using copy module, with_items and a vault

530 views
Skip to first unread message

Tom Ekberg

unread,
Sep 25, 2014, 2:03:17 PM9/25/14
to ansible...@googlegroups.com
I've been having trouble with the copy module, using with_items and a vault. I pulled the devel version of ansible so the version should be 1.7.2 + changes added since then.

I put the whole thing in a public bitbucket repository. You can retrieve it with this:

  git clone g...@bitbucket.org:tekberg/ansible-foo.git

I distilled the problem down to this small set of files. The larger case has more things (keys, certs, CSR) in the vault. I use with_items to iterate through them and copy the data to where the keys, certs, CSR belong in Unbuntu.

The instructions on how to run it are included in foo.yml - your host may vary.

The main part is using the copy module:

  tasks:
  - name: install private key, if one exists
    copy:
      dest: "{{ item[1] }}"
      content: "{{ item[0] }}"
    when: item[1]
    with_items:
      - ("{{PRIVATE_KEY}}", "{{PRIVATE_KEY_FILE}}")

My larger case has more in with_items. The things in caps are in the vault. I had to do the "{{PRIVATE_KEY}}" because without the punctuation item[0] was 'PRIVATE_KEY'. Here is a snippet of the ansible output:

failed: [apps2] => (item=(PRIVATE_KEY, PRIVATE_KEY_FILE)) => {"failed": true, "item": "(PRIVATE_KEY, PRIVATE_KEY_FILE)", "md5sum": "84c40473414caf2ed4a7b1283e48bbf4"}

With the extra "{{...}}" syntax it still fails, but item looks better:

failed: [apps2] => (item=("dfihahf
adkfhalkdfjhalkdghalghjalkjd
49147174*&^(^&((&
", "/etc/ssl/private/foo.key")) => {"failed": true, "item": "(\"dfihahf\nadkfhalkdfjhalkdghalghjalkjd\n49147174*&^(^&((&\n\", \"/etc/ssl/private/foo.key\")", "md5sum": "84c40473414caf2ed4a7b1283e48bbf4"}

You can see item[0] is a 3 line value and item[1] is the a file name.

The error I get is:

  msg: Destination directory  does not exist

I hacked the ansible source to display more for this error and this is the result:

  msg: TWE Destination directory  does not exist
  dest=", len(dest)=1

So it is trying to deal with a file name consisting of a single double quote.

I have tried everything I could think of but nothing works. Do you have an idea on what I am doing wrong?

Matt Martz

unread,
Sep 25, 2014, 2:11:25 PM9/25/14
to ansible...@googlegroups.com
I believe the problem is that you are trying to use a tuple in your YAML file, and YAML doesn't support it.

You with_items should probably be:

with_items:
      - [["{{PRIVATE_KEY}}", "{{PRIVATE_KEY_FILE}}"]]
Due to how ansible collapses lists of lists in with_items, you have to nest your list deeper.
Otherwise you could use a hash instead like (this is my preference):
with_items:
      - {key: "{{PRIVATE_KEY}}", file: "{{PRIVATE_KEY_FILE}}"}
Then reference item.key and item.file instead of list indexes.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f4f3c656-5e17-43ad-b8c5-aecda5273f39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Matt Martz
@sivel
sivel.net

Tom Ekberg

unread,
Sep 25, 2014, 2:58:52 PM9/25/14
to ansible...@googlegroups.com
Matt,

Thanks for your help! Coming from a Python world I made the incorrect assumption that YAML supported tuples. Both of your suggestions worked fine. I like the hash better too because it is easier to read.

Tom
Reply all
Reply to author
Forward
0 new messages