Is it showing up in your sshd_config file or just in the display of what each item was?
-Toshio On Fri, May 4, 2018, 8:55 AM <[email protected]> wrote: > I'm trying to use the replace module to update SSL ciphers and seem to be > running into a Unicode issue. > > The code: > > --- > - hosts: all > gather_facts: False > become: True > vars: > text_for_EL6: > - { regexp: '^KexAlgorithms', line: 'KexAlgorithms > diffie-hellman-group-exchange-sha256' } > - { regexp: '^MACs', line: 'MACs hmac-sha2-512,hmac-sha2-256' } > - { regexp: '^Ciphers', line: 'Ciphers > aes256-ctr,aes192-ctr,aes128-ctr' } > text_for_EL7: > - { regexp: '^KexAlgorithms', line: 'KexAlgorithms > [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256' > } > - { regexp: '^Ciphers', line: 'Ciphers [email protected] > ,[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr' > } > - { regexp: '^MACs', line: 'MACs [email protected], > [email protected],[email protected] > ,hmac-sha2-512,hmac-sha2-256,[email protected]' } > > tasks: > - name: check and store ssh version > shell: rpm -qa openssh > register: ssh_version_result > > - name: Set ciphers for EL6 - OpenSSL 5.3 > replace: > backup: yes > path: /etc/ssh/sshd_config > regexp: '{{ item.regexp }}' > replace: '{{ item.line }}' > when: ssh_version_result.stdout.find('openssh-5') != -1 > with_items: > - "{{text_for_EL6}}" > notify: restart sshd > > - name: Set ciphers for EL7 - OpenSSL > 6.7 > replace: > backup: yes > path: /etc/ssh/sshd_config > regexp: '{{ item.regexp }}' > replace: '{{ item.line }}' > when: ssh_version_result.stdout.find('openssh-7') != -1 > with_items: > - "{{text_for_EL7}}" > notify: restart sshd > > handlers: > - name: restart sshd > service: name=sshd state=restarted > ... > > The result: > > $ ansible-playbook update_sshd_ciphers.yml --limit my_server > SUDO password: > > PLAY [all] > ******************************************************************************************************************************************************************************************************************************** > > TASK [check ssh versions] > ***************************************************************************************************************************************************************************************************************** > [WARNING]: Consider using yum, dnf or zypper module rather than running > rpm > > changed: [my_server] > > TASK [Set ciphers for EL6 - OpenSSL 5.3] > ************************************************************************************************************************************************************************************************** > skipping: [my_server] => (item={u'regexp': u'^KexAlgorithms', u'line': > u'KexAlgorithms diffie-hellman-group-exchange-sha256'}) > skipping: [my_server] => (item={u'regexp': u'^MACs', u'line': u'MACs > hmac-sha2-512,hmac-sha2-256'}) > skipping: [my_server] => (item={u'regexp': u'^Ciphers', u'line': > u'Ciphers aes256-ctr,aes192-ctr,aes128-ctr'}) > > TASK [Set ciphers for EL7 - OpenSSL > 6.7] > ************************************************************************************************************************************************************************************************ > ok: [my_server] => (item={u'regexp': u'^KexAlgorithms', u'line': > u'KexAlgorithms [email protected] > ,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256'}) > ok: [my_server] => (item={u'regexp': u'^Ciphers', u'line': u'Ciphers > [email protected],[email protected], > [email protected],aes256-ctr,aes192-ctr,aes128-ctr'}) > ok: [my_server] => (item={u'regexp': u'^MACs', u'line': u'MACs > [email protected],[email protected], > [email protected],hmac-sha2-512,hmac-sha2-256,[email protected] > '}) > > PLAY RECAP > ******************************************************************************************************************************************************************************************************************************** > my_server : ok=2 changed=1 unreachable=0 > failed=0 > > I am not certain but I think the prepended 'u' is the problem. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/2cd76763-1ad7-4aed-9143-ade59f9d649c%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/2cd76763-1ad7-4aed-9143-ade59f9d649c%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPrnkaTtOEEH48U-9Tj86iK7b%2BiSpnsYP4%3Dz9cW2KXMAouF%2BYA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
