Hello,
I need to run a synchronize task as user root to copy some files while
preserving permissions etc. My first solution was to create an
exception so the ssh user is allowed to run rsync via a sudoers rule
with NOPASSWD in a pre_task and in a post_task I cleaned this up and
removed the sudoers rule again. This feels hack and I do not like the
idea to have something like NOPASSWD.
I now have found a solution which goes like this:
-
name: Create sudo_askpass
copy:
dest: “{{ansible_env.PWD}}/pw”
owner: “{{ansible_env.SUDO_USER}}”
mode: 0700
content: |
#!/bin/sh
echo {{hostvars[inventory_hostname][‘ansible_sudo_pass’]}}
changed_when: false -
name: Copy directories.
synchronize:
src: “{{item.src}}/”
dest: /etc/gsc/{{item.dest}}
archive: no
recursive: yes
times: yes
rsync_path: “SUDO_ASKPASS={{ansible_env.PWD}}/pw sudo -A rsync”
with_items: -
{ src: “src1”, dest: “bar” }
-
name: Delete sudo_askpass
file:
path: “{{ansible_env.PWD}}/pw”
state: absent
changed_when: false
However, when synchronize fails, this will no clean up my simple pw file.
Would this be worth to be implemented in the synchronize task?
Or is it possible to aggregate/invoke the existing modules from a new task sudosynchronize?