Я пытался создать дополнительных пользователей для AWS DocumentDB с модулем Ansible mongodb_user . Но проблема в том, что модуль не предоставляет возможность указать файл ключа pem, и я получил бы результат, который предложил мне to include ssl_ca_certs (я обнаружил, что сообщение выброшено из pymon go в строке: 301).
Я гуглил с некоторыми ключевыми словами, такими как: Ansible mongodb_user module, конечно, но не повезло.
Ребята, можете ли вы любезно дать совет? Спасибо.
Подробности приведены ниже:
Часть пьесы
- name: create DocumentDB users for applications
mongodb_user:
login_host: "{{ docdb_admin_credential.host }}"
login_port: "{{ docdb_admin_credential.port }}"
login_user: "{{ docdb_admin_credential.username }}"
login_password: "{{ docdb_admin_credential.password }}"
database: "{{ secrets.docdb.dbClusterIdentifier }}"
ssl: true
name: "{{ item.stdout | from_json | json_query('username') }}"
password: "{{ item.stdout | from_json | json_query('password') }}"
roles:
- db: admin
role: dbAdminAnyDatabase
- db: admin
role: readWriteAnyDatabase
- db: admin
role: clusterAdmin
state: present
loop: "{{ docdb_apps_credential_literal.results }}"
Обратное сообщение
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /jenkins/.ansible/tmp/ansible-tmp-1583824780.93-93703492324988/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_tkYezV/ansible_module_mongodb_user.py", line 401, in main
client = MongoClient(**connection_params)
File "/var/lib/jenkins/jobs/< hidden for stackoverflow >/workspace/env/lib/python2.7/site-packages/pymongo/mongo_client.py", line 315, in __init__
raise ConfigurationError("If `ssl_cert_reqs` is not "
ConfigurationError: If `ssl_cert_reqs` is not `ssl.CERT_NONE` then you must include `ssl_ca_certs` to be able to validate the server.
failed: [localhost] (item={'_ansible_parsed': True, 'stderr_lines': [], '_ansible_item_result': True, u'end': u'2020-03-10 07:19:40.354132', '_ansible_no_log': False, u'stdout': u'{"dbClusterIdentifier":"< hidden for stackoverflow >","password":"< hidden for stackoverflow >","engine":"mongo","port":"< hidden for stackoverflow >","host":"< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com","ssl":true,"username":"< hidden for stackoverflow >"}', u'cmd': u'aws secretsmanager get-secret-value --secret-id < hidden for stackoverflow > --query SecretString --output text', u'rc': 0, 'item': {u'username': u'< hidden for stackoverflow >', u'cfnname': u'< hidden for stackoverflow >', u'name': u'< hidden for stackoverflow >', u'desc': u'< hidden for stackoverflow >'}, u'delta': u'0:00:00.552866', u'stderr': u'', u'changed': True, u'invocation': {u'module_args': {u'creates': None, u'executable': None, u'_uses_shell': True, u'_raw_params': u'aws secretsmanager get-secret-value --secret-id < hidden for stackoverflow > --query SecretString --output text', u'removes': None, u'warn': True, u'chdir': None, u'stdin': None}}, 'stdout_lines': [u'{"dbClusterIdentifier":"< hidden for stackoverflow >","password":"< hidden for stackoverflow >","engine":"mongo","port":"< hidden for stackoverflow >","host":"< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com","ssl":true,"username":"< hidden for stackoverflow >"}'], u'start': u'2020-03-10 07:19:39.801266', '_ansible_ignore_errors': None, 'failed': False}) => {
"changed": false,
"invocation": {
"module_args": {
"database": "< hidden for stackoverflow >",
"login_database": null,
"login_host": "< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com",
"login_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"login_port": "< hidden for stackoverflow >",
"login_user": "< hidden for stackoverflow >",
"name": "< hidden for stackoverflow >",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"replica_set": null,
"roles": [
{
"db": "admin",
"role": "dbAdminAnyDatabase"
},
{
"db": "admin",
"role": "readWriteAnyDatabase"
},
{
"db": "admin",
"role": "clusterAdmin"
}
],
"ssl": true,
"ssl_cert_reqs": "CERT_REQUIRED",
"state": "present",
"update_password": "always"
}
},
"item": {
"changed": true,
"cmd": "aws secretsmanager get-secret-value --secret-id < hidden for stackoverflow > --query SecretString --output text",
"delta": "0:00:00.552866",
"end": "2020-03-10 07:19:40.354132",
"failed": false,
"invocation": {
"module_args": {
"_raw_params": "aws secretsmanager get-secret-value --secret-id < hidden for stackoverflow > --query SecretString --output text",
"_uses_shell": true,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"warn": true
}
},
"item": {
"cfnname": "< hidden for stackoverflow >",
"desc": "< hidden for stackoverflow >",
"name": "< hidden for stackoverflow >",
"username": "< hidden for stackoverflow >"
},
"rc": 0,
"start": "2020-03-10 07:19:39.801266",
"stderr": "",
"stderr_lines": [],
"stdout": "{\"dbClusterIdentifier\":\"< hidden for stackoverflow >\",\"password\":\"< hidden for stackoverflow >*\",\"engine\":\"mongo\",\"port\":\"< hidden for stackoverflow >\",\"host\":\"< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com\",\"ssl\":true,\"username\":\"< hidden for stackoverflow >\"}",
"stdout_lines": [
"{\"dbClusterIdentifier\":\"< hidden for stackoverflow >\",\"password\":\"< hidden for stackoverflow >*\",\"engine\":\"mongo\",\"port\":\"< hidden for stackoverflow >\",\"host\":\"< hidden for stackoverflow >.us-east-1.docdb.amazonaws.com\",\"ssl\":true,\"username\":\"< hidden for stackoverflow >\"}"
]
},
"msg": "unable to connect to database: If `ssl_cert_reqs` is not `ssl.CERT_NONE` then you must include `ssl_ca_certs` to be able to validate the server."
}