229/apple_corporate_root_ca2.pem"
         dest: "{{ pack1 }}"
    - name: copy the files
      copy:
         src: "/Users/sivarami.rc/Downloads/Problem46218229/ca-trust-check-1.0.0.jar"
         dest: "{{ pack1 }}"
    - name: Import SSL certificate to a given cacerts keystore
      java_cert:
         cert_path: "{{ pack1 }}/apple_corporate_root_ca.pem"
         cert_alias: Apple_Corporate_Root_CA
         cert_port: 443
         keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"
         keystore_pass: change-it
         executable: "{{ pack2 }}/bin/keytool"
         state: present
    - name: Import SSL certificate to a cacerts keystore
      java_cert:
         cert_path: "{{ pack1 }}/apple_corporate_root_ca2.pem"
         cert_alias: Apple_Corporate_Root_CA2
         cert_port: 443
         keystore_path: "{{ pack2 }}/jre/lib/security/cacerts"
         keystore_pass: changeit
         executable: "{{ pack2 }}/bin/keytool"
         state: present
    - name: checking those files trusted or untrusted
      shell: "{{ pack2 }}/bin/java -jar {{ pack1 }}/ca-trust-check-1.0.0.jar"

The error:

fatal: [[email protected]]: FAILED! => {"changed": false, "cmd": "'/usr/java/jdk*/bin/keytool'", "msg": "[Errno 2] No such file or directory", "rc": 2}
fatal: [[email protected]]: FAILED! => {"changed": false, "cmd": "'/usr/java/jdk*/bin/keytool'", "msg": "[Errno 2] No such file or directory", "rc": 2}
3
ansible

3 Answers

0
votes

The following error is displayed:

"cmd": "'/usr/java/jdk*/bin/keytool'", "msg": "[Errno 2] No such file or directory"

As you can see, the keytool command can not be found in that location. You need to ensure that the path you're providing is actually there on the server.

Where you define the pack2 variable, you need to provide the full path instead of using a wildcard, e.g. like this:

vars:
    pack2: /usr/java/jdk-1.8.0_67

Then ensure that this path exists on the remote machine, and your code should no longer show that error.

If the path is different on each node since you have a different version of Java on each node, here are some options:

  • Use host-specific variables for defining the path for each host, if you have that information.
  • Gather the information in a previous step, e.g. like here: Check Java version via Ansible playbook.
  • Check the JAVA_HOME environment variable to see if that is set.
0
votes

I had the same error that the keytool utility was not found (on my PATH), but that was because I did not use the become_user which has the correct PATH value. So my solution was to add the following line to my playbook: become: yes become_user: wls (wls is the weblogic user but can be another system account depending on your needs)

0
votes

I had the same error because keytool was link to a really old version of the JDK (version 6). By using a more recent version (JDK version 11), I fixed this error.