"ansible has a "serial" option at the playbook level but not at the tasks level."
While you can't set serial on a task, you can also in 1.8 set "run_once" to a task and it will run on just one host in the loop. Breaking out to a new play and then restarting a different play is definitely an option. I think a lot of people don't know a playbook can have more than one play in it. On Tue, Oct 21, 2014 at 9:56 AM, Michael Peters <[email protected]> wrote: > I agree that it would be nice to have serial on the task level. Until > that happens you could break out of your current play with a one task > play that does just this but with "serial: 1" set. Then go back to > another play that doesn't use serial to finish the rest of the tasks. > > On Mon, Oct 20, 2014 at 5:49 PM, Kesten Broughton > <[email protected]> wrote: > > > > ansible has a "serial" option at the playbook level but not at the tasks > > level. I feel like i need a similar construct to avoid race conditions > when > > I have multiple hosts delegate_to something. Perhaps there is an > existing > > ansible idiom to help me? > > > > My current problem is copying a bunch of ssl csr's to a > > certificat_authority. Then i delegate_to the ca. The trouble comes when > > the CA tries to sign multiple certs in parallel. > > > > - name: Sign the request > > delegate_to: "{{certificate_authority}}" > > command: creates="{{ca_out_dir}}/{{ansible_fqdn}}.crt" > > openssl ca -batch -in "{{ca_in_dir}}/{{ansible_fqdn}}.csr" > > -out "{{ca_out_dir}}/{{ansible_fqdn}}.crt" > > -keyfile "{{ca_key}}" > > -config "{{ca_cnf}}" > > -passin "file:{{ca_keystore_password_path}}" > > > > > > Output: The task fails for the first host, but fails for others. > > > > Certificate is to be certified until Oct 17 21:32:45 2024 GMT (3650 days) > > > > Write out database with 1 new entries > > > > unable to rename /etc/pki/21ct/SigningCA1/ca.db.serial.new to > > /etc/pki/21ct/SigningCA1/ca.db.serial > > > > reason: No such file or directory > > > > > > It seems to me that the ca.db.serial.new is a tmp resource and one target > > removes it while another is still using it. > > I also get this on other tasks if the command acquires a lock on a > resource. > > I feel like if i could attache a - serial: 1 - to the above, things would > > work. > > > > any tips? > > > > > > Kesten Broughton > > 512 701 4209 > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To post to this group, send email to [email protected]. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/CAO2fFsV8ULz_%2BVNh7qrbPmAoiGR9dVPc4%3D%3Dib4Rh7Cr79HFpZQ%40mail.gmail.com > . > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAJQqANfqR_235563q3XDXKq2hWOg5YccRt0g6sMWQgyR%2B_Rp2g%40mail.gmail.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyPvW1nsuQKOGwM4miAGNR48L56GV5yt_F-P%3Do5NJ2O%3Dg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
