Compile SELinux module via async

This patch adjusts the SELinux rule compile task to run with async.
Some CI jobs are CPU-bound and this compile step can take 30-45
seconds to complete on slower machines.

Change-Id: Ia20b8cc00ad3bad6d6ccf9cd995d0ef24f2090a0
(cherry picked from commit 79e5e571de)

tasks/lxc_selinux.yml

@@ -13,13 +13,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Create directory for compiling SELinux rule
+- name: Create directory for compiling SELinux policy
   file:
     path: "/tmp/lxc-attach-selinux/"
     state: 'directory'
     mode: '0755'
 
-- name: Drop SELinux config
+- name: Deploy SELinux type enforcement file
   copy:
     src: "lxc-attach.te"
     dest: "/tmp/lxc-attach-selinux/lxc-attach.te"
@@ -28,13 +28,13 @@
     mode: "0755"
 
 - name: Compile and load SELinux module
-  command: '{{ item }}'
+  shell: 'make -f /usr/share/selinux/devel/Makefile && semodule -i /tmp/lxc-attach-selinux/lxc-attach.pp'
   args:
     creates: '/etc/selinux/targeted/active/modules/400/lxc-attach/cil'
     chdir: "/tmp/lxc-attach-selinux/"
-  with_items:
+  register: compile_selinux_async
-   - make -f /usr/share/selinux/devel/Makefile
+  async: 90
-   - semodule -i /tmp/lxc-attach-selinux/lxc-attach.pp
+  poll: 0
 
 - name: Check if /openstack/log exists
   stat:

tasks/main.yml

@@ -81,3 +81,13 @@
 
 - name: Flush handlers
   meta: flush_handlers
+
+- name: Ensure SELinux module compile has finished
+  async_status:
+    jid: "{{ compile_selinux_async.ansible_job_id }}"
+  register: _compile_selinux_async
+  until: _compile_selinux_async.finished
+  retries: 30
+  when:
+    - compile_selinux_async is defined
+    - not compile_selinux_async | skipped