Those changes are related to some security fixes and various related
changes as a result of those fixes that came later, all aimed at preventing
unexpected argument insertion given untrusted data from remote hosts.
So {{ foo }} is a request to insert something into a line, the way you have
it above, and then ansible converts that into module arguments.
I have considered just undocumenting the "content" parameter -- we're
likely to do that -- as I think it leads to some confusing practices,
better served by "template" in most cases.
One of those examples is pushing an embedded shell script inside a
playbook, when it could have been done in a one-liner with the "script"
module.
If you think you can fix it and still keep the argument detection/parsing
in place, I'd be interested - but that's why it was closed with the reasons
given, and why I suggested how to avoid this.
The long form is also needed to pass structured data to modules, as is
shown with the ec2 examples.
On Sat, Sep 27, 2014 at 1:08 PM, Jeffrey Wong <[email protected]> wrote:
> Hi there!
>
> I noticed that ansible seemed to have done some updating with regards to
> multiline variables, and I'm a little confused about the way the variables
> are handled now.
>
> My use case comes from inserting private-key data into an encrypted yaml
> file via ansible-vault, and printing the contents via copy module's content
> directive. This worked great in 1.7.1, but with 1.7.2, it printed an extra
> newline between each line. Coincidentally, when I next deployed via ansible
> 1.7.2, my keys weren't working.
>
> The format is something like:
>
> group_vars/all.yml:
> key: |+
> -----BEGIN PRIVATE KEY----
> (private key)
> (private key)
> (private key)
> -----END PRIVATE KEY-----
>
> roles/tasks/main.yml:
> - copy: content="{{ key }}" dest="/etc/ssl/private/key"
>
> 1.7.1 (correct):
> -----BEGIN PRIVATE KEY----
> (private key)
> (private key)
> (private key)
> -----END PRIVATE KEY-----
>
> 1.7.2 (incorrect):
> -----BEGIN PRIVATE KEY----
>
> (private key)
>
> (private key)
>
> (private key)
>
> -----END PRIVATE KEY-----
>
>
> While looking through the github issues, there was a ticket that expressed
> exactly the issue I ran into:
> https://github.com/ansible/ansible/issues/9172
>
> And it was resolved by following the 'long' format from:
> https://github.com/ansible/ansible/issues/9067
>
> roles/tasks/main.yml (long format):
> -
> copy:
> content: "{{ key }}"
> dest: "/etc/ssl/private/key"
>
>
> However, these have since been closed as 'not a bug'.
>
> The way that multiline variables should not change no matter what format
> the user is using. I do not understand the difference between the two
> formats, why it should treat multiline variables differently, and how this
> is not a bug. Can someone shed some light on this issue?
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/2949f5ce-6f1b-40ec-bd79-1f2b83357e42%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/2949f5ce-6f1b-40ec-bd79-1f2b83357e42%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzR6WmMjUdVtj7Bj0w8fJZQqXFksKdvgP5vFdWx56qJVw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
