mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-07-16 08:54:41 +00:00
fix: Update SSL handling in MySQL automation scripts (#17048)
Co-authored-by: wangruidong <940853815@qq.com>
This commit is contained in:
@@ -3,7 +3,8 @@
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ local_python_interpreter }}"
|
||||
db_name: "{{ jms_asset.spec_info.db_name }}"
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
use_ssl: "{{ jms_asset.spec_info.use_ssl }}"
|
||||
check_hostname: "{{ not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
|
||||
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
|
||||
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
|
||||
@@ -15,10 +16,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
filter: version
|
||||
register: db_info
|
||||
|
||||
@@ -32,10 +33,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
name: "{{ account.username }}"
|
||||
host: "%"
|
||||
plugin: "{{ 'caching_sha2_password' if ('MariaDB' not in db_info.version.full and (db_info.version.full is version('8.0', '>='))) else omit }}"
|
||||
@@ -52,9 +53,9 @@
|
||||
login_password: "{{ account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
filter: version
|
||||
when: check_conn_after_change
|
||||
when: check_conn_after_change
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
gather_facts: no
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ local_python_interpreter }}"
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
use_ssl: "{{ jms_asset.spec_info.use_ssl }}"
|
||||
check_hostname: "{{ not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
|
||||
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
|
||||
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
|
||||
@@ -14,10 +15,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
filter: users
|
||||
register: db_info
|
||||
|
||||
|
||||
@@ -3,7 +3,8 @@
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ local_python_interpreter }}"
|
||||
db_name: "{{ jms_asset.spec_info.db_name }}"
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
use_ssl: "{{ jms_asset.spec_info.use_ssl }}"
|
||||
check_hostname: "{{ not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
|
||||
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
|
||||
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
|
||||
@@ -15,10 +16,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
filter: version
|
||||
register: db_info
|
||||
|
||||
@@ -32,10 +33,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
name: "{{ account.username }}"
|
||||
host: "%"
|
||||
plugin: "{{ 'caching_sha2_password' if ('MariaDB' not in db_info.version.full and (db_info.version.full is version('8.0', '>='))) else omit }}"
|
||||
@@ -52,9 +53,9 @@
|
||||
login_password: "{{ account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
filter: version
|
||||
when: check_conn_after_change
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
gather_facts: no
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ local_python_interpreter }}"
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
use_ssl: "{{ jms_asset.spec_info.use_ssl }}"
|
||||
check_hostname: "{{ not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
|
||||
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
|
||||
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
|
||||
@@ -14,9 +15,9 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
name: "{{ account.username }}"
|
||||
state: absent
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
gather_facts: no
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ local_python_interpreter }}"
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
use_ssl: "{{ jms_asset.spec_info.use_ssl }}"
|
||||
check_hostname: "{{ not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
|
||||
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
|
||||
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
|
||||
@@ -14,8 +15,8 @@
|
||||
login_password: "{{ account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
filter: version
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
gather_facts: no
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ local_python_interpreter }}"
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
use_ssl: "{{ jms_asset.spec_info.use_ssl }}"
|
||||
check_hostname: "{{ not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
|
||||
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
|
||||
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
|
||||
@@ -14,10 +15,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
filter: version
|
||||
register: db_info
|
||||
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
gather_facts: no
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ local_python_interpreter }}"
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
use_ssl: "{{ jms_asset.spec_info.use_ssl }}"
|
||||
check_hostname: "{{ not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
|
||||
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
|
||||
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
|
||||
@@ -15,8 +16,8 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
|
||||
check_hostname: "{{ check_hostname if use_ssl else omit }}"
|
||||
ca_cert: "{{ ca_cert if use_ssl and ca_cert | length > 0 else omit }}"
|
||||
client_cert: "{{ ssl_cert if use_ssl and ssl_cert | length > 0 else omit }}"
|
||||
client_key: "{{ ssl_key if use_ssl and ssl_key | length > 0 else omit }}"
|
||||
filter: version
|
||||
|
||||
Reference in New Issue
Block a user