"Another workaround is to use with_items: play_hosts, when: inventory_hostname == item."
This will not do what you are thinking it does. On Wed, Oct 22, 2014 at 3:40 AM, Tomasz Kontusz <[email protected]> wrote: > Another workaround is to use with_items: play_hosts, when: > inventory_hostname == item. This can be used inside a role, but generates > huge amounts of output (len(play_hosts)² lines). > > I think the right way here would be to fix the signing script to either > work with randomly generated temporary directories or use some locking > mechanism. > > Michael DeHaan <[email protected]> napisał: > >> "ansible has a "serial" option at the playbook level but not at the >> tasks level." >> >> While you can't set serial on a task, you can also in 1.8 set "run_once" >> to a task and it will run on just one host in the loop. >> >> Breaking out to a new play and then restarting a different play is >> definitely an option. >> >> I think a lot of people don't know a playbook can have more than one play >> in it. >> >> >> >> >> >> >> >> On Tue, Oct 21, 2014 at 9:56 AM, Michael Peters < >> [email protected]> wrote: >> >>> I agree that it would be nice to have serial on the task level. Until >>> that happens you could break out of your current play with a one task >>> play that does just this but with "serial: 1" set. Then go back to >>> another play that doesn't use serial to finish the rest of the tasks. >>> >>> On Mon, Oct 20, 2014 at 5:49 PM, Kesten Broughton >>> <[email protected]> wrote: >>> > >>> > ansible has a "serial" option at the playbook level but not at the >>> tasks >>> > level. I feel like i need a similar construct to avoid race conditions >>> when >>> > I have multiple hosts delegate_to something. Perhaps there is an >>> existing >>> > ansible idiom to help me? >>> > >>> > My current problem is copying a bunch of ssl csr's to a >>> > certificat_authority. Then i delegate_to the ca. The trouble comes >>> when >>> > the CA tries to sign multiple certs in parallel. >>> > >>> > - name: Sign the request >>> > delegate_to: "{{certificate_authority}}" >>> > command: creates="{{ca_out_dir}}/{{ansible_fqdn}}.crt" >>> > openssl ca -batch -in "{{ca_in_dir}}/{{ansible_fqdn}}.csr" >>> > -out "{{ca_out_dir}}/{{ansible_fqdn}}.crt" >>> > -keyfile "{{ca_key}}" >>> > -config "{{ca_cnf}}" >>> > -passin "file:{{ca_keystore_password_path}}" >>> > >>> > >>> > Output: The task fails for the first host, but fails for others. >>> > >>> > Certificate is to be certified until Oct 17 21:32:45 2024 GMT (3650 >>> days) >>> > >>> > Write out database with 1 new entries >>> > >>> > unable to rename /etc/pki/21ct/SigningCA1/ca.db.serial.new to >>> > /etc/pki/21ct/SigningCA1/ca.db.serial >>> > >>> > reason: No such file or directory >>> > >>> > >>> > It seems to me that the ca.db.serial.new is a tmp resource and one >>> target >>> > removes it while another is still using it. >>> > I also get this on other tasks if the command acquires a lock on a >>> resource. >>> > I feel like if i could attache a - serial: 1 - to the above, things >>> would >>> > work. >>> > >>> > any tips? >>> > >>> > >>> > Kesten Broughton >>> > 512 701 4209 >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "Ansible Project" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> > email to [email protected]. >>> > To post to this group, send email to [email protected]. >>> > To view this discussion on the web visit >>> > >>> https://groups.google.com/d/msgid/ansible-project/CAO2fFsV8ULz_%2BVNh7qrbPmAoiGR9dVPc4%3D%3Dib4Rh7Cr79HFpZQ%40mail.gmail.com >>> . >>> > For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAJQqANfqR_235563q3XDXKq2hWOg5YccRt0g6sMWQgyR%2B_Rp2g%40mail.gmail.com >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> > -- > Wysłane za pomocą K-9 Mail. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/e5db0eca-89a8-4b7e-a8f7-f529bab2a333%40email.android.com > <https://groups.google.com/d/msgid/ansible-project/e5db0eca-89a8-4b7e-a8f7-f529bab2a333%40email.android.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwKoczoG%3D6LH3sQdYWQK2iEspP34z7HyTq%3DpJ0%2B7%2B061A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
