Quoting is handled at so many levels. The first trick is to get the right combination of characters past bash, so lets skip the password_hash() bit and get the bash quoting right. Bash is trying to turn ! into a reference to part of your history. It does this when ! is unquoted, or when inside double-quoted strings, but not when inside single-quoted strings.
utoddl@tarna2:~$ ansible all -i localhost, -m debug -a "msg={{ 'Start-1234!' }}"
-bash: !': event not found
# ' <-That single quote is to fix syntax highlighting.
utoddl@tarna2:~$ ansible all -i localhost, -m debug -a "msg={{ 'Start-1234\!' }}"
localhost | SUCCESS => {
"msg": "Start-1234\\!"
}
utoddl@tarna2:~$ ansible all -i localhost, -m debug -a "msg={{ 'Start-1234\\!' }}"
localhost | SUCCESS => {
"msg": "Start-1234\\!"
}
utoddl@tarna2:~$ ansible all -i localhost, -m debug -a "msg={{ 'Start-1234"'!'"' }}"
localhost | SUCCESS => {
"msg": "Start-1234!"
}
That last one does the trick. Bash concatenates adjacent strings after quoting, and that expression takes the double-quoted string
"msg={{ 'Start-1234"
and concatenates it with the single-quoted string
'!'
and the following double-quoted string
" }}"
Now you can insert your
| password_hash('sha512' , 'somesalt')
bit into that last double-quoted string component and have the Right Thing™ seen by ansible.