Rsync, permissions and idempotence

Hi,

I’m currently writing a playbook to configure a proxy server using Squid and SquidGuard. There’s a little detail I can’t seem to figure out.

I have an existing /var/squidGuard directory where I want to download blacklists from a local university. Here’s what the manual command looks like:

# cd /var/squidGuard
# rsync -arpogvt rsync://ftp.ut-capitole.fr/blacklist .

This results in a new /var/squidGuard/dest directory with lots of files.

When I do this manually I set the owner and group of this directory to the squid system user and group:

# chown -R squid:squid dest/

Now I wonder how I can make this idempotent.

    - name: Create download directory
      ansible.builtin.file:
        path: /var/squidGuard/dest
        state: directory
        owner: squid
        group: squid
        mode: 0755

Unfortunately when I do this:

    - name: Fetch blacklists (Université de Toulouse)
      ansible.posix.synchronize:
        src: rsync://ftp.ut-capitole.fr/blacklist
        dest: /var/squidGuard
        delete: true

… then I get some weird permissions on my downloaded file tree:

# ls -l
total 4
drwxr-xr-x. 76 99 99 4096 Feb 12 22:50 dest
# ls -l dest/ | head -n 5
total 192
lrwxrwxrwx. 1   99   99     9 Feb 12 22:50 ads -> publicite
drwxr-xr-x. 2   99   99   100 Feb 12 04:03 adult
lrwxrwxrwx. 1   99   99     8 Feb 12 22:50 aggressive -> agressif
drwxr-xr-x. 2   99   99    65 Feb 11 09:16 agressif

I know if I wanted to keep squid:squid permissions on my downloaded dest files, then the best way to do that would be to execute the rsync command as the squid system user. Only I don’t know how to translate that into Ansible syntax. I don’t even know if that’s possible.

Any suggestions ?

Does setting the owner and group options to false with become_user set to squid solve this?

If that isn’t the answer can you use rsync_opts to solve this issue?

That doesn’t solve the problem. But I think I have a different idea on how to handle this.

Thanks & cheers,

Niki

1 Like