Extend copy module to copy a file from a an http, https or ftp location (like get_url)

First, I drop my wish:

• name: copy a package from a private web service to a node stored in paranoid DMZ subnet
  copy: src=**https://packages.mycompany.com/**files/awesome-app-1.2.0.tar.gz
  dest=/tmp/awesome-app-to-deploy.tar.gz

Due to internal network restrictions, some provisioned nodes cannot fetch setup files (e.g. packages, archives, …) via get_url call (no internet access, paranoid internal firewalls, etc). Since I don’t want to store built/released items into the Ansible VCS repository, I cannot use copy neither.

Searching similar topics I found following resources, but no solution so far:

• Question on the list: Is there an existing module that works similar to copy but allows one to use http resources instead of local files?

• and related Pull Request 634 (get module (with new module-magic-code!)), which aborted (certainly because of introduction of handy get_url module

Since links above are already “old” and inactive for more than 1 year now, I preferred to open this new thread to avoid mixing with existing features (get_url, copy, fetch). First, I’d like to be sure I’m not wrong and that my needs is not satisfied with current Ansible 1.3-dev. Please confirm

As workaround, we can “of course” make things like

• mount the “LAN repository” (via NFS) to the ansible runner host. But I don’t know any “mount.http” trick…

• create an “auto-fetch” script that (on demand) pull required files to the ansible runner host. Not sure how I could combine it to be triggered by Ansible execution…

In fact, the solution that I consider the best at the moment would consist to simply extend Ansible copy module so it would support the syntax above, with following implementation design:

• Try to download the src file to ansible runner host in a temporary local location (à la “get_url” but locally)
• Simply use the existing “copy module” source code to transfer the file

Ideally https, http and ftp protocols should be supported, exactly the same get_url does.

My questions are thus following:

• Would such kind of patch accepted?
• If yes, how should we better refactor the existing code of copy and get_url, to keep the code base as DRY as possible?
  Since all the bricks are already available, I feel quite interested and ready to try to implement this patch, but feel free to work on it (just leave a note in this thread, so I don’t uselessly sweat on it

Many thanks in advance for your inputs!

Cheers, Gilles

The get_url module already supports this functionality, so you should use:

environment:
http_proxy: http://…

(and/or https_proxy) to configure ansible to use a proxy server. Simply adding this functionality to the copy module won’t get you around the fact that the server can’t reach the internet.

Sorry if I badly explained myself. http_proxy/get_url is great but does not help in this case (but it does for other paranoid barriers I have to deal with

I only can push stuff via ssh to the target machine and the target machine is not allowed to access any internal web services (due to network filters from DMZ to LAN). Hence this request... I hope not to be the single guy to face such (annoying) infrastructure "challenges", otherwise I'll complain to my security responsibles for abuse of good practices, hé

Cheers, Gilles

As alternative solution - have task with delegate_to: 127.0.0.1 (or local_action)
http://www.ansibleworks.com/docs/playbooks2.html#id25
But you end up with 2 tasks instead of single copy.

Thank you Dmitry to make me discover these delegation features!

local_action or delegate_to should certainly do the trick. I don’t care to spend two tasks on that, as I keep using a pure Ansible tool chain. Thanks again for the tip