template - Templates a file out to a remote server

Synopsis

Parameters

Parameter Choices/Defaults Comments
attributes
(added in 2.3)
Attributes the file or directory should have. To get supported flags look at the man page for chattr on the target system. This string should contain the attributes in the same order as the one displayed by lsattr.
= operator is assumed as default, otherwise + or - operators need to be included in the string.

aliases: attr
backup
bool
    Choices:
  • no ←
  • yes
Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
block_end_string
(added in 2.4)
Default:
%}
The string marking the end of a block.
block_start_string
(added in 2.4)
Default:
{%
The string marking the beginning of a block.
dest
required
Location to render the template to on the remote machine.
follow
bool

(added in 2.4)
    Choices:
  • no ←
  • yes
This flag indicates that filesystem links in the destination, if they exist, should be followed.
Previous to Ansible 2.4, this was hardcoded as yes.
force
bool
    Choices:
  • no
  • yes ←
the default is yes, which will replace the remote file when contents are different than the source. If no, the file will only be transferred if the destination does not exist.
group
Name of the group that should own the file/directory, as would be fed to chown.
lstrip_blocks
bool

(added in 2.6)
    Choices:
  • no ←
  • yes
If this is set to True leading spaces and tabs are stripped from the start of a line to a block. Setting this option to True requires Jinja2 version >=2.7.
mode
Mode the file or directory should be. For those used to /usr/bin/chmod remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like 0644 or 01777) or quote it (like '644' or '1777') so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, u+rwx or u=rw,g=r,o=r). As of version 2.6, the mode may also be the special string preserve. preserve means that the file will be given the same permissions as the source file.
newline_sequence
(added in 2.4)
    Choices:
  • \n ←
  • \r
  • \r\n
Specify the newline sequence to use for templating files.
output_encoding
(added in 2.7)
Default:
utf-8
Overrides the encoding used to write the template file defined by dest.
It defaults to 'utf-8', but any encoding supported by python can be used.
The source template file must always be encoded using 'utf-8', for homogeneity.
owner
Name of the user that should own the file/directory, as would be fed to chown.
selevel Default:
s0
Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the range. _default feature works as for seuser.
serole
Role part of SELinux file context, _default feature works as for seuser.
setype
Type part of SELinux file context, _default feature works as for seuser.
seuser
User part of SELinux file context. Will default to system policy, if applicable. If set to _default, it will use the user portion of the policy if available.
src
required
Path of a Jinja2 formatted template on the Ansible controller. This can be a relative or absolute path.
trim_blocks
bool

(added in 2.4)
    Choices:
  • no
  • yes ←
If this is set to True the first newline after a block is removed (block, not variable tag!).
unsafe_writes
bool

(added in 2.2)
    Choices:
  • no ←
  • yes
By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target files, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted files, which cannot be updated atomically from inside the container and can only be written in an unsafe manner.
This option allows Ansible to fall back to unsafe methods of updating files when atomic operations fail (however, it doesn't force Ansible to perform unsafe writes). IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.
validate
The validation command to run before copying into place. The path to the file to validate is passed in via '%s' which must be present as in the example below. The command is passed securely so shell features like expansion and pipes won't work.
variable_end_string
(added in 2.4)
Default:
}}
The string marking the end of a print statement.
variable_start_string
(added in 2.4)
Default:
{{
The string marking the beginning of a print statement.

Notes

Note

  • For Windows you can use win_template which uses ‘\r\n’ as newline_sequence.
  • Including a string that uses a date in the template will result in the template being marked ‘changed’ each time
  • Since Ansible version 0.9, templates are loaded with trim_blocks=True.
  • Also, you can override jinja2 settings by adding a special header to template file. i.e. #jinja2:variable_start_string:'[%', variable_end_string:'%]', trim_blocks: False which changes the variable interpolation markers to [% var %] instead of {{ var }}. This is the best way to prevent evaluation of things that look like, but should not be Jinja2. raw/endraw in Jinja2 will not work as you expect because templates in Ansible are recursively evaluated.
  • You can use the copy module with the content: option if you prefer the template inline, as part of the playbook.

Examples

# Example from Ansible Playbooks
- template:
    src: /mytemplates/foo.j2
    dest: /etc/file.conf
    owner: bin
    group: wheel
    mode: 0644

# The same example, but using symbolic modes equivalent to 0644
- template:
    src: /mytemplates/foo.j2
    dest: /etc/file.conf
    owner: bin
    group: wheel
    mode: "u=rw,g=r,o=r"

# Create a DOS-style text file from a template
- template:
    src: config.ini.j2
    dest: /share/windows/config.ini
    newline_sequence: '\r\n'

# Copy a new "sudoers" file into place, after passing validation with visudo
- template:
    src: /mine/sudoers
    dest: /etc/sudoers
    validate: '/usr/sbin/visudo -cf %s'

# Update sshd configuration safely, avoid locking yourself out
- template:
    src: etc/ssh/sshd_config.j2
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0600'
    validate: /usr/sbin/sshd -t -f %s
    backup: yes

Status

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

Maintenance

This module is flagged as core which means that it is maintained by the Ansible Core Team. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Core Team, see here.

Support

For more information about Red Hat’s support of this module, please refer to this Knowledge Base article

Author

  • Ansible Core Team
  • Michael DeHaan

Hint

If you notice any issues in this documentation you can edit this document to improve it.