Performance: remove one include_tasks in nova-cell

Including tasks has a performance penalty when compared with importing tasks. The nova-cell role uses include_tasks twice when generating certificates and keys for libvirt TLS. While a dynamic include makes sense here for a non-default feature, we can use one include rather than two with the same effect. Since this task runs against compute nodes the overhead is significant. See [1] for benchmarks of include_tasks and import_tasks. [1] https://github.com/stackhpc/ansible-scaling/blob/master/doc/include-and-import.md Partially-Implements: blueprint performance-improvements Change-Id: Ic687d2f7d4625aede386e576ebb174da72142756
2020-07-07 17:38:29 +01:00 · 2020-07-07 17:38:29 +01:00 · 3c02c966cb
commit 3c02c966cb
parent b685ac44e0
2 changed files with 41 additions and 37 deletions
--- a/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml
+++ b/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml
@ -1,14 +1,46 @@
 ---
- name: Copying over libvirt TLS keys {{ file }}
+- name: Copying over libvirt TLS keys (nova-libvirt)
  become: true
+  vars:
+    service: "{{ nova_cell_services['nova-libvirt'] }}"
+    service_name: nova-libvirt
+    paths:
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ item }}"
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ item }}"
  copy:
-    src: "{{ first_found }}"
-    dest: "{{ node_config_directory }}/{{ service_name }}/{{ file }}"
+    src: "{{ lookup('first_found', paths) }}"
+    dest: "{{ node_config_directory }}/{{ service_name }}/{{ item }}"
    mode: "0600"
-  with_first_found:
-    - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ file }}"
-    - "{{ node_custom_config }}/nova/nova-libvirt/{{ file }}"
-  loop_control:
-    loop_var: first_found
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_items:
+    - cacert.pem
+    - servercert.pem
+    - serverkey.pem
+    - clientcert.pem
+    - clientkey.pem
+  notify:
+    - Restart {{ service_name }} container
+
+- name: Copying over libvirt TLS keys (nova-compute)
+  become: true
+  vars:
+    service: "{{ nova_cell_services['nova-compute'] }}"
+    service_name: nova-compute
+    paths:
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ item }}"
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ item }}"
+  copy:
+    src: "{{ lookup('first_found', paths) }}"
+    dest: "{{ node_config_directory }}/{{ service_name }}/{{ item }}"
+    mode: "0600"
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_items:
+    - cacert.pem
+    - clientcert.pem
+    - clientkey.pem
  notify:
    - Restart {{ service_name }} container
--- a/ansible/roles/nova-cell/tasks/config.yml
+++ b/ansible/roles/nova-cell/tasks/config.yml
@ -91,39 +91,11 @@
  notify:
    - Restart nova-libvirt container

- name: Copying over libvirt TLS keys (nova-libvirt)
+- name: Copying over libvirt TLS keys
  include_tasks: config-libvirt-tls.yml
-  vars:
-    service: "{{ nova_cell_services['nova-libvirt'] }}"
-    service_name: nova-libvirt
-    file: "{{ item }}"
  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
    - libvirt_tls | bool
    - libvirt_tls_manage_certs | bool
-  with_items:
-    - cacert.pem
-    - servercert.pem
-    - serverkey.pem
-    - clientcert.pem
-    - clientkey.pem
-
- name: Copying over libvirt TLS keys (nova-compute)
-  include_tasks: config-libvirt-tls.yml
-  vars:
-    service: "{{ nova_cell_services['nova-compute'] }}"
-    service_name: nova-compute
-    file: "{{ item }}"
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-    - libvirt_tls | bool
-    - libvirt_tls_manage_certs | bool
-  with_items:
-    - cacert.pem
-    - clientcert.pem
-    - clientkey.pem

 - name: Copying files for nova-ssh
  become: true