Escaping slash in a win_regedit path on Ansible

Question

I have the following inside a playbook of Ansible 2.3.0.0:

- name: Disable SSL2, SSL3, RC4. Activate TLS
  win_regedit:
    path: 'HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\{{ item.path }}'
    name: "{{ item.name }}"
    data: "{{ item.data }}"
    type: dword
  with_items:
    # more items working correctly 
    - { path: "Ciphers\\RC4 128/128", name: 'Enabled', data: 0 }
    - { path: "Ciphers\\RC4 40/128", name: 'Enabled', data: 0 }
    - { path: "Ciphers\\RC4 56/128", name: 'Enabled', data: 0 }

I've tried every single combination of quotes and slashes I could think of to escape the /, and still either throws syntax error or considers the last 128 as another folder of the registry path rather than part of the key itself.

Is there any way Ansible can take that 128/128 literally and not as part of a path?

score 1 · Answer 1 · edited May 23 '17 at 12:26

1

Sorry, but you are out of luck with win_regedit and forward slash.

win_regedit use PowerShell and Get-ItemProperty with friends under the hood.
And PowerShell treat forward slash character as level separator, whether you escape it or not.
You can google for some ways to overcome this in PowerShell (example1, example2).

But with win_regedit Ansible module you can't use that tricks.

So either you write your own PowerShell script with tricks from above articles and use script module, or prepare registry template and use win_regmerge module (it uses reg.exe under the hood) to import required settings.

edited May 23 '17 at 12:26

Community

1
1

answered May 19 '17 at 12:34

Konstantin Suvorov

65,183
9
162
193

1

An hour ago I tested PowerShell and it created property in a path containing forward slash without any tricks: `New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null` where `$registryPath = "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\\RC4 128/128"` I'm confused. Does `Get-ItemProperty` require them, but not `New-ItemProperty`? – techraf May 19 '17 at 12:56
1

Try `New-Item -Path "HKLM:\\SOFTWARE\\Ansible_Test\\RC4 128/128" -Type directory -Force` – this is how Ansible creates paths that doesn't exist. – Konstantin Suvorov May 19 '17 at 13:06
Thanks @KonstantinSuvorov ! Knowing that, I've prepared a workaround using Ansible for both creating the key and filling it :) – Armaggedon May 19 '17 at 14:03

score 0 · Answer 2 · answered May 19 '17 at 14:06

Thanks to @KonstantinSuvorov I've done a workaround that, although ugly, works. Perform this step to create the registry key directly with PowerShell before the win_regedit:

- win_shell: $path=new-item -path 'HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers';$key = (get-item HKLM:\).OpenSubKey("System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers", $true);$key.CreateSubKey('RC4 128/128');$key.CreateSubKey('RC4 40/128');$key.CreateSubKey('RC4 56/128');$key.Close()

Escaping slash in a win_regedit path on Ansible

2 Answers2