Another workaround is to use with_items: play_hosts, when: inventory_hostname == item. This can be used inside a role, but generates huge amounts of output (len(play_hosts)² lines).
I think the right way here would be to fix the signing script to either work with randomly generated temporary directories or use some locking mechanism. Michael DeHaan <[email protected]> napisał: >"ansible has a "serial" option at the playbook level but not at the >tasks >level." > >While you can't set serial on a task, you can also in 1.8 set >"run_once" to >a task and it will run on just one host in the loop. > >Breaking out to a new play and then restarting a different play is >definitely an option. > >I think a lot of people don't know a playbook can have more than one >play >in it. > > > > > > > >On Tue, Oct 21, 2014 at 9:56 AM, Michael Peters ><[email protected]> >wrote: > >> I agree that it would be nice to have serial on the task level. Until >> that happens you could break out of your current play with a one task >> play that does just this but with "serial: 1" set. Then go back to >> another play that doesn't use serial to finish the rest of the tasks. >> >> On Mon, Oct 20, 2014 at 5:49 PM, Kesten Broughton >> <[email protected]> wrote: >> > >> > ansible has a "serial" option at the playbook level but not at the >tasks >> > level. I feel like i need a similar construct to avoid race >conditions >> when >> > I have multiple hosts delegate_to something. Perhaps there is an >> existing >> > ansible idiom to help me? >> > >> > My current problem is copying a bunch of ssl csr's to a >> > certificat_authority. Then i delegate_to the ca. The trouble >comes when >> > the CA tries to sign multiple certs in parallel. >> > >> > - name: Sign the request >> > delegate_to: "{{certificate_authority}}" >> > command: creates="{{ca_out_dir}}/{{ansible_fqdn}}.crt" >> > openssl ca -batch -in >"{{ca_in_dir}}/{{ansible_fqdn}}.csr" >> > -out "{{ca_out_dir}}/{{ansible_fqdn}}.crt" >> > -keyfile "{{ca_key}}" >> > -config "{{ca_cnf}}" >> > -passin >"file:{{ca_keystore_password_path}}" >> > >> > >> > Output: The task fails for the first host, but fails for others. >> > >> > Certificate is to be certified until Oct 17 21:32:45 2024 GMT (3650 >days) >> > >> > Write out database with 1 new entries >> > >> > unable to rename /etc/pki/21ct/SigningCA1/ca.db.serial.new to >> > /etc/pki/21ct/SigningCA1/ca.db.serial >> > >> > reason: No such file or directory >> > >> > >> > It seems to me that the ca.db.serial.new is a tmp resource and one >target >> > removes it while another is still using it. >> > I also get this on other tasks if the command acquires a lock on a >> resource. >> > I feel like if i could attache a - serial: 1 - to the above, things >would >> > work. >> > >> > any tips? >> > >> > >> > Kesten Broughton >> > 512 701 4209 >> > >> > -- >> > You received this message because you are subscribed to the Google >Groups >> > "Ansible Project" group. >> > To unsubscribe from this group and stop receiving emails from it, >send an >> > email to [email protected]. >> > To post to this group, send email to >[email protected]. >> > To view this discussion on the web visit >> > >> >https://groups.google.com/d/msgid/ansible-project/CAO2fFsV8ULz_%2BVNh7qrbPmAoiGR9dVPc4%3D%3Dib4Rh7Cr79HFpZQ%40mail.gmail.com >> . >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google >Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, >send an >> email to [email protected]. >> To post to this group, send email to >[email protected]. >> To view this discussion on the web visit >> >https://groups.google.com/d/msgid/ansible-project/CAJQqANfqR_235563q3XDXKq2hWOg5YccRt0g6sMWQgyR%2B_Rp2g%40mail.gmail.com >> . >> For more options, visit https://groups.google.com/d/optout. >> > >-- >You received this message because you are subscribed to the Google >Groups "Ansible Project" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to [email protected]. >To post to this group, send email to [email protected]. >To view this discussion on the web visit >https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyPvW1nsuQKOGwM4miAGNR48L56GV5yt_F-P%3Do5NJ2O%3Dg%40mail.gmail.com. >For more options, visit https://groups.google.com/d/optout. -- Wysłane za pomocą K-9 Mail. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e5db0eca-89a8-4b7e-a8f7-f529bab2a333%40email.android.com. For more options, visit https://groups.google.com/d/optout.
