From: Zack Cerza <zack@redhat.com>
Date: Thu, 23 Jun 2016 18:57:36 +0000 (-0600)
Subject: Speed up key deployment by using the git repo
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=04bd03038c5569b34761e71225475738fe770dc2;p=ceph-cm-ansible.git

Speed up key deployment by using the git repo

Instead of downloading each key over HTTPS from github.com, we can
simply clone the entire repo (with depth 1) and lookup each key using
the username.

On my laptop, execution time went from 2m49s to 29s.

Signed-off-by: Zack Cerza <zack@redhat.com>
---

diff --git a/roles/users/tasks/update_keys.yml b/roles/users/tasks/update_keys.yml
index 13e04fe..774e03b 100644
--- a/roles/users/tasks/update_keys.yml
+++ b/roles/users/tasks/update_keys.yml
@@ -1,9 +1,43 @@
 ---
-- name: Update authorized_keys for each user.
+- name: Merge managed_users and managed_admin users
+  set_fact:
+    pubkey_users: "{{ managed_users|list + managed_admin_users|list }}"
+
+# The following set_fact calls are apparently necessary to avoid using sudo on
+# localhost to clone the keys repo.
+- set_fact:
+    ansible_become_orig: "{{ ansible_become }}"
+
+- set_fact:
+    ansible_become: false
+
+- name: Clone the keys repo
+  local_action:
+    module: git
+    repo: "{{ keys_repo }}"
+    version: master
+    depth: 1
+    force: yes
+    dest: "{{ keys_repo_path }}"
+  when: keys_repo is defined
+  connection: local
+
+- set_fact:
+    ansible_become: "{{ ansible_become_orig }}"
+
+- name: Update authorized_keys using the keys repo
+  authorized_key:
+    user: "{{ item.name }}"
+    key: "{{ lookup('file', keys_repo_path + '/ssh/' + item.name + '.pub') }}"
+  with_items: "{{ pubkey_users }}"
+  when: item.key is undefined and keys_repo is defined
+
+- name: Update authorized_keys for each user with literal keys
   authorized_key:
     user: "{{ item.name }}"
     key: "{{ item.key }}"
-  with_items: managed_users|list + managed_admin_users|list
+  with_items: "{{ pubkey_users }}"
+  when: item.key is defined
   # Register and retry to work around transient githubusercontent.com issues
   register: ssh_key_update
   until: ssh_key_update|success