Newbie query

Archives Ansible Project
1

I am trying to automate the creation of a TXT record on Route53. I am having issues with the playbook and decided to strip it right back to a basic invocation:

ansible -vvv -m “route53” -a 'ttl=3600 aws_secret_key=‘secret’ zone=xxx.net record=_acme-challenge.aaa.yyy.xxx.net retry_interval=500 private_zone=False state=present type=TXT wait_timeout=300 wait=True aws_access_key=‘key’ value=VK1_axFJiaazkF0eaz6erW9VebwrNqko8PvaHHte1EM ’ localhost

Route53 is expecting the value enclosed in " " - no matter how I encapsulate the value I get the same error:

localhost | FAILED! => {
“changed”: false,
“invocation”: {
“module_args”: {
“alias”: null,
“alias_evaluate_target_health”: false,
“alias_hosted_zone_id”: null,
“aws_access_key”: “key”,
“aws_secret_key”: “secret”,
“ec2_url”: null,

“failover”: null,
“health_check”: null,
“hosted_zone_id”: null,
“identifier”: null,
“overwrite”: null,
“private_zone”: false,
“profile”: null,
“record”: “_acme-challenge.aaa.bbb.ccc.net”,
“region”: null,
“retry_interval”: 500,
“security_token”: null,
“state”: “present”,
“ttl”: 3600,
“type”: “TXT”,
“validate_certs”: true,
“value”: [
“VK1_axFJiaazkF0eaz6erW9VebwrNqko8PvaHHte1EM”
],
“vpc_id”: null,
“wait”: true,
“wait_timeout”: 300,
“weight”: null,
“zone”: “ccc.net
}
},
“msg”: “[Invalid Resource Record: FATAL problem: InvalidCharacterString (Value should be enclosed in quotation marks) encountered with ‘VK1_axFJiaazkF0eaz6erW9VebwrNqko8PvaHHte1EM’]”
}

What am I doing wrong ?

Thanks

Andy

2

Hi Andy,

ansible -vvv -m "route53" -a 'ttl=3600 aws_secret_key='secret'
zone=xxx.net record=_acme-challenge.aaa.yyy.xxx.net
retry_interval=500 private_zone=False state=present type=TXT
wait_timeout=300 wait=True aws_access_key='key'
value=VK1_axFJiaazkF0eaz6erW9VebwrNqko8PvaHHte1EM ' localhost

try `value='"VK1_axFJiaazkF0eaz6erW9VebwrNqko8PvaHHte1EM"'` or
`value="VK1_axFJiaazkF0eaz6erW9VebwrNqko8PvaHHte1EM"`. (It's better to
use playbooks with YAML syntax. There it is easier to understand what
happens IMO.)

Route53 wants the value passed by Ansible to be enclosed in double
quotes, so you have to give Ansible a string which *contains* double
quotes as well.

Cheers,
Felix

3

Hi,

This is the task:

  - name: create AWS Route53 TXT records
    route53:
      aws_access_key: "{{ vars.var_aws_access_key }}"
      aws_secret_key: "{{ vars.var_aws_secret_key }}"
      zone: "{{ aws_zone }}"
      record: "{{ challenge.challenge_data[item]['dns-01'].record
}} " type: TXT
      value: '"VK1_axFJiaazkF0eaz6erW9VebwrNqko8PvaHHte1EM"'

Could you try:

  value:
    - '"VK1_axFJiaazkF0eaz6erW9VebwrNqko8PvaHHte1EM"'

instead? Maybe that works better.

(The idea is that potentially the "convert string to list" step which
will happen if a string is passed for a list option might remove the
quotes.)

      state: present
      wait: yes
    with_items: "{{ [crt_common_name] }}"
    when: challenge is changed
    debugger: on_failed

This looks very much like you're trying to use the acme_certificate
module. If that's true, you should change the `when:` condition to

  when: |
    challenge is changed and
    crt_common_name in challenge.challenge_data

(just putting it into three lines to avoid auto-inserted linebreaks)

The example in the acme_certificate documentation was missing that and
will be updated soon
(https://github.com/ansible/ansible/pull/68630/files).

Cheers,
Felix