1

I find myself repeatedly typing arguments to file-related modules of Ansible like this:

- copy:
    […]
    owner: root
    group: root
    mode: ugo=r

Though it may seem safe to assume that omitting these arguments for ownership would result the same as the tasks are 'sudoedly' executed, I'd like to define these arguments once explicitly in the scope of either a role's defaults or a host's variables per module or even a group of modules.

Is there a way to facilitate such definition?

funky-future
  • 187
  • 10

3 Answers3

5

Yes, you can do this as long as you are using version >= 2.6. This can be accomplished using the module_defaults keyword.

Example usage looks like this:

- hosts: localhost
  gather_facts: no
  module_defaults:
    file:
      owner: foobar
  tasks:
    - file:
        path: /tmp/defaults_test
        state: touch
phemmer
  • 5,789
  • 2
  • 26
  • 35
0

Parameters are required on each call to a module. It is the only way for module input.

When copying multiple files in a task, you can iterate over a list. 

- copy:
    src: "{{item}}"
    dest: "/etc/logrotate.d/{{item}}"
    owner: root
    group: root
    mode: ugo=r
  with_items:
  - foo
  - bar

You could define variables for these parameters, but you still need to use those on every call to the module. This allows you to override the value in many places at once.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
0

I'd like to define these arguments once explicitly in the scope of either a role's defaults or a host's variables per module or even a group of modules.

Luckily you can't and your request is incoherent because of the way you use the word "explicitly".

In fact you want to "define these arguments once so that they are applied implicitly".

And on the other hand, it is Ansible that requires parameter values to be specified explicitly.

Though it may seem safe to assume that omitting these arguments for ownership would result the same as the tasks are 'sudoedly' executed, 

No, it is not safe to assume that omitting the arguments would set the ownership to values defined in your head.

Simplest case is where the file already exists and Ansible only changes its content. It won't implicitly fix the permissions/ownership in that case.

The best thing you can do is to specify the required parameters explicitly in tasks.

If you want to have some flexibility, use variables defined in a single place:

vars:
  my_owner: root
  my_group: root
  my_mode: ugo=r
tasks: 
  - copy:
      […]
      owner: "{{ my_owner }}"
      group: "{{ my_group }}"
      mode: "{{ my_mode }}"

Another important thing to bear in mind is that historically not all modules were behaving in the same way with regard to file permissions. Namely some modules (url if I remember correctly) set the explicitly specified permissions only when they actually created/changed the file, while leaving the permissions unchanged otherwise.

There is no excuse for not testing the systems (using a separate flow, be it using Ansible, or a different tool).

techraf
  • 4,163
  • 8
  • 27
  • 44
  • so true. I have seen so much mess from people trying to build something implicit. I don't quite understand why one would chose Ansible when im imlicity is a wanted feature. – Henrik Pingel Nov 03 '17 at 21:05
  • 1
    "explicitly" was used properly. he didn't say he wanted the params applied explicitly, he said he wanted them defined once explictly. These are 2 different things. You're also misunderstanding the perms thing as he was talking about that because ansible is running as root, the files will be owned as root. "There is no excuse for not testing the systems" -- What is that in regards to? Overall, I'm -1 because this answer spends too much time arguing over irrelevant stuff instead of answering the question. – phemmer Apr 11 '18 at 18:23