Can't add new postgresql_hba records using postgresql_hba module

[Ikhsan Faruqi]

Hi, I trying to add new hba_records using pg_hba_module but got this error:

failed: [pg-12] (item={'hba_database': 'test-db', 'hba_users': 'johndoe', 'hba_connection_type': 'host', 'hba_source': '0.0.0.0/0', 'hba_method': 'trust'}) => {"ansible_loop_var": "item", "changed": false, "item": {"hba_connection_type": "host", "hba_database": "test-db", "hba_method": "trust", "hba_source": "0.0.0.0/0", "hba_users": "johndoe"}, "msg": "value of method must be one of: trust, reject, md5, password, gss, sspi, krb5, ident, peer, ldap, radius, cert, pam, scram-sha-256, got: trust "}

this is what my vars.yml looks like:

- hba_records:
          - hba_database: test-db
            hba_users: johndoe
            hba_connection_type: host
            hba_source: 0.0.0.0/0
            hba_method: trust
          - hba_database: test-db
            hba_users: alexsong
            hba_connection_type: host
            hba_source: 0.0.0.0/0
            hba_method: trust

my ansible info:

➜  ~ ansible --version

ansible 2.9.5

  config file = None

  configured module search path = ['/Users/MASKED/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

  ansible python module location = /Users/MASKEd/Library/Python/3.7/lib/python/site-packages/ansible

  executable location = /Users/MASKED/Library/Python/3.7/bin/ansible

  python version = 3.7.5 (default, Nov  1 2019, 02:16:23) [Clang 11.0.0 (clang-1100.0.33.8)]

[Stefan Hornburg (Racke)]

On 5/19/20 12:44 PM, Ikhsan Faruqi wrote:
> Hi, I trying to add new hba_records using pg_hba_module

> <https://docs.ansible.com/ansible/latest/modules/postgresql_pg_hba_module.html> but got this error:
>
> |
> failed:[pg-12](item={'hba_database':'test-db','hba_users':'johndoe','hba_connection_type':'host','hba_source':'0.0.0.0/0','hba_method':'trust'})=>{"ansible_loop_var":"item","changed":false,"item":{"hba_connection_type":"host","hba_database":"test-db","hba_method":"trust","hba_source":"0.0.0.0/0","hba_users":"johndoe"},"msg":"value

> of method must be one of: trust, reject, md5, password, gss, sspi, krb5, ident, peer, ldap, radius, cert, pam,
> scram-sha-256, got: trust "}
>
>
> |
>
> this is what my vars.yml looks like:
>
> |
> -hba_records:

>           -hba_database:test-db

>             hba_users:johndoe
>             hba_connection_type:host
>             hba_source:0.0.0.0/0
>             hba_method:trust

>           -hba_database:test-db

>             hba_users:alexsong
>             hba_connection_type:host
>             hba_source:0.0.0.0/0
>             hba_method:trust
> |
>
> my ansible info:
>

Hello Ikshan,

the module expects the parameters without the hba_ prefix as clearly stated in the documentation and shown in the examples.

Regards
Racke

> |
> ➜  ~ ansible --version
> ansible 2.9.5
>   config file = None
>   configured module search path = ['/Users/MASKED/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
>   ansible python module location = /Users/MASKEd/Library/Python/3.7/lib/python/site-packages/ansible
>   executable location = /Users/MASKED/Library/Python/3.7/bin/ansible
>   python version = 3.7.5 (default, Nov  1 2019, 02:16:23) [Clang 11.0.0 (clang-1100.0.33.8)]
> |
>
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com?utm_medium=email&utm_source=footer>.


--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

[Ikhsan Faruqi]

Hi stefan, sorry I forgot to put my playbook, here what it looks like

- name: PostgreSQL | Add new HBA records.

  become: yes

  postgresql_pg_hba:

    dest: "{{ postgresql_hba_file_path }}"

    contype: "{{ item.hba_connection_type }}"

    users: "{{ item.hba_users }}"

    source: "{{ item.hba_source }}"

    databases: "{{ item.hba_database | default(omit) }}"

    method: "{{ item.hba_method }} "

  notify: restart postgresql

  loop: "{{ hba_records }}"

  when: setup_hba == true

so basically I want to add multiple records, so I create some loops.

> ansible...@googlegroups.com <mailto:ansible-project+unsub...@googlegroups.com>.

[Stefan Hornburg (Racke)]

On 5/19/20 1:08 PM, Ikhsan Faruqi wrote:
> Hi stefan, sorry I forgot to put my playbook, here what it looks like
>
> |
> - name: PostgreSQL | Add new HBA records.
>   become: yes
>   postgresql_pg_hba:
>     dest: "{{ postgresql_hba_file_path }}"
>     contype: "{{ item.hba_connection_type }}"
>     users: "{{ item.hba_users }}"
>     source: "{{ item.hba_source }}"
>     databases: "{{ item.hba_database | default(omit) }}"
>     method: "{{ item.hba_method }} "
>   notify: restart postgresql
>   loop: "{{ hba_records }}"
>   when: setup_hba == true
> |

Maybe the trailing space in

method: "{{ item.hba_method }} "

causes the problem ?

Regards
Racke

>
> so basically I want to add multiple records, so I create some loops.
>
> On Tuesday, May 19, 2020 at 5:49:38 PM UTC+7, Stefan Hornburg (Racke) wrote:
>
> On 5/19/20 12:44 PM, Ikhsan Faruqi wrote:
> > Hi, I trying to add new hba_records using pg_hba_module
> > <https://docs.ansible.com/ansible/latest/modules/postgresql_pg_hba_module.html
> <https://docs.ansible.com/ansible/latest/modules/postgresql_pg_hba_module.html>> but got this error:
> >
> > |
> >
> failed:[pg-12](item={'hba_database':'test-db','hba_users':'johndoe','hba_connection_type':'host','hba_source':'0.0.0.0/0

> <http://0.0.0.0/0>','hba_method':'trust'})=>{"ansible_loop_var":"item","changed":false,"item":{"hba_connection_type":"host","hba_database":"test-db","hba_method":"trust","hba_source":"0.0.0.0/0
> <http://0.0.0.0/0>","hba_users":"johndoe"},"msg":"value

> > of method must be one of: trust, reject, md5, password, gss, sspi, krb5, ident, peer, ldap, radius, cert, pam,
> > scram-sha-256, got: trust "}
> >
> >
> > |
> >
> > this is what my vars.yml looks like:
> >
> > |
> > -hba_records:
> >           -hba_database:test-db
> >             hba_users:johndoe
> >             hba_connection_type:host

> >             hba_source:0.0.0.0/0 <http://0.0.0.0/0>

> >             hba_method:trust
> >           -hba_database:test-db
> >             hba_users:alexsong
> >             hba_connection_type:host

> >             hba_source:0.0.0.0/0 <http://0.0.0.0/0>

> >             hba_method:trust
> > |
> >
> > my ansible info:
> >
>
> Hello Ikshan,
>
> the module expects the parameters without the hba_ prefix as clearly stated in the documentation and shown in the
> examples.
>
> Regards
>         Racke
>
> > |
> > ➜  ~ ansible --version
> > ansible 2.9.5
> >   config file = None
> >   configured module search path = ['/Users/MASKED/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
> >   ansible python module location = /Users/MASKEd/Library/Python/3.7/lib/python/site-packages/ansible
> >   executable location = /Users/MASKED/Library/Python/3.7/bin/ansible
> >   python version = 3.7.5 (default, Nov  1 2019, 02:16:23) [Clang 11.0.0 (clang-1100.0.33.8)]
> > |
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to

> > ansible...@googlegroups.com <javascript:> <mailto:ansible-proje...@googlegroups.com <javascript:>>.

> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com>
> >

> <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com?utm_medium=email&utm_source=footer

> <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to

> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/ansible-project/e6f2c61e-cba5-44cd-90f8-7bb1c3ebc3c9%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/e6f2c61e-cba5-44cd-90f8-7bb1c3ebc3c9%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Ikhsan Faruqi]

No, it is not the problem, I tried removing whitespace, and it still errors.

>     > ansible...@googlegroups.com <javascript:> <mailto:ansible-project+unsub...@googlegroups.com <javascript:>>.

>     > To view this discussion on the web visit
>     > https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com
>     <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com>
>     >
>     <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com?utm_medium=email&utm_source=footer
>     <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
>
>
>     --
>     Ecommerce and Linux consulting + Perl and web application programming.
>     Debian and Sympa administration. Provisioning with Ansible.
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to

> ansible...@googlegroups.com <mailto:ansible-project+unsub...@googlegroups.com>.

[Dick Visser]

Is that the same error?

Because @Stefan Hornburg (Racke) is right, if you look closely at the
FIRST error:

"msg": "value of method must be one of: trust, reject, md5, password,
gss, sspi, krb5, ident, peer, ldap, radius, cert, pam, scram-sha-256,
got: trust "}

You can see that it has an extra space at the end.

If you say you have fixed that, then whatever error is left must be different.

Did you forget to post the new error?

>> > > ansible...@googlegroups.com <javascript:> <mailto:ansible-proje...@googlegroups.com <javascript:>>.

>> > > To view this discussion on the web visit
>> > > https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com
>> > <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com>
>> > >
>> > <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com?utm_medium=email&utm_source=footer
>> > <https://groups.google.com/d/msgid/ansible-project/cc058c2d-6c30-48ad-972c-a4e7343eeed2%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>> >
>> >
>> >
>> > --
>> > Ecommerce and Linux consulting + Perl and web application programming.
>> > Debian and Sympa administration. Provisioning with Ansible.
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an email to

>> > ansible...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.

>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msgid/ansible-project/e6f2c61e-cba5-44cd-90f8-7bb1c3ebc3c9%40googlegroups.com
>> > <https://groups.google.com/d/msgid/ansible-project/e6f2c61e-cba5-44cd-90f8-7bb1c3ebc3c9%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>
>>
>> --
>> Ecommerce and Linux consulting + Perl and web application programming.
>> Debian and Sympa administration. Provisioning with Ansible.
>>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/65f040b6-f12d-42cc-89e4-4e56e23b475f%40googlegroups.com.



--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

[Ikhsan Faruqi]

I solve the problem by change double quote to single quote in the task that render item from loop.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwMMrkmAJbXmCxNgjPgPA6MZ4DB_074011Qcs_AG1Bx44w%40mail.gmail.com.