copy - Copies files to remote locations¶

Synopsis
Parameters
Notes
Examples
Return Values
Status
Maintenance
- Support
- Author

Synopsis ¶

The copy module copies a file from the local or remote machine to a location on the remote machine. Use the fetch module to copy files from remote locations to the local box. If you need variable interpolation in copied files, use the template module.
For Windows targets, use the win_copy module instead.

Parameters ¶

Parameter	Choices/Defaults	Comments
attributes (added in 2.3)		Attributes the file or directory should have. To get supported flags look at the man page for chattr on the target system. This string should contain the attributes in the same order as the one displayed by lsattr. `=` operator is assumed as default, otherwise `+` or `-` operators need to be included in the string. aliases: attr
backup bool	Choices: no ← yes	Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
checksum (added in 2.5)		SHA1 checksum of the file being transferred. Used to validate that the copy of the file was successful. If this is not provided, ansible will use the local calculated checksum of the src file.
content		When used instead of src, sets the contents of a file directly to the specified value. For anything advanced or with formatting also look at the template module.
decrypt bool (added in 2.4)	Choices: no yes ←	This option controls the autodecryption of source files using vault.
dest required		Remote absolute path where the file should be copied to. If src is a directory, this must be a directory too. If dest is a nonexistent path and if either dest ends with "/" or src is a directory, dest is created. If src and dest are files, the parent directory of dest isn't created: the task fails if it doesn't already exist.
directory_mode (added in 1.5)		When doing a recursive copy set the mode for the directories. If this is not set we will use the system defaults. The mode is only set on directories which are newly created, and will not affect those that already existed.
follow bool (added in 1.8)	Choices: no ← yes	This flag indicates that filesystem links in the destination, if they exist, should be followed.
force bool	Choices: no yes ←	the default is `yes`, which will replace the remote file when contents are different than the source. If `no`, the file will only be transferred if the destination does not exist. aliases: thirsty
group		Name of the group that should own the file/directory, as would be fed to chown.
local_follow bool (added in 2.4)	Choices: no yes ←	This flag indicates that filesystem links in the source tree, if they exist, should be followed.
mode		Mode the file or directory should be. For those used to /usr/bin/chmod remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like `0644` or `01777`) or quote it (like `'644'` or `'1777'`) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, `u+rwx` or `u=rw,g=r,o=r`). As of version 2.3, the mode may also be the special string `preserve`. `preserve` means that the file will be given the same permissions as the source file.
owner		Name of the user that should own the file/directory, as would be fed to chown.
remote_src bool (added in 2.0)	Choices: no ← yes	If `no`, it will search for src at originating/master machine. If `yes` it will go to the remote/target machine for the src. Default is `no`. Currently remote_src does not support recursive copying. remote_src only works with `mode=preserve` as of version 2.6.
selevel	Default: s0	Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the `range`. `_default` feature works as for seuser.
serole		Role part of SELinux file context, `_default` feature works as for seuser.
setype		Type part of SELinux file context, `_default` feature works as for seuser.
seuser		User part of SELinux file context. Will default to system policy, if applicable. If set to `_default`, it will use the `user` portion of the policy if available.
src		Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync.
unsafe_writes bool (added in 2.2)	Choices: no ← yes	By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target files, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted files, which cannot be updated atomically from inside the container and can only be written in an unsafe manner. This option allows Ansible to fall back to unsafe methods of updating files when atomic operations fail (however, it doesn't force Ansible to perform unsafe writes). IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.
validate		The validation command to run before copying into place. The path to the file to validate is passed in via '%s' which must be present as in the example below. The command is passed securely so shell features like expansion and pipes won't work.

Notes ¶

Note

The copy module recursively copy facility does not scale to lots (>hundreds) of files. For alternative, see synchronize module, which is a wrapper around rsync.
For Windows targets, use the win_copy module instead.

Examples ¶

- name: example copying file with owner and permissions
  copy:
    src: /srv/myfiles/foo.conf
    dest: /etc/foo.conf
    owner: foo
    group: foo
    mode: 0644

- name: The same example as above, but using a symbolic mode equivalent to 0644
  copy:
    src: /srv/myfiles/foo.conf
    dest: /etc/foo.conf
    owner: foo
    group: foo
    mode: u=rw,g=r,o=r

- name: Another symbolic mode example, adding some permissions and removing others
  copy:
    src: /srv/myfiles/foo.conf
    dest: /etc/foo.conf
    owner: foo
    group: foo
    mode: u+rw,g-wx,o-rwx

- name: Copy a new "ntp.conf file into place, backing up the original if it differs from the copied version
  copy:
    src: /mine/ntp.conf
    dest: /etc/ntp.conf
    owner: root
    group: root
    mode: 0644
    backup: yes

- name: Copy a new "sudoers" file into place, after passing validation with visudo
  copy:
    src: /mine/sudoers
    dest: /etc/sudoers
    validate: /usr/sbin/visudo -cf %s

- name: Copy a "sudoers" file on the remote machine for editing
  copy:
    src: /etc/sudoers
    dest: /etc/sudoers.edit
    remote_src: yes
    validate: /usr/sbin/visudo -cf %s

- name: Copy using the 'content' for inline data
  copy:
    content: '# This file was moved to /etc/other.conf'
    dest: /etc/mine.conf'

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
backup_file string	changed and if backup=yes	name of backup file created Sample: /path/to/[email protected]:09~
checksum string	success	sha1 checksum of the file after running copy Sample: 6e642bb8dd5c2e027bf21dd923337cbb4214f827
dest string	success	destination file/path Sample: /path/to/file.txt
gid int	success	group id of the file, after execution Sample: 100
group string	success	group of the file, after execution Sample: httpd
md5sum string	when supported	md5 checksum of the file after running copy Sample: 2a5aeecc61dc98c4d780b14b330e3282
mode string	success	permissions of the target, after execution Sample: 420
owner string	success	owner of the file, after execution Sample: httpd
size int	success	size of the target, after execution Sample: 1220
src string	changed	source file used for the copy on the target machine Sample: /home/httpd/.ansible/tmp/ansible-tmp-1423796390.97-147729857856000/source
state string	success	state of the target, after execution Sample: file
uid int	success	owner id of the file, after execution Sample: 100

Status ¶

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

Maintenance ¶

This module is flagged as core which means that it is maintained by the Ansible Core Team. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Core Team, see here.

Support ¶

For more information about Red Hat’s support of this module, please refer to this Knowledge Base article

Author ¶

Ansible Core Team
Michael DeHaan

Hint

If you notice any issues in this documentation you can edit this document to improve it.