Just as a quick update, this has actually nothing to do with thread safety.
Ansible, in fact, even locally does not use threads - it uses forks. Remotely, it's more of an issue with "X is not able to be used concurrently", which is the same thing you'd get if you were running from 2 different Ansible machines at the same infrastructure at once, as well. delegate_to usually only makes sense on a "serial: 1" play, or at least a serial: small play, as if you have 500 hosts, and delegate things all to one host in a host loop, you're going to spawn 500 python processes, and probably hit the SSH connection limit well before that :) On Mon, Jul 21, 2014 at 8:38 AM, Michael DeHaan <[email protected]> wrote: > There's no current way to add "serial" to a task right now, nor is that > the proper keyword for this. > > I think this would be proposing an override for "forks" as a task > attribute. > > > > > > On Mon, Jul 21, 2014 at 6:11 AM, Guillaume Subiron <[email protected]> > wrote: > >> Here is another example : >> >> - name: Fetch public ssh key >> command: cat /root/.ssh/id_rsa.pub >> register: root_pub_key >> >> - name: Add public ssh key to backup account >> delegate_to: "{{ backup_server }}" >> authorized_key: > >> user={{ hostvars[backup_server]['backup_user'] }} >> key="{{root_pub_key.stdout}}" >> >> This second task cannot be executed in parallel, because the >> authorized_key module is not thread safe. >> >> Problem is, this task is in the middle of a role, so I cannot just >> split my role in two parts to have 3 plays : >> - role (part one) >> - task with serial:1 >> - role (part two) >> >> It would work, but it is really ugly. >> >> >> >> Le 14/05/21 15:57, Garron Moore claviotta : >> > I agree the serial keyword on each task is likely a better option for >> most >> > people and is easier to use and understand. >> > >> > I have multiple inventory entries that point at the same machine. In my >> > particular situation, I wanted the tasks to run in parallel as much as >> > possible with the restriction that it isn't OK to have multiple in >> parallel >> > on the same physical box. I realize this is probably an uncommon use >> case. >> > Serial tasks would have solved my problem as well, just with longer run >> > time in some situations. >> > >> > Garron >> > >> > >> > >>>>> On Mon, Feb 17, 2014 at 7:09 AM, Vidar Langseid < >> [email protected]>wrote: >> > >>>>> >> > >>>>>> Hi >> > >>>>>> >> > >>>>>> In playbook for web servers, I need set firewall rules so that >> > >>>>>> database accepts connections: >> > >>>>>> - name: FW rule - accept input 3306 from web server to DB server >> > >>>>>> lineinfile: dest=/etc/sysconfig/iptables >> > >>>>>> regexp="^-A INPUT -p tcp -m state --state NEW -m >> tcp -s >> > >>>>>> {{ ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$" >> > >>>>>> line="-A INPUT -p tcp -m state --state NEW -m tcp >> -s {{ >> > >>>>>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT" >> > >>>>>> state=present >> > >>>>>> insertbefore="^-A INPUT -j REJECT --reject-with >> > >>>>>> icmp-host-prohibited.*$" >> > >>>>>> delegate_to: "{{ groups.dbservers.0 }}" >> > >>>>>> notify: >> > >>>>>> - Restart iptables on DB server >> > >>>>>> tags: fwrules >> > >>>>>> >> > >>>>>> >> > >>>>>> However, since I have multiple web servers, the liniinfile action >> > >>>>>> will be run in parallel on the db server, causing an >> unpredictable result ( >> > >>>>>> trying to change the file from multiple processes at the same >> time )... >> > >>>>>> Any thoughts about adding support for "Serial:1" in task context? >> > >>>>>> I found this thread on the topic : >> https://groups.google.com/foru >> > >>>>>> m/#!topic/ansible-project/CNxrMIyKx58 >> > >>>>>> but no solution yet... >> > >>>>>> >> > >>>>>> >> > >>>>>> In one attempt to work around this problem, I have tried to set >> the >> > >>>>>> FW rules in the playbook for Database server instead, by looping >> over >> > >>>>>> groups['webservers']... >> > >>>>>> However, I still need the IP of each web server and that is >> > >>>>>> problematic. It should be possible to get the IPs using magic >> variable : >> > >>>>>> >> > >>>>>> {{ hostvars['test.example.com']['ansible_distribution'] }} >> > >>>>>> >> > >>>>>> Since I am looping over groups['webservers'], I have the name of >> the web server in {{ item }}. How to I inject that variable name in the >> expression? >> > >>>>>> >> > >>>>>> >> > >>>>>> >> > >>>>>> The following do not work ( substituting lineinfile with shell >> to illustrating the variable problem ) : >> > >>>>>> - name: FW rule - accept input 3306 from web server to DB server >> > >>>>>> shell: /bin/true {{ >> hostvars.item.ansible_eth0["ipv4"]["address"] }} {{ hostvars.[{{ 'item' >> }}].ansible_eth0["ipv4"]["address"] }} >> > >>>>>> >> > >>>>>> >> > >>>>>> >> > >>>>>> with_items: groups['webservers'] >> > >>>>>> notify: >> > >>>>>> - Restart iptables on DB server >> > >>>>>> tags: fwrules >> > >>>>>> >> > >>>>>> >> > >>>>>> Btw, when using Rolles ( >> http://docs.ansible.com/playbooks_roles.html#roles ), in which file may >> I specify Serial ? >> > >>>>>> >> > >>>>>> >> > >>>>>> >> > >>>>>> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml >> seems to work.... >> > >>>>>> >> >> -- >> Guillaume Subiron >> Mail - [email protected] >> GPG - 5BC2 EADB >> Jabber - [email protected] >> IRC - maethor@(freenode|geeknode) >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/20140721101104.GE14256%40subiron.org >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxLNQ8k_GpDjB6Hdacvq6zq%2B%3D%2BH90JYdULs-u1bSvui5A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
