When using a
delegate_to: task in Ansible, commands or modules risk causing errors if they cannot be used concurrently on a single physical machine. The first solution that comes to mind is to set
serial: 1 on that task. Sadly,
serial: is only applicable on entire plays and not on single tasks.
This problem is discussed in the following threads (and many others):
- Possible to set Serial per task ( needed when using delegate_to ) ?
- Ansible: How to run one Task Host by Host?
In particular, my
freeipa-client role failed when running
command: ipa host-show,
ipa host-add and
ipa-getkeytab tasks delegated to my FreeIPA server. Only one or two hosts passed such tasks, and the rest failed with “ipa: ERROR: cannot connect to 'https://freeipa.*********/ipa/json': INTERNAL SERVER ERROR”.
Here's a cool solution using the
flock(1) command that works if you are using the
- name: do something that requires serialization command: flock /etc/ansible-lock <put your command here> delegate_to: <your host>
There you go! Now even though there will be simultaneous active Python processes on the
delegate_to: host, only one at a time will be able to execute the command, while others wait for an exclusive lock on /etc/ansible-lock.
man 1 flock.
I hope it helps!