IBM i Global

IBM i Global

Connect, learn, share, and engage with IBM Power.

 View Only

  • 1.  Ansible community.general.java_cert

    Posted Fri January 19, 2024 04:38 PM

    Hello,
    I'm trying to use the ansible module community.general.java_cert to import a certificate but I have an error (rc=1) but I have no error message ( msg="" ).

    Has anyone used this module on IBM i?

    Regards



    ------------------------------
    Stephane VILLARD
    ------------------------------


  • 2.  RE: Ansible community.general.java_cert

    Posted Tue January 23, 2024 11:03 AM

    Hi Stephane,

    I have not used this ansible module, but I would suggest providing verbose output (using "-vvv") from your playbook along with environment information with "ansible --version", which will provide more information to comment on from users. And also confirm that you are running ansible control node on IBM i server.



    ------------------------------
    Rob Gjertsen
    ------------------------------

    Original Message


  • 3.  RE: Ansible community.general.java_cert

    Posted Mon January 29, 2024 10:17 AM

    Hi,

    ansible --version

    ansible [core 2.15.8]
      config file = None
      configured module search path = ['/home/u_iris/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
      ansible collection location = /home/u_iris/.ansible/collections:/usr/share/ansible/collections
      executable location = /usr/local/bin/ansible
      python version = 3.9.18 (main, Nov 15 2023, 04:22:28) [GCC 8.5.0 20210514 (Red Hat 8.5.0-20)] (/usr/bin/python3.9)
      jinja version = 3.1.2
      libyaml = True

    My playbook 

      tasks:
      - name: List of directories with the cacerts file
        ansible.builtin.shell: find /QOpenSys/QIBM/ProdData/JavaVM -name cacerts | awk '{print substr($0, 1, length($0)-7)}'
        register: _cacerts_dirs
      
      - name: importation 201707_PKI-GIE-DELEGUEE
        community.general.java_cert:
          cert_path: "{{ item }}201707_PKI-GIE-DELEGUEE.crt"
          keystore_path: "{{ item }}cacerts"
          keystore_pass: "changeit"
          cert_alias: "pki-gie-deleguee"
          state: present
        register: _import_cert
        loop: "{{ _cacerts_dirs.stdout_lines }}"

    Log with -vvv

    failed: [U3ANTA12] (item=/QOpenSys/QIBM/ProdData/JavaVM/jdk11/64bit/lib/security/) => {
        "ansible_loop_var": "item",
        "changed": false,
        "cmd": [
            "keytool",
            "-importcert",
            "-noprompt",
            "-keystore",
            "/QOpenSys/QIBM/ProdData/JavaVM/jdk11/64bit/lib/security/cacerts",
            "-file",
            "/QOpenSys/QIBM/ProdData/JavaVM/jdk11/64bit/lib/security/201707_PKI-GIE-DELEGUEE.crt",
            "-alias",
            "pki-gie-deleguee"
        ],
        "invocation": {
            "module_args": {
                "cert_alias": "pki-gie-deleguee",
                "cert_path": "/QOpenSys/QIBM/ProdData/JavaVM/jdk11/64bit/lib/security/201707_PKI-GIE-DELEGUEE.crt",
                "cert_port": 443,
                "cert_url": null,
                "executable": "keytool",
                "keystore_create": false,
                "keystore_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "keystore_path": "/QOpenSys/QIBM/ProdData/JavaVM/jdk11/64bit/lib/security/cacerts",
                "keystore_type": null,
                "pkcs12_alias": null,
                "pkcs12_password": null,
                "pkcs12_path": null,
                "state": "present",
                "trust_cacert": false
            }
        },
        "item": "/QOpenSys/QIBM/ProdData/JavaVM/jdk11/64bit/lib/security/",
        "msg": "",
        "rc": 1
    }



    ------------------------------
    Stephane VILLARD
    ------------------------------

    Original Message


Related Content