I agree that it would be nice to have serial on the task level. Until
that happens you could break out of your current play with a one task
play that does just this but with "serial: 1" set. Then go back to
another play that doesn't use serial to finish the rest of the tasks.
On Mon, Oct 20, 2014 at 5:49 PM, Kesten Broughton
<solarmobiletrail...@gmail.com> wrote:
>
> ansible has a "serial" option at the playbook level but not at the tasks
> level. I feel like i need a similar construct to avoid race conditions when
> I have multiple hosts delegate_to something. Perhaps there is an existing
> ansible idiom to help me?
>
> My current problem is copying a bunch of ssl csr's to a
> certificat_authority. Then i delegate_to the ca. The trouble comes when
> the CA tries to sign multiple certs in parallel.
>
> - name: Sign the request
> delegate_to: "{{certificate_authority}}"
> command: creates="{{ca_out_dir}}/{{ansible_fqdn}}.crt"
> openssl ca -batch -in "{{ca_in_dir}}/{{ansible_fqdn}}.csr"
> -out "{{ca_out_dir}}/{{ansible_fqdn}}.crt"
> -keyfile "{{ca_key}}"
> -config "{{ca_cnf}}"
> -passin "file:{{ca_keystore_password_path}}"
>
>
> Output: The task fails for the first host, but fails for others.
>
> Certificate is to be certified until Oct 17 21:32:45 2024 GMT (3650 days)
>
> Write out database with 1 new entries
>
> unable to rename /etc/pki/21ct/SigningCA1/ca.db.serial.new to
> /etc/pki/21ct/SigningCA1/ca.db.serial
>
> reason: No such file or directory
>
>
> It seems to me that the ca.db.serial.new is a tmp resource and one target
> removes it while another is still using it.
> I also get this on other tasks if the command acquires a lock on a resource.
> I feel like if i could attache a - serial: 1 - to the above, things would
> work.
>
> any tips?
>
>
> Kesten Broughton
> 512 701 4209
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAO2fFsV8ULz_%2BVNh7qrbPmAoiGR9dVPc4%3D%3Dib4Rh7Cr79HFpZQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAJQqANfqR_235563q3XDXKq2hWOg5YccRt0g6sMWQgyR%2B_Rp2g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
