As this post is stilled in top of google search let me describe one more
way for a single task that should not be done simultaneously on multiple
servers:
- hosts: all
tasks:
- name: set fact
set_fact:
marker: marker
- name: group by marker
group_by: key=marker
changed_when: no
- name: target task
debug: msg="Performing task on {{ inventory_hostname }}, item is {{
item }}"
with_items: groups['marker']
when: "hostvars[item].inventory_hostname == inventory_hostname"
On Friday, May 15, 2015 at 2:45:31 AM UTC+3, Frederiko Costa wrote:
>
> Hello,
>
> Not sure if this still interest everyone, but the way I found to make is
> work is just like Michael explained. This is an example for future
> reference:
>
> ---
> # This playbook upgrades a the social cluster to DSE 4.0.4
>
>
> # Apply common configuration to all hosts
> - hosts: all
> gather_facts: no
> tasks:
> - include: maintest.yaml
>
> - include: restart.yaml okay_to_run={{ out.rc }}
>
>
> - name: group my play
> group_by: key=my_ad_hoc_on_the_fly_group
>
> - name: main task1
> command: "echo main.yaml task 1"
>
> - name: main task2
> command: "echo main.yaml task 2"
>
> # say this is the tasks that is supposed to "notify" restart
> - name: main task1
> command: "echo main.yaml task 3"
> register: out
>
> ---
> - hosts: my_ad_hoc_on_the_fly_group
> serial: 1
> tasks:
> - name: restart host
> command: "echo I would restart 1"
> when: ok_to_run.rc == 0
>
> That did the trick for me. Hope that helps. Not the most elegant solution,
> but it might help.
>
>
> On Monday, February 17, 2014 at 4:09:19 AM UTC-8, Vidar Langseid wrote:
>>
>> Hi
>>
>> In playbook for web servers, I need set firewall rules so that database
>> accepts connections:
>> - name: FW rule - accept input 3306 from web server to DB server
>> lineinfile: dest=/etc/sysconfig/iptables
>> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp -s {{
>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$"
>> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{
>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT"
>> state=present
>> insertbefore="^-A INPUT -j REJECT --reject-with
>> icmp-host-prohibited.*$"
>> delegate_to: "{{ groups.dbservers.0 }}"
>> notify:
>> - Restart iptables on DB server
>> tags: fwrules
>>
>>
>> However, since I have multiple web servers, the liniinfile action will be
>> run in parallel on the db server, causing an unpredictable result ( trying
>> to change the file from multiple processes at the same time )...
>> Any thoughts about adding support for "Serial:1" in task context?
>> I found this thread on the topic :
>> https://groups.google.com/forum/#!topic/ansible-project/CNxrMIyKx58
>> but no solution yet...
>>
>>
>> In one attempt to work around this problem, I have tried to set the FW
>> rules in the playbook for Database server instead, by looping over
>> groups['webservers']...
>> However, I still need the IP of each web server and that is problematic.
>> It should be possible to get the IPs using magic variable :
>>
>> {{ hostvars['test.example.com']['ansible_distribution'] }}
>>
>> Since I am looping over groups['webservers'], I have the name of the web
>> server in {{ item }}. How to I inject that variable name in the expression?
>> The following do not work ( substituting lineinfile with shell to
>> illustrating the variable problem ) :
>> - name: FW rule - accept input 3306 from web server to DB server
>> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"] }} {{
>> hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }}
>> with_items: groups['webservers']
>> notify:
>> - Restart iptables on DB server
>> tags: fwrules
>>
>>
>> Btw, when using Rolles ( http://docs.ansible.com/playbooks_roles.html#roles
>> ), in which file may I specify Serial ?
>> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems to
>> work....
>>
>> Best regards,
>> Vidar
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2d4ff68d-df25-435b-b700-7b30991d62eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
