roles/freeradius: Optimize defaults cleanup

Using `state=absent` with the `file` module in a `with_items` loop to delete the "default" module and site configuration files and the example certificates is incredibly slow. Especially on the Raspberry Pi, it can take several minutes to apply this role, even when there are no changes to make. Using the `command` module and running `rm` to remove these files, while not as idempotent, is significantly faster. The main drawback is that each item in the list is not checked, so new items to remove have to be added to the end of the list instead of in alphabetical order.
2018-05-06 18:39:39 -05:00 · 2018-05-06 18:39:39 -05:00 · 4deb17be94
parent 67057fc72e
commit 4deb17be94
1 changed files with 18 additions and 12 deletions
--- a/roles/freeradius/tasks/main.yml
+++ b/roles/freeradius/tasks/main.yml
@ -35,16 +35,20 @@
  notify: restart radiusd

 - name: ensure unused modules are disabled
-  file:
-    name=/etc/raddb/mods-enabled/{{ item }}
-    state=absent
-  with_items: '{{ radiusd_disable_modules }}'
+  command:
+    rm -vf
+    {% for mod in radiusd_disable_modules %}
+    /etc/raddb/mods-enabled/{{ mod }}
+    {% endfor %}
+    removes=/etc/raddb/mods-enabled/{{ radiusd_disable_modules[-1] }}
  notify: restart radiusd
 - name: ensure unused sites are disabled
-  file:
-    name=/etc/raddb/sites-enabled/{{ item }}
-    state=absent
-  with_items: '{{ radiusd_disable_sites }}'
+  command:
+    rm -vf
+    {% for site in radiusd_disable_sites %}
+    /etc/raddb/sites-enabled/{{ site }}
+    {% endfor %}
+    removes=/etc/raddb/sites-enabled/{{ radiusd_disable_sites[-1] }}
  notify: restart radiusd

 - name: ensure server certificate is installed
@ -67,10 +71,12 @@
    openssl dhparam -out /etc/raddb/certs/dhparam {{ radiusd_dhparm_size }}
    creates=/etc/raddb/certs/dhparam
 - name: ensure example certificates are removed
-  file:
-    path=/etc/raddb/certs/{{ item }}
-    state=absent
-  with_items: '{{ radiusd_example_cert_files }}'
+  command:
+    rm -vf
+    {% for file in radiusd_example_cert_files %}
+    /etc/raddb/certs/{{ file }}
+    {% endfor %}
+    removes=/etc/raddb/certs/{{ radiusd_example_cert_files[-1] }}

 - name: ensure freeradius clients are configured
  template: