Combining some ideas here, I wrote a small action plugin -- very lightly
tested.
import fcntl
class ActionModule(object):
def __init__(self, runner):
self.runner = runner
def run(self, conn, tmp, module_name, module_args, inject,
complex_args=None, **kwargs):
lock_file = open('/tmp/serialize.lock', 'w')
fcntl.flock(lock_file.fileno(), fcntl.LOCK_EX)
module_name, module_args = module_args.split(' ', 1)
return self.runner._execute_module(conn, tmp, module_name,
module_args, inject=inject, complex_args=complex_args, **kwargs)
Dropping this in action_plugins/synchronize.py and touching
library/synchronize.py -- you can invoke this in your playbook:
- name: restart foo
serialize: command supervisorctl -c /etc/supervisord.conf signal HUP foo
m
On Monday, February 17, 2014 at 4:09:19 AM UTC-8, Vidar Langseid wrote:
>
> Hi
>
> In playbook for web servers, I need set firewall rules so that database
> accepts connections:
> - name: FW rule - accept input 3306 from web server to DB server
> lineinfile: dest=/etc/sysconfig/iptables
> regexp="^-A INPUT -p tcp -m state --state NEW -m tcp -s {{
> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT$"
> line="-A INPUT -p tcp -m state --state NEW -m tcp -s {{
> ansible_eth0["ipv4"]["address"] }} --dport 3306 -j ACCEPT"
> state=present
> insertbefore="^-A INPUT -j REJECT --reject-with
> icmp-host-prohibited.*$"
> delegate_to: "{{ groups.dbservers.0 }}"
> notify:
> - Restart iptables on DB server
> tags: fwrules
>
>
> However, since I have multiple web servers, the liniinfile action will be
> run in parallel on the db server, causing an unpredictable result ( trying
> to change the file from multiple processes at the same time )...
> Any thoughts about adding support for "Serial:1" in task context?
> I found this thread on the topic :
> https://groups.google.com/forum/#!topic/ansible-project/CNxrMIyKx58
> but no solution yet...
>
>
> In one attempt to work around this problem, I have tried to set the FW
> rules in the playbook for Database server instead, by looping over
> groups['webservers']...
> However, I still need the IP of each web server and that is problematic.
> It should be possible to get the IPs using magic variable :
>
> {{ hostvars['test.example.com']['ansible_distribution'] }}
>
> Since I am looping over groups['webservers'], I have the name of the web
> server in {{ item }}. How to I inject that variable name in the expression?
> The following do not work ( substituting lineinfile with shell to
> illustrating the variable problem ) :
> - name: FW rule - accept input 3306 from web server to DB server
> shell: /bin/true {{ hostvars.item.ansible_eth0["ipv4"]["address"] }} {{
> hostvars.[{{ 'item' }}].ansible_eth0["ipv4"]["address"] }}
> with_items: groups['webservers']
> notify:
> - Restart iptables on DB server
> tags: fwrules
>
>
> Btw, when using Rolles ( http://docs.ansible.com/playbooks_roles.html#roles
> ), in which file may I specify Serial ?
> Neither in tasks/main.yml, handlers/main.yml or vars/main.yml seems to
> work....
>
> Best regards,
> Vidar
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7df3d66a-9ab4-4af2-930d-2f9ba570b02b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
