Open sygilber opened 6 years ago
After investiguating a while, I figure out that the splitting of the one liner pdadmin cmd (which contained a comma) takes its origine in the 'isam-ansible-roles/start_config/library/isamadmin.py' implementation where the 'commands' args is parsed as a List. I am no Python expert yet but I figure out it used comma as delimited, therefore the one liner splitting is occuring here.
def main(): module = AnsibleModule( argument_spec=dict( log=dict(default='INFO', choices=['DEBUG', 'INFO', 'ERROR', 'CRITICAL']), appliance=dict(required=True), lmi_port=dict(required=False, default=443, type='int'), username=dict(required=False), password=dict(required=True), isamuser=dict(required=False), isampwd=dict(required=True), isamdomain=dict(required=False, default='Default'), > # commands=dict(required=True, type='list') commands=dict(required=True) ), supports_check_mode=False )
Once I hacked the code not to assume "list", the role 'execute_pdadmin_domain' started to behaves as expected, and it even run a pdadmin cmd file containing multiple lines.
Now the question:
What would be the good way to fix this without breaking working something else ?
Here is one way to fix it:
---
# PDAdmin - create a file with the commands and pass it via pdadmin_cmds variable
- name: Run PDAdmin command(s) against an appliance
hosts: all
connection: local
pre_tasks:
- name: Read pdadmin commands into variable
command: "cat {{pdadmin_cmds}}"
register: pdadmin_cmds_var
run_once: True
changed_when: False
roles:
- role: execute_pdadmin
execute_pdadmin_commands: "{{ pdadmin_cmds_var.stdout_lines }}"
execute_pdadmin_isamuser: "{{sec_master_id}}"
execute_pdadmin_isampwd: "{{sec_master_pwd}}"
when: pdadmin_cmds is defined and pdadmin_cmds_var is defined
The cat command handles the commas in the file much better.
Using this "cat" solution did the magic trick. However, I wonder if this could not be handled transparently in the ' isam-ansible-roles\start_config\library\isamadmin.py' module? It is pretty legitimate to use commas in pdadmin commands whenever DN is involved. Whoever is going to need to run some of those pdadmin cmds will likely hit this behavior. But I am satisfied with this solution for now. I can continue on my automation journey. Should I leave it open for future consideration?
The issue with commas in the pdadmin commands is with Ansible and the jinja2 templating. The python code can handle it without an issue. Hence this fix is really to make sure Ansible can handle it - the cat command means there is no jinja2 templating messing around with the values.
I am fine with that.
Then may I suggest that we document this solution in the readme that comes with this role ?
Probaby an easy one for you folks.
Submitting a pdadmin cmd which does not contain any special characters work fine:
but when submitting a pdadmin cmd like the following, that contains a comma for instance, how should we pass it to the role 'execute_pdadmin_domain':
This is the results I am getting:
Just above the ibmsecurity stack receives the cmd arladt splitted in 2 parts ...
Somewhere before it get's to python module, the pdadmin cmd gets splitted in 2 pieces which make it invalid for ISAM to process.