View Only
last person joined: 3 days ago 

Expand all | Collapse all

Ansible playbook special characters in password

This thread has been viewed 19 times
  • 1.  Ansible playbook special characters in password

    Posted Mar 26, 2024 05:06 PM


    I can configure the switch via ssh and rest api using the following options in my hosts file: ansible_network_os=arubanetworks.aos_switch.arubaoss ansible_connection=local ansible_user=admin

    I start the playbook with the following parameters and ask for the password:

    ANSIBLE_NETWORK_GROUP_MODULES=arubaoss ansible-playbook conf_vlan.yml -i hosts.txt --ask-pass

    normal passwords without special characters work just fine.

    when I use a password that includes special characters I get the following error:

    TASK [Create Vlan] *******************************************************************************************************************************************
    failed: [] (item={'vlanid': '1000', 'vlanname': 'INT-Clients_1'}) => {"ansible_loop_var": "item", "body": "{\"message\":\"Authentication failed.\"}", "changed": false, "connection": "close", "content-type": "application/json", "item": {"vlanid": "1000", "vlanname": "INT-Clients_1"}, "msg": "HTTP Error 400: Bad Request", "requestid": "", "server": "eHTTP v2.0", "status": 400, "transfer-encoding": "chunked", "url": ""}

    When I connect with ssh or the webui with the special character password there is no problem at all.

    If something is wrong or stupid, please enlighten me.

    Best Regards


  • 2.  RE: Ansible playbook special characters in password

    Posted Mar 27, 2024 04:13 AM

    Hi Marc,

    What the special character do you are using ?

    What the switch model / firmware ?

    May be also report the issue on github repo issue

    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281

  • 3.  RE: Ansible playbook special characters in password

    Posted Mar 27, 2024 09:12 AM


    it is because of \.

    I tried: to escape \, $, ', and ", use a double quotation mark around the password or use the back slash (\) as the escape character.

    But that doesn't seem to work.

    HPE Aruba 2930M 48G PoE+ Switch (JL322A) 

    Image             Size (bytes) Date     Version
    ----------------- ------------ -------- --------------
    Primary Image    :    30252184 05/17/23 WC.16.11.0012

  • 4.  RE: Ansible playbook special characters in password

    Posted Mar 27, 2024 02:22 PM

    Hi @Soenke Knipp I'll take a look and see if I can reproduce this & find a cause/solution - thank you for your patience as we investigate!

    Ti Chiapuzio-Wong (they/them)
    HPE Aruba Networking

  • 5.  RE: Ansible playbook special characters in password

    Posted May 24, 2024 07:27 AM
    When dealing with special characters in passwords within Ansible playbooks, you need to ensure proper handling to avoid issues with interpretation or escaping. Here are some best practices to manage special characters in passwords:
    1. **Quoting Passwords**: Enclose passwords in single or double quotes to prevent special characters from being misinterpreted. For example:
         username: myuser
         password: 'my$ecureP@ssw0rd'
    2. **Using YAML Escape Sequences**: YAML allows escape sequences for special characters. For example:
         username: myuser
         password: "my\$ecureP@ssw0rd"
    3. **Using Ansible Vault**: For sensitive data like passwords, it's recommended to use Ansible Vault for encryption. This way, you won't have to worry about special characters causing issues in plain text, and your passwords remain secure. Here's an example of how to use Ansible Vault:
       ansible-vault encrypt_string 'my$ecureP@ssw0rd' --name 'password'
       This command will prompt you to enter a password, and it will output the encrypted string, which you can then use in your playbook.
    4. **Password Files**: Store passwords in separate files and reference them in your playbook. This can be particularly useful for complex passwords or when dealing with sensitive information. Ensure proper permissions are set on these files to restrict access.
    5. **Using Variables**: Define passwords as variables and refer to them in your playbook. This allows for easy management and reuse of passwords across multiple tasks or playbooks. Ncedcloud
    Always be cautious when handling passwords and sensitive data in Ansible playbooks. Avoid hardcoding passwords directly into playbooks and follow best practices for securing and managing sensitive information.