- Break out common packages from play into local vars file - Fix atomic package updates. Not idempotent if there are pending transactions. Maybe add a task to clean up pending transactions before updating. - Make create-user role task 'copy pubkey to authorized_keys for user' more correct/idempotent. It currently copies the file ~/.ssh/id_rsa.pub to authorized_keys rather than the contents, clobbering what may be there. - Extend glusterfs-server role. If K8s, ensure Heketi pod is deployed. If not K8s, deploy normal service. If a new deploy of Heketi, use Jinja2 templating for Heketi topology and import it (task run_once/one node only). This will setup the disks/bricks, Ansible won't need to do it (modules for Gluster aren't great) - Test conditionals against more than CentOS to ensure it remains effective across Fedora (atomic/non), CentOS, and RHEL. - Make the playbook prompt for user/password only when making a user - eg: variable named 'createuser' (yes/no) to decide. Ansible doesn't seem to natively do this with vars_prompt, may need hackery. - Remove some cross-role dependencies. For example, the bootstrap role (which will likely always need to be included) defines is_atomic, used by other roles. Keeping things within their own roles helps keep them portable/reusable. Anything that is usable by many roles should be included in 'bootstrap'.