Serialize a single task with Ansible

When using a delegate_to: task in Ansible, commands or modules risk causing errors if they cannot be used concurrently on a single physical machine. The first solution that comes to mind is to set serial: 1 on that task. Sadly, serial: is only applicable on entire plays and not on single tasks.

This problem is discussed in the following threads (and many others):

In particular, my freeipa-client role failed when running command: ipa host-show, ipa host-add and ipa-getkeytab tasks delegated to my FreeIPA server. Only one or two hosts passed such tasks, and the rest failed with “ipa: ERROR: cannot connect to ‘https://freeipa.*********/ipa/json’: INTERNAL SERVER ERROR”.

Here’s a cool solution using the flock(1) command that works if you are using the command module:

- name: do something that requires serialization
  command: <span class="fg_yellow">flock /etc/ansible-lock</span> &lt;put your command here&gt;
  delegate_to: <your host>

There you go! Now even though there will be simultaneous active Python processes on the delegate_to: host, only one at a time will be able to execute the command, while others wait for an exclusive lock on /etc/ansible-lock.

See also: man 1 flock.

I hope it helps!

Alexandre de Verteuil
Alexandre de Verteuil
Senior Solutions Architect

I teach people how to see the matrix metrics.
Monkeys and sunsets make me happy.