Ansible backslash escaping in playbooks

Question

How can you properly escape backslash in ansible playbooks?

I am trying to do a search and replace for the backslash in the password, but I am not even able to add backslash as a string in the regex_replace jinja2 filter. I am using ansible version 2.1.1.0.

Here is an example of the problem:

$ cat jinja2-escape-test.yml
---
- hosts: localhost
  gather_facts: no

  vars:
    password: '\Udl5DoQfa3Uy_:1sbcE'

  tasks:

  - debug: var=password

  - name: Escape root password - working
    set_fact: "password_escaped={{ password | regex_replace ('U','\\X') }}"

  - name: Escape root password - not working
    set_fact: "password_escaped={{ password | regex_replace ('U','\\') }}"

  - debug: msg=password_escaped={{ password_escaped }}

# vim:et:sw=2:ts=2:sts=2:

$ ansible-playbook jinja2-escape-test.yml
ERROR! failed at splitting arguments, either an unbalanced jinja2 block or quotes: password_escaped={{ password | regex_replace ('U','\') }}

The error appears to have been in '/home/mot/build-dashboards/jinja2-escape-test.yml': line 15, column 5, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


  - name: Escape root password - not working
    ^ here

Answer 1

You are mixing syntax styles here and a quote is set wrong:

  - name: Escape root password - working
    set_fact: "password_escaped={{ password | regex_replace ('U','\\X') }}"

Should be either:

  - name: Escape root password - working
    set_fact:
      password_escaped: "{{ password | regex_replace ('U','\\X') }}"

or:

  - name: Escape root password - working
    set_fact: password_escaped="{{ password | regex_replace ('U','\\X') }}"

You might want to check if quoting fits your needs better than regex_replace. Use it like this:

  - name: Escape root password - working
    set_fact:
      password_escaped: "{{ password | quote }}"