I was trying to configure an application to connect to ldap and noticed it was failing authentication, so I thought I would check the two commands that get executed to set this up to see what the shell command that ansible executes looks like.
So I disabled the mqsichangeproperties
and mqsisetdbparms
commands on the server and created the below little test playbook to see what the command string looks like… I run the playbook expecting an error of mqsisetdbparms: command not found
but this would allow me to see cmd
and _raw_params
keys when running with verbose output.
I noticed that the command for the first task is in the form that I expect:
"cmd": "mqsichangeproperties QM -b webadmin -o server -n ldapAuthenticationUri –v \"ldap://abc.company.com:389/OU=Users,OU=City,OU=Country,DC=company,DC=com\""
However, the command for the second task contains additional blackslashes, resulting in the incorrect username and password being set for the application…
Incorrect command form:
"cmd": "mqsisetdbparms QM -n ldap::company.com -u \"DOMAIN\\username\" -p \"pwd@pwd\""
Expected command form:
"cmd": "mqsisetdbparms QM -n ldap::company.com -u "DOMAIN\username" -p "pwd@pwd""
I feel as if have tried all possible options such as
-
using double quotes for the variables
-
escaping in the variables
-
combination of single and double quotes with the variables and the shell command string
-
Escaping the backslash in the
ldap_usr
variable
The test playbook I am using is below…
---
# file: test.yml
# desc: Test playbook
#
- hosts: target
gather_facts: no
vars:
ldap_server: "ldap://abc.company.com"
ldap_port: 389
ldap_baseDN: "OU=Users,OU=City,OU=Country,DC=company,DC=com"
ldap_usr: 'DOMAIN\username'
ldap_pwd: 'pwd@pwd'
ldap_auth_uri: "\"{{ldap_server}}:{{ldap_port}}/{{ldap_baseDN}}\""
tasks:
# - name: test setting URI
# shell: "mqsichangeproperties QM -b webadmin -o server -n ldapAuthenticationUri -v {{ldap_auth_uri}}"
- name: test setting user
shell: "mqsisetdbparms QM -n ldap::company.com -u \"{{ldap_usr}}\" -p \"{{ldap_pwd}}\""
Using Ansible Version 2.2.0.0
Best Answer
Looks to me like the following should work:
When I echo the resulting string to a file with:
or
I get:
which is what you requested.
By the way, you shouldn't rely on the Ansible log to determine what is the real command, as it prints escaped JSON.