[ansible-project] Re: Escaping special characters inside variable?

[Dan Vaida]

When you say you're sure, is that because you tried 'debug: var=result'?

Furthermore, are you doing something else with Postgres' port in your 
iptables rule? If not, simply remove the first task and then in the second 
task, remove everything before '-p\ tcp...' from the regexp and you should 
be fine.
Regardless, you should be fine with only the lineinfile task. You can 
achieve true idempotence with a proper regexp.

Personally, I would set the rules through an Ansible template.

On Tuesday, 25 November 2014 18:02:56 UTC+1, John Oliver wrote:
>
> - name: Check if postgres is already allowed via IPv4
>   shell: grep '^-A\ INPUT\ -s\ {{roundcube_host}}\ -p\ tcp\ -m\ state\ 
> --state\ NEW\ -m\ tcp\ --dport\ 5432\ -j\ ACCEPT' /etc/sysconfig/iptables 
> >/dev/null 2>&1
>   ignore_errors: true
>   register: result
>
> - name: Allow incoming IPv4 PostGreSQL connections through iptables
>   lineinfile: dest=/etc/sysconfig/iptables
>               regexp='^-A\ INPUT\ -s\ {{roundcube_host}}\ -p\ tcp\ -m\ 
> state\ --state\ NEW\ -m\ tcp\ --dport\ 5432\ -j\ ACCEPT'
>               insertbefore='^-A\ INPUT\ -j\ LOGGING'
>               line="-A INPUT -s {{roundcube_host}} -p tcp -m state --state 
> NEW -m tcp --dport 5432 -j ACCEPT"
>   when: result|failed
>   notify: Restart iptables
>
>
> My test will always fail because I'm sure it's trying to evaluate the 
> {{roundcube_host}} variable without escaping the periods in the IP address.
>
> I could write a sed recipe that will read out {{roundcube_host}}, insert 
> backslashes before dots, and write that to a new variable.  But has this 
> wheel already been invented?  I can assume the presence of tools like sed 
> on the target host, but not on the host that's running the playbook.  And 
> it's possible that the playbook might be run from either a GNU or BSD 
> system, and a recipe I write for one might not work with the other.  It 
> seems a little messy to send this to the remote host for operations and 
> bring the result back :-)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d5aa09fc-3795-4767-873c-8198411150f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.