Ansible.posix.mount opts with password not working

dpowell · April 24, 2024, 7:49pm

When using the mount module with the below code I’m facing an issue when the password has a double quote in it. I’m not sure if its the module or ansible that is auto escaping it with a single slash.

- name: "Mount {{ common_cifs_root }}"
  ansible.posix.mount:
    src: "{{ common_cifs_root }}"
    path: "{{ common_mount_folder }}"
    opts: "noserverino,dom={{ common_ad_domain }},username={{ common_ad_username }},password={{ common_ad_password }}"
    state: ephemeral
    fstype: "{{ common_fs_type }}"

The first line is the password, the 2nd is what ansible is sending. The mount command doesn’t like that, if I run the command manually with the password as is it works.

~*ACE=!t#,26F3"16a - Password

~*ACE=!t#,26F3\"16a - Password set by ansible || moudle

Denney-tech · April 24, 2024, 8:30pm

Can you show us the error output? I actually would expect the double-quotes to be escaped depending on the context.

dpowell · April 24, 2024, 8:36pm

This is with -vvvv set.

fatal: [node1]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "backup": false,
            "boot": true,
            "dump": "0",
            "fstab": null,
            "fstype": "cifs",
            "opts": "noserverino,dom=aasp,username=myuser,password=~*ACE=!t#,26F3\"16a",
            "passno": "0",
            "path": "/tmp/cert_test",
            "src": "//nas/tutility/users/myuser/was_certs",
            "state": "ephemeral"
        }
    },
    "msg": "Error mounting /tmp/cert_test: mount error(13): Permission denied\nRefer to the mount.cifs(8) manual page (e.g. man mount.cifs)\n"

Denney-tech · April 24, 2024, 8:44pm

Okay, so the escaped quotes there is because it has to be for the json returned to valid. It shouldn’t be escaped by the module when executed.

Are you running this with elevated permissions? Either as root or with become: true?

dpowell · April 24, 2024, 8:45pm

With become set yes. Not as root.

Denney-tech · April 24, 2024, 9:00pm

Well, you could try creating a credentials file first and passing credentials=<filename> on the mount task instead, or you could try setting PASSWD as an environment variable. It might be that the ! is the problem and only ~*ACE= is being treated as the password; while we’re just not seeing the !t#,26F3"16a: event not found error for some reason.

I.e.

- name: "Mount {{ common_cifs_root }}"
  ansible.posix.mount:
    src: "{{ common_cifs_root }}"
    path: "{{ common_mount_folder }}"
    opts: "noserverino,dom={{ common_ad_domain }},username={{ common_ad_username }}"
    state: ephemeral
    fstype: "{{ common_fs_type }}"
  environment:
    PASSWD: "{{ common_ad_password }}"

I’m also wondering if you need sec=ntlmv2 or vers=3, but I think you would get a different error if that were the case.

dpowell · April 24, 2024, 9:16pm

I tried the sec/vers with no luck but the code block as is worked. Thanks for the suggestion.

Denney-tech · April 24, 2024, 9:42pm

You’re welcome, glad that worked.