Ansible.posix.mount opts with password not working

dpowell · April 24, 2024, 7:49pm

When using the mount module with the below code I’m facing an issue when the password has a double quote in it. I’m not sure if its the module or ansible that is auto escaping it with a single slash.

- name: "Mount {{ common_cifs_root }}"
  ansible.posix.mount:
    src: "{{ common_cifs_root }}"
    path: "{{ common_mount_folder }}"
    opts: "noserverino,dom={{ common_ad_domain }},username={{ common_ad_username }},password={{ common_ad_password }}"
    state: ephemeral
    fstype: "{{ common_fs_type }}"

The first line is the password, the 2nd is what ansible is sending. The mount command doesn’t like that, if I run the command manually with the password as is it works.

~*ACE=!t#,26F3"16a - Password

~*ACE=!t#,26F3\"16a - Password set by ansible || moudle

Denney-tech · April 24, 2024, 8:30pm

Can you show us the error output? I actually would expect the double-quotes to be escaped depending on the context.

dpowell · April 24, 2024, 8:36pm

This is with -vvvv set.

fatal: [node1]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "backup": false,
            "boot": true,
            "dump": "0",
            "fstab": null,
            "fstype": "cifs",
            "opts": "noserverino,dom=aasp,username=myuser,password=~*ACE=!t#,26F3\"16a",
            "passno": "0",
            "path": "/tmp/cert_test",
            "src": "//nas/tutility/users/myuser/was_certs",
            "state": "ephemeral"
        }
    },
    "msg": "Error mounting /tmp/cert_test: mount error(13): Permission denied\nRefer to the mount.cifs(8) manual page (e.g. man mount.cifs)\n"

Denney-tech · April 24, 2024, 8:44pm

Okay, so the escaped quotes there is because it has to be for the json returned to valid. It shouldn’t be escaped by the module when executed.

Are you running this with elevated permissions? Either as root or with become: true?

dpowell · April 24, 2024, 8:45pm

With become set yes. Not as root.

Denney-tech · April 24, 2024, 9:00pm

Well, you could try creating a credentials file first and passing credentials=<filename> on the mount task instead, or you could try setting PASSWD as an environment variable. It might be that the ! is the problem and only ~*ACE= is being treated as the password; while we’re just not seeing the !t#,26F3"16a: event not found error for some reason.

I.e.

- name: "Mount {{ common_cifs_root }}"
  ansible.posix.mount:
    src: "{{ common_cifs_root }}"
    path: "{{ common_mount_folder }}"
    opts: "noserverino,dom={{ common_ad_domain }},username={{ common_ad_username }}"
    state: ephemeral
    fstype: "{{ common_fs_type }}"
  environment:
    PASSWD: "{{ common_ad_password }}"

I’m also wondering if you need sec=ntlmv2 or vers=3, but I think you would get a different error if that were the case.

dpowell · April 24, 2024, 9:16pm

I tried the sec/vers with no luck but the code block as is worked. Thanks for the suggestion.

Denney-tech · April 24, 2024, 9:42pm

You’re welcome, glad that worked.

system · May 24, 2024, 9:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ansible - Strange Error - Executing Linux Playbooks - Command Not Allowed Get Help awx , playbook , ansible-core , linux , security	5	58	October 9, 2024
Ansible Vault - Issues with Encrypting ansible_password Get Help windows , winrm , ansible-vault , ansible	5	643	March 19, 2024
Create a hashed password with 'debug' Get Help	10	77	October 12, 2024
Ansible ssh error on alma linux Get Help ansible-core	0	131	June 27, 2024
Syntax check without vault passwords Get Help ansible-lint	3	170	December 11, 2023

Ansible.posix.mount opts with password not working

Related topics