Re: [ansible-project] Re: Template format error: YAML not well-formed.

[Kishore Ponniah]

Please find my code below: I checked the code using YAML validator and 
looks like it is valid. But still complaining about Line 12 column 6.

Any help please?

---
# This playbook builds IAM infrastructure in all configured accounts
- name: Install/Update RXGT Identity account CF templates
hosts: infrastructure
tasks:

- name: Install/Update RXGT PS cross account CF templates
hosts: infrastructure
tasks:
# Support using STS temporary creds (optional)
# See readme.md
- name: get sts session token
sts_session_token:
duration_seconds: "{{ sts_session_duration | default(3600) }}"
# Support role policy with mandatory MFA
mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
register: sts_session_token
when: with_sts
tags:
rxgt-ps-identity-stack-deploy

- name: retrieve sts credentials
set_fact:
sts_access_key: "{{ sts_session_token.sts_creds.access_key }}"
sts_secret_key: "{{ sts_session_token.sts_creds.secret_key }}"
sts_session_token: "{{ sts_session_token.sts_creds.session_token }}"
when: with_sts
tags:
rxgt-ps-identity-stack-deploy

- name: debug role arns
debug:
msg: "Assuming role: {{ account_config.sts_role_arn }}"
verbosity: 1
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract', 
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
tags:
rxgt-ps-identity-stack-deploy

- name: assume cross account roles
sts_assume_role:
role_arn: "{{ account_config.sts_role_arn }}"
role_session_name: "ansibledeploy"
duration_seconds: "{{ sts_session_duration | default(3600) }}"
# Use STS temporary creds or fallback to aws cli/boto creds - see readme.md
aws_access_key: "{{ sts_access_key | default(omit) }}"
aws_secret_key: "{{ sts_secret_key | default(omit) }}"
security_token: "{{ sts_session_token | default(omit) }}"
# Support role policy with mandatory MFA
mfa_serial_number: "{{ sts_mfa_serial_number | default(omit) }}"
mfa_token: "{{ sts_mfa_token | default(omit) }}"
loop: "{{ rxgt_identity_account['deploy_accounts']|map('extract', 
rxgt_identity_account['account_config'])|list }}"
loop_control:
loop_var: account_config
label: "{{ account_config.sts_role_arn }}"
# 
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#using-register-with-a-loop
register: assumed_roles_with_account_config
tags:
rxgt-ps-identity-stack-deploy

- name: create rxgt-ps-cross-account-iam-atlas-developer-roles changeset
cloudformation:
stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
state: present
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
create_changeset: true
changeset_name: "{{ cf_changeset_name }}"
# Don't pass the cd-deploy-role to CF due to [possible privilege 
escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
# for anyone able to perform stack updates.
# role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
template_url: 
"https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
template_parameters: "{{ 
account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
 
}}" 
termination_protection: no
tags: "{{ global_tags | 
combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags,
 
recursive=True) }}"
# Convert to a list of dicts duplicated per region. See 
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
loop: "{{ 
assumed_roles_with_account_config.results|subelements('account_config.regions', 
skip_missing=True) }}"
loop_control:
loop_var: account_config
label: "{{ account_config.0.account_config.account_alias }}:{{ 
account_config.1 }}"
tags:
rxgt-ps-identity-stack-deploy

- name: create rxgt-ps-cross-account-iam-atlas-developer-roles stack
cloudformation:
stack_name: "rxgt-ps-cross-account-iam-atlas-developer-roles"
state: present
region: "{{ account_config.1 }}"
aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
security_token: "{{ account_config.0.sts_creds.session_token }}"
create_changeset: false
changeset_name: "{{ cf_changeset_name }}"
# Don't pass the cd-deploy-role to CF due to [possible privilege 
escalation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
# for anyone able to perform stack updates.
# role_arn: "{{ account_config.0.account_config.pass_role_arn }}"
template_url: 
"https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx/rxgt-ps-cross-account-iam-atlas-developer-roles.yaml";
template_parameters: "{{ 
account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].params
 
}}" 
termination_protection: no
tags: "{{ global_tags | 
combine(account_config.0.account_config.stacks['rxgt-ps-cross-account-iam-atlas-developer-roles'].override_tags,
 
recursive=True) }}"
# Convert to a list of dicts duplicated per region. See 
https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
loop: "{{ 
assumed_roles_with_account_config.results|subelements('account_config.regions', 
skip_missing=True) }}"
loop_control:
loop_var: account_config
label: "{{ account_config.0.account_config.account_alias }}:{{ 
account_config.1 }}"
when: with_stack_deploy
tags:
rxgt-ps-identity-stack-deploy

On Tuesday, January 8, 2019 at 1:37:43 AM UTC, goforawalktwice wrote:
>
> ooops ... the error was due to me copy/paste formatting - the second 
> '-name' got indented too far - fixing that indentation makes it valid YAML 
> according to that site
>
>
> On Tuesday, January 8, 2019 at 2:04:24 PM UTC+13, Karl Auer wrote:
>>
>> What is the problem that it reports on line 22?
>>
>> When posting code, please post in a fixed-width font if you can. Makes it 
>> easier to check indentation.
>>
>> Regards, K.
>>
>>
>> On Tue, Jan 8, 2019 at 11:58 AM goforawalktwice <straff...@gmail.com> 
>> wrote:
>>
>>> hi, when I paste that YAML to 
>>>
>>> https://jsonformatter.org/yaml-validator
>>>
>>> it reckons line 22 is a problem - the second -name entry. When I remove 
>>> from line 22 down it reckons it's valid YAML.
>>>
>>> Regards, Straff
>>>
>>>
>>>
>>> On Tuesday, January 8, 2019 at 5:34:25 AM UTC+13, Kishore Ponniah wrote:
>>>>
>>>> Hi all,
>>>>
>>>> My cloudformation template has exceeded the template body limit more 
>>>> than 51200 bytes and I am trying to upload to s3 and deploy using cross 
>>>> account. I used template_url parameter in the playbook but giving an 
>>>> error. 
>>>> Before adding template_url, I had template_body which was working fine. I 
>>>> have only replaced template_body to template_url. 
>>>>
>>>> Please find the playbook below: 
>>>>
>>>>     - name: create xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles 
>>>> changeset
>>>>       cloudformation:
>>>>         stack_name: "xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles"
>>>>         state: present
>>>>         region: "{{ account_config.1 }}"
>>>>         aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
>>>>         aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
>>>>         security_token: "{{ account_config.0.sts_creds.session_token }}"
>>>>         create_changeset: true
>>>>         changeset_name: "{{ cf_changeset_name }}"
>>>>         template_url: "
>>>> https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/cloudformation/xxxxxxx/xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles.yaml
>>>> "
>>>>         template_parameters: "{{ 
>>>> account_config.0.account_config.stacks[' 
>>>> xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].params 
>>>> }}"        
>>>>         termination_protection: no
>>>>         tags: "{{ global_tags | 
>>>> combine(account_config.0.account_config.stacks[' 
>>>> xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].override_tags, 
>>>> recursive=True) }}"
>>>>       loop: "{{ 
>>>> assumed_roles_with_account_config.results|subelements('account_config.regions',
>>>>  
>>>> skip_missing=True) }}"
>>>>       loop_control:
>>>>         loop_var: account_config
>>>>         label: "{{ account_config.0.account_config.account_alias }}:{{ 
>>>> account_config.1 }}"
>>>>       tags:
>>>>         rxgt-ps-identity-stack-deploy
>>>>
>>>>     - name: create xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles stack
>>>>       cloudformation:
>>>>         stack_name: "xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles"
>>>>         state: present
>>>>         region: "{{ account_config.1 }}"
>>>>         aws_access_key: "{{ account_config.0.sts_creds.access_key }}"
>>>>         aws_secret_key: "{{ account_config.0.sts_creds.secret_key }}"
>>>>         security_token: "{{ account_config.0.sts_creds.session_token }}"
>>>>         create_changeset: false
>>>>         changeset_name: "{{ cf_changeset_name }}"
>>>>         template_url: "
>>>> https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/cloudformation/xxxxxxx/xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles.yaml
>>>> "
>>>>         template_parameters: "{{ 
>>>> account_config.0.account_config.stacks['xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].params
>>>>  
>>>> }}"        
>>>>         termination_protection: no
>>>>         tags: "{{ global_tags | 
>>>> combine(account_config.0.account_config.stacks['xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles'].override_tags,
>>>>  
>>>> recursive=True) }}"
>>>>       # Convert to a list of dicts duplicated per region. See 
>>>> https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
>>>>       loop: "{{ 
>>>> assumed_roles_with_account_config.results|subelements('account_config.regions',
>>>>  
>>>> skip_missing=True) }}"
>>>>       loop_control:
>>>>         loop_var: account_config
>>>>         label: "{{ account_config.0.account_config.account_alias }}:{{ 
>>>> account_config.1 }}"
>>>>       when: with_stack_deploy
>>>>       tags:
>>>>         rxgt-ps-identity-stack-deploy
>>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ansible-proje...@googlegroups.com.
>>> To post to this group, send email to ansible...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/ansible-project/c8fce4d7-b3f2-4495-9604-d554187f7ea0%40googlegroups.com
>>>  
>>> <https://groups.google.com/d/msgid/ansible-project/c8fce4d7-b3f2-4495-9604-d554187f7ea0%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>> -- 
>> Karl Auer
>>
>> Email  : ka...@2pisoftware.com
>> Website: http://2pisoftware.com
>>
>> GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
>> Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/28a0aea4-ce8c-4d6a-bda8-e33824808a19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.