[ansible-project] Re: ansible replace with_items prepends the letter 'u'

[expectant . sprite]

I'm not sure what I was thinking but this has nothing to do with the 'u' - 
the code is working just as expected since these lines do not yet exist. 
What I needed to use was lineinfile, not replace. Changes highlighted below 
and it's working now.
 

> ---
> - hosts: all
>   gather_facts: False
>   become: True
>   vars:
> text_for_EL6:
>   - { regexp: '^KexAlgorithms', line: 'KexAlgorithms 
> diffie-hellman-group-exchange-sha256' }
>   - { regexp: '^MACs', line: 'MACs hmac-sha2-512,hmac-sha2-256' }
>   - { regexp: '^Ciphers', line: 'Ciphers 
> aes256-ctr,aes192-ctr,aes128-ctr' }
> text_for_EL7:
>   - { regexp: '^KexAlgorithms', line: 'KexAlgorithms 
> curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256'
>  
> }
>   - { regexp: '^Ciphers', line: 'Ciphers chacha20-poly1...@openssh.com
> ,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
>  
> }
>   - { regexp: '^MACs', line: 'MACs hmac-sha2-512-...@openssh.com,
> hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com
> ,hmac-sha2-512,hmac-sha2-256,umac-...@openssh.com' }
>
>   tasks:
>   - name: check and store ssh version
> shell: rpm -qa openssh
> register: ssh_version_result
>
>   - name: Set ciphers for EL6 - OpenSSL 5.3
> lineinfile:
>   backup: yes
>   path: /etc/ssh/sshd_config
>   regexp: '{{ item.regexp }}'
>   line: '{{ item.line }}'
> when: ssh_version_result.stdout.find('openssh-5') != -1
> with_items:
>   - "{{text_for_EL6}}"
> notify: restart sshd
>
>   - name: Set ciphers for EL7 - OpenSSL > 6.7
> lineinfile:
>   backup: yes
>   path: /etc/ssh/sshd_config
>   regexp: '{{ item.regexp }}'
>   line: '{{ item.line }}'
> when: ssh_version_result.stdout.find('openssh-7') != -1
> with_items:
>   - "{{text_for_EL7}}"
> notify: restart sshd
>
>   handlers:
>   - name: restart sshd
> service: name=sshd state=restarted
> ...
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/62adf586-438e-4543-8776-34253f18eb45%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible replace with_items prepends the letter 'u'

[expectant . sprite]

I'm trying to use the replace module to update SSL ciphers and seem to be 
running into a Unicode issue. 

The code:

---
- hosts: all
  gather_facts: False
  become: True
  vars:
text_for_EL6:
  - { regexp: '^KexAlgorithms', line: 'KexAlgorithms 
diffie-hellman-group-exchange-sha256' }
  - { regexp: '^MACs', line: 'MACs hmac-sha2-512,hmac-sha2-256' }
  - { regexp: '^Ciphers', line: 'Ciphers 
aes256-ctr,aes192-ctr,aes128-ctr' }
text_for_EL7:
  - { regexp: '^KexAlgorithms', line: 'KexAlgorithms 
curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256'
 
}
  - { regexp: '^Ciphers', line: 'Ciphers 
chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
 
}
  - { regexp: '^MACs', line: 'MACs 
hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-...@openssh.com'
 
}

  tasks:
  - name: check and store ssh version
shell: rpm -qa openssh
register: ssh_version_result

  - name: Set ciphers for EL6 - OpenSSL 5.3
replace:
  backup: yes
  path: /etc/ssh/sshd_config
  regexp: '{{ item.regexp }}'
  replace: '{{ item.line }}'
when: ssh_version_result.stdout.find('openssh-5') != -1
with_items:
  - "{{text_for_EL6}}"
notify: restart sshd

  - name: Set ciphers for EL7 - OpenSSL > 6.7
replace:
  backup: yes
  path: /etc/ssh/sshd_config
  regexp: '{{ item.regexp }}'
  replace: '{{ item.line }}'
when: ssh_version_result.stdout.find('openssh-7') != -1
with_items:
  - "{{text_for_EL7}}"
notify: restart sshd

  handlers:
  - name: restart sshd
service: name=sshd state=restarted
...

The result:

$ ansible-playbook update_sshd_ciphers.yml --limit my_server
SUDO password:

PLAY [all] 


TASK [check ssh versions] 
*
 [WARNING]: Consider using yum, dnf or zypper module rather than running rpm

changed: [my_server]

TASK [Set ciphers for EL6 - OpenSSL 5.3] 
**
skipping: [my_server] => (item={u'regexp': u'^KexAlgorithms', u'line': 
u'KexAlgorithms diffie-hellman-group-exchange-sha256'})
skipping: [my_server] => (item={u'regexp': u'^MACs', u'line': u'MACs 
hmac-sha2-512,hmac-sha2-256'})
skipping: [my_server] => (item={u'regexp': u'^Ciphers', u'line': u'Ciphers 
aes256-ctr,aes192-ctr,aes128-ctr'})

TASK [Set ciphers for EL7 - OpenSSL > 6.7] 

ok: [my_server] => (item={u'regexp': u'^KexAlgorithms', u'line': 
u'KexAlgorithms 
curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256'})
ok: [my_server] => (item={u'regexp': u'^Ciphers', u'line': u'Ciphers 
chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'})
ok: [my_server] => (item={u'regexp': u'^MACs', u'line': u'MACs 
hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-...@openssh.com'})

PLAY RECAP 

my_server  : ok=2changed=1unreachable=0failed=0

I am not certain but I think the prepended 'u' is the problem. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2cd76763-1ad7-4aed-9143-ade59f9d649c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.