Split long running tasks

This patch moves two of the longer-running tasks into their own tasks
file with async enabled.

Change-Id: Idd2d6f2afcfb2c74fa011c0e81d4712cb8c8a2dc

tasks/rhel7stig/async_tasks.yml

@@ -0,0 +1,45 @@
+---
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Multiple tasks will need the output of RPM verification, so let's do the
+# lookup one time and then grep over the output in subsequent tasks.
+- name: Verify all installed RPM packages
+  shell: "rpm -Va > {{ temp_dir }}/rpmverify.txt"
+  args:
+    warn: no
+  failed_when: False
+  changed_when: False
+  register: rpmverify_task
+  async: 300
+  poll: 0
+  when:
+    - not check_mode | bool
+    - ansible_os_family | lower in ['redhat', 'suse']
+  tags:
+    - skip_ansible_lint
+
+- name: Check for .shosts or shosts.equiv files
+  find:
+    paths: /
+    recurse: yes
+    hidden: yes
+    patterns: '.shosts,shosts.equiv'
+  changed_when: False
+  register: shosts_find
+  async: 300
+  poll: 0
+  when:
+    - not check_mode | bool
+    - security_rhel7_remove_shosts_files | bool

tasks/rhel7stig/auth.yml

@@ -219,27 +219,25 @@
     - auth
     - V-72275
 
-- name: Check for .shosts or shosts.equiv files
+- name: Ensure .shosts find has finished
-  find:
+  async_status:
-    paths: /
+    jid: "{{ shosts_find.ansible_job_id }}"
-    recurse: yes
+  failed_when: False
-    hidden: yes
+  changed_when: False
-    patterns: '.shosts,shosts.equiv'
+  register: job_result
-  register: shosts_find
+  until: job_result.finished | bool
+  retries: 30
   when:
-    - security_rhel7_remove_shosts_files | bool
+    - not shosts_find | skipped
-  tags:
-    - always
 
 - name: Remove .shosts or shosts.equiv files
   file:
     path: "{{ item.path }}"
     state: absent
-  with_items: "{{ shosts_find.files }}"
+  with_items: "{{ job_result.files }}"
   when:
+    - not job_result | skipped
     - security_rhel7_remove_shosts_files | bool
-    - shosts_find is defined
-    - shosts_find.files is defined
   tags:
     - high
     - auth

tasks/rhel7stig/main.yml

@@ -31,23 +31,9 @@
   tags:
     - always
 
-# Multiple tasks will need the output of RPM verification, so let's do the
+# Some of the tasks in the role may take a long time to run. Let's start them
-# lookup one time and then grep over the output in subsequent tasks.
+# as early as possible so they have time to finish.
-- name: Verify all installed RPM packages
+- include: async_tasks.yml
-  shell: "rpm -Va > {{ temp_dir }}/rpmverify.txt"
-  args:
-    warn: no
-  failed_when: False
-  changed_when: False
-  register: rpmverify_task
-  async: 300
-  poll: 0
-  when:
-    - not check_mode | bool
-    - ansible_os_family | lower in ['redhat', 'suse']
-  tags:
-    - always
-    - skip_ansible_lint
 
 - name: Get user data for all users on the system
   get_users:
@@ -68,6 +54,8 @@
 # Package installations and removals must come first so that configuration
 # changes can be made later.
 - include: packages.yml
+  tags:
+    - always
 
 # Package managers are managed first since the changes in these tasks will
 # affect the remainder of the tasks in the role.