代码拉取完成,页面将自动刷新
Fork 仓库
加载中
确定同步?
同步操作将从 buxiaomo/kubeasy 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
- name: test my new module
hosts: localhost
vars:
docker:
datadir: /var/lib/docker
daemon:
exec-opts:
- "native.cgroupdriver=systemd"
tasks:
- name: test
ansible.builtin.debug:
msg: "{{ docker.daemon | combine({'data-root': docker.datadir | default('/var/lib/docker')}) }}"
- name: test
ansible.builtin.debug:
msg: "{{ '192.168.122.1/24' | ansible.netcommon.next_nth_usable(2) }}"
- name: Generate an etcd ca private key
community.crypto.openssl_privatekey:
path: /tmp/ca.key
size: 2048
mode: 0600
- name: Generate an etcd ca csr
community.crypto.openssl_csr:
path: /tmp/ca.csr
privatekey_path: /tmp/ca.key
common_name: etcd-ca
basic_constraints: "CA:TRUE"
basic_constraints_critical: true
key_usage_critical: true
key_usage:
- digitalSignature
- keyEncipherment
- keyCertSign
- name: Get certificate information
community.crypto.x509_certificate_info:
path: /tmp/ca.crt
valid_at:
week: "+4w"
register: result
ignore_errors: True
- name: Dump information
ansible.builtin.debug:
var: result
- name: Sign etcd ca certificate
community.crypto.x509_certificate:
path: /tmp/ca.crt
csr_path: /tmp/ca.csr
privatekey_path: /tmp/ca.key
provider: selfsigned
mode: 0644
when:
- result.expired | default(true) | bool
- result.failed
- name: Generate etcd server private key
community.crypto.openssl_privatekey:
path: /tmp/server.key
size: 2048
mode: 0600
# server
- name: Generate etcd server csr
community.crypto.openssl_csr:
path: /tmp/server.csr
privatekey_path: /tmp/server.key
common_name: "{{ ansible_hostname | lower }}"
basic_constraints_critical: yes
basic_constraints:
- "CA:FALSE"
key_usage_critical: yes
key_usage:
- digitalSignature
- keyEncipherment
extended_key_usage:
- serverAuth
- clientAuth
subject_alt_name:
- "DNS:localhost"
- "DNS:{{ ansible_hostname | lower }}"
- "IP:127.0.0.1"
- "IP:{{ ansible_default_ipv4.address }}"
- "IP:0:0:0:0:0:0:0:1"
- name: Get certificate information
community.crypto.x509_certificate_info:
path: /tmp/server.crt
valid_at:
week: "+4w"
register: result
ignore_errors: True
- name: Generate etcd server certificate
community.crypto.x509_certificate:
path: /tmp/server.crt
csr_path: /tmp/server.csr
ownca_path: /tmp/ca.crt
ownca_privatekey_path: /tmp/ca.key
provider: ownca
mode: 0644
force: "{% if not result.valid_at.week %}true{% else %}false{% endif %}"
when:
- not result.expired | default(true) | bool or result.failed
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化