I agree that it would be nice to have serial on the task level. Until that happens you could break out of your current play with a one task play that does just this but with "serial: 1" set. Then go back to another play that doesn't use serial to finish the rest of the tasks.
On Mon, Oct 20, 2014 at 5:49 PM, Kesten Broughton <[email protected]> wrote: > > ansible has a "serial" option at the playbook level but not at the tasks > level. I feel like i need a similar construct to avoid race conditions when > I have multiple hosts delegate_to something. Perhaps there is an existing > ansible idiom to help me? > > My current problem is copying a bunch of ssl csr's to a > certificat_authority. Then i delegate_to the ca. The trouble comes when > the CA tries to sign multiple certs in parallel. > > - name: Sign the request > delegate_to: "{{certificate_authority}}" > command: creates="{{ca_out_dir}}/{{ansible_fqdn}}.crt" > openssl ca -batch -in "{{ca_in_dir}}/{{ansible_fqdn}}.csr" > -out "{{ca_out_dir}}/{{ansible_fqdn}}.crt" > -keyfile "{{ca_key}}" > -config "{{ca_cnf}}" > -passin "file:{{ca_keystore_password_path}}" > > > Output: The task fails for the first host, but fails for others. > > Certificate is to be certified until Oct 17 21:32:45 2024 GMT (3650 days) > > Write out database with 1 new entries > > unable to rename /etc/pki/21ct/SigningCA1/ca.db.serial.new to > /etc/pki/21ct/SigningCA1/ca.db.serial > > reason: No such file or directory > > > It seems to me that the ca.db.serial.new is a tmp resource and one target > removes it while another is still using it. > I also get this on other tasks if the command acquires a lock on a resource. > I feel like if i could attache a - serial: 1 - to the above, things would > work. > > any tips? > > > Kesten Broughton > 512 701 4209 > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAO2fFsV8ULz_%2BVNh7qrbPmAoiGR9dVPc4%3D%3Dib4Rh7Cr79HFpZQ%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJQqANfqR_235563q3XDXKq2hWOg5YccRt0g6sMWQgyR%2B_Rp2g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
