-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package: ansible
Version: 2.3.1.0+dfsg-2
Severity: important
I have the following stuff in my ansible tasks:
{{{yaml
- - name: Keep all passwd-entries in /etc/password sane
replace:
dest: /etc/passwd
regexp: '^([^:]+):[^:]*:'
replace: '\1:x:'
}}}
This was working without problems until the update to 2.3. The reason is
that replace is not encoding agnostic anymore and you have to specify an
encoding. Unfortunatelly there are two problems with that:
- - /etc/passwd has different encodings in every line (The gecos field
with the name) So there cannot be a encoding specified for the whole
file.
- - Even if I specify the encoding, the playbook is used in old versions
too (mainly on stable debian or devuan) and there, an encoding
parameter will create an error.
In the end, utf8 is the worst charset for something that should be
robust as utf8 has holes and unspeciffied chars in the specifkation.
This problem currently produce the following failure on all machines
with unstable (3):
TASK [security : Keep all passwd-entries in /etc/password sane]
****************
An exception occurred during task execution. To see the full traceback, use
-vvv. The error was: UnicodeDecodeError: 'utf8' codec can't decode byte 0xee in
position 668: invalid continuation byte
fatal: [ikki]: FAILED! => {"changed": false, "failed": true,
"module_stderr": "Traceback (most recent call last):\n File
\"/tmp/ansible_jSTtga/ansible_module_replace.py\", line 200, in <module>\n
main()\n File \"/tmp/ansible_jSTtga/ansible_module_replace.py\", line 169, in
main\n contents = to_text(f.read(), errors='surrogate_or_strict')\n File
\"/tmp/ansible_jSTtga/ansible_modlib.zip/ansible/module_utils/_text.py\", line
232, in to_text\n File \"/usr/lib/python2.7/encodings/utf_8.py\", line 16, in
decode\n return codecs.utf_8_decode(input, errors,
True)\nUnicodeDecodeError: 'utf8' codec can't decode byte 0xee in position 668:
invalid continuation byte\n", "module_stdout": "", "msg": "MODULE FAILURE",
"rc": 0}
The character that breaks stuff is a name of one of my users: Benoït
which is not that uncommon.
- -- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (400, 'unstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.11.9 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1), LANGUAGE=de_DE:en
(charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages ansible depends on:
ii python 2.7.13-2
ii python-crypto 2.6.1-7+b1
ii python-httplib2 0.9.2+dfsg-1
ii python-jinja2 2.9.6-1
ii python-netaddr 0.7.18-2
ii python-paramiko 2.0.0-1
ii python-pkg-resources 36.2.7-2
ii python-yaml 3.12-1+b1
Versions of packages ansible recommends:
ii python-cryptography 1.9-1
pn python-jmespath <none>
pn python-kerberos <none>
pn python-libcloud <none>
pn python-selinux <none>
pn python-winrm <none>
pn python-xmltodict <none>
Versions of packages ansible suggests:
pn cowsay <none>
ii sshpass 1.06-1
- -- Configuration Files:
/etc/ansible/ansible.cfg changed:
[defaults]
gathering = smart
ansible_managed = Ansible managed file
retry_files_enabled = False
[privilege_escalation]
become_method = su
[paramiko_connection]
[ssh_connection]
pipelining = True
[accelerate]
[selinux]
[colors]
- -- no debconf information
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Comment: Charset: ISO-8859-1
iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlmlMacACgkQpnwKsYAZ
9qxL7Qv/fizyzuSc5a3qN/yrAsq+jwa3dPylUJxaHfP5MX4a4Rh440MfE8iLJ9AW
rmLSzeULMogx3JoFok0v1bQTmtXUnNkTEIJcfjAkLuamOOH1UNMeibmS+pCr8VrO
RB2UEgiXWluOaXxz75EAQA+TrcVCweXmR6mCq9oXHnTZG+Kzse6O6lBDj/DmkKn5
Jkc+diIZ7qUuGsY13PZnvtvf1fDnPnlZ1Y88f+EpGgVj9dGQYOS/24znB9U1on/T
wzUFVf1+DpVDPuUHAwu1BIjxnSU0cxEGFiBRstmBLQSFusI0fuHaZxRS1VFTLhIb
xrzhsWM2mMXuCAiifinw9qQ+fj4IwdP5mm7O0aejO0wZQEtqbRNFDamXNRvyOa3K
Bt61ASedzz2kBn6NIapmnsBYfsJWLlpdttY9reQaF7eqoFLCZkaFwvXfTWxu3ds9
kSTyIhkth1XfWfyylDXJPHoGn8ZmtJDQ8iLAErzXyygg5wS88jYpvQqQYZP30uSv
78gwFm4s
=d4y3
-----END PGP SIGNATURE-----
