Home / server / Questions / 881347
Accepted
funky-future
Asked: 2017-11-02 04:52:49 +0800 CST

Can I define global default values for the tasks of an Ansible module?

  • 772

I find myself repeatedly typing arguments to file-related modules of Ansible like this:

- copy:
    […]
    owner: root
    group: root
    mode: ugo=r

Though it may seem safe to assume that omitting these arguments for ownership would result the same as the tasks are 'sudoedly' executed, I'd like to define these arguments once explicitly in the scope of either a role's defaults or a host's variables per module or even a group of modules.

Is there a way to facilitate such definition?

ansible

3 Answers

  1. Best Answer

    Yes, you can do this as long as you are using version >= 2.6. This can be accomplished using the module_defaults keyword.

    Example usage looks like this:

    - hosts: localhost
  gather_facts: no
  module_defaults:
    file:
      owner: foobar
  tasks:
    - file:
        path: /tmp/defaults_test
        state: touch
    • 5

  2. Parameters are required on each call to a module. It is the only way for module input.

    When copying multiple files in a task, you can iterate over a list. 

    - copy:
    src: "{{item}}"
    dest: "/etc/logrotate.d/{{item}}"
    owner: root
    group: root
    mode: ugo=r
  with_items:
  - foo
  - bar

    You could define variables for these parameters, but you still need to use those on every call to the module. This allows you to override the value in many places at once.

    • 0

  3. I'd like to define these arguments once explicitly in the scope of either a role's defaults or a host's variables per module or even a group of modules.

    Luckily you can't and your request is incoherent because of the way you use the word "explicitly".

    In fact you want to "define these arguments once so that they are applied implicitly".

    And on the other hand, it is Ansible that requires parameter values to be specified explicitly.

    Though it may seem safe to assume that omitting these arguments for ownership would result the same as the tasks are 'sudoedly' executed, 

    No, it is not safe to assume that omitting the arguments would set the ownership to values defined in your head.

    Simplest case is where the file already exists and Ansible only changes its content. It won't implicitly fix the permissions/ownership in that case.

    The best thing you can do is to specify the required parameters explicitly in tasks.

    If you want to have some flexibility, use variables defined in a single place:

    vars:
  my_owner: root
  my_group: root
  my_mode: ugo=r
tasks: 
  - copy:
      […]
      owner: "{{ my_owner }}"
      group: "{{ my_group }}"
      mode: "{{ my_mode }}"

    Another important thing to bear in mind is that historically not all modules were behaving in the same way with regard to file permissions. Namely some modules (url if I remember correctly) set the explicitly specified permissions only when they actually created/changed the file, while leaving the permissions unchanged otherwise.

    There is no excuse for not testing the systems (using a separate flow, be it using Ansible, or a different tool).

    • 0