From 70e122e7c2358360b5bb44eab3a698daf86194d5 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Thu, 2 Mar 2017 11:36:16 +0400
Subject: [PATCH] Use async for slow long loop cert tasks

Checking for certs and generating tokens takes
up to 1.5s per node for each of three tasks. Async
should parallelize this and reduce the time significantly.
---
 roles/etcd/tasks/check_certs.yml               | 8 ++++++++
 roles/kubernetes/secrets/tasks/check-certs.yml | 8 ++++++++
 roles/kubernetes/secrets/tasks/gen_tokens.yml  | 8 ++++++++
 3 files changed, 24 insertions(+)

diff --git a/roles/etcd/tasks/check_certs.yml b/roles/etcd/tasks/check_certs.yml
index bc14e255f..aa470d7b1 100644
--- a/roles/etcd/tasks/check_certs.yml
+++ b/roles/etcd/tasks/check_certs.yml
@@ -4,6 +4,8 @@
     path: "{{ etcd_cert_dir }}/{{ item }}"
     get_md5: no
   delegate_to: "{{groups['etcd'][0]}}"
+  async: 1000
+  poll: 0
   register: etcdcert_master
   run_once: true
   with_items: >-
@@ -14,6 +16,12 @@
        {% if not loop.last %}{{','}}{% endif %}
        {% endfor %}]
 
+- name: "Check_certs | check on checking certs"
+  async_status: jid={{ etcdcert_master.ansible_job_id }}
+  register: job_result
+  until: job_result.finished
+  retries: 30
+
 - name: "Check_certs | Set default value for 'sync_certs', 'gen_certs' and 'etcd_secret_changed' to false"
   set_fact:
     sync_certs: false
diff --git a/roles/kubernetes/secrets/tasks/check-certs.yml b/roles/kubernetes/secrets/tasks/check-certs.yml
index 0d5f23814..91ea0b35f 100644
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@@ -3,6 +3,8 @@
   stat:
     path: "{{ kube_cert_dir }}/{{ item }}"
   delegate_to: "{{groups['kube-master'][0]}}"
+  async: 1000
+  poll: 0
   register: kubecert_master
   run_once: true
   with_items: >-
@@ -12,6 +14,12 @@
        {% if not loop.last %}{{','}}{% endif %}
        {% endfor %}]
 
+- name: "Check_certs | check on checking certs"
+  async_status: jid={{ kubecert_master.ansible_job_id }}
+  register: job_result
+  until: job_result.finished
+  retries: 30
+
 - name: "Check_certs | Set default value for 'sync_certs', 'gen_certs', and 'secret_changed'  to false"
   set_fact:
     sync_certs: false
diff --git a/roles/kubernetes/secrets/tasks/gen_tokens.yml b/roles/kubernetes/secrets/tasks/gen_tokens.yml
index 35a8196ac..40ae24f29 100644
--- a/roles/kubernetes/secrets/tasks/gen_tokens.yml
+++ b/roles/kubernetes/secrets/tasks/gen_tokens.yml
@@ -30,12 +30,20 @@
     - [ 'system:kubelet' ]
     - "{{ groups['kube-node'] }}"
   register: gentoken_node
+  async: 1000
+  poll: 0
   changed_when: "'Added' in gentoken_node.stdout"
   notify: set secret_changed
   run_once: yes
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_tokens|default(false)
 
+- name: "Gen_tokens | check on generating tokens"
+  async_status: jid={{ gentoken_node.ansible_job_id }}
+  register: job_result
+  until: job_result.finished
+  retries: 30
+
 - name: Gen_tokens | Get list of tokens from first master
   shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
   register: tokens_list