Workaround for ansible 'synchronize' module bugs

There have been a number of issues trying to run 'synchronize' module as a privileged user, such as these examples: ansible/ansible#4676 ansible/ansible#13034 Even with ansible 2.0.2.0 this doesn't seem to work unless the user running on target node has NOPASSWD in sudoers. Avoid this mess by syncing the repo without privileges then letting 'file' module fix up the repo ownership afterwards.
VCTLabs · May 15, 2016 · 569f35b · 569f35b
1 parent 0bc9094
commit 569f35b
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,18 +1,37 @@
 ---
 # main tasks file for vctLabs.local-package-repo
 
+# pushing the repo is a multi-step process because synchronize module doesn't 
+# handle 'become' properly, so use non-root user to sync then fix ownership
+
+- name: lookup non-privileged user
+  command: /usr/bin/whoami  
+  register: non_priv_user
+  become: no
+
 - name: create dir for package repo 
   file:
     name: "{{dest_basedir}}/{{installable_subdir}}"
     state: directory
+    owner: "{{non_priv_user.stdout}}"
     mode: 0755
+    recurse: yes
 
 - name: push package repo
   synchronize: 
     src: "{{src_basedir}}/{{installable_subdir}}/" 
     dest: "{{dest_basedir}}/{{installable_subdir}}/" 
     checksum: yes
     delete: yes
+  become: no
+
+- name: make package repo owned by root
+  file:
+    name: "{{dest_basedir}}/{{installable_subdir}}"
+    state: directory
+    owner: root
+    mode: 0755
+    recurse: yes
 
 - include: debian.yml
   when: ansible_os_family == "Debian"