Ansible Synchronize Remote Server A to Remote Server B

Project Discussions
, , ,
1

Hi,

I was just working on a playbook with the challenge of syncing files from Server A to Server B which was already discussed in a topic:

https://forum.ansible.com/t/ansible-sync-remote-server-a-to-remote-server-b/616

To respond to some of the points in the answer:

  • “won’t work with become: yes.” This is quite inconvenient, since it blocks arbitrary directory copies between machines where you often need root privileges.
  • " Install and run rsync server (runs as root ) on B" . The ansible synchronize module doesn’t set this up automatically, right?
  • “Setup /home as network share” Not a very trivial task.
  • “Enable a root login from A to B”. That is usually prohibited.

The end result, after going over all these items, is that something you would hope to be handled really well by Ansible is difficult to implement.

Possible action items… Just ideas…

  1. A new ansible module that implements this functionality. That is - full ‘become’ privileges, full ‘root’ privileges while easily copying files from Server A to Server B, and it’s all maximally automated, with one task. This is the type of puzzle Ansible is designed to solve for users.

  2. Or, modify the synchronize module to support it.

  3. Or, at least, add a page of documentation discussing this topic in great detail with many examples and instructions. “How to Sync Files and Directories between Remote Server A and Remote Server B”. Link to that doc page from the synchronize module docs. For now, the user must search around on the web.

By the way, the following is a solution that meets many of the criterion:

  • copying files from Server A to B, without involving C (control machine)
  • Allows copying ‘root’ files, or setting ‘root’ permissions.

----

To run on 'source' hosts:

----

- name: Copy files to tmp folder
  ansible.builtin.copy:
    src: "/dir1"
    dest: "/tmp/ansible_tmp_1"
    owner: "ubuntu"
    group: "ubuntu"
    mode: '0755'
    remote_src: true

- name: Transfering files
  become: false
  ansible.posix.synchronize:
    src: "/tmp/ansible_tmp_1/dir1"
    dest: "/tmp/ansible_tmp_1"
    mode: pull
  delegate_to: "{{ item }}"
  vars:
    ansible_ssh_extra_args: '-A'
  with_items: "{{ groups['destination-group'] }}"

- name: Cleanup files from source
  ansible.builtin.file:
    path: "/tmp/ansible_tmp_1"
    state: absent

---

To run on dest hosts:

---
- name: Copy tmp files to dest
  become: true
  ansible.builtin.copy:
    src: "/tmp/ansible_tmp_1/dir1"
    dest: "/"
    owner: "root"
    group: "root"
    mode: "0755"
    remote_src: true

- name: Cleanup files from dest
  ansible.builtin.file:
    path: "/tmp/ansible_tmp_1"
    state: absent
1 Like
2

If the user account you use can sign in from A to B, and can do sudo on both A and B, then you can this to work with rsync.

For example:

ansible@A:~$ sudo rsync -av --rsync-path "sudo rsync" /opt/www ansible@B:/opt/www

This effectively copies a directory from A to B with root permissions, but with sudo, so without the root account.

I haven’t tried to configure the synchronize ansible module to do this, but I think it is definitely possible

3

@dnmvisser , thanks. Just tried your suggestion. Even if the standard user can sign in from A to B… this seems to require root’s ssh configuration to also be set up, so that root is also able to ssh from A to B. sudo rsync switches you to the root user before proceeding. You are now sshing as that user. What does their ssh/config file look like? Maybe it hasn’t been set up yet. Or, in the case of ssh agent, that won’t be shared between users. Did you test sudo rsync locally, in terms of these factors? Is your root user configured to ssh? Ultimately, it can be made to work though. The synchronize_module.html page doesn’t mention sudo rsync. The page is a sort of needle-in-the-haystack where you may read through 18 examples with the problem in mind “how do I copy files from serverA to serverB” and none of the examples really solves it.

4

The example rsync command that I posted does definitely not require anything in the root account. What are you exactly running?

Before you do anything ansible, it helps to make sure that whatever you’re doing at least works without ansible.

5

@dnmvisser , we might go back and forth, debugging root ssh, and then it would distract the thread.
I will DM you. Then results could be posted here if that is helpful.