Use ansible_facts to reference facts

By default, Ansible injects a variable for every fact, prefixed with ansible_. This can result in a large number of variables for each host, which at scale can incur a performance penalty. Ansible provides a configuration option [0] that can be set to False to prevent this injection of facts. In this case, facts should be referenced via ansible_facts.<fact>. This change updates all references to Ansible facts within Kayobe from using individual fact variables to using the items in the ansible_facts dictionary. This allows users to disable fact variable injection in their Ansible configuration, which may provide some performance improvement. This change disables fact variable injection in the ansible configuration used in CI, to catch any attempts to use the injected variables. [0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars Story: 2007993 Task: 42464 Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/791276 Change-Id: I14db53ed6e57d37bbd28dd5819e432e3fe6628b2
2021-05-13 15:33:17 +01:00
parent a48cc24988
commit f639ad0b35
46 changed files with 142 additions and 114 deletions
--- a/ansible/compute-node-discovery.yml
+++ b/ansible/compute-node-discovery.yml
@@ -11,8 +11,8 @@
      package:
        name: ipmitool
        state: present
-        cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+        cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-        update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+        update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
      become: True
      run_once: True
      delegate_to: "{{ controller_host }}"
--- a/ansible/container-image-build.yml
+++ b/ansible/container-image-build.yml
@@ -30,8 +30,8 @@
      file:
        path: "{{ kolla_build_log_path }}"
        state: touch
-        owner: "{{ ansible_user_uid }}"
+        owner: "{{ ansible_facts.user_uid }}"
-        group: "{{ ansible_user_gid }}"
+        group: "{{ ansible_facts.user_gid }}"
      become: True
    - name: Login to docker registry
--- a/ansible/disable-selinux.yml
+++ b/ansible/disable-selinux.yml
@@ -5,5 +5,5 @@
    - disable-selinux
  roles:
    - role: disable-selinux
-      disable_selinux_reboot_timeout: "{{ 600 if ansible_virtualization_role == 'host' else 300 }}"
+      disable_selinux_reboot_timeout: "{{ 600 if ansible_facts.virtualization_role == 'host' else 300 }}"
-      when: ansible_os_family == 'RedHat'
+      when: ansible_facts.os_family == 'RedHat'
--- a/ansible/dnf.yml
+++ b/ansible/dnf.yml
@@ -14,4 +14,4 @@
          tags:
            - dnf-automatic
      when:
-        - ansible_os_family == 'RedHat'
+        - ansible_facts.os_family == 'RedHat'
--- a/ansible/group_vars/all/time
+++ b/ansible/group_vars/all/time
@@ -5,7 +5,7 @@
 # Timezone.
 # Name of the local timezone.
-timezone: "{{ ansible_date_time.tz }}"
+timezone: "{{ ansible_facts.date_time.tz }}"
 ###############################################################################
 # Network Time Protocol (NTP).
--- a/ansible/host-package-update.yml
+++ b/ansible/host-package-update.yml
@@ -12,5 +12,5 @@
        name: "{{ host_package_update_packages }}"
        security: "{{ host_package_update_security | bool }}"
        state: latest
-      when: ansible_os_family == 'RedHat'
+      when: ansible_facts.os_family == 'RedHat'
      become: true
--- a/ansible/idrac-bootstrap.yml
+++ b/ansible/idrac-bootstrap.yml
@@ -46,8 +46,8 @@
          package:
            name: wget
            state: present
-            cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+            cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-            update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+            update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
        - name: Ensure Dell srvadmin repository is installed
          shell: "wget -q -O - http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash"
--- a/ansible/kayobe-target-venv.yml
+++ b/ansible/kayobe-target-venv.yml
@@ -19,23 +19,23 @@
    - block:
        - name: Gather facts
          setup:
-          when: not module_setup | default(false)
+          when: not ansible_facts.module_setup | default(false)
          register: gather_facts
        - name: Ensure the Python virtualenv package is installed
          package:
            name: python3-virtualenv
            state: present
-            cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+            cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-            update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+            update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
          become: True
        - name: Ensure global virtualenv directory exists
          file:
            path: "{{ virtualenv_path }}"
            state: directory
-            owner: "{{ ansible_user_uid }}"
+            owner: "{{ ansible_facts.user_uid }}"
-            group: "{{ ansible_user_gid }}"
+            group: "{{ ansible_facts.user_gid }}"
            mode: 0755
          # Check whether the virtualenv directory is a subdirectory of the
          # global virtualenv directory.
@@ -46,8 +46,8 @@
          file:
            path: "{{ virtualenv }}"
            state: directory
-            owner: "{{ ansible_user_uid }}"
+            owner: "{{ ansible_facts.user_uid }}"
-            group: "{{ ansible_user_gid }}"
+            group: "{{ ansible_facts.user_gid }}"
            mode: 0700
          become: True
@@ -59,7 +59,7 @@
            # Site packages are required for using the dnf module, which is not
            # available via PyPI.
            virtualenv_site_packages: True
-            virtualenv_python: "python3.{{ ansible_python.version.minor }}"
+            virtualenv_python: "python3.{{ ansible_facts.python.version.minor }}"
        - name: Ensure kayobe virtualenv has SELinux bindings installed
          pip:
@@ -67,7 +67,7 @@
            state: latest
            virtualenv: "{{ virtualenv }}"
          when:
-            - ansible_os_family == 'RedHat'
+            - ansible_facts.os_family == 'RedHat'
      vars:
        # Use the system python interpreter since the virtualenv might not
        # exist.
--- a/ansible/kolla-target-venv.yml
+++ b/ansible/kolla-target-venv.yml
@@ -21,14 +21,14 @@
    - block:
        - name: Gather facts
          setup:
-          when: not module_setup | default(false)
+          when: not ansible_facts.module_setup | default(false)
        - name: Ensure the Python virtualenv package is installed
          package:
            name: python3-virtualenv
            state: present
-            cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+            cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-            update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+            update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
          become: True
        - name: Ensure kolla-ansible virtualenv has the latest version of pip installed
@@ -39,7 +39,7 @@
            # Site packages are required for using the dnf python module, which
            # is not available via PyPI.
            virtualenv_site_packages: True
-            virtualenv_python: "python3.{{ ansible_python.version.minor }}"
+            virtualenv_python: "python3.{{ ansible_facts.python.version.minor }}"
          become: True
        - name: Ensure kolla-ansible virtualenv has docker SDK for python installed
@@ -57,7 +57,7 @@
            virtualenv: "{{ kolla_ansible_target_venv }}"
          become: True
          when:
-            - ansible_os_family == 'RedHat'
+            - ansible_facts.os_family == 'RedHat'
        - name: Ensure kolla-ansible virtualenv has correct ownership
          file:
--- a/ansible/network.yml
+++ b/ansible/network.yml
@@ -38,4 +38,4 @@
    - name: Configure the network
      include_role:
-        name: "network-{{ ansible_os_family | lower }}"
+        name: "network-{{ ansible_facts.os_family | lower }}"
--- a/ansible/overcloud-etc-hosts-fixup.yml
+++ b/ansible/overcloud-etc-hosts-fixup.yml
@@ -17,10 +17,10 @@
    - name: Ensure overcloud hosts' /etc/hosts does not contain incorrect IPs
      lineinfile:
        dest: /etc/hosts
-        regexp: "^(?!{{ internal_net_name | net_ip | regex_escape }})[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+[ \t]*{{ ansible_hostname }}"
+        regexp: "^(?!{{ internal_net_name | net_ip | regex_escape }})[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+[ \t]*{{ ansible_facts.hostname }}"
        state: absent
        # Ensure that the correct entry is present.
-        validate: "grep -E '^({{ internal_net_name | net_ip | regex_escape }}).*{{ ansible_hostname }}' %s"
+        validate: "grep -E '^({{ internal_net_name | net_ip | regex_escape }}).*{{ ansible_facts.hostname }}' %s"
      become: True
 - name: Ensure rabbitmq containers' /etc/hosts does not contain incorrect IPs
--- a/ansible/overcloud-ipa-build.yml
+++ b/ansible/overcloud-ipa-build.yml
@@ -30,7 +30,7 @@
            name: "libgcrypt"
            state: latest
          become: True
-          when: ansible_os_family == 'RedHat'
+          when: ansible_facts.os_family == 'RedHat'
        - name: Ensure Ironic Python Agent images are built
          include_role:
--- a/ansible/overcloud-ipa-images.yml
+++ b/ansible/overcloud-ipa-images.yml
@@ -78,8 +78,8 @@
      file:
        path: "{{ image_cache_path }}"
        state: directory
-        owner: "{{ ansible_user_uid }}"
+        owner: "{{ ansible_facts.user_uid }}"
-        group: "{{ ansible_user_gid }}"
+        group: "{{ ansible_facts.user_gid }}"
      become: True
      when: >-
        not image_cache_stat.stat.exists or
--- a/ansible/roles/bootstrap/tasks/main.yml
+++ b/ansible/roles/bootstrap/tasks/main.yml
@@ -1,13 +1,13 @@
 ---
 - name: Include OS family-specific variables
-  include_vars: "{{ ansible_os_family }}.yml"
+  include_vars: "{{ ansible_facts.os_family }}.yml"
 - name: Ensure required packages are installed
  package:
    name: "{{ bootstrap_package_dependencies }}"
    state: present
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: True
 - name: Check whether an SSH key exists
@@ -24,7 +24,7 @@
 - name: Ensure SSH public key is in authorized keys
  authorized_key:
-    user: "{{ ansible_user_id }}"
+    user: "{{ ansible_facts.user_id }}"
    key: "{{ lookup('file', bootstrap_ssh_private_key_path ~ '.pub') }}"
 - name: Scan for SSH keys
--- a/ansible/roles/dev-tools/tasks/main.yml
+++ b/ansible/roles/dev-tools/tasks/main.yml
@@ -3,6 +3,6 @@
  package:
    name: "{{ dev_tools_packages }}"
    state: present
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: True
--- a/ansible/roles/disable-selinux/tasks/main.yml
+++ b/ansible/roles/disable-selinux/tasks/main.yml
@@ -3,8 +3,8 @@
  package:
    name: python3-libselinux
    state: present
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: True
 - name: Check if SELinux configuration file exists
@@ -22,7 +22,7 @@
 - block:
    - name: Set a fact to determine whether we are running locally
      set_fact:
-        is_local: "{{ lookup('pipe', 'hostname') in [ansible_hostname, ansible_nodename] }}"
+        is_local: "{{ lookup('pipe', 'hostname') in [ansible_facts.hostname, ansible_facts.nodename] }}"
    - name: Reboot the system to apply SELinux changes (local)
      command: shutdown -r now "Applying SELinux changes"
--- a/ansible/roles/docker-registry/tasks/config.yml
+++ b/ansible/roles/docker-registry/tasks/config.yml
@@ -3,8 +3,8 @@
  file:
    path: "{{ docker_registry_config_path }}"
    state: directory
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
    mode: 0750
  become: True
  when: >-
@@ -15,8 +15,8 @@
  copy:
    src: "{{ docker_registry_cert_path }}"
    dest: "{{ docker_registry_config_path }}/cert.pem"
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
    mode: 0600
  become: True
  when: docker_registry_enable_tls | bool
@@ -27,8 +27,8 @@
  copy:
    src: "{{ docker_registry_key_path }}"
    dest: "{{ docker_registry_config_path }}/key.pem"
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
    mode: 0600
  become: True
  when: docker_registry_enable_tls | bool
@@ -39,8 +39,8 @@
  copy:
    src: "{{ docker_registry_basic_auth_htpasswd_path }}"
    dest: "{{ docker_registry_config_path }}/htpasswd"
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
    mode: 0600
  become: True
  when: docker_registry_enable_basic_auth | bool
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -17,7 +17,7 @@
 - name: Ensure user is in the docker group
  user:
-    name: "{{ ansible_user_id }}"
+    name: "{{ ansible_facts.user_id }}"
    groups: docker
    append: yes
  register: group_result
--- a/ansible/roles/inspection-store/tasks/config.yml
+++ b/ansible/roles/inspection-store/tasks/config.yml
@@ -3,8 +3,8 @@
  file:
    path: "{{ inspection_store_config_path }}"
    state: directory
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
    mode: 0750
  become: True
--- a/ansible/roles/ipa-images/tasks/main.yml
+++ b/ansible/roles/ipa-images/tasks/main.yml
@@ -3,8 +3,8 @@
  file:
    path: "{{ ipa_images_cache_path }}"
    state: directory
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
  become: True
 - name: Ensure Ironic Python Agent (IPA) images are present
--- a/ansible/roles/kolla-ansible-host-vars/templates/host-vars.j2
+++ b/ansible/roles/kolla-ansible-host-vars/templates/host-vars.j2
@@ -3,5 +3,7 @@
 {% set host_hv=hostvars[inventory_hostname] %}
 {% if hv_name in host_hv %}
 {{ kolla_ansible_pass_through_host_vars_map.get(hv_name, hv_name) }}: {{ host_hv[hv_name] | to_json }}
 {% elif hv_name in host_hv["ansible_facts"] %}
 {{ kolla_ansible_pass_through_host_vars_map.get(hv_name, hv_name) }}: {{ host_hv["ansible_facts"][hv_name] | to_json }}
 {% endif %}
 {% endfor %}
--- a/ansible/roles/kolla-ansible/defaults/main.yml
+++ b/ansible/roles/kolla-ansible/defaults/main.yml
@@ -13,7 +13,7 @@ kolla_ansible_source_url:
 kolla_ansible_source_version:
 # Virtualenv directory where Kolla-ansible will be installed.
-kolla_ansible_venv: "{{ ansible_env['PWD'] }}/kolla-venv"
+kolla_ansible_venv: "{{ ansible_facts.env['PWD'] }}/kolla-venv"
 # Python interpreter to use to create Kolla Ansible virtualenv.
 kolla_ansible_venv_python: python3
--- a/ansible/roles/kolla-ansible/tasks/config.yml
+++ b/ansible/roles/kolla-ansible/tasks/config.yml
@@ -30,8 +30,8 @@
  file:
    path: "{{ item }}"
    state: directory
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
    mode: 0750
  become: True
  with_items:
--- a/ansible/roles/kolla-ansible/tasks/install.yml
+++ b/ansible/roles/kolla-ansible/tasks/install.yml
@@ -1,6 +1,6 @@
 ---
 - name: Include OS family-specific variables
-  include_vars: "{{ ansible_os_family }}.yml"
+  include_vars: "{{ ansible_facts.os_family }}.yml"
 - name: Ensure EPEL repo is installed
  package:
@@ -8,7 +8,7 @@
    state: present
  become: True
  when:
-    - ansible_os_family == 'RedHat'
+    - ansible_facts.os_family == 'RedHat'
    - kolla_ansible_install_epel | bool
 - name: Ensure required packages are installed
@@ -16,16 +16,16 @@
    # NOTE(mgoddard): select non-empty packages.
    name: "{{ kolla_ansible_package_dependencies | select | list }}"
    state: present
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: True
 - name: Ensure source code checkout parent directory exists
  file:
    path: "{{ kolla_ansible_source_path | dirname }}"
    state: directory
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
  become: True
  when: kolla_ansible_ctl_install_type == 'source'
@@ -40,8 +40,8 @@
  file:
    path: "{{ kolla_ansible_venv | dirname }}"
    state: directory
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
  become: True
  when: kolla_ansible_venv is not none
--- a/ansible/roles/kolla-openstack/templates/ironic.conf.j2
+++ b/ansible/roles/kolla-openstack/templates/ironic.conf.j2
@@ -33,7 +33,7 @@ pxe_append_params = {{ kolla_ironic_pxe_append_params | join(' ') }}
 {% endif %}
 {% raw %}
-tftp_server = {{ hostvars[inventory_hostname]['ansible_' + api_interface | replace('-', '_')]['ipv4']['address'] }}
+tftp_server = {{ hostvars[inventory_hostname].ansible_facts[api_interface | replace('-', '_')]['ipv4']['address'] }}
 {% endraw %}
 {% if kolla_extra_ironic %}
--- a/ansible/roles/kolla/defaults/main.yml
+++ b/ansible/roles/kolla/defaults/main.yml
@@ -13,7 +13,7 @@ kolla_source_url:
 kolla_source_version:
 # Virtualenv directory where Kolla will be installed.
-kolla_venv: "{{ ansible_env['PWD'] }}/kolla-venv"
+kolla_venv: "{{ ansible_facts.env['PWD'] }}/kolla-venv"
 # Upper constraints file which is passed to pip when installing packages
 # into the kolla venv.
--- a/ansible/roles/kolla/tasks/config.yml
+++ b/ansible/roles/kolla/tasks/config.yml
@@ -3,8 +3,8 @@
  file:
    path: "{{ item }}"
    state: directory
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
    mode: 0750
  become: True
  with_items:
--- a/ansible/roles/kolla/tasks/install.yml
+++ b/ansible/roles/kolla/tasks/install.yml
@@ -1,6 +1,6 @@
 ---
 - name: Include OS family-specific variables
-  include_vars: "{{ ansible_os_family }}.yml"
+  include_vars: "{{ ansible_facts.os_family }}.yml"
 - name: Ensure EPEL repo is installed
  package:
@@ -8,23 +8,23 @@
    state: present
  become: True
  when:
-    - ansible_os_family == 'RedHat'
+    - ansible_facts.os_family == 'RedHat'
    - kolla_install_epel | bool
 - name: Ensure required packages are installed
  package:
    name: "{{ kolla_package_dependencies }}"
    state: present
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: True
 - name: Ensure source code checkout path exists
  file:
    path: "{{ kolla_source_path | dirname }}"
    state: directory
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
  become: True
  when: kolla_ctl_install_type == 'source'
@@ -39,8 +39,8 @@
  file:
    path: "{{ kolla_venv | dirname }}"
    state: directory
-    owner: "{{ ansible_user_uid }}"
+    owner: "{{ ansible_facts.user_uid }}"
-    group: "{{ ansible_user_gid }}"
+    group: "{{ ansible_facts.user_gid }}"
  become: True
  when: kolla_venv is not none
@@ -49,7 +49,7 @@
    name: "{{ item.name }}"
    state: latest
    virtualenv: "{{ kolla_venv }}"
-    virtualenv_python: "python3.{{ ansible_python.version.minor }}"
+    virtualenv_python: "python3.{{ ansible_facts.python.version.minor }}"
  with_items:
    - { name: pip }
--- a/ansible/roles/ntp/tasks/prepare.yml
+++ b/ansible/roles/ntp/tasks/prepare.yml
@@ -4,7 +4,7 @@
 - name: Mask alternative NTP clients to prevent conflicts
  vars:
-    service_exists: "{{ item in services }}"
+    service_exists: "{{ item in ansible_facts.services }}"
  systemd:
    name: "{{ item }}"
    enabled: "{{ 'false' if service_exists else omit }}"
@@ -23,4 +23,4 @@
  # can't possibly exist, but trying to execute this unconditionally will fail
  # with: No module named 'docker' as we have not yet added the docker package
  # to the kayobe target venv.
-  when: "'docker.service' in services"
+  when: "'docker.service' in ansible_facts.services"
--- a/ansible/roles/pip/tasks/pip_conf.yml
+++ b/ansible/roles/pip/tasks/pip_conf.yml
@@ -4,8 +4,8 @@
 - name: Ensure acl package is installed
  package:
    name: acl
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: true
 - name: Create local .pip directory
--- a/ansible/roles/snat/tasks/main.yml
+++ b/ansible/roles/snat/tasks/main.yml
@@ -2,8 +2,8 @@
 - name: Ensure iptables is installed
  package:
    name: iptables
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: true
 # iptables -t nat -A POSTROUTING -o {{ interface }} -j SNAT --to-source {{ source_ip }}
--- a/ansible/roles/swift-block-devices/tasks/main.yml
+++ b/ansible/roles/swift-block-devices/tasks/main.yml
@@ -15,8 +15,8 @@
      - parted
      - xfsprogs
    state: present
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: True
  when: swift_block_devices | length > 0
--- a/ansible/roles/veth/tasks/main.yml
+++ b/ansible/roles/veth/tasks/main.yml
@@ -1,2 +1,2 @@
 ---
- include_tasks: "{{ ansible_os_family }}.yml"
+- include_tasks: "{{ ansible_facts.os_family }}.yml"
--- a/ansible/roles/wipe-disks/tasks/main.yml
+++ b/ansible/roles/wipe-disks/tasks/main.yml
@@ -10,8 +10,8 @@
  package:
    name: lvm2
    state: present
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
  become: True
 - name: Check for unmounted block devices
--- a/ansible/seed-ipa-build.yml
+++ b/ansible/seed-ipa-build.yml
@@ -20,7 +20,7 @@
            name: libgcrypt
            state: latest
          become: True
-          when: ansible_os_family == 'RedHat'
+          when: ansible_facts.os_family == 'RedHat'
        - name: Ensure Ironic Python Agent images are built
          include_role:
--- a/ansible/seed-service-upgrade-prep.yml
+++ b/ansible/seed-service-upgrade-prep.yml
@@ -20,7 +20,7 @@
        - name: Set a fact about the current time
          set_fact:
-            ipa_extension: "{{ ansible_date_time.iso8601 }}"
+            ipa_extension: "{{ ansible_facts.date_time.iso8601 }}"
        - name: Move old IPA deployment images to make way for new ones
          command: mv {{ item.path }} {{ item.path }}.{{ ipa_extension }}
--- a/ansible/seed-vm-provision.yml
+++ b/ansible/seed-vm-provision.yml
@@ -19,20 +19,20 @@
      command: "dnf install coreutils -y --allowerasing"
      become: True
      when:
-        - ansible_os_family == 'RedHat'
+        - ansible_facts.os_family == 'RedHat'
    - name: Ensure the image cache directory exists
      file:
        path: "{{ image_cache_path }}"
        state: directory
-        owner: "{{ ansible_user_uid }}"
+        owner: "{{ ansible_facts.user_uid }}"
-        group: "{{ ansible_user_gid }}"
+        group: "{{ ansible_facts.user_gid }}"
      become: True
  roles:
    - role: jriguera.configdrive
      # For now assume the VM OS family is the same as the hypervisor's.
-      configdrive_os_family: "{{ ansible_os_family }}"
+      configdrive_os_family: "{{ ansible_facts.os_family }}"
      configdrive_uuid: "{{ seed_host | to_uuid }}"
      configdrive_fqdn: "{{ seed_host }}"
      configdrive_name: "{{ seed_host }}"
--- a/ansible/snat.yml
+++ b/ansible/snat.yml
@@ -7,7 +7,7 @@
    - snat
  vars:
    snat_rules:
-      - interface: "{{ ansible_default_ipv4.interface }}"
+      - interface: "{{ ansible_facts.default_ipv4.interface }}"
-        source_ip: "{{ ansible_default_ipv4.address }}"
+        source_ip: "{{ ansible_facts.default_ipv4.address }}"
  roles:
    - role: snat
--- a/ansible/time.yml
+++ b/ansible/time.yml
@@ -5,7 +5,7 @@
    - timezone
  tasks:
    - import_role:
-        name: yatesr.timezone
+        name: stackhpc.timezone
      become: True
 - name: Ensure ntp group exists
--- a/dev/tenks-deploy-config-compute.yml
+++ b/dev/tenks-deploy-config-compute.yml
@@ -44,7 +44,7 @@ libvirt_vm_engine: "qemu"
 # QEMU may not be installed on the host, so set the path and avoid
 # autodetection.
-libvirt_vm_emulator: "{% if ansible_os_family == 'RedHat' %}/usr/libexec/qemu-kvm{% else %}/usr/bin/qemu-system-x86_64{% endif %}"
+libvirt_vm_emulator: "{% if ansible_facts.os_family == 'RedHat' %}/usr/libexec/qemu-kvm{% else %}/usr/bin/qemu-system-x86_64{% endif %}"
 # Specify a log path in the kolla_logs Docker volume. It is accessible on the
 # host at the same path.
--- a/doc/source/configuration/reference/ansible.rst
+++ b/doc/source/configuration/reference/ansible.rst
@@ -57,7 +57,7 @@ In order to make this work with Kayobe, it is necessary to change Ansible's
 <https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-gathering>`__
 configuration option to ``smart``. Additionally, it is necessary to use
 separate fact caches for Kayobe and Kolla Ansible due to some of the facts
-(e.g. ``ansible_user_uid`` and ``ansible_python``) differing.
+(e.g. ``ansible_facts.user_uid`` and ``ansible_facts.python``) differing.
 Example
 -------
--- a/kayobe/ansible.py
+++ b/kayobe/ansible.py
@@ -336,6 +336,7 @@ def prune_galaxy_roles(parsed_args):
        'resmo.ntp',
        'stackhpc.ntp',
        'stackhpc.os-shade',
        'yatesr.timezone',
    ]
    LOG.debug("Removing roles: %s", ",".join(roles_to_remove))
    utils.galaxy_remove(roles_to_remove, "ansible/roles")
--- a/kayobe/tests/unit/test_ansible.py
+++ b/kayobe/tests/unit/test_ansible.py
@@ -532,6 +532,7 @@ class TestCase(unittest.TestCase):
            'resmo.ntp',
            'stackhpc.ntp',
            'stackhpc.os-shade',
            'yatesr.timezone',
        ]
        mock_remove.assert_called_once_with(expected_roles,
                                            "ansible/roles")
--- a/playbooks/kayobe-base/pre.yml
+++ b/playbooks/kayobe-base/pre.yml
@@ -1,5 +1,14 @@
 ---
 - hosts: primary
  vars:
    ansible_cfg: |
      [defaults]
      # Ensure that facts are referenced via ansible_facts.<fact>.
      inject_facts_as_vars = False
      [ssh_connection]
      pipelining = True
      retries = 3
  roles:
    - role: kayobe-diagnostics
      kayobe_diagnostics_phase: "pre"
@@ -22,6 +31,11 @@
        line: "export KAYOBE_EXTRA_ARGS=-vvv"
        regexp: "^#export KAYOBE_EXTRA_ARGS=$"
    - name: Ensure ansible.cfg exists
      copy:
        content: "{{ ansible_cfg }}"
        dest: "{{ kayobe_config_src_dir }}/etc/kayobe/ansible.cfg"
    - block:
        - name: Ensure previous kayobe directory exists
          file:
--- a/releasenotes/notes/ansible-facts-2b3389a2534d47a2.yaml
+++ b/releasenotes/notes/ansible-facts-2b3389a2534d47a2.yaml
@@ -0,0 +1,10 @@
 ---
 upgrade:
  - |
    Updates all references to Ansible facts within Kayobe from using
    individual fact variables to using the items in the ``ansible_facts``
    dictionary. This allows users to disable `fact variable injection
    <https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars>`__
    in their Ansible configuration, which may provide some performance
    improvement. Check for facts referenced in local configuration files, and
    update to use ``ansible_facts`` before disabling fact variable injection.
--- a/requirements.yml
+++ b/requirements.yml
@@ -5,15 +5,15 @@
  version: v1.0.1
 - src: jriguera.configdrive
  # There are no versioned releases of this role.
-  version: 8438592c84585c86e62ae07e526d3da53629b377
+  version: e12d38378ae127c9c61d170fa4ba4729f2c5f2ad
 - src: MichaelRigart.interfaces
-  version: v1.11.1
+  version: v1.12.0
 - src: mrlesmithjr.chrony
-  version: v0.1.0
+  version: v0.1.1
 - src: mrlesmithjr.manage-lvm
-  version: v0.1.4
+  version: v0.2.2
 - src: mrlesmithjr.mdadm
-  version: v0.1.0
+  version: v0.1.1
 - src: singleplatform-eng.users
  version: v1.2.5
 - src: stackhpc.dell-powerconnect-switch
@@ -23,24 +23,24 @@
 - src: stackhpc.drac-facts
  version: 1.0.0
 - src: stackhpc.grafana-conf
-  version: 1.1.0
+  version: 1.1.1
 - src: stackhpc.libvirt-host
-  version: v1.8.2
+  version: v1.8.3
 - src: stackhpc.libvirt-vm
-  version: v1.14.1
+  version: v1.14.2
 - src: stackhpc.luks
-  version: 0.4.0
+  version: 0.4.1
 - src: stackhpc.mellanox-switch
  version: v1.0.0
 - src: stackhpc.os-images
-  version: v1.10.6
+  version: v1.10.7
 - src: stackhpc.os-ironic-state
  version: v1.3.1
 - src: stackhpc.os-networks
-  version: v1.5.1
+  version: v1.5.3
 - src: stackhpc.os-openstackclient
-  version: v1.4.0
+  version: v1.4.1
 - src: stackhpc.os_openstacksdk
-  version: v1.0.0
+  version: v1.0.1
- src: yatesr.timezone
+- src: stackhpc.timezone
-  version: 1.2.0
+  version: 1.2.1
`@@ -1,2 +1,2 @@`
	`---`	`---`
	`- include_tasks: "{{ ansible_os_family }}.yml"`	`- include_tasks: "{{ ansible_facts.os_family }}.yml"`