如何解决“需要PyOpenSSL> = 16.0.0生成公共密钥”

时间:2019-02-11 15:11:04

标签: ansible public-key pyopenssl

我被Ansible的openssl_publickey模块生成公共密钥的错误所制止。 该系统由具有RHEL 7.5 + Ansible 2.5的计算机和其他具有相同操作系统的计算机,python 2.7,pyOpenSSL == 17.5.0,OpenSSL 1.0.2k-fips(2017年1月26日)组成。 剧本涉及的部分是(特别是“生成公共密钥”任务):

- name: "make sure the {{ certs_dir }} is present"
  file:
    state: directory
    path: "{{ certs_dir }}"
    owner: ansible
    group: root
    mode: 0755

- name: "create dir for certificates to be signed"
  file:
    state: directory
    path: "{{ clients_certs_sign_req_dir }}"
    owner: ansible
    group: root
    mode: 0755
  delegate_to: localhost

- name: "generate private key"
  openssl_privatekey:
    path: "{{ certs_dir }}/{{item}}.pem"
    size: 2048
    type: RSA
    state: present
    mode: 0644
  with_items: "{{ inventory_hostname }}"

- name: "generate public key"
  openssl_publickey:
    path: "{{ certs_dir }}/{{item}}_pub.pem"
    privatekey_path: "{{ certs_dir }}/{{item}}.pem"
    format: PEM
    force: yes
    state: present
    mode: 0644
  with_items: "{{ inventory_hostname }}"

- name: "generate certificate signing request for host"
  openssl_csr:
    path: "{{ certs_dir }}/{{item}}-cert-file.csr"
    privatekey_path: "{{ certs_dir }}/{{item}}.pem"
    country_name: "{{ca_country}}"
    organization_name: "{{ca_organization}}"
    common_name: "{{item}}"  
    subject_alt_name: "{{ host_san }}"
  with_items: "{{ inventory_hostname }}"

错误是:

The full traceback is:
  File "/tmp/ansible_S8LwIJ/ansible_module_openssl_publickey.py", line 289, in main
    public_key.generate(module)
  File "/tmp/ansible_S8LwIJ/ansible_module_openssl_publickey.py", line 195, in generate
    raise PublicKeyError('You need to have PyOpenSSL>=16.0.0 to generate public keys')

failed: [node02] (item=node02) => {
    "changed": false,
    "invocation": {
        "module_args": {
            "attributes": null,
            "backup": null,
            "content": null,
            "delimiter": null,
            "directory_mode": null,
            "follow": false,
            "force": true,
            "format": "PEM",
            "group": null,
            "mode": 420,
            "owner": null,
            "path": "/usr/share/ca-certs/node02_pub.pem",
            "privatekey_passphrase": null,
            "privatekey_path": "/usr/share/ca-certs/node02.pem",
            "regexp": null,
            "remote_src": null,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "present",
            "unsafe_writes": null
        }
    },
    "item": "node02",
    "msg": "You need to have PyOpenSSL>=16.0.0 to generate public keys"

有什么主意吗?作为最后一次机会,我想直接用openssl生成公钥,但是我不太喜欢这种混合方式。 谢谢 罗布

0 个答案:

没有答案
相关问题
最新问题