From 4deb17be94a4065d10328d038570c8f8207b339c Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 6 May 2018 18:39:39 -0500
Subject: [PATCH] roles/freeradius: Optimize defaults cleanup

Using `state=absent` with the `file` module in a `with_items` loop to
delete the "default" module and site configuration files and the example
certificates is incredibly slow. Especially on the Raspberry Pi, it can
take several minutes to apply this role, even when there are no changes
to make. Using the `command` module and running `rm` to remove these
files, while not as idempotent, is significantly faster. The main
drawback is that each item in the list is not checked, so new items to
remove have to be added to the end of the list instead of in
alphabetical order.
---
 roles/freeradius/tasks/main.yml | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/roles/freeradius/tasks/main.yml b/roles/freeradius/tasks/main.yml
index f86bb04..be0338b 100644
--- a/roles/freeradius/tasks/main.yml
+++ b/roles/freeradius/tasks/main.yml
@@ -35,16 +35,20 @@
   notify: restart radiusd
 
 - name: ensure unused modules are disabled
-  file:
-    name=/etc/raddb/mods-enabled/{{ item }}
-    state=absent
-  with_items: '{{ radiusd_disable_modules }}'
+  command:
+    rm -vf
+    {% for mod in radiusd_disable_modules %}
+    /etc/raddb/mods-enabled/{{ mod }}
+    {% endfor %}
+    removes=/etc/raddb/mods-enabled/{{ radiusd_disable_modules[-1] }}
   notify: restart radiusd
 - name: ensure unused sites are disabled
-  file:
-    name=/etc/raddb/sites-enabled/{{ item }}
-    state=absent
-  with_items: '{{ radiusd_disable_sites }}'
+  command:
+    rm -vf
+    {% for site in radiusd_disable_sites %}
+    /etc/raddb/sites-enabled/{{ site }}
+    {% endfor %}
+    removes=/etc/raddb/sites-enabled/{{ radiusd_disable_sites[-1] }}
   notify: restart radiusd
 
 - name: ensure server certificate is installed
@@ -67,10 +71,12 @@
     openssl dhparam -out /etc/raddb/certs/dhparam {{ radiusd_dhparm_size }}
     creates=/etc/raddb/certs/dhparam
 - name: ensure example certificates are removed
-  file:
-    path=/etc/raddb/certs/{{ item }}
-    state=absent
-  with_items: '{{ radiusd_example_cert_files }}'
+  command:
+    rm -vf
+    {% for file in radiusd_example_cert_files %}
+    /etc/raddb/certs/{{ file }}
+    {% endfor %}
+    removes=/etc/raddb/certs/{{ radiusd_example_cert_files[-1] }}
 
 - name: ensure freeradius clients are configured
   template: