Combining some ideas here, I wrote a small action plugin -- very lightly
tested.
import fcntl
class ActionModule(object):
def __init__(self, runner):
self.runner = runner
def run(self, conn, tmp, module_name, module_args, inject,
complex_args=None, **kwargs):
lock_file = open('/tmp/serialize.lock', 'w')
fcntl.flock(lock_file.fileno(), fcntl.LOCK_EX)
module_name, module_args = module_args.split(' ', 1)
return self.runner._execute_module(conn, tmp, module_name,
module_args, inject=inject, complex_args=complex_args, **kwargs)
Dropping this in action_plugins/synchronize.py and touching
library/synchronize.py -- you can invoke this in your playbook:
- name: restart foo
serialize: command supervisorctl -c /etc/supervisord.conf signal HUP foo
m
On Monday, February 17, 2014 at 4:09:19 AM UTC-8, Vidar Langseid wrote:
>
> Hi
>
> In playbook for web servers, I need set firewall rules so that database
> accepts connections:
> - name: FW rule - accept input 3306 from web server to DB server
> lineinfile: dest=/etc/sysconfig/iptables
> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp -s {{
> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$"
> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{
> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT"
> state=present
> insertbefore="^-A INPUT -j REJECT --reject-with
> icmp-host-prohibited.*$"
> delegate_to: "{{ groups.dbservers.0 }}"
> notify:
> - Restart iptables on DB server
> tags: fwrules
>
>
> However, since I have multiple web servers, the liniinfile action will be
> run in parallel on the db server, causing an unpredictable result ( trying
> to change the file from multiple processes at the same time )...
> Any thoughts about adding support for "Serial:1" in task context?
> I found this thread on the topic :
> https://groups.google.com/forum/#!topic/ansible-project/CNxrMIyKx58
> but no solution yet...
>
>
> In one attempt to work around this problem, I have tried to set the FW
> rules in the playbook for Database server instead, by looping over
> groups['webservers']...
> However, I still need the IP of each web server and that is problematic.
> It should be possible to get the IPs using magic variable :
>
> {{ hostvars['test.example.com']['ansible_distribution'] }}
>
> Since I am looping over groups['webservers'], I have the name of the web
> server in {{ item }}. How to I inject that variable name in the expression?
> The following do not work ( substituting lineinfile with shell to
> illustrating the variable problem ) :
> - name: FW rule - accept input 3306 from web server to DB server
> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"] }} {{
> hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }}
> with_items: groups['webservers']
> notify:
> - Restart iptables on DB server
> tags: fwrules
>
>
> Btw, when using Rolles ( http://docs.ansible.com/playbooks_roles.html#roles
> ), in which file may I specify Serial ?
> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems to
> work....
>
> Best regards,
> Vidar
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7df3d66a-9ab4-4af2-930d-2f9ba570b02b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
