On Friday, February 21, 2014 3:08:25 AM UTC+2, Michael DeHaan wrote: > > Roles are just abstractions around tasks. > > Plays map roles to hosts. > > You do it in the play, and the play *has* the role assignments. > > You can put more than one play in a playbook. > > > I have also reached to a situation that I need 'serial' to be defined at task (handler) level. I am not sure that I understand how your suggestion of having more plays could work with a role deployment. My use case is this: I am deploying a database cluster node role at a group of nodes, so I have a single play which applies that role on that group. The role includes a handler that restarts the database service on configuration changes, but I want this handler to be executed serially one node at a time. I do not want to set serial=1 for the whole play, because that would significantly slow down the deployment process as the number of nodes grows.
> > > On Tue, Feb 18, 2014 at 3:33 AM, Vidar Langseid > <[email protected]<javascript:> > > wrote: > >> >> >> On Monday, February 17, 2014 4:22:43 PM UTC+1, Michael DeHaan wrote: >>> >>> Serial needs to be set per play. >>> >>> But you can have multiple plays per file, so start a new play for the >>> section that you want to run in serial mode. >>> >> But how is that done when using roles? >> I have for instance roles/webservers/tasks/main.yml... >> AFAIK, I can only include task lists from main.yml: >> - include: firewall-rules.yml >> >> But firewall-rules.yml may only contain tasks, right? not "serial:" >> statements... >> And putting "serial: 1" in roles/webservers/vars/firewall-rules.yml do >> not work either >> >> Best regards, >> Vidar >> >> >>> >>> >>> >>> On Mon, Feb 17, 2014 at 7:09 AM, Vidar Langseid <[email protected]>wrote: >>> >>>> Hi >>>> >>>> In playbook for web servers, I need set firewall rules so that database >>>> accepts connections: >>>> - name: FW rule - accept input 3306 from web server to DB server >>>> lineinfile: dest=/etc/sysconfig/iptables >>>> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp -s >>>> {{ ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$" >>>> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{ >>>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT" >>>> state=present >>>> insertbefore="^-A INPUT -j REJECT --reject-with >>>> icmp-host-prohibited.*$" >>>> delegate_to: "{{ groups.dbservers.0 }}" >>>> notify: >>>> - Restart iptables on DB server >>>> tags: fwrules >>>> >>>> >>>> However, since I have multiple web servers, the liniinfile action will >>>> be run in parallel on the db server, causing an unpredictable result ( >>>> trying to change the file from multiple processes at the same time )... >>>> Any thoughts about adding support for "Serial:1" in task context? >>>> I found this thread on the topic : https://groups.google.com/ >>>> forum/#!topic/ansible-project/CNxrMIyKx58 >>>> but no solution yet... >>>> >>>> >>>> In one attempt to work around this problem, I have tried to set the FW >>>> rules in the playbook for Database server instead, by looping over >>>> groups['webservers']... >>>> However, I still need the IP of each web server and that is >>>> problematic. It should be possible to get the IPs using magic variable : >>>> >>>> {{ hostvars['test.example.com']['ansible_distribution'] }} >>>> >>>> Since I am looping over groups['webservers'], I have the name of the web >>>> server in {{ item }}. How to I inject that variable name in the expression? >>>> >>>> >>>> The following do not work ( substituting lineinfile with shell to >>>> illustrating the variable problem ) : >>>> - name: FW rule - accept input 3306 from web server to DB server >>>> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"] }} {{ >>>> hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }} >>>> >>>> >>>> with_items: groups['webservers'] >>>> notify: >>>> - Restart iptables on DB server >>>> tags: fwrules >>>> >>>> >>>> Btw, when using Rolles ( >>>> http://docs.ansible.com/playbooks_roles.html#roles ), in which file may I >>>> specify Serial ? >>>> >>>> >>>> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems to >>>> work.... >>>> >>>> Best regards, >>>> Vidar >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected]<javascript:> >> . >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/06f019d4-f8f7-47f9-97a5-e68c3e78959d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
