Ansible copy does not retain original permissions with mode "preserve" when using remote_src

Question

I'm using Ansible 2.8.5 (and the target servers are Red Hat 4.8.5-39). I'm copying some files/directories from GitLab into several remote hosts.

I'm doing an initial copy first into a shared location (hence the run_once: true):

- name: "Copy/Transfer application, configuration, and support file(s)"
  block:
    - name: "Copying application build"
      copy:
        dest: "{{ path_tmp }}/{{ CI_PIPELINE_ID }}/"
        mode: "0755"
        src: "{{ CI_PROJECT_DIR }}/build/libs/{{ artifact_id }}.war"
      run_once: true
    - name: "Copying (template) configuration and support file(s)"
      template:
        dest: "{{ path_tmp }}/{{ CI_PIPELINE_ID }}/{{ item.dest }}"
        mode: "0644"
        src: "{{ item.src }}"
      run_once: true
      with_items:
        - { dest: "config/logback.xml", src: "logback.xml.j2" }
        - { dest: "{{ artifact_id }}.conf", src: "{{ artifact_id }}.conf.j2" }

...and then copying the files into the desired location on each host:

- name: "Deploy/Install new application"
  block:
    # All this Jiu Jitsu just to clear {{ path_home }}/ directory
    - name: "Collecting current directories and/or files inside {{ path_home }}/"
      find:
        file_type: any
        hidden: yes
        paths: "{{ path_home }}/"
      register: collected_items
    - name: "Removing current directories and/or files inside {{ path_home }}/"
      file:
        path: "{{ item.path }}"
        state: absent
      with_items: "{{ collected_items.files }}"
    - name: "Copying new application, configuration, and support files"
      copy:
        dest: "{{ path_home }}/"
        mode: preserve
        remote_src: yes
        src: "{{ path_tmp }}/{{ CI_PIPELINE_ID }}/"
    ...

The problem is that files permissions are not getting "honored", and I wouldn't like to have to define several steps to correct that. This is how the files/directories are getting copied initially (and how I want them):

[deployer@unix core]$ ll -AR 41397/
41397/:
total 51M
drwxr-xr-x. 3 tomcat 4.0K Oct 11 11:23 .
drwxr-xr-x. 5 tomcat 4.0K Oct 11 11:22 ..
drwxr-xr-x. 2 tomcat 4.0K Oct 11 11:23 config
-rw-r--r--. 1 tomcat 1.2K Oct 11 11:23 core.conf
-rwxr-xr-x. 1 tomcat  50M Oct 11 11:23 core.war

41397/config:
total 12K
drwxr-xr-x. 2 tomcat 4.0K Oct 11 11:23 .
drwxr-xr-x. 3 tomcat 4.0K Oct 11 11:23 ..
-rw-r--r--. 1 tomcat 1.6K Oct 11 11:23 logback.xml

...and this is how they look like after the copy using remote_src: yes:

[deployer@unix core]$ ll -AR /data/st01/apps/core/
/data/st01/apps/core/:
total 50M
drwxr-xr-x. 3 tomcat 4.0K Oct 11 11:23 .
drwxr-xr-x. 3 tomcat 4.0K Oct  9 16:36 ..
drwxr-xr-x. 2 tomcat 4.0K Oct 11 11:23 config
-rw-r-----. 1 tomcat 1.2K Oct 11 11:23 core.conf
-rw-r-----. 1 tomcat  50M Oct 11 11:23 core.war

/data/st01/apps/core/config:
total 12K
drwxr-xr-x. 2 tomcat 4.0K Oct 11 11:23 .
drwxr-xr-x. 3 tomcat 4.0K Oct 11 11:23 ..
-rw-r--r--. 1 tomcat 1.6K Oct 11 11:23 logback.xml

Is it possible to use remote_src: yes and retain original file/directories permissions? The documentation for the copy module says so, but I'm probably missing something.

Answer 1

Found this while searching for a solution. Pointed me in the correct direction which was the ansible file page (ansible doc site). To sum up you delare state, recurse if you need it. That should perserve the permissions you have at source for dest.

  ansible.builtin.copy:
    src: /home/user/dir1
    dest: /data_dir/
    remote_src: yes
    state: directory. #<---- Should allow the permissions to follow the copy
    recurse: yes

Answer 2

An alternative solution for me was using the synchronize module because I don't have a lot of files to copy/move:

- name: "Copy latest application build, configuration, and support file(s)"
  synchronize:
    delete: yes
    dest: "{{ app_path }}/latest/"
    recursive: yes
    src: "{{ tmp_path }}/{{ PIPELINE_ID }}/"
  delegate_to: "{{ inventory_hostname }}"

Answer 3

ansible document says

remote_src supports recursive copying as of version 2.8. remote_src only works with mode=preserve as of version 2.6

you either need to downgrade your system to ansible 2.6, or else try giving 'mode' with required permissions (like 0644 or 01777)