我正在尝试弄清楚如何使用 Ansible 在目录树上设置权限,以便默认值为 644(当然,对于目录为 755),但需要 664/775 权限的目录除外。
简单的实现如下:
file:
path: "mypath"
mode: "u+rwX,go+rX,go-w"
recurse: True
file:
path: "mypath/exception"
mode: "g+w"
recurse: True
但是,这显然不是幂等的。每次运行时,mypath/exception 的组写入权限都会被删除,然后立即重新添加。
另一种方法是枚举 mypath/* 中的每个单独的子目录,我希望避免这种情况。
还有其他方法可以以幂等方式实现这一点吗?
答案1
您可以使用find模块生成路径列表,然后对这些路径进行操作,而不是使用recurse。例如:
---
- hosts: localhost
gather_facts: false
tasks:
- find:
paths:
- mypath
recurse: true
file_type: any
register: results
- file:
path: "{{ item.path }}"
mode: "u+rwX,go+rX,go-w"
when: >-
"mypath/exception" not in item.path
loop: "{{ results.files }}"
loop_control:
label: "{{ item.path }}"
- file:
path: "{{ item.path }}"
mode: "g+w"
when: >-
"mypath/exception" in item.path
loop: "{{ results.files }}"
loop_control:
label: "{{ item.path }}"
针对示例目录树运行上述剧本会产生如下结果:
PLAY [localhost] ******************************************************************************
TASK [find] ***********************************************************************************
ok: [localhost]
TASK [file] ***********************************************************************************
skipping: [localhost] => (item=mypath/exception)
ok: [localhost] => (item=mypath/dir2)
ok: [localhost] => (item=mypath/dir3)
skipping: [localhost] => (item=mypath/exception/file3)
skipping: [localhost] => (item=mypath/exception/file2)
skipping: [localhost] => (item=mypath/exception/file1)
ok: [localhost] => (item=mypath/dir2/dirc)
ok: [localhost] => (item=mypath/dir2/dira)
ok: [localhost] => (item=mypath/dir2/dirb)
ok: [localhost] => (item=mypath/dir2/dirc/somefile)
ok: [localhost] => (item=mypath/dir2/dira/somefile)
ok: [localhost] => (item=mypath/dir2/dirb/somefile)
ok: [localhost] => (item=mypath/dir3/dirc)
ok: [localhost] => (item=mypath/dir3/dira)
ok: [localhost] => (item=mypath/dir3/dirb)
ok: [localhost] => (item=mypath/dir3/dirc/somefile)
ok: [localhost] => (item=mypath/dir3/dira/somefile)
ok: [localhost] => (item=mypath/dir3/dirb/somefile)
TASK [file] ***********************************************************************************
ok: [localhost] => (item=mypath/exception)
skipping: [localhost] => (item=mypath/dir2)
skipping: [localhost] => (item=mypath/dir3)
ok: [localhost] => (item=mypath/exception/file3)
ok: [localhost] => (item=mypath/exception/file2)
ok: [localhost] => (item=mypath/exception/file1)
skipping: [localhost] => (item=mypath/dir2/dirc)
skipping: [localhost] => (item=mypath/dir2/dira)
skipping: [localhost] => (item=mypath/dir2/dirb)
skipping: [localhost] => (item=mypath/dir2/dirc/somefile)
skipping: [localhost] => (item=mypath/dir2/dira/somefile)
skipping: [localhost] => (item=mypath/dir2/dirb/somefile)
skipping: [localhost] => (item=mypath/dir3/dirc)
skipping: [localhost] => (item=mypath/dir3/dira)
skipping: [localhost] => (item=mypath/dir3/dirb)
skipping: [localhost] => (item=mypath/dir3/dirc/somefile)
skipping: [localhost] => (item=mypath/dir3/dira/somefile)
skipping: [localhost] => (item=mypath/dir3/dirb/somefile)
PLAY RECAP ************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0
这个剧本将要是完全幂等的。