ansible has a "serial" option at the playbook level but not at the tasks
level. I feel like i need a similar construct to avoid race conditions when
I have multiple hosts delegate_to something. Perhaps there is an existing
ansible idiom to help me?
My current problem is copying a bunch of ssl csr's to a
certificat_authority. Then i delegate_to the ca. The trouble comes when
the CA tries to sign multiple certs in parallel.
- name: Sign the request
delegate_to: "{{certificate_authority}}"
command: creates="{{ca_out_dir}}/{{ansible_fqdn}}.crt"
openssl ca -batch -in "{{ca_in_dir}}/{{ansible_fqdn}}.csr"
-out "{{ca_out_dir}}/{{ansible_fqdn}}.crt"
-keyfile "{{ca_key}}"
-config "{{ca_cnf}}"
-passin "file:{{ca_keystore_password_path}}"
Output: The task fails for the first host, but fails for others.
Certificate is to be certified until Oct 17 21:32:45 2024 GMT (3650 days)
Write out database with 1 new entries
unable to rename /etc/pki/21ct/SigningCA1/ca.db.serial.new to
/etc/pki/21ct/SigningCA1/ca.db.serial
reason: No such file or directory
It seems to me that the ca.db.serial.new is a tmp resource and one target
removes it while another is still using it.
I also get this on other tasks if the command acquires a lock on a
resource. I feel like if i could attache a - serial: 1 - to the above,
things would work.
any tips?
Kesten Broughton
512 701 4209
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAO2fFsV8ULz_%2BVNh7qrbPmAoiGR9dVPc4%3D%3Dib4Rh7Cr79HFpZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
