ansible.builtin.copy – Copy files to remote locations

Note

This module is part of ansible-base and included in all Ansible installations. In most cases, you can use the short module name copy even without specifying the collections: keyword. Despite that, we recommend you use the FQCN for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.

Synopsis

  • The copy module copies a file from the local or remote machine to a location on the remote machine.
  • Use the ansible.builtin.fetch module to copy files from remote locations to the local box.
  • If you need variable interpolation in copied files, use the ansible.builtin.template module. Using a variable in the content field will result in unpredictable output.
  • For Windows targets, use the ansible.windows.win_copy module instead.

Note

This module has a corresponding action plugin.

Parameters

Parameter Choices/Defaults Comments
attributes
string
added in 2.3 of ansible.builtin
The attributes the resulting file or directory should have.
To get supported flags look at the man page for chattr on the target system.
This string should contain the attributes in the same order as the one displayed by lsattr.
The = operator is assumed as default, otherwise + or - operators need to be included in the string.

aliases: attr
backup
boolean
added in 0.7 of ansible.builtin
    Choices:
  • no ←
  • yes
Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
checksum
string
added in 2.5 of ansible.builtin
SHA1 checksum of the file being transferred.
Used to validate that the copy of the file was successful.
If this is not provided, ansible will use the local calculated checksum of the src file.
content
string
added in 1.1 of ansible.builtin
When used instead of src, sets the contents of a file directly to the specified value.
Works only when dest is a file. Creates the file if it does not exist.
For advanced formatting or if content contains a variable, use the ansible.builtin.template module.
decrypt
boolean
added in 2.4 of ansible.builtin
    Choices:
  • no
  • yes ←
This option controls the autodecryption of source files using vault.
dest
path / required
Remote absolute path where the file should be copied to.
If src is a directory, this must be a directory too.
If dest is a non-existent path and if either dest ends with "/" or src is a directory, dest is created.
If dest is a relative path, the starting directory is determined by the remote host.
If src and dest are files, the parent directory of dest is not created and the task fails if it does not already exist.
directory_mode
raw
added in 1.5 of ansible.builtin
When doing a recursive copy set the mode for the directories.
If this is not set we will use the system defaults.
The mode is only set on directories which are newly created, and will not affect those that already existed.
follow
boolean
added in 1.8 of ansible.builtin
    Choices:
  • no ←
  • yes
This flag indicates that filesystem links in the destination, if they exist, should be followed.
force
boolean
added in 1.1 of ansible.builtin
    Choices:
  • no
  • yes ←
Influence whether the remote file must always be replaced.
If yes, the remote file will be replaced when contents are different than the source.
If no, the file will only be transferred if the destination does not exist.
Alias thirsty has been deprecated and will be removed in 2.13.

aliases: thirsty
group
string
Name of the group that should own the file/directory, as would be fed to chown.
local_follow
boolean
added in 2.4 of ansible.builtin
    Choices:
  • no
  • yes ←
This flag indicates that filesystem links in the source tree, if they exist, should be followed.
mode
raw
The permissions of the destination file or directory.
For those used to /usr/bin/chmod remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like 0644 or 01777)or quote it (like '644' or '1777') so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.
As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, u+rwx or u=rw,g=r,o=r).
As of Ansible 2.3, the mode may also be the special string preserve.
preserve means that the file will be given the same permissions as the source file.
When doing a recursive copy, see also directory_mode.
owner
string
Name of the user that should own the file/directory, as would be fed to chown.
remote_src
boolean
added in 2.0 of ansible.builtin
    Choices:
  • no ←
  • yes
Influence whether src needs to be transferred or already is present remotely.
If no, it will search for src on the controller node.
If yes it will search for src on the managed (remote) node.
remote_src supports recursive copying as of version 2.8.
remote_src only works with mode=preserve as of version 2.6.
Autodecryption of files does not work when remote_src=yes.
selevel
string
The level part of the SELinux file context.
This is the MLS/MCS attribute, sometimes known as the range.
When set to _default, it will use the level portion of the policy if available.
serole
string
The role part of the SELinux file context.
When set to _default, it will use the role portion of the policy if available.
setype
string
The type part of the SELinux file context.
When set to _default, it will use the type portion of the policy if available.
seuser
string
The user part of the SELinux file context.
By default it uses the system policy, where applicable.
When set to _default, it will use the user portion of the policy if available.
src
path
Local path to a file to copy to the remote server.
This can be absolute or relative.
If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to the rsync command line tool.
unsafe_writes
boolean
added in 2.2 of ansible.builtin
    Choices:
  • no ←
  • yes
Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target file.
By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target files, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted files, which cannot be updated atomically from inside the container and can only be written in an unsafe manner.
This option allows Ansible to fall back to unsafe methods of updating files when atomic operations fail (however, it doesn't force Ansible to perform unsafe writes).
IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.
validate
string
The validation command to run before copying into place.
The path to the file to validate is passed in via '%s' which must be present as in the examples below.
The command is passed securely so shell features like expansion and pipes will not work.

Notes

Note

  • The ansible.builtin.copy module recursively copy facility does not scale to lots (>hundreds) of files.

See Also

See also

ansible.builtin.assemble
The official documentation on the ansible.builtin.assemble module.
ansible.builtin.fetch
The official documentation on the ansible.builtin.fetch module.
ansible.builtin.file
The official documentation on the ansible.builtin.file module.
ansible.builtin.template
The official documentation on the ansible.builtin.template module.
ansible.posix.synchronize
The official documentation on the ansible.posix.synchronize module.
ansible.windows.win_copy
The official documentation on the ansible.windows.win_copy module.

Examples

- name: Copy file with owner and permissions
  copy:
    src: /srv/myfiles/foo.conf
    dest: /etc/foo.conf
    owner: foo
    group: foo
    mode: '0644'

- name: Copy file with owner and permission, using symbolic representation
  copy:
    src: /srv/myfiles/foo.conf
    dest: /etc/foo.conf
    owner: foo
    group: foo
    mode: u=rw,g=r,o=r

- name: Another symbolic mode example, adding some permissions and removing others
  copy:
    src: /srv/myfiles/foo.conf
    dest: /etc/foo.conf
    owner: foo
    group: foo
    mode: u+rw,g-wx,o-rwx

- name: Copy a new "ntp.conf" file into place, backing up the original if it differs from the copied version
  copy:
    src: /mine/ntp.conf
    dest: /etc/ntp.conf
    owner: root
    group: root
    mode: '0644'
    backup: yes

- name: Copy a new "sudoers" file into place, after passing validation with visudo
  copy:
    src: /mine/sudoers
    dest: /etc/sudoers
    validate: /usr/sbin/visudo -csf %s

- name: Copy a "sudoers" file on the remote machine for editing
  copy:
    src: /etc/sudoers
    dest: /etc/sudoers.edit
    remote_src: yes
    validate: /usr/sbin/visudo -csf %s

- name: Copy using inline content
  copy:
    content: '# This file was moved to /etc/other.conf'
    dest: /etc/mine.conf

- name: If follow=yes, /path/to/file will be overwritten by contents of foo.conf
  copy:
    src: /etc/foo.conf
    dest: /path/to/link  # link to /path/to/file
    follow: yes

- name: If follow=no, /path/to/link will become a file and be overwritten by contents of foo.conf
  copy:
    src: /etc/foo.conf
    dest: /path/to/link  # link to /path/to/file
    follow: no

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
backup_file
string
changed and if backup=yes
Name of backup file created

Sample:
/path/to/file.txt.2015-02-12@22:09~
checksum
string
success
SHA1 checksum of the file after running copy

Sample:
6e642bb8dd5c2e027bf21dd923337cbb4214f827
dest
string
success
Destination file/path

Sample:
/path/to/file.txt
gid
integer
success
Group id of the file, after execution

Sample:
100
group
string
success
Group of the file, after execution

Sample:
httpd
md5sum
string
when supported
MD5 checksum of the file after running copy

Sample:
2a5aeecc61dc98c4d780b14b330e3282
mode
string
success
Permissions of the target, after execution

Sample:
420
owner
string
success
Owner of the file, after execution

Sample:
httpd
size
integer
success
Size of the target, after execution

Sample:
1220
src
string
changed
Source file used for the copy on the target machine

Sample:
/home/httpd/.ansible/tmp/ansible-tmp-1423796390.97-147729857856000/source
state
string
success
State of the target, after execution

Sample:
file
uid
integer
success
Owner id of the file, after execution

Sample:
100


Authors

  • Ansible Core Team
  • Michael DeHaan