Seems like it would be better to try to add the serial keyword to the task itself and see what may imply.
Nothing wrong with the flock -- just should be more native IMHO and pretty soon you're going to want serial: N and then you'll have to create a mutex and all that funness, when most likely we could handle it in application logic... On Mon, May 19, 2014 at 10:13 AM, 'Ernest0x' via Ansible Project < [email protected]> wrote: > On Friday, February 21, 2014 3:08:25 AM UTC+2, Michael DeHaan wrote: >> >> Roles are just abstractions around tasks. >> >> Plays map roles to hosts. >> >> You do it in the play, and the play *has* the role assignments. >> >> You can put more than one play in a playbook. >> >> >> > I have also reached to a situation that I need 'serial' to be defined at > task (handler) level. I am not sure that I understand how your suggestion > of having more plays could work with a role deployment. My use case is > this: I am deploying a database cluster node role at a group of nodes, so I > have a single play which applies that role on that group. The role includes > a handler that restarts the database service on configuration changes, but > I want this handler to be executed serially one node at a time. I do not > want to set serial=1 for the whole play, because that would significantly > slow down the deployment process as the number of nodes grows. > > >> >> >> On Tue, Feb 18, 2014 at 3:33 AM, Vidar Langseid <[email protected]>wrote: >> >>> >>> >>> On Monday, February 17, 2014 4:22:43 PM UTC+1, Michael DeHaan wrote: >>>> >>>> Serial needs to be set per play. >>>> >>>> But you can have multiple plays per file, so start a new play for the >>>> section that you want to run in serial mode. >>>> >>> But how is that done when using roles? >>> I have for instance roles/webservers/tasks/main.yml... >>> AFAIK, I can only include task lists from main.yml: >>> - include: firewall-rules.yml >>> >>> But firewall-rules.yml may only contain tasks, right? not "serial:" >>> statements... >>> And putting "serial: 1" in roles/webservers/vars/firewall-rules.yml do >>> not work either >>> >>> Best regards, >>> Vidar >>> >>> >>>> >>>> >>>> >>>> On Mon, Feb 17, 2014 at 7:09 AM, Vidar Langseid >>>> <[email protected]>wrote: >>>> >>>>> Hi >>>>> >>>>> In playbook for web servers, I need set firewall rules so that >>>>> database accepts connections: >>>>> - name: FW rule - accept input 3306 from web server to DB server >>>>> lineinfile: dest=/etc/sysconfig/iptables >>>>> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp -s >>>>> {{ ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$" >>>>> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{ >>>>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT" >>>>> state=present >>>>> insertbefore="^-A INPUT -j REJECT --reject-with >>>>> icmp-host-prohibited.*$" >>>>> delegate_to: "{{ groups.dbservers.0 }}" >>>>> notify: >>>>> - Restart iptables on DB server >>>>> tags: fwrules >>>>> >>>>> >>>>> However, since I have multiple web servers, the liniinfile action will >>>>> be run in parallel on the db server, causing an unpredictable result ( >>>>> trying to change the file from multiple processes at the same time )... >>>>> Any thoughts about adding support for "Serial:1" in task context? >>>>> I found this thread on the topic : https://groups.google.com/foru >>>>> m/#!topic/ansible-project/CNxrMIyKx58 >>>>> but no solution yet... >>>>> >>>>> >>>>> In one attempt to work around this problem, I have tried to set the FW >>>>> rules in the playbook for Database server instead, by looping over >>>>> groups['webservers']... >>>>> However, I still need the IP of each web server and that is >>>>> problematic. It should be possible to get the IPs using magic variable : >>>>> >>>>> {{ hostvars['test.example.com']['ansible_distribution'] }} >>>>> >>>>> Since I am looping over groups['webservers'], I have the name of the web >>>>> server in {{ item }}. How to I inject that variable name in the >>>>> expression? >>>>> >>>>> >>>>> The following do not work ( substituting lineinfile with shell to >>>>> illustrating the variable problem ) : >>>>> - name: FW rule - accept input 3306 from web server to DB server >>>>> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"] }} {{ >>>>> hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }} >>>>> >>>>> >>>>> with_items: groups['webservers'] >>>>> notify: >>>>> - Restart iptables on DB server >>>>> tags: fwrules >>>>> >>>>> >>>>> Btw, when using Rolles ( >>>>> http://docs.ansible.com/playbooks_roles.html#roles ), in which file may I >>>>> specify Serial ? >>>>> >>>>> >>>>> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems to >>>>> work.... >>>>> >>>>> Best regards, >>>>> Vidar >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Ansible Project" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> >>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/06f019d4-f8f7-47f9-97a5-e68c3e78959d%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/06f019d4-f8f7-47f9-97a5-e68c3e78959d%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzPa3qz-nNAhjLdBLHivhWhpB6HrUJFPvyXd6hAKu%3DfOA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
