Hello,
Not sure if this still interest everyone, but the way I found to make is
work is just like Michael explained. This is an example for future
reference:
---
# This playbook upgrades a the social cluster to DSE 4.0.4
# Apply common configuration to all hosts
- hosts: all
gather_facts: no
tasks:
- include: maintest.yaml
- include: restart.yaml okay_to_run={{ out.rc }}
- name: group my play
group_by: key=my_ad_hoc_on_the_fly_group
- name: main task1
command: "echo main.yaml task 1"
- name: main task2
command: "echo main.yaml task 2"
# say this is the tasks that is supposed to "notify" restart
- name: main task1
command: "echo main.yaml task 3"
register: out
---
- hosts: my_ad_hoc_on_the_fly_group
serial: 1
tasks:
- name: restart host
command: "echo I would restart 1"
when: ok_to_run.rc == 0
That did the trick for me. Hope that helps. Not the most elegant solution,
but it might help.
On Monday, February 17, 2014 at 4:09:19 AM UTC-8, Vidar Langseid wrote:
>
> Hi
>
> In playbook for web servers, I need set firewall rules so that database
> accepts connections:
> - name: FW rule - accept input 3306 from web server to DB server
> lineinfile: dest=/etc/sysconfig/iptables
> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp -s {{
> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$"
> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{
> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT"
> state=present
> insertbefore="^-A INPUT -j REJECT --reject-with
> icmp-host-prohibited.*$"
> delegate_to: "{{ groups.dbservers.0 }}"
> notify:
> - Restart iptables on DB server
> tags: fwrules
>
>
> However, since I have multiple web servers, the liniinfile action will be
> run in parallel on the db server, causing an unpredictable result ( trying
> to change the file from multiple processes at the same time )...
> Any thoughts about adding support for "Serial:1" in task context?
> I found this thread on the topic :
> https://groups.google.com/forum/#!topic/ansible-project/CNxrMIyKx58
> but no solution yet...
>
>
> In one attempt to work around this problem, I have tried to set the FW
> rules in the playbook for Database server instead, by looping over
> groups['webservers']...
> However, I still need the IP of each web server and that is problematic.
> It should be possible to get the IPs using magic variable :
>
> {{ hostvars['test.example.com']['ansible_distribution'] }}
>
> Since I am looping over groups['webservers'], I have the name of the web
> server in {{ item }}. How to I inject that variable name in the expression?
> The following do not work ( substituting lineinfile with shell to
> illustrating the variable problem ) :
> - name: FW rule - accept input 3306 from web server to DB server
> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"] }} {{
> hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }}
> with_items: groups['webservers']
> notify:
> - Restart iptables on DB server
> tags: fwrules
>
>
> Btw, when using Rolles ( http://docs.ansible.com/playbooks_roles.html#roles
> ), in which file may I specify Serial ?
> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems to
> work....
>
> Best regards,
> Vidar
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/66fdfe0c-68f3-4b2f-92d0-97de5de10f36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
