如何以正确的方式在 ansible playbook 中转义字符？

Question

My playbook intends to extends the LDAP schema by uploading a schema file. The command looks like this:

- name: LDAP extend schema
  copy: src={{ 'cn={10}subs.ldif' }} dest={{ '/opt/data/ldap/config/cn=config/cn=schema/cn={10}subs.ldif }} owner=joe group=joe mode=0600
  ignore_errors: True

As you can see, I {{eval}} the paths as \\escaping did not work. The schema is uploaded correctly but the playbook stops, I suppose it can't do the checksum test because it cant resolve the path. The error I get is the following:

fatal: [xx.domain.com] => failed to parse: Exception OSError: (2, 'No such file or directory', '/opt/data/ldap/config/cn=config/cn=schema/.ansible_tmp6XkGOucn={10}subs.ldif') in <bound method _TemporaryFileWrapper.__del__ of <closed file '<fdopen>', mode 'w+b' at 0x813660>> ignored
{"src": "/root/.ansible/tmp/ansible-tmp-1457985747.12-41932258379232/source", "md5sum": "651e7b60ebdcad75a95a5ff8e91695a8", "group": "joe", "uid": 498, "dest": "/opt/data/ldap/config/cn=config/cn=schema/cn={11}subs.ldif", "changed": true, "state": "file", "gid": 498, "secontext": "system_u:object_r:usr_t:s0", "mode": "0600", "owner": "joe", "size": 2481}

FATAL: all hosts have already failed -- aborting

I've done some googling and it appears that this is NOT a bug, here is a similar issue: https://github.com/ansible/ansible/issues/8032

I suppose I am doing it all wrong and there is some trivial way to pass escapable characters as src and dest to anisble's copy module but I failed to find out what that would be.

Answer 1

I'm not sure which characters you exactly wanted to escape but I suppose it's the equal signs.

The task you posted throws a parser error in Ansible 2 so I also suppose you run Ansible 1.x since you get something different.

Unexpected Exception: error while splitting arguments, either an unbalanced jinja2 block or quotes

Given my fist assumption is correct you can easily solve the escaping issue with not using the key=value notation but proper YAML syntax.

- name: LDAP extend schema
  copy:
    src: cn={10}subs.ldif
    dest: /opt/data/ldap/config/cn=config/cn=schema/cn={10}subs.ldif
    owner: joe
    group: joe

^{_{Also has the small side effect that it actually is readable. ;-)}}

This works with Ansible 2. If that does not work with your Ansible version I don't know if you can't be helped without upgrading Ansible. Because this part of the error message:

/opt/data/ldap/config/cn=config/cn=schema/ .ansible_tmp6XkGOu cn={10}subs.ldif

shows it is injecting a unique string into the filename, which usually does not happen in the middle. So I guess it has issues with some special characters in filenames. This might be true for Ansible 1 no matter how you defined the task (YAML or k=v)

A workaround would be to copy the file into place with a different name and then to simply move it to the desired location with a shell task. That should work independent of the Ansible version.

- name: LDAP extend schema
  copy:
    src: cn={10}subs.ldif
    dest: /tmp/ldap.extension
    owner: joe
    group: joe
  register: extension

- shell: "mv /tmp/ldap.extension /opt/data/ldap/config/cn=config/cn=schema/cn={10}subs.ldif"
  when: extension | changed
  creates: /opt/data/ldap/config/cn=config/cn=schema/cn={10}subs.ldif
  removes: /tmp/ldap.extension

But it also is ugly...