Hello,
Not sure if this still interest everyone, but the way I found to make is
work is just like Michael explained. This is an example for future
reference:
---
# This playbook upgrades a the social cluster to DSE 4.0.4
# Apply common configuration to all hosts
- hosts: all
gather_facts: no
tasks:
- include: maintest.yaml
- include: restart.yaml okay_to_run={{ out.rc }}
- name: group my play
group_by: key=my_ad_hoc_on_the_fly_group
- name: main task1
command: "echo main.yaml task 1"
- name: main task2
command: "echo main.yaml task 2"
# say this is the tasks that is supposed to "notify" restart
- name: main task1
command: "echo main.yaml task 3"
register: out
---
- hosts: my_ad_hoc_on_the_fly_group
serial: 1
tasks:
- name: restart host
command: "echo I would restart 1"
when: ok_to_run.rc == 0
That did the trick for me. Hope that helps. Not the most elegant solution,
but it might help.
On Monday, February 17, 2014 at 4:09:19 AM UTC-8, Vidar Langseid wrote:
>
> Hi
>
> In playbook for web servers, I need set firewall rules so that database
> accepts connections:
> - name: FW rule - accept input 3306 from web server to DB server
> lineinfile: dest=/etc/sysconfig/iptables
> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp -s {{
> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$"
> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{
> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT"
> state=present
> insertbefore="^-A INPUT -j REJECT --reject-with
> icmp-host-prohibited.*$"
> delegate_to: "{{ groups.dbservers.0 }}"
> notify:
> - Restart iptables on DB server
> tags: fwrules
>
>
> However, since I have multiple web servers, the liniinfile action will be
> run in parallel on the db server, causing an unpredictable result ( trying
> to change the file from multiple processes at the same time )...
> Any thoughts about adding support for "Serial:1" in task context?
> I found this thread on the topic :
> https://groups.google.com/forum/#!topic/ansible-project/CNxrMIyKx58
> but no solution yet...
>
>
> In one attempt to work around this problem, I have tried to set the FW
> rules in the playbook for Database server instead, by looping over
> groups['webservers']...
> However, I still need the IP of each web server and that is problematic.
> It should be possible to get the IPs using magic variable :
>
> {{ hostvars['test.example.com']['ansible_distribution'] }}
>
> Since I am looping over groups['webservers'], I have the name of the web
> server in {{ item }}. How to I inject that variable name in the expression?
> The following do not work ( substituting lineinfile with shell to
> illustrating the variable problem ) :
> - name: FW rule - accept input 3306 from web server to DB server
> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"] }} {{
> hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }}
> with_items: groups['webservers']
> notify:
> - Restart iptables on DB server
> tags: fwrules
>
>
> Btw, when using Rolles ( http://docs.ansible.com/playbooks_roles.html#roles
> ), in which file may I specify Serial ?
> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems to
> work....
>
> Best regards,
> Vidar
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/66fdfe0c-68f3-4b2f-92d0-97de5de10f36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
