Using fetch in a role
39 views
Skip to first unread message
Joost Cassee
May 28, 2014, 6:43:20 AM5/28/14
to ansible...@googlegroups.com
Hi all,
I am using the fetch module in a role that redistributes ssh_known_hosts by:
1) creating a snippet on every host
2) fetching those snippets
3) redistributing the concatenation
I wanted to keep the snippets inside the files directory of the role, but the fetch module fetches does not use that directory as the basedir.
My two question:
1) Is this expected behavior? (I see how this makes sense.)
2) If so, can I find the role basedir somehow so I can put the snippets in the role files directory?
Regards,
Joost
I am using the fetch module in a role that redistributes ssh_known_hosts by:
1) creating a snippet on every host
2) fetching those snippets
3) redistributing the concatenation
I wanted to keep the snippets inside the files directory of the role, but the fetch module fetches does not use that directory as the basedir.
My two question:
1) Is this expected behavior? (I see how this makes sense.)
2) If so, can I find the role basedir somehow so I can put the snippets in the role files directory?
Regards,
Joost
Joost Cassee
May 28, 2014, 6:59:20 AM5/28/14
to ansible...@googlegroups.com
By the way, in the mean time I hacked around the problem by creating a
custom lookup plugin:
class LookupModule(object):
def __init__(self, basedir=None, **kwargs):
self.basedir = basedir
def run(self, terms=None, inject=None, **kwargs):
return [self.basedir]
I'm not proud of myself. :-)
Regards,
Joost
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/TMWhxCPhL54/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1c87d249-3cbc-43d0-9875-e470400e0aaa%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Joost Cassee
http://joost.cassee.net
custom lookup plugin:
class LookupModule(object):
def __init__(self, basedir=None, **kwargs):
self.basedir = basedir
def run(self, terms=None, inject=None, **kwargs):
return [self.basedir]
I'm not proud of myself. :-)
Regards,
Joost
> You received this message because you are subscribed to a topic in the
> Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ansible-project/TMWhxCPhL54/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/1c87d249-3cbc-43d0-9875-e470400e0aaa%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Joost Cassee
http://joost.cassee.net
Michael DeHaan
May 28, 2014, 8:07:45 AM5/28/14
to ansible...@googlegroups.com
Well, fetch is used to gather files from a remote host and put them on the local one.
Usually filing up the roles directory would be a non-standard place to put things, and would probably result in data accidentally going into source control, and that content should drop outside of your playbook directly.
I'd suggest downloading to a specific path, but more so, that you probably shouldn't be redistributing known hosts by trusting one of your nodes, as nodes should be by very nature untrustworthy, and something centrally managed.
My two cents anyway, unrelated to the above.
I think changing the path would break playbooks.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEQrH%2BdE3SfDnhLnx54zZfByqMN1_6phdrLBHTyFomgEAsEG%2Bg%40mail.gmail.com.
Joost Cassee
May 28, 2014, 9:42:24 AM5/28/14
to ansible...@googlegroups.com
2014-05-28 14:07 GMT+02:00 Michael DeHaan <mic...@ansible.com>:
> Usually filing up the roles directory would be a non-standard place to put
> things, and would probably result in data accidentally going into source
> control, and that content should drop outside of your playbook directly.
> [...]
> Usually filing up the roles directory would be a non-standard place to put
> things, and would probably result in data accidentally going into source
> control, and that content should drop outside of your playbook directly.
> I think changing the path would break playbooks.
Sure, I can see that.
> [...] you probably
> shouldn't be redistributing known hosts by trusting one of your nodes, as
> nodes should be by very nature untrustworthy, and something centrally
> managed.
That is a good point. Are you suggesting creating the /etc/ssh_host_*
> nodes should be by very nature untrustworthy, and something centrally
> managed.
files on the Ansible host and pushing them out to the managed nodes?
Would kind of make sense. Easy to do, too, with ssh-keygen.
Regards,
Joost
Reply all
Reply to author
Forward
0 new messages