Here is another example :
- name: Fetch public ssh key
command: cat /root/.ssh/id_rsa.pub
register: root_pub_key
- name: Add public ssh key to backup account
delegate_to: "{{ backup_server }}"
authorized_key: >
user={{ hostvars[backup_server]['backup_user'] }}
key="{{root_pub_key.stdout}}"
This second task cannot be executed in parallel, because the
authorized_key module is not thread safe.
Problem is, this task is in the middle of a role, so I cannot just
split my role in two parts to have 3 plays :
- role (part one)
- task with serial:1
- role (part two)
It would work, but it is really ugly.
Le 14/05/21 15:57, Garron Moore claviotta :
> I agree the serial keyword on each task is likely a better option for most
> people and is easier to use and understand.
>
> I have multiple inventory entries that point at the same machine. In my
> particular situation, I wanted the tasks to run in parallel as much as
> possible with the restriction that it isn't OK to have multiple in parallel
> on the same physical box. I realize this is probably an uncommon use case.
> Serial tasks would have solved my problem as well, just with longer run
> time in some situations.
>
> Garron
>
>
> >>>>> On Mon, Feb 17, 2014 at 7:09 AM, Vidar Langseid
> >>>>> <[email protected]>wrote:
> >>>>>
> >>>>>> Hi
> >>>>>>
> >>>>>> In playbook for web servers, I need set firewall rules so that
> >>>>>> database accepts connections:
> >>>>>> - name: FW rule - accept input 3306 from web server to DB server
> >>>>>> lineinfile: dest=/etc/sysconfig/iptables
> >>>>>> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp -s
> >>>>>> {{ ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$"
> >>>>>> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{
> >>>>>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT"
> >>>>>> state=present
> >>>>>> insertbefore="^-A INPUT -j REJECT --reject-with
> >>>>>> icmp-host-prohibited.*$"
> >>>>>> delegate_to: "{{ groups.dbservers.0 }}"
> >>>>>> notify:
> >>>>>> - Restart iptables on DB server
> >>>>>> tags: fwrules
> >>>>>>
> >>>>>>
> >>>>>> However, since I have multiple web servers, the liniinfile action
> >>>>>> will be run in parallel on the db server, causing an unpredictable
> >>>>>> result (
> >>>>>> trying to change the file from multiple processes at the same time )...
> >>>>>> Any thoughts about adding support for "Serial:1" in task context?
> >>>>>> I found this thread on the topic : https://groups.google.com/foru
> >>>>>> m/#!topic/ansible-project/CNxrMIyKx58
> >>>>>> but no solution yet...
> >>>>>>
> >>>>>>
> >>>>>> In one attempt to work around this problem, I have tried to set the
> >>>>>> FW rules in the playbook for Database server instead, by looping over
> >>>>>> groups['webservers']...
> >>>>>> However, I still need the IP of each web server and that is
> >>>>>> problematic. It should be possible to get the IPs using magic
> >>>>>> variable :
> >>>>>>
> >>>>>> {{ hostvars['test.example.com']['ansible_distribution'] }}
> >>>>>>
> >>>>>> Since I am looping over groups['webservers'], I have the name of the
> >>>>>> web server in {{ item }}. How to I inject that variable name in the
> >>>>>> expression?
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> The following do not work ( substituting lineinfile with shell to
> >>>>>> illustrating the variable problem ) :
> >>>>>> - name: FW rule - accept input 3306 from web server to DB server
> >>>>>> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"] }}
> >>>>>> {{ hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }}
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> with_items: groups['webservers']
> >>>>>> notify:
> >>>>>> - Restart iptables on DB server
> >>>>>> tags: fwrules
> >>>>>>
> >>>>>>
> >>>>>> Btw, when using Rolles (
> >>>>>> http://docs.ansible.com/playbooks_roles.html#roles ), in which file
> >>>>>> may I specify Serial ?
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems to
> >>>>>> work....
> >>>>>>
--
Guillaume Subiron
Mail - [email protected]
GPG - 5BC2 EADB
Jabber - [email protected]
IRC - maethor@(freenode|geeknode)
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/20140721101104.GE14256%40subiron.org.
For more options, visit https://groups.google.com/d/optout.
