Question on validate parameter for Ansible copy module
 

Hi everyone,

I'm somewhat new to Ansible and I have some questions regarding the validate parameter to the copy module.

I have a playbook that takes a sudoers file from a central location and copies it to the host(s). I just noticed the validate parameter to copy (there apparently are several modules with this parameter) and realized this is something I probably want to utilize in the case of putting a new sudoers file in place.

My problem is, while I have the playbook 'working' I'm still thinking I didn't do this correctly:

---
- name: Configure sudoers
hosts: all
gather_facts: yes
tasks:

- name: Copy sudoers file
copy:
src: /var/files/lxcfg/cfgfiles/rhel/7/soe/sudoers
dest: /etc/sudoers
mode: 0440
owner: root
group: root
backup: yes
validate: visudo -csf %s


The first question is, while I know I have to provide the %s to validate(putting in an absolute path didn't work for me), what value is being plugged into %s? Is it taking it from my dest value?

At first I thought that validate first copies the file to a temporary file, does the test (visudo in this case), and then does the final copy to /etc/sudoers. Now I'm thinking it just copies it to /etc/sudoers and does the test 'in place' which is what I don't want to be doing in this case.

If validate does use the dest path as the value for %s, I can very easily just change the dest to a temp file and then ad a second copy to take the temp file and put it in the right place. I'm just really unclear on how the validate parameter works and the limited documentation on it that I've seen so far only says that %s is required. It doesn't tell me what is plugged into that value.