From 3c02c966cb8b07462538bbdba0b7deed4cb40a90 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Tue, 7 Jul 2020 17:38:29 +0100 Subject: [PATCH] Performance: remove one include_tasks in nova-cell Including tasks has a performance penalty when compared with importing tasks. The nova-cell role uses include_tasks twice when generating certificates and keys for libvirt TLS. While a dynamic include makes sense here for a non-default feature, we can use one include rather than two with the same effect. Since this task runs against compute nodes the overhead is significant. See [1] for benchmarks of include_tasks and import_tasks. [1] https://github.com/stackhpc/ansible-scaling/blob/master/doc/include-and-import.md Partially-Implements: blueprint performance-improvements Change-Id: Ic687d2f7d4625aede386e576ebb174da72142756 --- .../nova-cell/tasks/config-libvirt-tls.yml | 48 +++++++++++++++---- ansible/roles/nova-cell/tasks/config.yml | 30 +----------- 2 files changed, 41 insertions(+), 37 deletions(-) diff --git a/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml b/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml index 1868c3f659..d8a1d94421 100644 --- a/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml +++ b/ansible/roles/nova-cell/tasks/config-libvirt-tls.yml @@ -1,14 +1,46 @@ --- -- name: Copying over libvirt TLS keys {{ file }} +- name: Copying over libvirt TLS keys (nova-libvirt) become: true + vars: + service: "{{ nova_cell_services['nova-libvirt'] }}" + service_name: nova-libvirt + paths: + - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ item }}" + - "{{ node_custom_config }}/nova/nova-libvirt/{{ item }}" copy: - src: "{{ first_found }}" - dest: "{{ node_config_directory }}/{{ service_name }}/{{ file }}" + src: "{{ lookup('first_found', paths) }}" + dest: "{{ node_config_directory }}/{{ service_name }}/{{ item }}" mode: "0600" - with_first_found: - - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ file }}" - - "{{ node_custom_config }}/nova/nova-libvirt/{{ file }}" - loop_control: - loop_var: first_found + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + with_items: + - cacert.pem + - servercert.pem + - serverkey.pem + - clientcert.pem + - clientkey.pem + notify: + - Restart {{ service_name }} container + +- name: Copying over libvirt TLS keys (nova-compute) + become: true + vars: + service: "{{ nova_cell_services['nova-compute'] }}" + service_name: nova-compute + paths: + - "{{ node_custom_config }}/nova/nova-libvirt/{{ inventory_hostname }}/{{ item }}" + - "{{ node_custom_config }}/nova/nova-libvirt/{{ item }}" + copy: + src: "{{ lookup('first_found', paths) }}" + dest: "{{ node_config_directory }}/{{ service_name }}/{{ item }}" + mode: "0600" + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + with_items: + - cacert.pem + - clientcert.pem + - clientkey.pem notify: - Restart {{ service_name }} container diff --git a/ansible/roles/nova-cell/tasks/config.yml b/ansible/roles/nova-cell/tasks/config.yml index 1c7cab9329..f5ca017239 100644 --- a/ansible/roles/nova-cell/tasks/config.yml +++ b/ansible/roles/nova-cell/tasks/config.yml @@ -91,39 +91,11 @@ notify: - Restart nova-libvirt container -- name: Copying over libvirt TLS keys (nova-libvirt) +- name: Copying over libvirt TLS keys include_tasks: config-libvirt-tls.yml - vars: - service: "{{ nova_cell_services['nova-libvirt'] }}" - service_name: nova-libvirt - file: "{{ item }}" when: - - inventory_hostname in groups[service.group] - - service.enabled | bool - libvirt_tls | bool - libvirt_tls_manage_certs | bool - with_items: - - cacert.pem - - servercert.pem - - serverkey.pem - - clientcert.pem - - clientkey.pem - -- name: Copying over libvirt TLS keys (nova-compute) - include_tasks: config-libvirt-tls.yml - vars: - service: "{{ nova_cell_services['nova-compute'] }}" - service_name: nova-compute - file: "{{ item }}" - when: - - inventory_hostname in groups[service.group] - - service.enabled | bool - - libvirt_tls | bool - - libvirt_tls_manage_certs | bool - with_items: - - cacert.pem - - clientcert.pem - - clientkey.pem - name: Copying files for nova-ssh become: true