copy files based on descending precedence
14 views
Skip to first unread message
Michael DiDomenico
Apr 18, 2023, 11:10:05 AM4/18/23
to ansible...@googlegroups.com
the below block is an example block i use in a few places to copy in
config files and select a host specific file if it exists. not sure
if it's the best way, but it works for now. what i'd like to do is
add in group selection as well. ie if there's group file look for
that first
so above line 5 you could have
"files/{{ansible_local.baseos.ver}}/{{item.src}}_AG{{group}}" but
clearly that wont work because there likely is more then on group
attached to a host. so i need to try all the groups of a host and see
if there's a matching file. the only way i can think to do it is to
create a second task that looks in the repository for a matching group
file and then registers a variable which i can include in the below
block above line 5
is there a better way?
1 ---
2 - name: copy pam etc/security/access.conf file
3 vars:
4 findme:
5 - "files/{{item.src}}_AH{{ansible_hostname}}"
6 - "files/{{item.src}}"
7 ansible.builtin.copy:
8 src: "{{ lookup('ansible.builtin.first_found', findme) }}"
9 dest: "/{{item.src}}"
10 owner: "{{item.owner}}"
11 group: "{{item.group}}"
12 mode: "{{item.mode}}"
13 with_items:
14 - { src: "etc/security/access.conf", owner: "root", group:
"root", mode: "0644" }
config files and select a host specific file if it exists. not sure
if it's the best way, but it works for now. what i'd like to do is
add in group selection as well. ie if there's group file look for
that first
so above line 5 you could have
"files/{{ansible_local.baseos.ver}}/{{item.src}}_AG{{group}}" but
clearly that wont work because there likely is more then on group
attached to a host. so i need to try all the groups of a host and see
if there's a matching file. the only way i can think to do it is to
create a second task that looks in the repository for a matching group
file and then registers a variable which i can include in the below
block above line 5
is there a better way?
1 ---
2 - name: copy pam etc/security/access.conf file
3 vars:
4 findme:
5 - "files/{{item.src}}_AH{{ansible_hostname}}"
6 - "files/{{item.src}}"
7 ansible.builtin.copy:
8 src: "{{ lookup('ansible.builtin.first_found', findme) }}"
9 dest: "/{{item.src}}"
10 owner: "{{item.owner}}"
11 group: "{{item.group}}"
12 mode: "{{item.mode}}"
13 with_items:
14 - { src: "etc/security/access.conf", owner: "root", group:
"root", mode: "0644" }
Michael DiDomenico
Apr 18, 2023, 11:39:51 AM4/18/23
to ansible...@googlegroups.com
i managed to come up with this, but seems like it could be cleaner
---
findme: |
{%- set findme = [] -%}
{%- for groupn in group_names -%}
{{- findme.append('files/' + item.src + '_AG' + groupn) -}}
{%- endfor -%}
{{- findme.append("files/"+item.src+"_AH"+ansible_hostname) -}}
{{- findme.append("files/"+item.src) -}}
{{- findme | list -}}
# debug:
# msg: "{{ lookup('ansible.builtin.first_found', findme) }}"
ansible.builtin.copy:
owner: "{{item.owner}}"
group: "{{item.group}}"
mode: "{{item.mode}}"
with_items:
---
- name: copy pam etc/security/access.conf file
vars:
findme: |
{%- set findme = [] -%}
{%- for groupn in group_names -%}
{{- findme.append('files/' + item.src + '_AG' + groupn) -}}
{%- endfor -%}
{{- findme.append("files/"+item.src+"_AH"+ansible_hostname) -}}
{{- findme.append("files/"+item.src) -}}
{{- findme | list -}}
# debug:
# msg: "{{ lookup('ansible.builtin.first_found', findme) }}"
ansible.builtin.copy:
src: "{{ lookup('ansible.builtin.first_found', findme) }}"
dest: "/{{item.src}}"
owner: "{{item.owner}}"
group: "{{item.group}}"
mode: "{{item.mode}}"
with_items:
- { src: "etc/security/access.conf", owner: "root", group: "root",
mode: "0644" }
mode: "0644" }
Rowe, Walter P. (Fed)
Apr 18, 2023, 12:38:51 PM4/18/23
to ansible...@googlegroups.com
I'm not sure what value the with_items adds to this. Its all hardcoded values so why not hard code them into the parameters of the task?
ansible.builtin.copy:
src: "{{ lookup('ansible.builtin.first_found', findme) }}"
dest: "/etc/security/access.conf"
owner: "root"
group: "root"
mode: "0644"
Very clever use of first_found and your find_me vars definition.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCABOsP2P4XX2iNZODMfYSAJnhBZUJXFmhyVe2HigxfW-Rhd_Uog%2540mail.gmail.com&data=05%7C01%7Cwalter.rowe%40nist.gov%7Cf9881777aa77426a7b6d08db40231fee%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638174291823594841%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xtnK%2FYpA8DapkwjWOnJ%2FufK4TLvXZCBop9%2FFIKSG2ng%3D&reserved=0.
Todd Lewis
Apr 18, 2023, 12:56:32 PM4/18/23
to ansible...@googlegroups.com, uto...@gmail.com
It seems to me that you're re-implementing variable precedence, but
only for one variable.
What if, in group_vars/all, you define
access_conf_src_file: access.conf
Then in your group_vars/whatever (for relevant groups of course, for which the other one isn't specific enough), you define
access_conf_src_file: access.conf_AGwhatever
Finally, if you have any hosts which need even more specificity, you define in your host_vars/snowflake1.your.dom
access_conf_src_file: access.conf_AHsnowflake
Then your copy task can just use "{{ access_conf_src_file }}" without invoking magical expressions.
Admittedly, the appeal of having the Right Thing happen just by creating the appropriately named src file is compelling. But it isn't the way the rest of your playbook variables work, so, hmm.
But next, I start to wonder if the right answer isn't to put all the logic and magic in a template and use ansible.builtin.template instead of ansible.builtin.copy.
What if, in group_vars/all, you define
access_conf_src_file: access.conf
Then in your group_vars/whatever (for relevant groups of course, for which the other one isn't specific enough), you define
access_conf_src_file: access.conf_AGwhatever
Finally, if you have any hosts which need even more specificity, you define in your host_vars/snowflake1.your.dom
access_conf_src_file: access.conf_AHsnowflake
Then your copy task can just use "{{ access_conf_src_file }}" without invoking magical expressions.
Admittedly, the appeal of having the Right Thing happen just by creating the appropriately named src file is compelling. But it isn't the way the rest of your playbook variables work, so, hmm.
But next, I start to wonder if the right answer isn't to put all the logic and magic in a template and use ansible.builtin.template instead of ansible.builtin.copy.
-- Todd
Rowe, Walter P. (Fed)
Apr 18, 2023, 1:14:43 PM4/18/23
to ansible...@googlegroups.com
My sense is they are searching from most specific to least specific file. The first one they find they use. The remaining params are hardcoded. We do a similar thing when looking for vars files. We might search for RedHat8, then RedHat, then Linux.
- name: Add OS specific variables for {{ ansible_os_family }} family
include_vars: "{{ loop_vars }}"
with_first_found:
- files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}-{{ ansible_distribution_version }}-family.yml"
- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-family.yml"
- "{{ ansible_os_family }}-family.yml"
- "{{ ansible_system }}.yml"
- "defaults.yml"
paths:
- "vars"
loop_control:
loop_var: loop_vars
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0900869f-a82c-d022-3303-e783f71eef9f%40gmail.com.
Reply all
Reply to author
Forward
0 new messages