I have this shell script within a role in ansible and it will not run:

  - name: validate AWS cloudwatch download
    shell: |
      cw_expected_key="9376 16F3 450B 7D80 6CBD  9725 D581 6730 3B78 9C72"
      cw_public_key=`gpg --import /tmp/cloud-watch-validation/amazon-cloudwatch-agent.gpg |& grep -Po "key\s*[A-Z0-9] " | egrep -o "[A-Z0-9] "`
      key=`gpg --fingerprint $cw_public_key |& grep -Po $cw_expected_key`
      if [ "$key" != "$cw_expected_key" ]; then
        exit 1
      fi
      validation=`gpg --verify /tmp/cloud-watch-validation/amazon-cloudwatch-agent.deb.sig  /tmp/cloud-watch/amazon-cloudwatch-agent.deb |& grep -Po "Good signature"`
      if [ "$validation" != "Good signature" ]; then
        exit 1
      fi

I get this error:

fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": "cw_expected_key="9376 16F3 450B 7D80 6CBD 9725 D581 6730 3B78 9C72"\ncw_public_key=gpg --import /tmp/c loud-watch-validation/amazon-cloudwatch-agent.gpg |& grep -Po \"key\\s*[A-Z0-9] \" | egrep -o \"[A-Z0-9] \"\nkey=gpg --fingerprint $cw_public_key |& grep -Po $cw_expected_key\nif [ "$key" != "$cw_expected_key" ]; then\n exit 1\nfi\nvalidation=gpg --verify /tmp/cloud-watch-validation/amazon-cloudwatch-agent.deb.sig /tmp/cloud-watch/amazon-cloudwatch-agent.deb |& grep -Po \"Good signature\"\nif [ "$validation" != "Good signature" ]; then\n exit 1 \nfi\n", "delta": "0:00:00.003070", "end": "2021-11-02 18:57:44.246780", "msg": "non-zero return code", "rc": 2, "start": "2021-11-02 18:57:44.243710", "stderr": "/bin/sh: 1: Syntax error: "&" unexpected", "stderr_lines": ["/bin/s h: 1: Syntax error: "&" unexpected"], "stdout": "", "stdout_lines": []}

Anyone have any ideas?

CodePudding user response：

|& is a Bash extension, rather deprecated. It's not support in sh mode. And anyway do not use |&, forget it exists. Use 2>&1 |. See https://wiki.bash-hackers.org/scripting/obsolete