Using fetch in a role

Archives Ansible Project
1

Hi all,

I am using the fetch module in a role that redistributes ssh_known_hosts by:

  1. creating a snippet on every host
  2. fetching those snippets
  3. redistributing the concatenation

I wanted to keep the snippets inside the files directory of the role, but the fetch module fetches does not use that directory as the basedir.

My two question:

  1. Is this expected behavior? (I see how this makes sense.)
  2. If so, can I find the role basedir somehow so I can put the snippets in the role files directory?

Regards,
Joost

2

By the way, in the mean time I hacked around the problem by creating a
custom lookup plugin:

class LookupModule(object):

    def __init__(self, basedir=None, **kwargs):
        self.basedir = basedir

    def run(self, terms=None, inject=None, **kwargs):
        return [self.basedir]

I'm not proud of myself. :slight_smile:

Regards,
Joost

3

Well, fetch is used to gather files from a remote host and put them on the local one.

Usually filing up the roles directory would be a non-standard place to put things, and would probably result in data accidentally going into source control, and that content should drop outside of your playbook directly.

I’d suggest downloading to a specific path, but more so, that you probably shouldn’t be redistributing known hosts by trusting one of your nodes, as nodes should be by very nature untrustworthy, and something centrally managed.

My two cents anyway, unrelated to the above.

I think changing the path would break playbooks.

4

Usually filing up the roles directory would be a non-standard place to put
things, and would probably result in data accidentally going into source
control, and that content should drop outside of your playbook directly.
[...]
I think changing the path would break playbooks.

Sure, I can see that.

[...] you probably
shouldn't be redistributing known hosts by trusting one of your nodes, as
nodes should be by very nature untrustworthy, and something centrally
managed.

That is a good point. Are you suggesting creating the /etc/ssh_host_*
files on the Ansible host and pushing them out to the managed nodes?
Would kind of make sense. Easy to do, too, with ssh-keygen.

Regards,
Joost