Refactor with_items usage with Ansible package module

Using with_items with the package command results in a new transaction
for each item.  This process can take a long time with long package
lists.  Updated package tasks to pass a string of packages to the
package command resulting in a single transaction for optimal execution.

docs/best_practices_guide.adoc

@@ -490,6 +490,8 @@ The Ansible `package` module calls the associated package manager for the underl
 ---
 # tasks.yml
 - name: Install etcd (for etcdctl)
-  package: name=etcd state=latest
+  package:
+    name: etcd
+    state: latest
   register: install_result
 ----

playbooks/adhoc/uninstall_openshift.yml

@@ -81,51 +81,61 @@
     with_items:
     - firewalld
 
-  - block:
-    - block:
+  - when: openshift_remove_all | default(true) | bool
+    block:
+
+    - when: not openshift_is_atomic | bool
+      block:
+
       - name: Remove packages
-        package: name={{ item }} state=absent
-        with_items:
-        - atomic-openshift
-        - atomic-openshift-clients
-        - atomic-openshift-excluder
-        - atomic-openshift-docker-excluder
-        - atomic-openshift-node
-        - atomic-openshift-sdn-ovs
-        - atomic-openshift-hyperkube
-        - cockpit-bridge
-        - cockpit-docker
-        - cockpit-system
-        - cockpit-ws
-        - kubernetes-client
-        - openshift
-        - openshift-node
-        - openshift-sdn
-        - openshift-sdn-ovs
-        - origin
-        - origin-excluder
-        - origin-docker-excluder
-        - origin-clients
-        - origin-node
-        - origin-sdn-ovs
-        - origin-hyperkube
-        - tuned-profiles-atomic-openshift-node
-        - tuned-profiles-origin-node
+        package:
+          name: "{{ pkg_list | join(',') }} "
+          state: absent
+        vars:
+          pkg_list:
+          - atomic-openshift
+          - atomic-openshift-clients
+          - atomic-openshift-excluder
+          - atomic-openshift-docker-excluder
+          - atomic-openshift-node
+          - atomic-openshift-sdn-ovs
+          - atomic-openshift-hyperkube
+          - cockpit-bridge
+          - cockpit-docker
+          - cockpit-system
+          - cockpit-ws
+          - kubernetes-client
+          - openshift
+          - openshift-node
+          - openshift-sdn
+          - openshift-sdn-ovs
+          - origin
+          - origin-excluder
+          - origin-docker-excluder
+          - origin-clients
+          - origin-node
+          - origin-sdn-ovs
+          - origin-hyperkube
+          - tuned-profiles-atomic-openshift-node
+          - tuned-profiles-origin-node
         register: result
         until: result is succeeded
 
       - name: Remove OVS package
-        package: name=openvswitch state=absent
+        package:
+          name: openvswitch
+          state: absent
         register: result
         until: result is succeeded
         when: openshift_use_openshift_sdn | default(True) | bool
 
       - name: Remove flannel package
-        package: name=flannel state=absent
+        package:
+          name: flannel
+          state: absent
         when: openshift_use_flannel | default(false) | bool
         register: result
         until: result is succeeded
-      when: not openshift_is_atomic | bool
 
     - shell: systemctl reset-failed
       changed_when: False
@@ -156,8 +166,6 @@
       - tun0
       when: openshift_use_openshift_sdn | default(True) | bool
 
-    when: openshift_remove_all | default(true) | bool
-
   - shell: atomic uninstall "{{ item }}"-node
     changed_when: False
     failed_when: False
@@ -310,27 +318,32 @@
     - atomic-openshift-master
 
   - name: Remove packages
-    package: name={{ item }} state=absent
-    when: not openshift_is_atomic | bool and openshift_remove_all | default(True) | bool
-    with_items:
-    - atomic-openshift
-    - atomic-openshift-clients
-    - atomic-openshift-excluder
-    - atomic-openshift-docker-excluder
-    - atomic-openshift-master
-    - cockpit-bridge
-    - cockpit-docker
-    - cockpit-system
-    - cockpit-ws
-    - corosync
-    - kubernetes-client
-    - openshift
-    - openshift-master
-    - origin
-    - origin-clients
-    - origin-excluder
-    - origin-docker-excluder
-    - origin-master
+    package:
+      name: "{{ pkg_list | join(',') }}"
+      state: absent
+    when:
+    - not openshift_is_atomic | bool
+    - openshift_remove_all | default(True) | bool
+    vars:
+      pkg_list:
+      - atomic-openshift
+      - atomic-openshift-clients
+      - atomic-openshift-excluder
+      - atomic-openshift-docker-excluder
+      - atomic-openshift-master
+      - cockpit-bridge
+      - cockpit-docker
+      - cockpit-system
+      - cockpit-ws
+      - corosync
+      - kubernetes-client
+      - openshift
+      - openshift-master
+      - origin
+      - origin-clients
+      - origin-excluder
+      - origin-docker-excluder
+      - origin-master
     register: result
     until: result is succeeded
 
@@ -426,11 +439,16 @@
     failed_when: false
 
   - name: Remove packages
-    package: name={{ item }} state=absent
-    when: not openshift_is_atomic | bool and openshift_remove_all | default(True) | bool
-    with_items:
-    - etcd
-    - etcd3
+    package:
+      name: "{{ pkg_list | join(',') }}"
+      state: absent
+    when:
+    - not openshift_is_atomic | bool
+    - openshift_remove_all | default(True) | bool
+    vars:
+      pkg_list:
+      - etcd
+      - etcd3
     register: result
     until: result is succeeded
 
@@ -486,10 +504,12 @@
     - firewalld
 
   - name: Remove packages
-    package: name={{ item }} state=absent
-    when: not openshift_is_atomic | bool and openshift_remove_all | default(True) | bool
-    with_items:
-    - haproxy
+    package:
+      name: haproxy
+      state: absent
+    when:
+    - not openshift_is_atomic | bool
+    - openshift_remove_all | default(True) | bool
     register: result
     until: result is succeeded
 

playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml

@@ -37,7 +37,9 @@
   delay: 30
 
 - name: Upgrade Docker
-  package: name=docker{{ '-' + docker_version }} state=present
+  package:
+    name: docker{{ '-' + docker_version }}
+    state: present
   register: result
   until: result is succeeded
 

playbooks/gcp/openshift-cluster/build_base_image.yml

@@ -139,21 +139,24 @@
     command: subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms"
     when: using_rhel_subscriptions
   - name: Install common image prerequisites
-    package: name={{ item }} state=latest
-    with_items:
-    # required by Ansible
-    - PyYAML
-    - google-compute-engine
-    - google-compute-engine-init
-    - google-config
-    - wget
-    - git
-    - net-tools
-    - bind-utils
-    - iptables-services
-    - bridge-utils
-    - bash-completion
-    - atomic
+    package:
+      name: "{{ pkg_list | join(',') }}"
+      state: latest
+    vars:
+      pkg_list:
+      # required by Ansible
+      - PyYAML
+      - google-compute-engine
+      - google-compute-engine-init
+      - google-config
+      - wget
+      - git
+      - net-tools
+      - bind-utils
+      - iptables-services
+      - bridge-utils
+      - bash-completion
+      - atomic
   - name: Clean yum metadata
     command: yum clean all
     args:

playbooks/init/base_packages.yml

@@ -14,7 +14,9 @@
   # chrony is installed on atomic host by default, so no need to worry about
   # atomic here.
   - name: Install ntp package
-    package: name=ntp state=present
+    package:
+      name: ntp
+      state: present
     when:
     - openshift_clock_enabled | default(True) | bool
     - chrony_installed.rc != 0
@@ -30,16 +32,16 @@
     block:
     - name: Ensure openshift-ansible installer package deps are installed
       package:
-        name: "{{ item }}"
+        name: "{{ pkg_list | join(',') }}"
         state: present
-      with_items:
-      - iproute
-      - "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}"
-      - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}"
-      - "{{ 'python-ipaddress' if ansible_distribution != 'Fedora' else '' }}"
-      - libsemanage-python
-      - yum-utils
-      - "{{ 'python3-docker' if ansible_distribution == 'Fedora' else 'python-docker' }}"
-      when: item != ''
+      vars:
+        pkg_list:
+        - iproute
+        - "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}"
+        - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}"
+        - "{{ 'python-ipaddress' if ansible_distribution != 'Fedora' else '' }}"
+        - libsemanage-python
+        - yum-utils
+        - "{{ 'python3-docker' if ansible_distribution == 'Fedora' else 'python-docker' }}"
       register: result
       until: result is succeeded

roles/cockpit/tasks/main.yml

@@ -3,8 +3,11 @@
   import_tasks: firewall.yml
 
 - name: Install cockpit-ws
-  package: name={{ item }} state=present
-  with_items:
+  package:
+    name: "{{ pkg_list | join(',') }}"
+    state: present
+  vars:
+    pkg_list:
     - cockpit-ws
     - cockpit-system
     - cockpit-bridge

roles/container_runtime/tasks/package_crio.yml

@@ -32,14 +32,14 @@
 
 - name: Install cri-o
   package:
-    name: "{{ crio_pkgs | join(',') }}"
+    name: "{{ pkg_list | join(',') }}"
     state: latest
   register: result
   until: result is succeeded
   vars:
-    crio_pkgs:
-      - "cri-o"
-      - "cri-tools"
+    pkg_list:
+      - cri-o
+      - cri-tools
       - atomic
       - skopeo
 

roles/container_runtime/tasks/package_docker.yml

@@ -22,14 +22,14 @@
 # Note: The curr_docker_version.stdout check can be removed when https://github.com/ansible/ansible/issues/33187 gets fixed.
 - name: Install Docker
   package:
-    name: "{{ l_docker_pkg_list | join(',') }}"
+    name: "{{ pkg_list | join(',') }}"
     state: present
   when:
   - not (openshift_is_atomic | bool)
   register: result
   until: result is succeeded
   vars:
-    l_docker_pkg_list:
+    pkg_list:
     - "docker{{ '-' + docker_version if docker_version is defined else '' }}"
     - atomic
     - skopeo

roles/etcd/tasks/rpm.yml

@@ -6,7 +6,9 @@
   import_tasks: firewall.yml
 
 - name: Install etcd
-  package: name=etcd state=present
+  package:
+    name: etcd
+    state: present
   register: result
   until: result is succeeded
 

roles/flannel/tasks/main.yml

@@ -1,7 +1,9 @@
 ---
 - name: Install flannel
   become: yes
-  package: name=flannel state=present
+  package:
+    name: flannel
+    state: present
   when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded

roles/nickhammond.logrotate/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
 - name: nickhammond.logrotate | Install logrotate
-  package: name=logrotate state=present
+  package:
+    name: logrotate
+    state: present
   when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded

roles/nuage_ca/tasks/main.yaml

@@ -1,6 +1,8 @@
 ---
 - name: Install openssl
-  package: name=openssl state=present
+  package:
+    name: openssl
+    state: present
   when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded

roles/openshift_cli/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
 - name: Install clients
-  package: name={{ openshift_service_type }}-clients{{ openshift_pkg_version | default('') }} state=present
+  package:
+    name: "{{ openshift_service_type }}-clients{{ openshift_pkg_version | default('') }}"
+    state: present
   when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded
@@ -26,7 +28,9 @@
   when: openshift_is_atomic | bool
 
 - name: Install bash completion for oc tools
-  package: name=bash-completion state=present
+  package:
+    name: bash-completion
+    state: present
   when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded

roles/openshift_control_plane/tasks/htpass_provider.yml

@@ -1,6 +1,8 @@
 ---
 - name: Install httpd-tools if needed
-  package: name=httpd-tools state=present
+  package:
+    name: httpd-tools
+    state: present
   when:
   - item.kind == 'HTPasswdPasswordIdentityProvider'
   - not openshift_is_atomic | bool

roles/openshift_expand_partition/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
 - name: Ensure growpart is installed
-  package: name=cloud-utils-growpart state=present
+  package:
+    name: cloud-utils-growpart
+    state: present
   when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded

roles/openshift_gcp/tasks/configure_master_healthcheck.yml

@@ -6,14 +6,21 @@
   when: ansible_os_family == "RedHat"
 
 - name: install haproxy
-  package: name=haproxy state=present
+  package:
+    name: haproxy
+    state: present
   register: result
   until: result is succeeded
   retries: 10
   delay: 10
 
 - name: configure haproxy
-  template: src=master_healthcheck.j2 dest=/etc/haproxy/haproxy.cfg
+  template:
+    src: master_healthcheck.j2
+    dest: /etc/haproxy/haproxy.cfg
 
 - name: start and enable haproxy service
-  service: name=haproxy state=started enabled=yes
+  service:
+    name: haproxy
+    state: started
+    enabled: yes

roles/openshift_loadbalancer/tasks/main.yml

@@ -8,7 +8,9 @@
   import_tasks: firewall.yml
 
 - name: Install haproxy
-  package: name=haproxy state=present
+  package:
+    name: haproxy
+    state: present
   register: result
   until: result is succeeded
 

roles/openshift_nfs/tasks/setup.yml

@@ -3,7 +3,9 @@
   import_tasks: firewall.yml
 
 - name: Install nfs-utils
-  package: name=nfs-utils state=present
+  package:
+    name: nfs-utils
+    state: present
   register: result
   until: result is succeeded
 

roles/openshift_node/tasks/dnsmasq_install.yml

@@ -13,7 +13,7 @@
 - name: Install dnsmasq
   package:
     name: dnsmasq
-    state: installed
+    state: present
   register: result
   until: result is succeeded
   when: not openshift_is_atomic | bool

roles/openshift_node/tasks/install.yml

@@ -1,14 +1,14 @@
 ---
 - name: Install node, clients, and conntrack packages
   package:
-    name: "{{ item.name }}"
+    name: "{{ pkg_list | join(',') }}"
     state: present
   register: result
   until: result is succeeded
-  with_items:
-  - name: "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
-  - name: "{{ openshift_service_type }}-clients{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
-  - name: "conntrack-tools"
+  vars:
+    pkg_list:
+    - "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
+    - "{{ openshift_service_type }}-clients{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
+    - conntrack-tools
   when:
   - not openshift_is_atomic | bool
-  - item['install'] | default(True) | bool

roles/openshift_node/tasks/install_rpms.yml

@@ -1,7 +1,7 @@
 ---
 - name: install needed rpm(s)
   package:
-    name: "{{ r_openshift_node_image_prep_packages  | join(',') }}"
+    name: "{{ r_openshift_node_image_prep_packages | join(',') }}"
     state: present
   register: result
   until: result is succeeded

roles/openshift_node/tasks/storage_plugins/iscsi.yml

@@ -1,14 +1,15 @@
 ---
 - name: Install iSCSI storage plugin dependencies
   package:
-    name: "{{ item }}"
+    name: "{{ pkg_list | join(',') }}"
     state: present
   when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded
-  with_items:
-    - iscsi-initiator-utils
-    - device-mapper-multipath
+  vars:
+    pkg_list:
+      - iscsi-initiator-utils
+      - device-mapper-multipath
 
 - name: restart services
   systemd:

roles/openshift_node/tasks/upgrade.yml

@@ -22,15 +22,16 @@
 
 - name: Ensure cri-o is updated
   package:
-    name: "{{ crio_pkgs | join (',') }}"
+    name: "{{ pkg_list | join (',') }}"
     state: latest
   when:
   - openshift_use_crio | bool
   register: crio_update
+  until: crio_update is succeeded
   vars:
-    crio_pkgs:
-    - "cri-o"
-    - "cri-tools"
+    pkg_list:
+    - cri-o
+    - cri-tools
 
 - name: Remove CRI-O default configuration files
   file:

roles/openshift_repos/tasks/main.yaml

@@ -4,7 +4,9 @@
   block:
   # TODO: This needs to be removed and placed into a role
   - name: Ensure libselinux-python is installed
-    package: name=libselinux-python state=present
+    package:
+      name: libselinux-python
+      state: present
     register: result
     until: result is succeeded
 

roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml

@@ -1,6 +1,8 @@
 ---
 - name: Make sure heketi-client is installed
-  package: name=heketi-client state=present
+  package:
+    name: heketi-client
+    state: present
   when:
   - not openshift_is_atomic | bool
   - not glusterfs_heketi_is_native | bool

roles/openshift_storage_nfs/tasks/main.yml

@@ -3,7 +3,9 @@
   import_tasks: firewall.yml
 
 - name: Install nfs-utils
-  package: name=nfs-utils state=present
+  package:
+    name: nfs-utils
+    state: present
   register: result
   until: result is succeeded
 

roles/openshift_storage_nfs_lvm/tasks/nfs.yml

@@ -1,6 +1,8 @@
 ---
 - name: Install NFS server
-  package: name=nfs-utils state=present
+  package:
+    name: nfs-utils
+    state: present
   when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded

roles/os_firewall/tasks/iptables.yml

@@ -18,11 +18,12 @@
 
 - name: Install iptables packages
   package:
-    name: "{{ item }}"
+    name: "{{ pkg_list | join(',') }}"
     state: present
-  with_items:
-    - iptables
-    - iptables-services
+  vars:
+    pkg_list:
+      - iptables
+      - iptables-services
   when: not openshift_is_atomic | bool
   register: result
   until: result is succeeded

roles/os_update_latest/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
 - name: Update all packages
-  package: name=* state=latest
+  package:
+    name: '*'
+    state: latest
   register: result
   until: result is succeeded