I'm trying to use puppet to edit the weblogic config.xml file for finalizing the SSL configuration part.
Below the starting weblogic config.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<domain ...
...
<server>
<name>AdminServer</name>
<ssl>
<name>AdminServer</name>
<enabled>true</enabled>
<listen-port>7336</listen-port>
</ssl>
Below what I need to get:
<?xml version="1.0" encoding="UTF-8"?>
<domain ...
...
<server>
<name>AdminServer</name>
<ssl>
<name>AdminServer</name>
<enabled>true</enabled>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>false</hostname-verification-ignored>
<client-certificate-enforced>false</client-certificate-enforced>
<listen-port>7336</listen-port>
<two-way-ssl-enabled>true</two-way-ssl-enabled>
<server-private-key-alias>...alias...</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>...key-pass-phrase... </server-private-key-pass-phrase-encrypted>
</ssl>
Below my puppet code:
augeas { "ssl_config_${instance}":
lens => "Xml.lns",
require => File["${config_instance}"],
incl => "${config_instance}",
changes => [
"set domain/server/ssl/hostname-verifier/#attribute/xsi:nil true",
"set domain/server/ssl/hostname-verification-ignored/#text false",
"set domain/server/ssl/client-certificate-enforced/#text false",
"set domain/server/ssl/two-way-ssl-enabled/#text true",
"set domain/server/ssl/server-private-key-alias/#text ${server_private_key_alias}",
"set domain/server/ssl/server-private-key-pass-phrase-encrypted/#text ${server_private_key_pass_phrase}",
],
}
Below what I get:
...
<ssl>
<name>AdminServer</name>
<enabled>true</enabled>
<listen-port>7336</listen-port>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>false</hostname-verification-ignored>
<client-certificate-enforced>false</client-certificate-enforced>
<two-way-ssl-enabled>true</two-way-ssl-enabled>
<server-private-key-alias>default</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>...key-pass-phrase...
</server-private-key-pass-phrase-encrypted>
</ssl>
as you can see the nodes are added after the last node but in this way we are invalidating the schema.
Is there any way to specify in which position the new nodes should be added ?
Thanks in advance for any feedback Regards ferp
You will have to use
ins ... before/after ...
, combined with anonlyif
, which is not very practical as in general you'll need at least two resources per value you want to set (one with aset
command, another withins
). There are examples like this in the documentation.