From 3c02c966cb8b07462538bbdba0b7deed4cb40a90 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Tue, 7 Jul 2020 17:38:29 +0100
Subject: [PATCH] Performance: remove one include_tasks in nova-cell

Including tasks has a performance penalty when compared with importing
tasks. The nova-cell role uses include_tasks twice when generating
certificates and keys for libvirt TLS. While a dynamic include makes
sense here for a non-default feature, we can use one include rather than
two with the same effect. Since this task runs against compute nodes the
overhead is significant.

See [1] for benchmarks of include_tasks and import_tasks.

[1] https://github.com/stackhpc/ansible-scaling/blob/master/doc/include-and-import.md

Partially-Implements: blueprint performance-improvements

Change-Id: Ic687d2f7d4625aede386e576ebb174da72142756
---
 .../nova-cell/tasks/config-libvirt-tls.yml    | 48 +++++++++++++++----
 ansible/roles/nova-cell/tasks/config.yml      | 30 +-----------
 2 files changed, 41 insertions(+), 37 deletions(-)

diff --git a/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml b/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml
index 1868c3f659..d8a1d94421 100644
--- a/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml
+++ b/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml
@@ -1,14 +1,46 @@
 ---
-- name: Copying over libvirt TLS keys {{ file }}
+- name: Copying over libvirt TLS keys (nova-libvirt)
   become: true
+  vars:
+    service: "{{ nova_cell_services['nova-libvirt'] }}"
+    service_name: nova-libvirt
+    paths:
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ item }}"
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ item }}"
   copy:
-    src: "{{ first_found }}"
-    dest: "{{ node_config_directory }}/{{ service_name }}/{{ file }}"
+    src: "{{ lookup('first_found', paths) }}"
+    dest: "{{ node_config_directory }}/{{ service_name }}/{{ item }}"
     mode: "0600"
-  with_first_found:
-    - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ file }}"
-    - "{{ node_custom_config }}/nova/nova-libvirt/{{ file }}"
-  loop_control:
-    loop_var: first_found
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_items:
+    - cacert.pem
+    - servercert.pem
+    - serverkey.pem
+    - clientcert.pem
+    - clientkey.pem
+  notify:
+    - Restart {{ service_name }} container
+
+- name: Copying over libvirt TLS keys (nova-compute)
+  become: true
+  vars:
+    service: "{{ nova_cell_services['nova-compute'] }}"
+    service_name: nova-compute
+    paths:
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ item }}"
+      - "{{ node_custom_config }}/nova/nova-libvirt/{{ item }}"
+  copy:
+    src: "{{ lookup('first_found', paths) }}"
+    dest: "{{ node_config_directory }}/{{ service_name }}/{{ item }}"
+    mode: "0600"
+  when:
+    - inventory_hostname in groups[service.group]
+    - service.enabled | bool
+  with_items:
+    - cacert.pem
+    - clientcert.pem
+    - clientkey.pem
   notify:
     - Restart {{ service_name }} container
diff --git a/ansible/roles/nova-cell/tasks/config.yml b/ansible/roles/nova-cell/tasks/config.yml
index 1c7cab9329..f5ca017239 100644
--- a/ansible/roles/nova-cell/tasks/config.yml
+++ b/ansible/roles/nova-cell/tasks/config.yml
@@ -91,39 +91,11 @@
   notify:
     - Restart nova-libvirt container
 
-- name: Copying over libvirt TLS keys (nova-libvirt)
+- name: Copying over libvirt TLS keys
   include_tasks: config-libvirt-tls.yml
-  vars:
-    service: "{{ nova_cell_services['nova-libvirt'] }}"
-    service_name: nova-libvirt
-    file: "{{ item }}"
   when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
     - libvirt_tls | bool
     - libvirt_tls_manage_certs | bool
-  with_items:
-    - cacert.pem
-    - servercert.pem
-    - serverkey.pem
-    - clientcert.pem
-    - clientkey.pem
-
-- name: Copying over libvirt TLS keys (nova-compute)
-  include_tasks: config-libvirt-tls.yml
-  vars:
-    service: "{{ nova_cell_services['nova-compute'] }}"
-    service_name: nova-compute
-    file: "{{ item }}"
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-    - libvirt_tls | bool
-    - libvirt_tls_manage_certs | bool
-  with_items:
-    - cacert.pem
-    - clientcert.pem
-    - clientkey.pem
 
 - name: Copying files for nova-ssh
   become: true