custom jinja2 variable enclosure override

Archives Ansible Project
1

I had been using custom variable enclosures with jinja2 templates, but since updating from ansible 1.5.4-> 1.6.x I’ve had these break.

I was using this feature for cases in which I wanted to provision a VM using an ansible role that deploys a collection of support playbooks. The idea being that these playbooks could then be used locally (connection: local) by support technicians on the endpoint. These playbooks were for everyday tasks such as changing the hostname, running a support collect, etc.

Here I describe an example that used to work: https://coderwall.com/p/kci7ca

Doing some digging, I’ve found that the feature was broken purposefully because of a security concern. There seems to be a PR (https://github.com/ansible/ansible/pull/8040) for a fix, but there has been no movement on it.

@laserllama on twitter mentioned that there may be a better way to do such things. What’s the current news on this feature? What kind of workarounds are people using?

Have a great Friday,
Sarah

2

The PR will break some current and future things and needs some revision - open to exploring it, but it may need to wait until after 1.7

I’m curious in particular why you needed to override the template codes though, was the configuration file already in Jinja2 syntax, etc?

What I’m possibly suggesting for you right now would be to use the raw keyword in Ansible where “{{” needed to be preserved:

http://jinja.pocoo.org/docs/templates/#escaping

Curious on details if that appears to not work for you.

(We have definitely stopped using coderwall, since it’s difficult to comment on tips that have been superceeded, and other things – in most cases, we prefer getting tips and tricks into the docs)

3

I’m trying to use template to copy an interactive ansible playbook to the target. I want template to fill in some variables before it is sent over, but I want other variables to stay uninterpreted because they will be filled in by vars_prompt when the playbook is run on the endpoint.

Thanks for the jinja link, that is useful. I had not realized there was escaping built-in. If this already exists in jinja, what is the use case for using overrides as they existed in ansible before?

It’s too bad that coderwall hasn’t worked out for people.

4

Hmm, the nesting seems interesting and is not something we’d usually recommend, but if you can keep it straight, yay.

You might consider just using the copy module to copy over the template, and then creating on the other a “vars” file using a template, and then letting it run as normal.

But I am a bit curious how this particular use case came up - sounds interesting and we might have other suggestions. Or even if not, sounds interesting.