@ -17,34 +17,16 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
import os
import sys
import shlex
import subprocess
import shutil
import stat
import grp
import pwd
import syslog
import selinux
except ImportError:
def dump_kv(vars):
return " ".join("%s='%s'" % (k,v) for (k,v) in vars.items())
def exit_kv(rc=0, **kwargs):
if 'path' in kwargs:
print dump_kv(kwargs)
def fail_kv(**kwargs):
kwargs['failed'] = True
exit_kv(rc=1, **kwargs)
def add_path_info(kwargs):
path = kwargs['path']
if os.path.exists(path):
@ -66,6 +48,14 @@ def add_path_info(kwargs):
kwargs['state'] = 'absent'
return kwargs
def module_exit_json(**kwargs):
def module_fail_json(**kwargs):
# Detect whether using selinux that is MLS-aware.
# While this means you can set the level/range with
# selinux.lsetfilecon(), it may or may not mean that you
@ -115,7 +105,7 @@ def selinux_context(path):
ret = selinux.lgetfilecon(path)
fail_kv(path=path, msg='failed to retrieve selinux context')
module_fail_json(path=path, msg='failed to retrieve selinux context')
if ret[0] == -1:
return context
context = ret[1].split(':')
@ -123,56 +113,10 @@ def selinux_context(path):
# ===========================================
argfile = sys.argv[1]
args = open(argfile, 'r').read()
items = shlex.split(args)
syslog.openlog('ansible-%s' % os.path.basename(__file__))
syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % args)
if not len(items):
fail_kv(msg='the module requires arguments -a')
params = {}
for x in items:
(k, v) = x.split("=",1)
params[k] = v
state = params.get('state','file')
path = params.get('path', params.get('dest', params.get('name', None)))
if path:
path = os.path.expanduser(path)
src = params.get('src', None)
if src:
src = os.path.expanduser(src)
dest = params.get('dest', None)
mode = params.get('mode', None)
owner = params.get('owner', None)
group = params.get('group', None)
# selinux related options
seuser = params.get('seuser', None)
serole = params.get('serole', None)
setype = params.get('setype', None)
selevel = params.get('serange', 's0')
secontext = [seuser, serole, setype]
if selinux_mls_enabled():
default_secontext = selinux_default_context(path)
for i in range(len(default_secontext)):
if i is not None and secontext[i] == '_default':
secontext[i] = default_secontext[i]
if state not in [ 'file', 'directory', 'link', 'absent']:
fail_kv(msg='invalid state: %s' % state)
if state == 'link' and (src is None or dest is None):
fail_kv(msg='src and dest are required for "link" state')
elif path is None:
fail_kv(msg='path is required')
changed = False
# ===========================================
# support functions
@ -205,9 +149,9 @@ def set_context_if_different(path, context, changed):
rc = selinux.lsetfilecon(path, ':'.join(new_context))
except OSError:
fail_kv(path=path, msg='invalid selinux context')
module_fail_json(path=path, msg='invalid selinux context')
if rc != 0:
fail_kv(path=path, msg='set selinux context failed')
module_fail_json(path=path, msg='set selinux context failed')
changed = True
return changed
@ -218,7 +162,7 @@ def set_owner_if_different(path, owner, changed):
if owner != user:
rc = os.system("/bin/chown -R %s %s 2>/dev/null" % (owner, path))
if rc != 0:
fail_kv(path=path, msg='chown failed')
module_fail_json(path=path, msg='chown failed')
return True
return changed
@ -230,7 +174,7 @@ def set_group_if_different(path, group, changed):
if old_group != group:
rc = os.system("/bin/chgrp -R %s %s" % (group, path))
if rc != 0:
fail_kv(path=path, msg='chgrp failed')
module_fail_json(path=path, msg='chgrp failed')
return True
return changed
@ -241,7 +185,7 @@ def set_mode_if_different(path, mode, changed):
# FIXME: support English modes
mode = int(mode, 8)
except Exception, e:
fail_kv(path=path, msg='mode needs to be something octalish', details=str(e))
module_fail_json(path=path, msg='mode needs to be something octalish', details=str(e))
st = os.stat(path)
prev_mode = stat.S_IMODE(st[stat.ST_MODE])
@ -252,7 +196,7 @@ def set_mode_if_different(path, mode, changed):
os.chmod(path, mode)
except Exception, e:
fail_kv(path=path, msg='chmod failed', details=str(e))
module_fail_json(path=path, msg='chmod failed', details=str(e))
st = os.stat(path)
new_mode = stat.S_IMODE(st[stat.ST_MODE])
@ -263,98 +207,150 @@ def set_mode_if_different(path, mode, changed):
def rmtree_error(func, path, exc_info):
fail_kv(path=path, msg='failed to remove directory')
module_fail_json(path=path, msg='failed to remove directory')
# ===========================================
# go...
prev_state = 'absent'
if os.path.lexists(path):
if os.path.islink(path):
prev_state = 'link'
elif os.path.isfile(path):
prev_state = 'file'
prev_state = 'directory'
def main():
global module
module = AnsibleModule(
argument_spec = dict(
state = dict(choices=['file','directory','link','absent'], default='file'),
path = dict(aliases=['dest', 'name'], required=True),
src = dict(),
mode = dict(),
owner = dict(),
group = dict(),
seuser = dict(),
serole = dict(),
selevel = dict(),
secontext = dict(),
params = module.params
state = params['state']
path = os.path.expanduser(params['path'])
src = params.get('src', None)
if src:
src = os.path.expanduser(src)
mode = params.get('mode', None)
owner = params.get('owner', None)
group = params.get('group', None)
# selinux related options
seuser = params.get('seuser', None)
serole = params.get('serole', None)
setype = params.get('setype', None)
selevel = params.get('serange', 's0')
secontext = [seuser, serole, setype]
if selinux_mls_enabled():
if prev_state != 'absent' and state == 'absent':
if prev_state == 'directory':
if os.path.islink(path):
shutil.rmtree(path, ignore_errors=False, onerror=rmtree_error)
default_secontext = selinux_default_context(path)
for i in range(len(default_secontext)):
if i is not None and secontext[i] == '_default':
secontext[i] = default_secontext[i]
if state == 'link' and (src is None or path is None):
module_fail_json(msg='src and dest are required for "link" state')
elif path is None:
module_fail_json(msg='path is required')
changed = False
prev_state = 'absent'
if os.path.lexists(path):
if os.path.islink(path):
prev_state = 'link'
elif os.path.isfile(path):
prev_state = 'file'
except Exception, e:
fail_kv(path=path, msg=str(e))
exit_kv(path=path, changed=True)
prev_state = 'directory'
if prev_state != 'absent' and prev_state != state:
fail_kv(path=path, msg='refusing to convert between %s and %s' % (prev_state, state))
if prev_state != 'absent' and state == 'absent':
if prev_state == 'directory':
if os.path.islink(path):
shutil.rmtree(path, ignore_errors=False, onerror=rmtree_error)
except Exception, e:
module_fail_json(path=path, msg=str(e))
module_exit_json(path=path, changed=True)
if prev_state == 'absent' and state == 'absent':
exit_kv(path=path, changed=False)
if prev_state != 'absent' and prev_state != state:
module_fail_json(path=path, msg='refusing to convert between %s and %s' % (prev_state, state))
if state == 'file':
if prev_state == 'absent' and state == 'absent':
module_exit_json(path=path, changed=False)
if prev_state == 'absent':
fail_kv(path=path, msg='file does not exist, use copy or template module to create')
if state == 'file':
# set modes owners and context as needed
changed = set_context_if_different(path, secontext, changed)
changed = set_owner_if_different(path, owner, changed)
changed = set_group_if_different(path, group, changed)
changed = set_mode_if_different(path, mode, changed)
if prev_state == 'absent':
module_fail_json(path=path, msg='file does not exist, use copy or template module to create')
exit_kv(path=path, changed=changed)
# set modes owners and context as needed
changed = set_context_if_different(path, secontext, changed)
changed = set_owner_if_different(path, owner, changed)
changed = set_group_if_different(path, group, changed)
changed = set_mode_if_different(path, mode, changed)
elif state == 'directory':
module_exit_json(path=path, changed=changed)
if prev_state == 'absent':
changed = True
elif state == 'directory':
# set modes owners and context as needed
changed = set_context_if_different(path, secontext, changed)
changed = set_owner_if_different(path, owner, changed)
changed = set_group_if_different(path, group, changed)
changed = set_mode_if_different(path, mode, changed)
if prev_state == 'absent':
changed = True
exit_kv(path=path, changed=changed)
# set modes owners and context as needed
changed = set_context_if_different(path, secontext, changed)
changed = set_owner_if_different(path, owner, changed)
changed = set_group_if_different(path, group, changed)
changed = set_mode_if_different(path, mode, changed)
elif state == 'link':
module_exit_json(path=path, changed=changed)
if os.path.isabs(src):
abs_src = src
abs_src = os.path.join(os.path.dirname(dest), src)
if not os.path.exists(abs_src):
fail_kv(dest=dest, src=src, msg='src file does not exist')
elif state == 'link':
if prev_state == 'absent':
os.symlink(src, dest)
changed = True
elif prev_state == 'link':
old_src = os.readlink(dest)
if not os.path.isabs(old_src):
old_src = os.path.join(os.path.dirname(dest), old_src)
if old_src != src:
os.symlink(src, dest)
fail_kv(dest=dest, src=src, msg='unexpected position reached')
if os.path.isabs(src):
abs_src = src
abs_src = os.path.join(os.path.dirname(dest), src)
if not os.path.exists(abs_src):
module_fail_json(dest=dest, src=src, msg='src file does not exist')
if prev_state == 'absent':
os.symlink(src, path)
changed = True
elif prev_state == 'link':
old_src = os.readlink(path)
if not os.path.isabs(old_src):
old_src = os.path.join(os.path.dirname(path), old_src)
if old_src != src:
os.symlink(src, path)
module_fail_json(dest=path, src=src, msg='unexpected position reached')
# set modes owners and context as needed
changed = set_context_if_different(path, secontext, changed)
changed = set_owner_if_different(path, owner, changed)
changed = set_group_if_different(path, group, changed)
changed = set_mode_if_different(path, mode, changed)
# set modes owners and context as needed
changed = set_context_if_different(dest, secontext, changed)
changed = set_owner_if_different(dest, owner, changed)
changed = set_group_if_different(dest, group, changed)
changed = set_mode_if_different(dest, mode, changed)
module.exit_json(dest=path, src=src, changed=changed)
exit_kv(dest=dest, src=src, changed=changed)
module_fail_json(path=path, msg='unexpected position reached')
# this is magic, see lib/ansible/module_common.py
fail_kv(path=path, msg='unexpected position reached')