Prevent simultaneous deploys with Ansible

Question

Anyone on my team can SSH into our special deploy server, and from there run an Ansible playbook to push new code to machines.

We're worried about what will happen if two people try to do deploys simultaneously. We'd like to make it so that the playbook will fail if anyone else is currently running it.

Any suggestions for how to do this? The standard solution is to use a pid file, but Ansible does not have built-in support for these.

Answer 1

Personally I use RunDeck ( http://rundeck.org/ ) as a wrapper around my Ansible playbooks for multiple reasons:

• You can set a RunDeck 'job' to only be able to be run at one time (or set it to run as many times at the same time as you want)
• You can set up users within the system so that auditing of who has run what is listed clearly
• You can set additional variables with constraints on what can be used (specify a list of options)
• Its a whole lot cheaper than Ansible Tower (RunDeck is free)
• It has a full API for running jobs pragmatically from build systems
• You don't need to write complicated bash wrappers around the ansible-playbook command
• SSH can become a litmus test of 'something needs an ansible script written' - I don't allow SSH access except in full on break/fix situations, and we have happier SA's as a result
• Lastly, and definitely way up there in the 'nice to have' category is you can schedule RunDeck jobs to run ansible playbooks in a very easy way for anybody who logs on to the console to see what is running when

There are many more good reasons of course, but my fingers are getting tired of typing ;)