Blog Posted December 23, 2015

Using wget over Ansible's get_url

Problem: In provisioning a server, your Ansible playbook needs to download files from a URL behinded authentication, such as a private GitHub repository. In Ansible 2.0, Ansible's get_url supports custom headers — such as Authorization — but pre-2.0 Ansible does not.

Solution: Use wget, a wgetrc, and ansible-vault.

Step 1: Generate a GitHub access token

Step 2: Store the token in an Ansible group_var at your_playbook_dir/group_vars/all:

1
github_token: "your access token value"

Step 3: Use ansible-vault to encrypt your github_token; enter a password at the prompt:

1
2
3
4
$ ansible-vault encrypt your_playbook_dir/group_vars/all
Vault password:
Confirm Vault password:
Encryption successful

Step 4: Create a your_playbook_dir/tempaltes/wgetrc.j2 template to house wgetrc configuration. Specify the proper headers to authenticate against GitHub:

1
2
header = Authorization: token {{ github_token }}
header = Accept: application/vnd.github.v3.raw

Step 5: Add a task to your playbook to lay down the wgetrc file:

1
2
3
4
- name: lay down /etc/wgetrc file
  template:
    src: wgetrc.j2
    dest: /etc/wgetrc

Step 6: Add a task to your playbook to download the file from a private GitHub repository:

1
2
- name: download some_service_def init.d script
  shell: "wget -O /etc/init.d/some_service_def https://github.com/raw/user/repo/master/some_service_def"

Note that, in Ansible 2.0, the use of wget can be replaced with get_url, replacing steps 4, 5, and 6 with the following:

1
2
3
4
5
- name: download some_service_def init.d script
  get_url:
    url:  https://github.com/raw/user/repo/master/some_service_def
    headers: "Authorization:token {{ github_token }},Accept:application/vnd.github.v3.raw"
    dest: /etc/init.d/some_service_def