copy module copies a file from the local or remote machine to a location on the remote machine.content field will result in unpredictable output.| Parameter | Choices/Defaults | Comments |
|---|---|---|
| attributes string | The attributes the resulting file or directory should have. To get supported flags look at the man page for chattr on the target system. This string should contain the attributes in the same order as the one displayed by lsattr. The = operator is assumed as default, otherwise + or - operators need to be included in the string.aliases: attr | |
| backup boolean |
| Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. |
| checksum string added in 2.5 | SHA1 checksum of the file being transferred. Used to validate that the copy of the file was successful. If this is not provided, ansible will use the local calculated checksum of the src file. | |
| content string | When used instead of src, sets the contents of a file directly to the specified value.Works only when dest is a file. Creates the file if it does not exist.For advanced formatting or if content contains a variable, use the template module. | |
| decrypt boolean added in 2.4 |
| This option controls the autodecryption of source files using vault. |
| dest path / required | Remote absolute path where the file should be copied to. If src is a directory, this must be a directory too.If dest is a non-existent path and if either dest ends with "/" or src is a directory, dest is created.If dest is a relative path, the starting directory is determined by the remote host. If src and dest are files, the parent directory of dest is not created and the task fails if it does not already exist. | |
| directory_mode raw | When doing a recursive copy set the mode for the directories. If this is not set we will use the system defaults. The mode is only set on directories which are newly created, and will not affect those that already existed. | |
| follow boolean |
| This flag indicates that filesystem links in the destination, if they exist, should be followed. |
| force boolean |
| Influence whether the remote file must always be replaced. If yes, the remote file will be replaced when contents are different than the source.If no, the file will only be transferred if the destination does not exist.Alias thirsty has been deprecated and will be removed in 2.13.aliases: thirsty |
| group string | Name of the group that should own the file/directory, as would be fed to chown. | |
| local_follow boolean added in 2.4 |
| This flag indicates that filesystem links in the source tree, if they exist, should be followed. |
| mode path | The permissions of the destination file or directory. For those used to /usr/bin/chmod remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like 0644 or 01777)or quote it (like '644' or '1777') so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, u+rwx or u=rw,g=r,o=r).As of Ansible 2.3, the mode may also be the special string preserve.preserve means that the file will be given the same permissions as the source file. | |
| owner string | Name of the user that should own the file/directory, as would be fed to chown. | |
| remote_src boolean |
| Influence whether src needs to be transferred or already is present remotely.If no, it will search for src at originating/master machine.If yes it will go to the remote/target machine for the src.remote_src supports recursive copying as of version 2.8.remote_src only works with mode=preserve as of version 2.6. |
| selevel string | Default: "s0" | The level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the range.When set to _default, it will use the level portion of the policy if available. |
| serole string | The role part of the SELinux file context. When set to _default, it will use the role portion of the policy if available. | |
| setype string | The type part of the SELinux file context. When set to _default, it will use the type portion of the policy if available. | |
| seuser string | The user part of the SELinux file context. By default it uses the system policy, where applicable.When set to _default, it will use the user portion of the policy if available. | |
| src path | Local path to a file to copy to the remote server. This can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to the rsync command line tool. | |
| unsafe_writes boolean |
| Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target file. By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target files, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted files, which cannot be updated atomically from inside the container and can only be written in an unsafe manner. This option allows Ansible to fall back to unsafe methods of updating files when atomic operations fail (however, it doesn't force Ansible to perform unsafe writes). IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption. |
| validate string | The validation command to run before copying into place. The path to the file to validate is passed in via '%s' which must be present as in the examples below. The command is passed securely so shell features like expansion and pipes will not work. |
Note
See also
- name: Copy file with owner and permissions
copy:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mode: '0644'
- name: Copy file with owner and permission, using symbolic representation
copy:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mode: u=rw,g=r,o=r
- name: Another symbolic mode example, adding some permissions and removing others
copy:
src: /srv/myfiles/foo.conf
dest: /etc/foo.conf
owner: foo
group: foo
mode: u+rw,g-wx,o-rwx
- name: Copy a new "ntp.conf file into place, backing up the original if it differs from the copied version
copy:
src: /mine/ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Copy a new "sudoers" file into place, after passing validation with visudo
copy:
src: /mine/sudoers
dest: /etc/sudoers
validate: /usr/sbin/visudo -csf %s
- name: Copy a "sudoers" file on the remote machine for editing
copy:
src: /etc/sudoers
dest: /etc/sudoers.edit
remote_src: yes
validate: /usr/sbin/visudo -csf %s
- name: Copy using inline content
copy:
content: '# This file was moved to /etc/other.conf'
dest: /etc/mine.conf
- name: If follow=yes, /path/to/file will be overwritten by contents of foo.conf
copy:
src: /etc/foo.conf
dest: /path/to/link # link to /path/to/file
follow: yes
- name: If follow=no, /path/to/link will become a file and be overwritten by contents of foo.conf
copy:
src: /etc/foo.conf
dest: /path/to/link # link to /path/to/file
follow: no
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| backup_file string | changed and if backup=yes | Name of backup file created Sample: /path/to/file.txt.2015-02-12@22:09~ |
| checksum string | success | SHA1 checksum of the file after running copy Sample: 6e642bb8dd5c2e027bf21dd923337cbb4214f827 |
| dest string | success | Destination file/path Sample: /path/to/file.txt |
| gid integer | success | Group id of the file, after execution Sample: 100 |
| group string | success | Group of the file, after execution Sample: httpd |
| md5sum string | when supported | MD5 checksum of the file after running copy Sample: 2a5aeecc61dc98c4d780b14b330e3282 |
| mode string | success | Permissions of the target, after execution Sample: 420 |
| owner string | success | Owner of the file, after execution Sample: httpd |
| size integer | success | Size of the target, after execution Sample: 1220 |
| src string | changed | Source file used for the copy on the target machine Sample: /home/httpd/.ansible/tmp/ansible-tmp-1423796390.97-147729857856000/source |
| state string | success | State of the target, after execution Sample: file |
| uid integer | success | Owner id of the file, after execution Sample: 100 |
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/copy_module.html