Search code examples
escapingspecial-charactersyamlsalt-project

Text block in yaml and escaping characters

I get the following saltstack YAML error:

Rendering SLS 'openstack:openstack.horizon.CentOS' failed: could not found expected ':'; line 63

horizon_https:
  file.prepend:
    - text: |-
      <VirtualHost *:80>
      ServerName openstack.example.com    <======================
      <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
      </IfModule>

For the following bit of YAML:

horizon_https:
  file.prepend:
    - text: |-
      <VirtualHost *:80>
      ServerName openstack.example.com
      <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
      </IfModule>
      <IfModule !mod_rewrite.c>
      RedirectPermanent / https://openstack.example.com
      </IfModule>
      </VirtualHost>
      <VirtualHost *:443>
      ServerName openstack.example.com

      SSLEngine On
      # Remember to replace certificates and keys with valid paths in your environment
      SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt
      SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt
      SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key
      SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

      # HTTP Strict Transport Security (HSTS) enforces that all communications
      # with a server go over SSL. This mitigates the threat from attacks such
      # as SSL-Strip which replaces links on the wire, stripping away https prefixes
      # and potentially allowing an attacker to view confidential information on the
      # wire
      Header add Strict-Transport-Security "max-age=15768000"

Any idea what the problem is?

Solution

  • text is a mapping key and the string <VirtualHost *:80>\nServername ... its value. That value cannot be indented at the same level as the key.

    So you have to do:

    horizon_https:
  file.prepend:
    - text: |-
        <VirtualHost *:80>
        ServerName openstack.example.com
        <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        </IfModule>

    The colon the error message complains about not being able to find is the missing ":" on the line before the one indicated. As that is indented at the same level of the text mapping key, it expect it to contain a key followed by colon+space as well.

    (That doesn't solve the ungrammaticality of the could not found error message, but at least should get rid of it)