Hello all,

I have a task that need to run the command below:

ipa dnsrecord-add idm.example.com cluster --a-rec={,}

The problem is that the IPA and ansible both use the "{" character.  I
have attempted to escape one of the "{" with a back slash, and ansible
is fine with that, but then the resulting command isn't valid as far
as IPA server is concerned.

How would you guys go about resolving this?  This is what I am seeing.

# please read this.

    - name: Create a DNS FQDN that will be shared by both active and
replica systems

      shell: ipa dnsrecord-add eng.example.com {{service_username}}
--a-rec=[{{  cluster_IP|join(",") }}]

      delegate_to: "{{ipa_server}}"


         - svn_load_balancing_1

TASK [svn : Create a DNS FQDN that will be shared by both active and
replica systems]

task path: /etc/ansible/roles/svn/tasks/main.yml:193

fatal: [temp20.eng.example.com]: FAILED! => {

    "failed": true,

    "msg": "template error while templating string: expected token
':', got '}'. String: ipa dnsrecord-add eng.example.com
{{service_username}} --a-rec={{{  cluster_IP|join(\",\") }}}"


        to retry, use: --limit @/etc/ansible/site.retry


temp20.eng.example.com  : ok=3    changed=0    unreachable=0    failed=1

tion": {"module_args": {"warn": true, "executable": null,
"_uses_shell": true, "_raw_params": "ipa dnsrecord-add eng.example.com
temp30 --a-rec=[,]", "removes": null,
"creates": null, "chdir": null}}, "warnings": []}\r\n', 'Shared
connection to lithium.eng.example.com closed.\r\n')

fatal: [temp20.eng.example.com -> lithium.eng.example.com]: FAILED! => {

    "changed": true,

    "cmd": "ipa dnsrecord-add eng.example.com temp30

    "delta": "0:00:02.067984",

    "end": "2018-03-10 10:25:17.970547",

    "failed": true,

    "invocation": {

        "module_args": {

            "_raw_params": "ipa dnsrecord-add eng.example.com temp30

            "_uses_shell": true,

            "chdir": null,

            "creates": null,

            "executable": null,

            "removes": null,

            "warn": true



    "rc": 1,

    "start": "2018-03-10 10:25:15.902563",

    "stderr": "ipa: ERROR: invalid 'ip_address': invalid IP address format",

    "stderr_lines": [

        "ipa: ERROR: invalid 'ip_address': invalid IP address format"


    "stdout": "",

    "stdout_lines": []


        to retry, use: --limit @/etc/ansible/site.retry


