Very neat solution, thanks! Works for me too, where I pull and push to a git repository. Obviously this can not be done in parallel due to git conflicts.
Separate plays sure will work but that's butt-ugly. I guess now with Ansible 2 strategy plugins might be clean a solution for this. A strategy plugin which changes behavior based on the task context. Am Dienstag, 4. März 2014 02:18:49 UTC+1 schrieb Garron Moore: > > Sorry for the delay on getting back to you. Essentially, my custom ansible > module uses fcntl.flock(). This has the effect that the lock will > automatically be given up when the process exits. Here is some sample code: > > def main(): > # Normal ansible module initialization > > lock_file = open(LOCK_FILE_PATH, 'w') > fcntl.flock(lock_file.fileno(), fcntl.LOCK_EX) > # Put code that needs to be run serially per system here > # Lock will be released when lock_file is closed (or goes out of scope) > > > > On Fri, Feb 21, 2014 at 5:01 AM, Vidar Langseid <[email protected] > <javascript:>> wrote: > >> Hi Garron. >> >> Your approach sound interesting. Would it be possible for you to share >> this custom module with me and the rest of the world? >> >> Best regards, >> Vidar >> >> On Thu, Feb 20, 2014 at 10:51 PM, Garron Moore <[email protected] >> <javascript:>> wrote: >> > I also have a setup where multiple tasks run in parallel against the >> same >> > system. The way these tasks are set up, this is usually OK in my >> > environment. However, for tasks where this wasn't, I ended up moving the >> > task functionality into a custom module that utilizes file locking >> (which >> > essentially forces serial=1 within the same physical system). It would >> have >> > been helpful for me (and it sounds like for you) if tasks had the >> ability to >> > acquire a file-based lock on the system for this purpose, something like >> > "lock_file: true" or possibly providing a name/path for the lock. >> > >> > >> > On Tuesday, February 18, 2014 12:33:43 AM UTC-8, Vidar Langseid wrote: >> >> >> >> >> >> >> >> On Monday, February 17, 2014 4:22:43 PM UTC+1, Michael DeHaan wrote: >> >>> >> >>> Serial needs to be set per play. >> >>> >> >>> But you can have multiple plays per file, so start a new play for the >> >>> section that you want to run in serial mode. >> >> >> >> But how is that done when using roles? >> >> I have for instance roles/webservers/tasks/main.yml... >> >> AFAIK, I can only include task lists from main.yml: >> >> - include: firewall-rules.yml >> >> >> >> But firewall-rules.yml may only contain tasks, right? not "serial:" >> >> statements... >> >> And putting "serial: 1" in roles/webservers/vars/firewall-rules.yml do >> not >> >> work either >> >> >> >> Best regards, >> >> Vidar >> >> >> >>> >> >>> >> >>> >> >>> >> >>> On Mon, Feb 17, 2014 at 7:09 AM, Vidar Langseid <[email protected] >> > >> >>> wrote: >> >>>> >> >>>> Hi >> >>>> >> >>>> In playbook for web servers, I need set firewall rules so that >> database >> >>>> accepts connections: >> >>>> - name: FW rule - accept input 3306 from web server to DB server >> >>>> lineinfile: dest=/etc/sysconfig/iptables >> >>>> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp >> -s {{ >> >>>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$" >> >>>> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{ >> >>>> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT" >> >>>> state=present >> >>>> insertbefore="^-A INPUT -j REJECT --reject-with >> >>>> icmp-host-prohibited.*$" >> >>>> delegate_to: "{{ groups.dbservers.0 }}" >> >>>> notify: >> >>>> - Restart iptables on DB server >> >>>> tags: fwrules >> >>>> >> >>>> >> >>>> However, since I have multiple web servers, the liniinfile action >> will >> >>>> be run in parallel on the db server, causing an unpredictable result >> ( >> >>>> trying to change the file from multiple processes at the same time >> )... >> >>>> Any thoughts about adding support for "Serial:1" in task context? >> >>>> I found this thread on the topic : >> >>>> https://groups.google.com/forum/#!topic/ansible-project/CNxrMIyKx58 >> >>>> but no solution yet... >> >>>> >> >>>> >> >>>> In one attempt to work around this problem, I have tried to set the >> FW >> >>>> rules in the playbook for Database server instead, by looping over >> >>>> groups['webservers']... >> >>>> However, I still need the IP of each web server and that is >> problematic. >> >>>> It should be possible to get the IPs using magic variable : >> >>>> >> >>>> {{ hostvars['test.example.com']['ansible_distribution'] }} >> >>>> >> >>>> Since I am looping over groups['webservers'], I have the name of the >> web >> >>>> server in {{ item }}. How to I inject that variable name in the >> expression? >> >>>> >> >>>> The following do not work ( substituting lineinfile with shell to >> >>>> illustrating the variable problem ) : >> >>>> - name: FW rule - accept input 3306 from web server to DB server >> >>>> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"] >> }} >> >>>> {{ hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }} >> >>>> >> >>>> with_items: groups['webservers'] >> >>>> notify: >> >>>> - Restart iptables on DB server >> >>>> tags: fwrules >> >>>> >> >>>> >> >>>> Btw, when using Rolles ( >> >>>> http://docs.ansible.com/playbooks_roles.html#roles ), in which file >> may I >> >>>> specify Serial ? >> >>>> >> >>>> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems >> to >> >>>> work.... >> >>>> >> >>>> Best regards, >> >>>> Vidar >> >>>> >> >>>> -- >> >>>> You received this message because you are subscribed to the Google >> >>>> Groups "Ansible Project" group. >> >>>> To unsubscribe from this group and stop receiving emails from it, >> send >> >>>> an email to [email protected]. >> >>>> To post to this group, send email to [email protected]. >> >>>> For more options, visit https://groups.google.com/groups/opt_out. >> >>> >> >>> >> > -- >> > You received this message because you are subscribed to a topic in the >> > Google Groups "Ansible Project" group. >> > To unsubscribe from this topic, visit >> > >> https://groups.google.com/d/topic/ansible-project/rBcWzXjt-Xc/unsubscribe >> . >> > To unsubscribe from this group and all its topics, send an email to >> > [email protected] <javascript:>. >> > To post to this group, send email to [email protected] >> <javascript:>. >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/rBcWzXjt-Xc/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/dd6fad11-87c8-446a-ac4a-8cf7c4286518%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
