Optimize Ansible configuration for speed

More forks, "free" play strategy, skip fact gathering...

This yielded a ~3x speedup, on our 600-node test cluster.

ansible/ansible.cfg

@@ -1,7 +1,28 @@
 [defaults]
 # (pathlist) Comma separated list of Ansible inventory sources
 inventory=inventories/
+
 # (string) Set the main callback used to display Ansible output. You can only have one at a time.
 # You can have many other callbacks, but just one can be in charge of stdout.
 # See :ref:`callback_plugins` for a list of available options.
 stdout_callback=ansible.posix.jsonl
+
+# (integer) Maximum number of forks Ansible will use to execute tasks on target hosts.
+forks=50
+
+# (string) Set the default strategy used for plays.
+strategy=free
+
+
+[connection]
+# (boolean) This is a global option, each connection plugin can override either by having more specific options or not supporting pipelining at all.
+# Pipelining, if supported by the connection plugin, reduces the number of network operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfer.
+# It can result in a very significant performance improvement when enabled.
+# However this conflicts with privilege escalation (become). For example, when using 'sudo:' operations you must first disable 'requiretty' in /etc/sudoers on all managed hosts, which is why it is disabled by default.
+# This setting will be disabled if ``ANSIBLE_KEEP_REMOTE_FILES`` is enabled.
+pipelining=True
+
+
+[persistent_connection]
+# (int) This controls the amount of time to wait for a response from a remote device before timing out a persistent connection.
+command_timeout=300

ansible/main.yaml

@@ -1,6 +1,7 @@
 ---
 - name: get jwt for cloud-init
   hosts: localhost
+  gather_facts: false
   tasks:
     - name: get jwt from opaal
       ansible.builtin.uri:
@@ -16,6 +17,7 @@
 
 - name: securely push cloud-init jwt to nodes
   hosts: all
+  gather_facts: false
   roles:
     - role: tpm_secrets
       vars: