Update for RC2 changes

Remove openshift-deployer.kubeconfig from master template
Sync config template
Update enterprise image names
Switch to node auto registration
Add deployer to list of serviceAccountConfig.managedNames
Move package installation before registering facts
change default kubeconfig location
Change system:openshift-client to system:openshift-master
Rename node cert/key/kubeconfig per openshift/origin#3160
Update references to /var/lib/openshift/openshift.local.certificates

2 files changed, 37 insertions, 17 deletions

diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 23f8b4649..da0a663ec 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -8,6 +8,15 @@
     - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods
   when: openshift_master_oauth_grant_method is defined
 
+- name: Install OpenShift Master package
+  yum: pkg=openshift-master state=present
+  register: install_result
+
+# TODO: Is this necessary or was this a workaround for an old bug in packaging?
+- name: Reload systemd units
+  command: systemctl daemon-reload
+  when: install_result | changed
+
 - name: Set master OpenShift facts
   openshift_facts:
     role: master
@@ -51,14 +60,6 @@
       domain: cluster.local
   when: openshift.master.embedded_dns
 
-- name: Install OpenShift Master package
-  yum: pkg=openshift-master state=present
-  register: install_result
-
-- name: Reload systemd units
-  command: systemctl daemon-reload
-  when: install_result | changed
-
 - name: Create config parent directory if it doesn't exist
   file:
     path: "{{ openshift_master_config_dir }}"
@@ -130,7 +131,7 @@
 
 - name: Create the OpenShift client config dir(s)
   file:
-    path: "~{{ item }}/.config/openshift"
+    path: "~{{ item }}/.kube"
     state: directory
     mode: 0700
     owner: "{{ item }}"
@@ -142,16 +143,16 @@
 # TODO: Update this file if the contents of the source file are not present in
 # the dest file, will need to make sure to ignore things that could be added
 - name: Copy the OpenShift admin client config(s)
-  command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.config/openshift/.config
+  command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config
   args:
-    creates: ~{{ item }}/.config/openshift/.config
+    creates: ~{{ item }}/.kube/config
   with_items:
   - root
   - "{{ ansible_ssh_user }}"
 
 - name: Update the permissions on the OpenShift admin client config(s)
   file:
-    path: "~{{ item }}/.config/openshift/.config"
+    path: "~{{ item }}/.kube/config"
     state: file
     mode: 0700
     owner: "{{ item }}"
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 1c2d37b63..9df07e925 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -1,3 +1,6 @@
+apiLevels:
+- v1beta3
+- v1
 apiVersion: v1
 assetConfig:
   logoutURL: ""
@@ -8,6 +11,8 @@ assetConfig:
     certFile: master.server.crt
     clientCA: ""
     keyFile: master.server.key
+    maxRequestsInFlight: 0
+    requestTimeoutSeconds: 0
 corsAllowedOrigins:
 {# TODO: add support for user specified corsAllowedOrigins #}
 {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %}
@@ -43,9 +48,9 @@ etcdConfig:
 {% endif %}
 etcdStorageConfig:
   kubernetesStoragePrefix: kubernetes.io
-  kubernetesStorageVersion: v1beta3
-  kubernetesStoragePrefix: kubernetes.io
-  openShiftStorageVersion: v1beta3
+  kubernetesStorageVersion: v1
+  openShiftStoragePrefix: openshift.io
+  openShiftStorageVersion: v1
 imageConfig:
   format: {{ openshift.master.registry_url }}
   latest: false
@@ -58,18 +63,24 @@ kubeletClientInfo:
   port: 10250
 {% if openshift.master.embedded_kube %}
 kubernetesMasterConfig:
+  apiLevels:
+  - v1beta3
+  - v1
+  apiServerArguments: null
+  controllerArguments: null
 {# TODO: support overriding masterCount #}
   masterCount: 1
   masterIP: ""
+  podEvictionTimeout: ""
   schedulerConfigFile: {{ openshift_master_scheduler_conf }}
+  servicesNodePortRange: ""
   servicesSubnet: {{ openshift.master.portal_net }}
   staticNodeNames: {{ openshift_node_ips | default([], true) }}
 {% endif %}
 masterClients:
 {# TODO: allow user to set externalKubernetesKubeConfig #}
-  deployerKubeConfig: openshift-deployer.kubeconfig
   externalKubernetesKubeConfig: ""
-  openshiftLoopbackKubeConfig: openshift-client.kubeconfig
+  openshiftLoopbackKubeConfig: openshift-master.kubeconfig
 masterPublicURL: {{ openshift.master.public_api_url }}
 networkConfig:
   clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }}
@@ -78,16 +89,22 @@ networkConfig:
 {% include 'v1_partials/oauthConfig.j2' %}
 policyConfig:
   bootstrapPolicyFile: {{ openshift_master_policy }}
+  openshiftInfrastructureNamespace: openshift-infra
   openshiftSharedResourcesNamespace: openshift
 {# TODO: Allow users to override projectConfig items #}
 projectConfig:
   defaultNodeSelector: ""
   projectRequestMessage: ""
   projectRequestTemplate: ""
+  securityAllocator:
+    mcsAllocatorRange: s0:/2
+    mcsLabelsPerProject: 5
+    uidAllocatorRange: 1000000000-1999999999/10000
 serviceAccountConfig:
   managedNames:
   - default
   - builder
+  - deployer
   privateKeyFile: serviceaccounts.private.key
   publicKeyFiles:
   - serviceaccounts.public.key
@@ -96,3 +113,5 @@ servingInfo:
   certFile: master.server.crt
   clientCA: ca.crt
   keyFile: master.server.key
+  maxRequestsInFlight: 0
+  requestTimeoutSeconds: 0