dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

roles/freeradius: Optimize defaults cleanup 

Using `state=absent` with the `file` module in a `with_items` loop to
delete the "default" module and site configuration files and the example
certificates is incredibly slow. Especially on the Raspberry Pi, it can
take several minutes to apply this role, even when there are no changes
to make. Using the `command` module and running `rm` to remove these
files, while not as idempotent, is significantly faster. The main
drawback is that each item in the list is not checked, so new items to
remove have to be added to the end of the list instead of in
alphabetical order.
jenkins-master
Dustin 2018-05-06 18:39:39 -05:00
parent 67057fc72e
commit 4deb17be94
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
roles/freeradius/tasks/main.yml
View File

@ -35,16 +35,20 @@
notify: restart radiusd notify: restart radiusd
- name: ensure unused modules are disabled - name: ensure unused modules are disabled
file: command:
name=/etc/raddb/mods-enabled/{{ item }} rm -vf
state=absent {% for mod in radiusd_disable_modules %}
with_items: '{{ radiusd_disable_modules }}' /etc/raddb/mods-enabled/{{ mod }}
{% endfor %}
removes=/etc/raddb/mods-enabled/{{ radiusd_disable_modules[-1] }}
notify: restart radiusd notify: restart radiusd
- name: ensure unused sites are disabled - name: ensure unused sites are disabled
file: command:
name=/etc/raddb/sites-enabled/{{ item }} rm -vf
state=absent {% for site in radiusd_disable_sites %}
with_items: '{{ radiusd_disable_sites }}' /etc/raddb/sites-enabled/{{ site }}
{% endfor %}
removes=/etc/raddb/sites-enabled/{{ radiusd_disable_sites[-1] }}
notify: restart radiusd notify: restart radiusd
- name: ensure server certificate is installed - name: ensure server certificate is installed
@ -67,10 +71,12 @@
openssl dhparam -out /etc/raddb/certs/dhparam {{ radiusd_dhparm_size }} openssl dhparam -out /etc/raddb/certs/dhparam {{ radiusd_dhparm_size }}
creates=/etc/raddb/certs/dhparam creates=/etc/raddb/certs/dhparam
- name: ensure example certificates are removed - name: ensure example certificates are removed
file: command:
path=/etc/raddb/certs/{{ item }} rm -vf
state=absent {% for file in radiusd_example_cert_files %}
with_items: '{{ radiusd_example_cert_files }}' /etc/raddb/certs/{{ file }}
{% endfor %}
removes=/etc/raddb/certs/{{ radiusd_example_cert_files[-1] }}
- name: ensure freeradius clients are configured - name: ensure freeradius clients are configured
template: template: