When using a delegate_to: task in Ansible, commands or modules risk causing errors if they cannot be used concurrently on a single physical machine. The first solution that comes to mind is to set serial: 1 on that task. Sadly, serial: is only applicable on entire plays and not on single tasks.

This problem is discussed in the following threads (and many others):

In particular, my freeipa-client role failed when running command: ipa host-show, ipa host-add and ipa-getkeytab tasks delegated to my FreeIPA server. Only one or two hosts passed such tasks, and the rest failed with “ipa: ERROR: cannot connect to 'https://freeipa.*********/ipa/json': INTERNAL SERVER ERROR”.

Here's a cool solution using the flock(1) command that works if you are using the command module:

- name: do something that requires serialization
  command: flock /etc/ansible-lock <put your command here>
  delegate_to: <your host>

There you go! Now even though there will be simultaneous active Python processes on the delegate_to: host, only one at a time will be able to execute the command, while others wait for an exclusive lock on /etc/ansible-lock.

See also: man 1 flock.

I hope it helps!

Comments

Comment Atom Feed

There are no comments yet.

Add a Comment

You can use the Markdown syntax to format your comment.