[ansible-project] ansible replace with_items prepends the letter 'u'

[expectant . sprite]

I'm trying to use the replace module to update SSL ciphers and seem to be 
running into a Unicode issue. 

The code:

---
- hosts: all
  gather_facts: False
  become: True
  vars:
    text_for_EL6:
      - { regexp: '^KexAlgorithms', line: 'KexAlgorithms 
diffie-hellman-group-exchange-sha256' }
      - { regexp: '^MACs', line: 'MACs hmac-sha2-512,hmac-sha2-256' }
      - { regexp: '^Ciphers', line: 'Ciphers 
aes256-ctr,aes192-ctr,aes128-ctr' }
    text_for_EL7:
      - { regexp: '^KexAlgorithms', line: 'KexAlgorithms 
curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256'
 
}
      - { regexp: '^Ciphers', line: 'Ciphers 
chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
 
}
      - { regexp: '^MACs', line: 'MACs 
hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-...@openssh.com'
 
}

  tasks:
  - name: check and store ssh version
    shell: rpm -qa openssh
    register: ssh_version_result

  - name: Set ciphers for EL6 - OpenSSL 5.3
    replace:
      backup: yes
      path: /etc/ssh/sshd_config
      regexp: '{{ item.regexp }}'
      replace: '{{ item.line }}'
    when: ssh_version_result.stdout.find('openssh-5') != -1
    with_items:
      - "{{text_for_EL6}}"
    notify: restart sshd

  - name: Set ciphers for EL7 - OpenSSL > 6.7
    replace:
      backup: yes
      path: /etc/ssh/sshd_config
      regexp: '{{ item.regexp }}'
      replace: '{{ item.line }}'
    when: ssh_version_result.stdout.find('openssh-7') != -1
    with_items:
      - "{{text_for_EL7}}"
    notify: restart sshd

  handlers:
  - name: restart sshd
    service: name=sshd state=restarted
...

The result:

$ ansible-playbook update_sshd_ciphers.yml --limit my_server
SUDO password:

PLAY [all] 
********************************************************************************************************************************************************************************************************************************

TASK [check ssh versions] 
*****************************************************************************************************************************************************************************************************************
 [WARNING]: Consider using yum, dnf or zypper module rather than running rpm

changed: [my_server]

TASK [Set ciphers for EL6 - OpenSSL 5.3] 
**************************************************************************************************************************************************************************************************
skipping: [my_server] => (item={u'regexp': u'^KexAlgorithms', u'line': 
u'KexAlgorithms diffie-hellman-group-exchange-sha256'})
skipping: [my_server] => (item={u'regexp': u'^MACs', u'line': u'MACs 
hmac-sha2-512,hmac-sha2-256'})
skipping: [my_server] => (item={u'regexp': u'^Ciphers', u'line': u'Ciphers 
aes256-ctr,aes192-ctr,aes128-ctr'})

TASK [Set ciphers for EL7 - OpenSSL > 6.7] 
************************************************************************************************************************************************************************************************
ok: [my_server] => (item={u'regexp': u'^KexAlgorithms', u'line': 
u'KexAlgorithms 
curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256'})
ok: [my_server] => (item={u'regexp': u'^Ciphers', u'line': u'Ciphers 
chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'})
ok: [my_server] => (item={u'regexp': u'^MACs', u'line': u'MACs 
hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-...@openssh.com'})

PLAY RECAP 
********************************************************************************************************************************************************************************************************************************
my_server                  : ok=2    changed=1    unreachable=0    failed=0

I am not certain but I think the prepended 'u' is the problem. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2cd76763-1ad7-4aed-9143-ade59f9d649c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.