主页 / computer / 问题 / 1431172
Accepted
Kevin Keane
Asked: 2019-04-30 14:01:30 +0800 CST

如何在 Ansible 中设置树上的文件权限

  • 772

我想弄清楚如何使用 Ansible 在目录树上设置权限,以便默认值为 644(当然,目录为 755),但需要 664/775 权限的目录除外。

天真的实现是这样的:

file:
    path: "mypath"
    mode: "u+rwX,go+rX,go-w"
    recurse: True

file:
    path: "mypath/exception"
    mode: "g+w"
    recurse: True

但是,这显然不是幂等的。每次运行时,mypath/exception 都会删除组写入权限,然后立即重新添加。

另一种方法是枚举 mypath/* 中的每个单独的子目录,我希望避免这种情况。

还有另一种方法可以以幂等的方式实现这一点吗?

ansible

1 个回答

  1. Best Answer

    您可以使用该find模块生成路径列表,然后对这些路径进行操作,而不是使用recurse. 例如:

    ---
- hosts: localhost
  gather_facts: false
  tasks:

    - find:
        paths:
          - mypath
        recurse: true
        file_type: any
      register: results

    - file:
        path: "{{ item.path }}"
        mode: "u+rwX,go+rX,go-w"
      when: >-
        "mypath/exception" not in item.path
      loop: "{{ results.files }}"
      loop_control:
        label: "{{ item.path }}"

    - file:
        path: "{{ item.path }}"
        mode: "g+w"
      when: >-
        "mypath/exception" in item.path
      loop: "{{ results.files }}"
      loop_control:
        label: "{{ item.path }}"

    针对示例目录树运行上面的剧本会产生如下内容:

    PLAY [localhost] ******************************************************************************

TASK [find] ***********************************************************************************
ok: [localhost]

TASK [file] ***********************************************************************************
skipping: [localhost] => (item=mypath/exception) 
ok: [localhost] => (item=mypath/dir2)
ok: [localhost] => (item=mypath/dir3)
skipping: [localhost] => (item=mypath/exception/file3) 
skipping: [localhost] => (item=mypath/exception/file2) 
skipping: [localhost] => (item=mypath/exception/file1) 
ok: [localhost] => (item=mypath/dir2/dirc)
ok: [localhost] => (item=mypath/dir2/dira)
ok: [localhost] => (item=mypath/dir2/dirb)
ok: [localhost] => (item=mypath/dir2/dirc/somefile)
ok: [localhost] => (item=mypath/dir2/dira/somefile)
ok: [localhost] => (item=mypath/dir2/dirb/somefile)
ok: [localhost] => (item=mypath/dir3/dirc)
ok: [localhost] => (item=mypath/dir3/dira)
ok: [localhost] => (item=mypath/dir3/dirb)
ok: [localhost] => (item=mypath/dir3/dirc/somefile)
ok: [localhost] => (item=mypath/dir3/dira/somefile)
ok: [localhost] => (item=mypath/dir3/dirb/somefile)

TASK [file] ***********************************************************************************
ok: [localhost] => (item=mypath/exception)
skipping: [localhost] => (item=mypath/dir2) 
skipping: [localhost] => (item=mypath/dir3) 
ok: [localhost] => (item=mypath/exception/file3)
ok: [localhost] => (item=mypath/exception/file2)
ok: [localhost] => (item=mypath/exception/file1)
skipping: [localhost] => (item=mypath/dir2/dirc) 
skipping: [localhost] => (item=mypath/dir2/dira) 
skipping: [localhost] => (item=mypath/dir2/dirb) 
skipping: [localhost] => (item=mypath/dir2/dirc/somefile) 
skipping: [localhost] => (item=mypath/dir2/dira/somefile) 
skipping: [localhost] => (item=mypath/dir2/dirb/somefile) 
skipping: [localhost] => (item=mypath/dir3/dirc) 
skipping: [localhost] => (item=mypath/dir3/dira) 
skipping: [localhost] => (item=mypath/dir3/dirb) 
skipping: [localhost] => (item=mypath/dir3/dirc/somefile) 
skipping: [localhost] => (item=mypath/dir3/dira/somefile) 
skipping: [localhost] => (item=mypath/dir3/dirb/somefile) 

PLAY RECAP ************************************************************************************
localhost                  : ok=3    changed=0    unreachable=0    failed=0

    这个剧本是适当的幂等的。

    • 1

相关问题