debug statements trigger security check error "A variable inserted a new parameter into the module args"

Archives Ansible Project
1

I’m running into several cases where debug statements trigger the security check error:

A variable inserted a new parameter into the module args. Be sure to quote variables if they contain equal signs (for example: “{{var}}”).

There are a few issues that seem related,

https://github.com/ansible/ansible/issues/8260

But none of them are my case which simply outputting a registered variable. Interestingly, i seem to be able to debug-access all fields of the registered variable, just not the whole object.

Is there a convention i can follow to avoid this sort of thing?

The offending lines are

  • name: Check for attached volumes

shell: “fdisk -l”

register: register_fdisk

  • debug: msg=“{{register_fdisk.changed}}” # no problem

  • debug: msg=“{{register_fdisk.stdout}}”

  • debug: msg=“{{register_fdisk.keys}}”

  • debug: msg=“{{register_fdisk}}” # only this fails

And out put:

TASK: [hardware | Check for attached volumes] *********************************

<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant

<127.0.0.1> REMOTE_MODULE command fdisk -l #USE_SHELL

<127.0.0.1> EXEC [‘ssh’, ‘-C’, ‘-tt’, ‘-vvv’, ‘-o’, ‘ControlMaster=auto’, ‘-o’, ‘ControlPersist=60s’, ‘-o’, ‘ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r’, ‘-o’, ‘Port=2211’, ‘-o’, ‘IdentityFile=“/Users/kbroughton/.vagrant.d/insecure_private_key”’, ‘-o’, ‘KbdInteractiveAuthentication=no’, ‘-o’, ‘PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey’, ‘-o’, ‘PasswordAuthentication=no’, ‘-o’, ‘User=vagrant’, ‘-o’, ‘ConnectTimeout=10’, ‘127.0.0.1’, “/bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1409764530.2-166440363117817 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1409764530.2-166440363117817 && echo $HOME/.ansible/tmp/ansible-tmp-1409764530.2-166440363117817’”]

<127.0.0.1> PUT /var/folders/t2/h22337c12hn279xwd4s9fk7s8_088c/T/tmpbca0cf TO /home/vagrant/.ansible/tmp/ansible-tmp-1409764530.2-166440363117817/command

<127.0.0.1> EXEC [‘ssh’, ‘-C’, ‘-tt’, ‘-vvv’, ‘-o’, ‘ControlMaster=auto’, ‘-o’, ‘ControlPersist=60s’, ‘-o’, ‘ControlPath=/Users/kbroughton/.ansible/cp/ansible-ssh-%h-%p-%r’, ‘-o’, ‘Port=2211’, ‘-o’, ‘IdentityFile=“/Users/kbroughton/.vagrant.d/insecure_private_key”’, ‘-o’, ‘KbdInteractiveAuthentication=no’, ‘-o’, ‘PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey’, ‘-o’, ‘PasswordAuthentication=no’, ‘-o’, ‘User=vagrant’, ‘-o’, ‘ConnectTimeout=10’, ‘127.0.0.1’, u’/bin/sh -c 'sudo -k && sudo -H -S -p “[sudo via ansible, key=pgapabqrdqjcybxpgqhegcclfoxafxzx] password: " -u root /bin/sh -c '”'“'echo SUDO-SUCCESS-pgapabqrdqjcybxpgqhegcclfoxafxzx; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1409764530.2-166440363117817/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1409764530.2-166440363117817/ >/dev/null 2>&1'”'"''']

changed: [allinone-1] => {“changed”: true, “cmd”: “fdisk -l”, “delta”: “0:00:00.018536”, “end”: “2014-09-03 17:15:30.573009”, “rc”: 0, “start”: “2014-09-03 17:15:30.554473”, “stderr”: “Disk /dev/sdb doesn’t contain a valid partition table\nDisk /dev/sdc doesn’t contain a valid partition table\nDisk /dev/mapper/vg0-root doesn’t contain a valid partition table\nDisk /dev/mapper/vg0-swap doesn’t contain a valid partition table”, “stdout”: “\nDisk /dev/sda: 44.0 GB, 44040192000 bytes\n255 heads, 63 sectors/track, 5354 cylinders, total 86016000 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x0007137a\n\n Device Boot Start End Blocks Id System\n/dev/sda1 * 2048 1757183 877568 83 Linux\n/dev/sda2 1759230 86013951 42127361 5 Extended\n/dev/sda5 1759232 86013951 42127360 8e Linux LVM\n\nDisk /dev/sdb: 1073 MB, 1073741824 bytes\n255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x00000000\n\n\nDisk /dev/sdc: 10.7 GB, 10737418240 bytes\n255 heads, 63 sectors/track, 1305 cylinders, total 20971520 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x00000000\n\n\nDisk /dev/mapper/vg0-root: 40.0 GB, 39996882944 bytes\n255 heads, 63 sectors/track, 4862 cylinders, total 78118912 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x00000000\n\n\nDisk /dev/mapper/vg0-swap: 3137 MB, 3137339392 bytes\n255 heads, 63 sectors/track, 381 cylinders, total 6127616 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x00000000”, “warnings”: }

TASK: [hardware | debug msg=“{{register_fdisk.changed}}”] *********************

<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant

ok: [allinone-1] => {

“msg”: “True”

}

TASK: [hardware | debug msg=“{{register_fdisk.stdout}}”] **********************

<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant

ok: [allinone-1] => {

“msg”: “\nDisk /dev/sda: 44.0 GB, 44040192000 bytes\n255 heads, 63 sectors/track, 5354 cylinders, total 86016000 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x0007137a\n\n Device Boot Start End Blocks Id System\n/dev/sda1 * 2048 1757183 877568 83 Linux\n/dev/sda2 1759230 86013951 42127361 5 Extended\n/dev/sda5 1759232 86013951 42127360 8e Linux LVM\n\nDisk /dev/sdb: 1073 MB, 1073741824 bytes\n255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x00000000\n\n\nDisk /dev/sdc: 10.7 GB, 10737418240 bytes\n255 heads, 63 sectors/track, 1305 cylinders, total 20971520 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x00000000\n\n\nDisk /dev/mapper/vg0-root: 40.0 GB, 39996882944 bytes\n255 heads, 63 sectors/track, 4862 cylinders, total 78118912 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x00000000\n\n\nDisk /dev/mapper/vg0-swap: 3137 MB, 3137339392 bytes\n255 heads, 63 sectors/track, 381 cylinders, total 6127616 sectors\nUnits = sectors of 1 * 512 = 512 bytes\nSector size (logical/physical): 512 bytes / 512 bytes\nI/O size (minimum/optimal): 512 bytes / 512 bytes\nDisk identifier: 0x00000000”

}

TASK: [hardware | debug msg=“{{register_fdisk.keys}}”] ************************

<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant

ok: [allinone-1] => {

“msg”: “<built-in method keys of dict object at 0x7ffdfbd570c0>”

}

TASK: [hardware | debug msg=“{{register_fdisk}}”] *****************************

<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant

fatal: [allinone-1] => A variable inserted a new parameter into the module args. Be sure to quote variables if they contain equal signs (for example: “{{var}}”).

2

As a preliminary question, what version of Ansible are you now using?