我正在玩hazelcast,使用aws cloudformation和ansible来旋转两个hazelcast节点的集群+一个单独的mancenter。
mancenter上的所有文档都意味着一切都必须由用户在浏览器中手动完成。然而,这并不理想,因为我们将拥有许多环境并且每隔几周就会向我们提供一个硬化的ami,我们必须将现有环境更新为。
我要做的是创建一个自动创建第一个管理员用户的ansible角色,然后将企业许可证添加到mancenter。
我已经成功编写了用户创建脚本(现在只是http,宝贝步骤)
- name: Check for first user
uri:
url: "http://{{ hazelcastmanagement_dns }}:8080/mancenter/user.do?operation=anyUser&_=1480397059541"
method: GET
return_content: no
register: anyuser
until: anyuser.json["anyUser"] is defined
retries: 10
delay: 5
- name: Register Admin user
uri:
url: "http://{{ hazelcastmanagement_dns }}:8080/mancenter/user.do?operation=signUp&username={{ hazelcastmanagement_user }}&password={{ hazelcastmanagement_password }}&confirmpassword={{ hazelcastmanagement_password }}&email={{ hazelcastmanagement_email }}&_=1479951949840"
method: GET
return_content: no
register: result
until: result.json["success"] is defined
retries: 10
delay: 5
when: anyuser.json["anyUser"] == "false"
但是,我无法成功编排更新许可证调用。在浏览器中,某些调用返回JSESSION ID和HTTP 200。但是当试图在ansible中模拟它时,我总是得到302,重定向到登录页面。
我已经粘贴了我正在尝试的下面的任务。这些任务示例不包含很多标头,但是我已经尝试模拟浏览器先前发送但具有相同结果的每个标头。
- name: Call to update license unauthorized (returns set_cookie)
uri:
url: "http://{{ hazelcastmanagement_dns }}:8080/mancenter/main.do"
method: POST
return_content: yes
body: "operation=savelicense_getLicenceInfo&key={{ hazelcast_license }} "
status_code: 302
register: cookie
- name: Login (302 ok because browser mirrors this result)
uri:
url: "http://{{ hazelcastmanagement_dns }}:8080/mancenter/j_spring_security_check"
method: POST
body: "j_username={{ hazelcastmanagement_user }}&j_password={{ hazelcastmanagement_password }}"
return_content: yes
status_code: 302
HEADER_Cookie: "{{cookie.set_cookie}}"
- name: Call to update license authorized
uri:
url: "http://{{ hazelcastmanagement_dns }}:8080/mancenter/main.do"
method: POST
return_content: yes
body: "operation=savelicense_getLicenceInfo&key={{ hazelcast_license }}"
HEADER_Cookie: "{{cookie.set_cookie}}"
我的ansible任务日志在下面,-vvvv希望其他人之前已经调查过这个,但在其他地方找不到任何与之相关的问题。 Ansible日志输出:
TASK [hazelcastmanagement_launch : Call to update license authorized] **********
task path: /app/esg/ansible/roles/hazelcastmanagement_launch/tasks/launch.yml:5
ESTABLISH LOCAL CONNECTION FOR USER: root
hazelcast EXEC ( umask 22 && mkdir -p "$( echo /tmp/ansible-tmp-1480399947.07-7077332634698 )" && echo "$( echo /tmp/ansible-tmp-1480399947.07-7077332634698 )" )
hazelcast PUT /tmp/tmpBbuVj0 TO /tmp/ansible-tmp-1480399947.07-7077332634698/uri
hazelcast EXEC chmod a+r /tmp/ansible-tmp-1480399947.07-7077332634698/uri
hazelcast EXEC /bin/sh -c 'sudo -H -S -n -u esg /bin/sh -c '"'"'echo BECOME-SUCCESS-lemxlebthsblahblahblahcevqzkafjdo; LANG=en_US.UTF-8 HTTP_PROXY=proxy.com LC_MESSAGES=en_US.UTF-8 HTTPS_PROXY=proxy.com no_proxy=proxy.com http_proxy=proxy.com https_proxy=proxy.com NO_PROXY=proxy.com LC_ALL=en_US.UTF-8 /usr/bin/python /tmp/ansible-tmp-1480399947.07-7077332634698/uri'"'"''
hazelcast EXEC rm -f -r /tmp/ansible-tmp-1480399947.07-7077332634698/ > /dev/null 2>&1
ok: [hazelcast] => {"changed": false, "content": "", "content_length": "0", "expires": "Thu, 01 Jan 1970 00:00:00 GMT", "invocation": {"module_args": {"backup": null, "body": "operation=savelicense_getLicenceInfo&key=ENTERPRISELicense12341234123412341234123412341234", "body_format": "raw", "content": null, "creates": null, "delimiter": null, "dest": null, "directory_mode": null, "follow": false, "follow_redirects": "safe", "force": null, "force_basic_auth": false, "group": null, "method": "POST", "mode": null, "owner": null, "password": null, "regexp": null, "remote_src": null, "removes": null, "return_content": true, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "status_code": ["302"], "timeout": 30, "url": "http://internal-esg-aws.elb.amazonaws.com:8080/mancenter/main.do", "user": null, "validate_certs": true}, "module_name": "uri"}, "location": "http://internal-esg-aws.elb.amazonaws.com:8080/mancenter/login.jsp;jsessionid=dq0hzdvm2xm91r4h6eyef1l48", "redirected": false, "server": "Jetty(8.y.z-SNAPSHOT)", "set_cookie": "JSESSIONID=dq0hzdvm2xm91r4h6eyef1l48;Path=/mancenter;HttpOnly", "status": 302}
TASK [hazelcastmanagement_launch : Login] **************************************
task path: /app/app/ansible/roles/hazelcastmanagement_launch/tasks/launch.yml:14
ESTABLISH LOCAL CONNECTION FOR USER: root
hazelcast EXEC ( umask 22 && mkdir -p "$( echo /tmp/ansible-tmp-1480399947.23-71435275964843 )" && echo "$( echo /tmp/ansible-tmp-1480399947.23-71435275964843 )" )
hazelcast PUT /tmp/tmpKhOI1y TO /tmp/ansible-tmp-1480399947.23-71435275964843/uri
hazelcast EXEC chmod a+r /tmp/ansible-tmp-1480399947.23-71435275964843/uri
hazelcast EXEC /bin/sh -c 'sudo -H -S -n -u app /bin/sh -c '"'"'echo BECOME-SUCCESS-rfxrchqnblahblahblahhvryauidnf; LANG=en_US.UTF-8 HTTP_PROXY=proxy.com8 LC_MESSAGES=en_US.UTF-8 HTTPS_PROXY=proxy.com no_proxy=proxy.com http_proxy=proxy.com NO_PROXY=proxy.com LC_ALL=en_US.UTF-8 /usr/bin/python /tmp/ansible-tmp-1480399947.23-71435275964843/uri'"'"''
hazelcast EXEC rm -f -r /tmp/ansible-tmp-1480399947.23-71435275964843/ > /dev/null 2>&1
ok: [hazelcast] => {"changed": false, "content": "", "content_length": "0", "invocation": {"module_args": {"HEADER_Cookie": "JSESSIONID=dq0hzdvm2xm91r4h6eyef1l48;Path=/mancenter;HttpOnly", "backup": null, "body": "j_username=admin&j_password=admin1", "body_format": "raw", "content": null, "creates": null, "delimiter": null, "dest": null, "directory_mode": null, "follow": false, "follow_redirects": "safe", "force": null, "force_basic_auth": false, "group": null, "method": "POST", "mode": null, "owner": null, "password": null, "regexp": null, "remote_src": null, "removes": null, "return_content": true, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "status_code": ["302"], "timeout": 30, "url": "http://internal-aws.elb.amazonaws.com:8080/mancenter/j_spring_security_check", "user": null, "validate_certs": true}, "module_name": "uri"}, "location": "http://internal-aws.elb.amazonaws.com:8080/mancenter/login.jsp?login_error=true", "redirected": false, "server": "Jetty(8.y.z-SNAPSHOT)", "status": 302}
TASK [hazelcastmanagement_launch : Call to update license authorized] **********
task path: /app/app/ansible/roles/hazelcastmanagement_launch/tasks/launch.yml:23
ESTABLISH LOCAL CONNECTION FOR USER: root
hazelcast EXEC ( umask 22 && mkdir -p "$( echo /tmp/ansible-tmp-1480399947.38-137956022601151 )" && echo "$( echo /tmp/ansible-tmp-1480399947.38-137956022601151 )" )
hazelcast PUT /tmp/tmpAbC8uL TO /tmp/ansible-tmp-1480399947.38-137956022601151/uri
hazelcast EXEC chmod a+r /tmp/ansible-tmp-1480399947.38-137956022601151/uri
hazelcast EXEC /bin/sh -c 'sudo -H -S -n -u app /bin/sh -c '"'"'echo BECOME-SUCCESS-cciaazzdblahblahblahdufmpuhe; LANG=en_US.UTF-8 HTTP_PROXY=proxy.com LC_MESSAGES=en_US.UTF-8 HTTPS_PROXY=proxy.com no_proxy=proxy.com http_proxy=proxy.com https_proxy=proxy.com NO_PROXY=proxy.comLC_ALL=en_US.UTF-8 /usr/bin/python /tmp/ansible-tmp-1480399947.38-137956022601151/uri'"'"''
hazelcast EXEC rm -f -r /tmp/ansible-tmp-1480399947.38-137956022601151/ > /dev/null 2>&1
fatal: [hazelcast]: FAILED! => {"changed": false, "content": "", "content_length": "0", "failed": true, "invocation": {"module_args": {"HEADER_Cookie": "JSESSIONID=dq0hzdvm2xm91r4h6eyef1l48;Path=/mancenter;HttpOnly", "backup": null, "body": "operation=savelicense_getLicenceInfo&key=ENTERPRISELicense123412341234123412341234123412341234", "body_format": "raw", "content": null, "creates": null, "delimiter": null, "dest": null, "directory_mode": null, "follow": false, "follow_redirects": "safe", "force": null, "force_basic_auth": false, "group": null, "method": "POST", "mode": null, "owner": null, "password": null, "regexp": null, "remote_src": null, "removes": null, "return_content": true, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "status_code": [200], "timeout": 30, "url": "http://internal-aws.elb.amazonaws.com:8080/mancenter/main.do", "user": null, "validate_certs": true}, "module_name": "uri"}, "location": "http://internal-aws.elb.amazonaws.com:8080/mancenter/login.jsp", "msg": "Status code was not [200]", "redirected": false, "server": "Jetty(8.y.z-SNAPSHOT)", "status": 302}
编辑:谢谢你的解决方案。使用curl是要走的路。
我用uri ansible模块尝试了几次。但是没有骰子......必须在幕后进行。
由于你的curl击中了头部的钉子,我只是将它包装在ansible命令模块中,而不是使用uri模块构建调用。我chdir to / tmp以确保我对cookie文件具有写访问权限。
- name: Login to management
shell: "curl -X POST http://{{ hazelcastmanagement_dns }}:8080/mancenter/j_spring_security_check -d "j_username={{ hazelcastmanagement_user}}" -d "j_password={{ hazelcastmanagement_password }}" -c cookies.file
args:
chdir: /tmp
- name: Login to management
shell: "curl -H "Content-Type: application/x-www-form-urlencoded" -X POST http://{{ hazelcastmanagement_dns }}:8080/mancenter/main.do?operation=savelicense -d 'key={{ hazelcast_licence }}' -b cookies.file
args:
chdir: /tmp
我不知道Ansible,但是使用cUrl你可以登录并设置许可证密钥,如下所示:
curl -X POST http://localhost:8083/mancenter/j_spring_security_check -d "j_username=emre" -d "j_password=Password1" -c cookies.file
curl -H "Content-Type: application/x-www-form-urlencoded" -X POST http://localhost:8083/mancenter/main.do?operation=savelicense -d 'key=aaaa' -b cookies.file
请注意,您需要使用admin用户登录,并且您提供的许可证密钥需要正确,服务器才能返回200。
编辑:
使用Hazelcast Management Center版本3.9.3,引入了用于配置许可证的新系统属性。有关详细信息,请参阅release notes for version 3.9.3和the relevant section on the latest reference manual。