Very neat solution, thanks! Works for me too, where I pull and push to a
git repository. Obviously this can not be done in parallel due to git
conflicts.
Separate plays sure will work but that's butt-ugly.
I guess now with Ansible 2 strategy plugins might be clean a solution for
this. A strategy plugin which changes behavior based on the task context.
Am Dienstag, 4. März 2014 02:18:49 UTC+1 schrieb Garron Moore:
>
> Sorry for the delay on getting back to you. Essentially, my custom ansible
> module uses fcntl.flock(). This has the effect that the lock will
> automatically be given up when the process exits. Here is some sample code:
>
> def main():
> # Normal ansible module initialization
>
> lock_file = open(LOCK_FILE_PATH, 'w')
> fcntl.flock(lock_file.fileno(), fcntl.LOCK_EX)
> # Put code that needs to be run serially per system here
> # Lock will be released when lock_file is closed (or goes out of scope)
>
>
>
> On Fri, Feb 21, 2014 at 5:01 AM, Vidar Langseid <vidar.l...@gmail.com
> <javascript:>> wrote:
>
>> Hi Garron.
>>
>> Your approach sound interesting. Would it be possible for you to share
>> this custom module with me and the rest of the world?
>>
>> Best regards,
>> Vidar
>>
>> On Thu, Feb 20, 2014 at 10:51 PM, Garron Moore <gar...@energysavvy.com
>> <javascript:>> wrote:
>> > I also have a setup where multiple tasks run in parallel against the
>> same
>> > system. The way these tasks are set up, this is usually OK in my
>> > environment. However, for tasks where this wasn't, I ended up moving the
>> > task functionality into a custom module that utilizes file locking
>> (which
>> > essentially forces serial=1 within the same physical system). It would
>> have
>> > been helpful for me (and it sounds like for you) if tasks had the
>> ability to
>> > acquire a file-based lock on the system for this purpose, something like
>> > "lock_file: true" or possibly providing a name/path for the lock.
>> >
>> >
>> > On Tuesday, February 18, 2014 12:33:43 AM UTC-8, Vidar Langseid wrote:
>> >>
>> >>
>> >>
>> >> On Monday, February 17, 2014 4:22:43 PM UTC+1, Michael DeHaan wrote:
>> >>>
>> >>> Serial needs to be set per play.
>> >>>
>> >>> But you can have multiple plays per file, so start a new play for the
>> >>> section that you want to run in serial mode.
>> >>
>> >> But how is that done when using roles?
>> >> I have for instance roles/webservers/tasks/main.yml...
>> >> AFAIK, I can only include task lists from main.yml:
>> >> - include: firewall-rules.yml
>> >>
>> >> But firewall-rules.yml may only contain tasks, right? not "serial:"
>> >> statements...
>> >> And putting "serial: 1" in roles/webservers/vars/firewall-rules.yml do
>> not
>> >> work either
>> >>
>> >> Best regards,
>> >> Vidar
>> >>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> On Mon, Feb 17, 2014 at 7:09 AM, Vidar Langseid <vidar.l...@gmail.com
>> >
>> >>> wrote:
>> >>>>
>> >>>> Hi
>> >>>>
>> >>>> In playbook for web servers, I need set firewall rules so that
>> database
>> >>>> accepts connections:
>> >>>> - name: FW rule - accept input 3306 from web server to DB server
>> >>>> lineinfile: dest=/etc/sysconfig/iptables
>> >>>> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp
>> -s {{
>> >>>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$"
>> >>>> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{
>> >>>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT"
>> >>>> state=present
>> >>>> insertbefore="^-A INPUT -j REJECT --reject-with
>> >>>> icmp-host-prohibited.*$"
>> >>>> delegate_to: "{{ groups.dbservers.0 }}"
>> >>>> notify:
>> >>>> - Restart iptables on DB server
>> >>>> tags: fwrules
>> >>>>
>> >>>>
>> >>>> However, since I have multiple web servers, the liniinfile action
>> will
>> >>>> be run in parallel on the db server, causing an unpredictable result
>> (
>> >>>> trying to change the file from multiple processes at the same time
>> )...
>> >>>> Any thoughts about adding support for "Serial:1" in task context?
>> >>>> I found this thread on the topic :
>> >>>> https://groups.google.com/forum/#!topic/ansible-project/CNxrMIyKx58
>> >>>> but no solution yet...
>> >>>>
>> >>>>
>> >>>> In one attempt to work around this problem, I have tried to set the
>> FW
>> >>>> rules in the playbook for Database server instead, by looping over
>> >>>> groups['webservers']...
>> >>>> However, I still need the IP of each web server and that is
>> problematic.
>> >>>> It should be possible to get the IPs using magic variable :
>> >>>>
>> >>>> {{ hostvars['test.example.com']['ansible_distribution'] }}
>> >>>>
>> >>>> Since I am looping over groups['webservers'], I have the name of the
>> web
>> >>>> server in {{ item }}. How to I inject that variable name in the
>> expression?
>> >>>>
>> >>>> The following do not work ( substituting lineinfile with shell to
>> >>>> illustrating the variable problem ) :
>> >>>> - name: FW rule - accept input 3306 from web server to DB server
>> >>>> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"]
>> }}
>> >>>> {{ hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }}
>> >>>>
>> >>>> with_items: groups['webservers']
>> >>>> notify:
>> >>>> - Restart iptables on DB server
>> >>>> tags: fwrules
>> >>>>
>> >>>>
>> >>>> Btw, when using Rolles (
>> >>>> http://docs.ansible.com/playbooks_roles.html#roles ), in which file
>> may I
>> >>>> specify Serial ?
>> >>>>
>> >>>> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems
>> to
>> >>>> work....
>> >>>>
>> >>>> Best regards,
>> >>>> Vidar
>> >>>>
>> >>>> --
>> >>>> You received this message because you are subscribed to the Google
>> >>>> Groups "Ansible Project" group.
>> >>>> To unsubscribe from this group and stop receiving emails from it,
>> send
>> >>>> an email to ansible-proje...@googlegroups.com.
>> >>>> To post to this group, send email to ansible...@googlegroups.com.
>> >>>> For more options, visit https://groups.google.com/groups/opt_out.
>> >>>
>> >>>
>> > --
>> > You received this message because you are subscribed to a topic in the
>> > Google Groups "Ansible Project" group.
>> > To unsubscribe from this topic, visit
>> >
>> https://groups.google.com/d/topic/ansible-project/rBcWzXjt-Xc/unsubscribe
>> .
>> > To unsubscribe from this group and all its topics, send an email to
>> > ansible-proje...@googlegroups.com <javascript:>.
>> > To post to this group, send email to ansible...@googlegroups.com
>> <javascript:>.
>> > For more options, visit https://groups.google.com/groups/opt_out.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/rBcWzXjt-Xc/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> ansible-proje...@googlegroups.com <javascript:>.
>> To post to this group, send email to ansible...@googlegroups.com
>> <javascript:>.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/dd6fad11-87c8-446a-ac4a-8cf7c4286518%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
