3

I am new to Ansible so this may be a silly question. Thank you for your patience.

I have two users on my child node: ubuntu and ansible

I have one user on my control node: ubuntu

I created the ansible user on my child node to test out multiple users/isolate ansible. Maybe this is not a good idea?

I am trying to copy a test file from my control node to my child node. I am connecting as the ansible user (because I've granted them passwordless sudo in the sudoers file, I don't want to do this for the ubuntu user). However I cannot copy the file into ubuntu user's home folder. I am able to copy into ansible user's home folder.

Is what I'm trying to do possible? I couldn't find much reading on this so I am guessing I am approaching this the wrong way... is there a better way to do this?

Here is my playbook:

---
- name: script transfer practice
  hosts: devdebugs
  remote_user: ansible

  tasks:
  - name: Copy file with owner and permissions
    ansible.builtin.copy:
      src: /home/ubuntu/files/test.txt
      dest: /home/ubuntu/test.txt
      owner: ubuntu
      group: ubuntu
      mode: '0600'
...

Note: It works with dest /home/ansible/test.txt. It does not work with dest /home/ubuntu/test.txt

Zeitounator
  • 38,476
  • 7
  • 53
  • 66
Bix
  • 760
  • 8
  • 22
  • 2
    Are you just missing the `-b` flag when calling ansible-playbook? Looks like you try to write into user ubuntu's home as the user ansible instead of doing it as root. `-b` will do it as root. – SipSeb May 06 '21 at 19:18
  • Thank you @SipSeb! I was indeed lacking proper escalation. – Bix May 06 '21 at 20:48

2 Answers2

2

I created the ansible user on my child node to test out multiple users/isolate ansible. Maybe this is not a good idea?

Having a specific user for your deployments with full escalation rights on your target host is the most common setup to run ansible.

Is what I'm trying to do possible?

Absolutely not. If you have correctly set escalation rights to your ansible user as mentionned, all you are missing in your task or play is become: true. At play level, it will affect all task for that play:

---
- name: script transfer practice
  hosts: devdebugs
  remote_user: ansible
  become: true

  # here goes the rest of your play....

At task level, it will only affect the given task.

  - name: Copy file with owner and permissions
    ansible.builtin.copy:
      src: /home/ubuntu/files/test.txt
      dest: /home/ubuntu/test.txt
      owner: ubuntu
      group: ubuntu
      mode: '0600'
    become: true

As reported by @SipSeb in the comments, you can also set the become flag for an entire playbook at runtime using the -b/--become flag on the ansible(-playbook) command line.

I couldn't find much reading on this

Probably because you are new to ansible and do not know exactly what to look for. For this particular subject, a good starting point is understanding ansible privilege escalation

Zeitounator
  • 38,476
  • 7
  • 53
  • 66
  • Appreciate your insight @Zeitounator. Glad to know I wasn't too far off. `become: true` combined with the `-K` flag did the trick. – Bix May 06 '21 at 20:48
-1

Ansible copy allows you to copy files from one directory to another on the same remote machine. But you can perform this only for files, you can’t copy directories. You have to use the remote_src parameter to let Ansible know your intentions.

---
- hosts: servers
  tasks:
  - name: Copy file between directories on a remote server
    copy:
      src: /tmp/test.txt
      dest: ~/test.txt
      remote_src: yes

Copying a directory from a local machine to the remote server You can also copy folders/directories using the Ansible copy module. If the ‘src’ path is a directory, it will be copied recursively. That means the entire directory is copied.

- hosts: server
  tasks:
  - name: copy to the remote server
    copy:
      src:/sample.txt
      dest:/root/
Sushil
  • 121
  • 1
  • 7