copy¶
Collection Note
This module is part of the ansible.builtin collection. To install the collection, use:
Added in versionhistorical.
Synopsis¶
- The M(ansible.builtin.copy) module copies a file or a directory structure from the local or remote machine to a location on the remote machine. File system meta-information (permissions, ownership, etc.) may be set, even when the file or directory already exists on the target system. Some meta-information may be copied on request.
- Get meta-information with the M(ansible.builtin.stat) module.
- Set meta-information with the M(ansible.builtin.file) module.
- Use the M(ansible.builtin.fetch) module to copy files from remote locations to the local box.
- If you need variable interpolation in copied files, use the M(ansible.builtin.template) module. Using a variable with the O(content) parameter produces unpredictable results.
- For Windows targets, use the M(ansible.windows.win_copy) module instead.
Parameters¶
| Parameter | Defaults / Choices | Comments |
|---|---|---|
| attributes str |
The attributes the resulting filesystem object should have. To get supported flags look at the man page for C(chattr) on the target system. This string should contain the attributes in the same order as the one displayed by C(lsattr). The C(=) operator is assumed as default, otherwise C(+) or C(-) operators need to be included in the string. Version Added: 2.3 |
|
| backup bool |
Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. Version Added: 0.7 |
|
| checksum str |
SHA1 checksum of the file being transferred. Used to validate that the copy of the file was successful. If this is not provided, ansible will use the local calculated checksum of the src file. Version Added: 2.5 |
|
| content str |
When used instead of O(src), sets the contents of a file directly to the specified value. Works only when O(dest) is a file. Creates the file if it does not exist. For advanced formatting or if O(content) contains a variable, use the M(ansible.builtin.template) module. Version Added: 1.1 |
|
| decrypt bool |
Default: True |
This option controls the auto-decryption of source files using vault. Version Added: 2.4 |
| dest path required |
Remote absolute path where the file should be copied to. If O(src) is a directory, this must be a directory too. If O(dest) is a non-existent path and if either O(dest) ends with C(/) or O(src) is a directory, O(dest) is created. If O(dest) is a relative path, the starting directory is determined by the remote host. If O(src) and O(dest) are files, the parent directory of O(dest) is not created and the task fails if it does not already exist. |
|
| directory_mode raw |
Set the access permissions of newly created directories to the given mode. Permissions on existing directories do not change. See O(mode) for the syntax of accepted values. The target system's defaults determine permissions when this parameter is not set. Version Added: 1.5 |
|
| follow bool |
This flag indicates that filesystem links in the destination, if they exist, should be followed. Version Added: 1.8 |
|
| force bool |
Default: True |
Influence whether the remote file must always be replaced. If V(true), the remote file will be replaced when contents are different than the source. If V(false), the file will only be transferred if the destination does not exist. Version Added: 1.1 |
| group str |
Name of the group that should own the filesystem object, as would be fed to C(chown). When left unspecified, it uses the current group of the current user unless you are root, in which case it can preserve the previous ownership. |
|
| local_follow bool |
Default: True |
This flag indicates that filesystem links in the source tree, if they exist, should be followed. Version Added: 2.4 |
| mode raw |
The permissions of the destination file or directory. For those used to C(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)). As of Ansible 2.3, the mode may also be the special string V(preserve). V(preserve) means that the file will be given the same permissions as the source file. When doing a recursive copy, see also O(directory_mode). If O(mode) is not specified and the destination file B(does not) exist, the default C(umask) on the system will be used when setting the mode for the newly created file. If O(mode) is not specified and the destination file B(does) exist, the mode of the existing file will be used. Specifying O(mode) is the best way to ensure files are created with the correct permissions. See CVE-2020-1736 for further details. |
|
| owner str |
Name of the user that should own the filesystem object, as would be fed to C(chown). When left unspecified, it uses the current user unless you are root, in which case it can preserve the previous ownership. Specifying a numeric username will be assumed to be a user ID and not a username. Avoid numeric usernames to avoid this confusion. |
|
| remote_src bool |
Influence whether O(src) needs to be transferred or already is present remotely. If V(false), it will search for O(src) on the controller node. If V(true), it will search for O(src) on the managed (remote) node. O(remote_src) supports recursive copying as of version 2.8. O(remote_src) only works with O(mode=preserve) as of version 2.6. Auto-decryption of files does not work when O(remote_src=yes). Version Added: 2.0 |
|
| selevel str |
The level part of the SELinux filesystem object context. This is the MLS/MCS attribute, sometimes known as the C(range). When set to V(_default), it will use the C(level) portion of the policy if available. |
|
| serole str |
The role part of the SELinux filesystem object context. When set to V(_default), it will use the C(role) portion of the policy if available. |
|
| setype str |
The type part of the SELinux filesystem object context. When set to V(_default), it will use the C(type) portion of the policy if available. |
|
| seuser str |
The user part of the SELinux filesystem object context. By default it uses the V(system) policy, where applicable. When set to V(_default), it will use the C(user) portion of the policy if available. |
|
| src path |
Local path to a file to copy to the remote server. This can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with C(/), only inside contents of that directory are copied to destination. Otherwise, if it does not end with C(/), the directory itself with all contents is copied. This behavior is similar to the C(rsync) command line tool. |
|
| unsafe_writes bool |
Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target filesystem object. By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target filesystem objects, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted filesystem objects, which cannot be updated atomically from inside the container and can only be written in an unsafe manner. This option allows Ansible to fall back to unsafe methods of updating filesystem objects when atomic operations fail (however, it doesn't force Ansible to perform unsafe writes). IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption. Version Added: 2.2 |
|
| validate str |
The validation command to run before copying the updated file into the final destination. A temporary file path is used to validate, passed in through C(%s) which must be present as in the examples below. Also, the command is passed securely so shell features such as expansion and pipes will not work. For an example on how to handle more complex validation than what this option provides, see R(handling complex validation,complex_configuration_validation). |
Notes¶
Note
- The M(ansible.builtin.copy) module recursively copy facility does not scale to lots (>hundreds) of files.
Examples¶
- name: Copy file with owner and permissions
ansible.builtin.copy:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mode: '0644'
- name: Copy file with owner and permission, using symbolic representation
ansible.builtin.copy:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mode: u=rw,g=r,o=r
- name: Another symbolic mode example, adding some permissions and removing others
ansible.builtin.copy:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mode: u+rw,g-wx,o-rwx
- name: Copy a new "ntp.conf" file into place, backing up the original if it differs from the copied version
ansible.builtin.copy:
src: /mine/ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy a new "sudoers" file into place, after passing validation with visudo
ansible.builtin.copy:
src: /mine/sudoers
dest: /etc/sudoers
validate: /usr/sbin/visudo -csf %s
- name: Copy a "sudoers" file on the remote machine for editing
ansible.builtin.copy:
src: /etc/sudoers
dest: /etc/sudoers.edit
remote_src: yes
validate: /usr/sbin/visudo -csf %s
- name: Copy using inline content
ansible.builtin.copy:
content: '# This file was moved to /etc/other.conf'
dest: /etc/mine.conf
- name: If follow=yes, /path/to/file will be overwritten by contents of foo.conf
ansible.builtin.copy:
src: /etc/foo.conf
dest: /path/to/link # link to /path/to/file
follow: yes
- name: If follow=no, /path/to/link will become a file and be overwritten by contents of foo.conf
ansible.builtin.copy:
src: /etc/foo.conf
dest: /path/to/link # link to /path/to/file
follow: no
Return Values¶
| Key | Data Type | Description | Returned |
|---|---|---|---|
| backup_file | str | Name of backup file created. | changed and if backup=yes |
| checksum | str | SHA1 checksum of the file after running copy. | success |
| dest | str | Destination file/path. | success |
| gid | int | Group id of the file, after execution. | success |
| group | str | Group of the file, after execution. | success |
| md5sum | str | MD5 checksum of the file after running copy. | when supported |
| mode | str | Permissions of the target, after execution. | success |
| owner | str | Owner of the file, after execution. | success |
| size | int | Size of the target, after execution. | success |
| src | str | Source file used for the copy on the target machine. | changed |
| state | str | State of the target, after execution. | success |
| uid | int | Owner id of the file, after execution. | success |
Authors¶
- Ansible Core Team
- Michael Dehaan