shell commands and escaping characters

Archives Ansible Project
1

I’m pulling data from EC2 instance metadata (from an IAM instance profile). The shell commands are:

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/PullCredentials > creds.txt

access=cat /home/ubuntu/creds.txt | grep "AccessKeyId" | cut -d':' -f2 | tr -d ' ' | tr -d '"' | tr -d ','

My playbook fragment:

When I run this manually, the creds.txt file is created, and the cat | grep | cut etc works fine.

When it runs:

TASK: [get IAM role creds] ****************************************************
changed: [****]

TASK: [set env variables] *****************************************************
failed: [****] => {“cmd”: “‘access=cat' /home/ubuntu/creds.txt '|' grep AccessKeyId '|' cut -d: -f2 '|' tr -d ' ' '|' tr -d '\"' '|' tr -d ',’”, “failed”: true, “rc”: 2}
msg: [Errno 2] No such file or directory

If I set everything after command: in quotes, I get a parser error:

ERROR: Syntax Error while loading YAML script, ansible-qa-ami.yml
Note: The error may actually appear before this position: line 197, column 82

  • name: set env variables
    command: ‘access=cat /home/ubuntu/creds.txt | grep "AccessKeyId" | cut -d':' -f2 | tr -d ' ' | tr -d '"' | tr -d ','
    ^

So I seem to have an issue with colons, quotes, and/or back ticks. Any suggestions are very welcome.

2

Hi,
Total newb here but sometimes the simplest mistakes are the longest to find :wink:

Have you tried putting a space between -d and ‘:’ ?
Also, try an online yaml checker like yamllint?

3

The command module just takes a simple command. If you need a full
shell (for pipes, io redirection, etc) use the shell command.
But in this case it's still not going to do what you want. The
"access" variable won't be visible to anything outside of that command
so it's essentially worthless. If you need to capture it and store it,
look at using "register" and then perhaps a set_fact, or environment
keyword.