18 files changed, 73 insertions, 109 deletions

diff --git a/playbooks/byo/openshift-master/config.yml b/playbooks/byo/openshift-master/config.yml
new file mode 100644
index 000000000..98be0c448
--- /dev/null
+++ b/playbooks/byo/openshift-master/config.yml
@@ -0,0 +1,6 @@
+---
+- include: ../openshift-cluster/initialize_groups.yml
+
+- include: ../../common/openshift-cluster/std_include.yml
+
+- include: ../../common/openshift-master/config.yml
diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml
index 7988863f3..8950efd00 100644
--- a/playbooks/byo/openshift-master/restart.yml
+++ b/playbooks/byo/openshift-master/restart.yml
@@ -1,10 +1,6 @@
 ---
 - include: ../openshift-cluster/initialize_groups.yml
-  tags:
-  - always
 
 - include: ../../common/openshift-cluster/std_include.yml
-  tags:
-  - always
 
 - include: ../../common/openshift-master/restart.yml
diff --git a/playbooks/byo/openshift-node/config.yml b/playbooks/byo/openshift-node/config.yml
new file mode 100644
index 000000000..839dc36ff
--- /dev/null
+++ b/playbooks/byo/openshift-node/config.yml
@@ -0,0 +1,6 @@
+---
+- include: ../openshift-cluster/initialize_groups.yml
+
+- include: ../../common/openshift-cluster/std_include.yml
+
+- include: ../../common/openshift-node/config.yml
diff --git a/playbooks/byo/openshift-node/restart.yml b/playbooks/byo/openshift-node/restart.yml
index 92665d71d..ccf9e82da 100644
--- a/playbooks/byo/openshift-node/restart.yml
+++ b/playbooks/byo/openshift-node/restart.yml
@@ -1,10 +1,6 @@
 ---
 - include: ../openshift-cluster/initialize_groups.yml
-  tags:
-  - always
 
 - include: ../../common/openshift-cluster/std_include.yml
-  tags:
-  - always
 
 - include: ../../common/openshift-node/restart.yml
diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml
index 0225623c6..e0c36fb69 100644
--- a/playbooks/byo/openshift-node/scaleup.yml
+++ b/playbooks/byo/openshift-node/scaleup.yml
@@ -16,9 +16,4 @@
 
 - include: ../../common/openshift-cluster/std_include.yml
 
-- include: ../../common/openshift-node/scaleup.yml
-  vars:
-    openshift_cluster_id: "{{ cluster_id | default('default') }}"
-    openshift_debug_level: "{{ debug_level | default(2) }}"
-    openshift_master_etcd_hosts: "{{ groups.etcd | default([]) }}"
-    openshift_master_etcd_port: 2379
+- include: ../../common/openshift-node/config.yml
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 26b27ba39..a406b5656 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -18,26 +18,10 @@
       - docker_image_availability
       - docker_storage
 
-- hosts: localhost
-  tasks:
-  - fail:
-      msg: No etcd hosts defined. Running an all-in-one master is deprecated and will no longer be supported in a future upgrade.
-    when: groups.oo_etcd_to_config | default([]) | length == 0 and not openshift_master_unsupported_all_in_one | default(False)
-
 - include: initialize_oo_option_facts.yml
   tags:
   - always
 
-- name: Disable excluders
-  hosts: oo_masters_to_config:oo_nodes_to_config
-  tags:
-  - always
-  gather_facts: no
-  roles:
-  - role: openshift_excluder
-    r_openshift_excluder_action: disable
-    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
-
 - include: ../openshift-etcd/config.yml
   tags:
   - etcd
@@ -51,12 +35,6 @@
   - loadbalancer
 
 - include: ../openshift-master/config.yml
-  tags:
-  - master
-
-- include: additional_config.yml
-  tags:
-  - master
 
 - include: ../openshift-node/config.yml
   tags:
@@ -75,13 +53,3 @@
   - openshift_enable_service_catalog | default(false) | bool
   tags:
   - servicecatalog
-
-- name: Re-enable excluder if it was previously enabled
-  hosts: oo_masters_to_config:oo_nodes_to_config
-  tags:
-  - always
-  gather_facts: no
-  roles:
-  - role: openshift_excluder
-    r_openshift_excluder_action: enable
-    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml
index a1ae14a1f..c9f37109b 100644
--- a/playbooks/common/openshift-cluster/evaluate_groups.yml
+++ b/playbooks/common/openshift-cluster/evaluate_groups.yml
@@ -33,13 +33,22 @@
   - name: Evaluate groups - g_nfs_hosts is single host
     fail:
       msg: The nfs group must be limited to one host
-    when: (groups[g_nfs_hosts] | default([])) | length > 1
+    when: g_nfs_hosts | default([]) | length > 1
 
   - name: Evaluate groups - g_glusterfs_hosts required
     fail:
       msg: This playbook requires g_glusterfs_hosts to be set
     when: g_glusterfs_hosts is not defined
 
+  - name: Evaluate groups - Fail if no etcd hosts group is defined
+    fail:
+      msg: >
+        No etcd hosts defined. Running an all-in-one master is deprecated and
+        will no longer be supported in a future upgrade.
+    when:
+    - g_etcd_hosts | default([]) | length == 0
+    - not openshift_master_unsupported_all_in_one | default(False)
+
   - name: Evaluate oo_all_hosts
     add_host:
       name: "{{ item }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
index 136ad5362..f76fc68d1 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
@@ -15,6 +15,7 @@
   - name: Confirm OpenShift authorization objects are in sync
     command: >
       {{ openshift.common.client_binary }} adm migrate authorization
+    when: not openshift.common.version_gte_3_7 | bool
     changed_when: false
     register: l_oc_result
     until: l_oc_result.rc == 0
diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-master/additional_config.yml
index c0ea93d2c..c0ea93d2c 100644
--- a/playbooks/common/openshift-cluster/additional_config.yml
+++ b/playbooks/common/openshift-master/additional_config.yml
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index cd25dd211..b29b9ef4f 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -1,4 +1,12 @@
 ---
+- name: Disable excluders
+  hosts: oo_masters_to_config
+  gather_facts: no
+  roles:
+  - role: openshift_excluder
+    r_openshift_excluder_action: disable
+    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
+
 - name: Gather and set facts for master hosts
   hosts: oo_masters_to_config
   vars:
@@ -208,3 +216,14 @@
   - name: Create group for deployment type
     group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}
     changed_when: False
+
+- include: additional_config.yml
+  when: not g_openshift_master_is_scaleup
+
+- name: Re-enable excluder if it was previously enabled
+  hosts: oo_masters_to_config
+  gather_facts: no
+  roles:
+  - role: openshift_excluder
+    r_openshift_excluder_action: enable
+    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index 6ad4cde65..17f9ef4bc 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -43,28 +43,8 @@
     delay: 1
     changed_when: false
 
-- name: Disable excluders
-  hosts: oo_masters_to_config
-  tags:
-  - always
-  gather_facts: no
-  roles:
-  - role: openshift_excluder
-    r_openshift_excluder_action: disable
-    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
-
 - include: ../openshift-master/config.yml
 
 - include: ../openshift-loadbalancer/config.yml
 
 - include: ../openshift-node/config.yml
-
-- name: Re-enable excluder if it was previously enabled
-  hosts: oo_masters_to_config
-  tags:
-  - always
-  gather_facts: no
-  roles:
-  - role: openshift_excluder
-    r_openshift_excluder_action: enable
-    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 04c811c22..c13417714 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -1,4 +1,12 @@
 ---
+- name: Disable excluders
+  hosts: oo_nodes_to_config
+  gather_facts: no
+  roles:
+  - role: openshift_excluder
+    r_openshift_excluder_action: disable
+    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
+
 - name: Evaluate node groups
   hosts: localhost
   become: no
@@ -78,3 +86,11 @@
   - name: Create group for deployment type
     group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }}
     changed_when: False
+
+- name: Re-enable excluder if it was previously enabled
+  hosts: oo_nodes_to_config
+  gather_facts: no
+  roles:
+  - role: openshift_excluder
+    r_openshift_excluder_action: enable
+    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
diff --git a/playbooks/common/openshift-node/scaleup.yml b/playbooks/common/openshift-node/scaleup.yml
deleted file mode 100644
index b1bbbb14c..000000000
--- a/playbooks/common/openshift-node/scaleup.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-- name: Disable excluders
-  hosts: oo_nodes_to_config
-  tags:
-  - always
-  gather_facts: no
-  roles:
-  - role: openshift_excluder
-    r_openshift_excluder_action: disable
-    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
-
-- include: ../openshift-node/config.yml
-
-- name: Re-enable excluder if it was previously enabled
-  hosts: oo_nodes_to_config
-  tags:
-  - always
-  gather_facts: no
-  roles:
-  - role: openshift_excluder
-    r_openshift_excluder_action: enable
-    r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
diff --git a/roles/openshift_clock/defaults/main.yml b/roles/openshift_clock/defaults/main.yml
new file mode 100644
index 000000000..a94f67199
--- /dev/null
+++ b/roles/openshift_clock/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+openshift_clock_enabled: True
diff --git a/roles/openshift_clock/meta/main.yml b/roles/openshift_clock/meta/main.yml
index 3e175beb0..d1e86d826 100644
--- a/roles/openshift_clock/meta/main.yml
+++ b/roles/openshift_clock/meta/main.yml
@@ -11,5 +11,4 @@ galaxy_info:
     - 7
   categories:
   - cloud
-dependencies:
-- { role: openshift_facts }
+dependencies: []
diff --git a/roles/openshift_clock/tasks/main.yaml b/roles/openshift_clock/tasks/main.yaml
index 3911201ea..f8b02524a 100644
--- a/roles/openshift_clock/tasks/main.yaml
+++ b/roles/openshift_clock/tasks/main.yaml
@@ -1,14 +1,15 @@
 ---
-- name: Set clock facts
-  openshift_facts:
-    role: clock
-    local_facts:
-      enabled: "{{ openshift_clock_enabled | default(None) }}"
+- name: Determine if chrony is installed
+  command: rpm -q chrony
+  failed_when: false
+  register: chrony_installed
 
 - name: Install ntp package
   package: name=ntp state=present
-  when: openshift.clock.enabled | bool and not openshift.clock.chrony_installed | bool
+  when:
+    - openshift_clock_enabled | bool
+    - chrony_installed.rc != 0
 
 - name: Start and enable ntpd/chronyd
-  shell: timedatectl set-ntp true
-  when: openshift.clock.enabled | bool
+  command: timedatectl set-ntp true
+  when: openshift_clock_enabled | bool
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 251d1dfb4..cf78b4a75 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1909,7 +1909,6 @@ class OpenShiftFacts(object):
     """
     known_roles = ['builddefaults',
                    'buildoverrides',
-                   'clock',
                    'cloudprovider',
                    'common',
                    'docker',
@@ -2099,13 +2098,6 @@ class OpenShiftFacts(object):
             docker['service_name'] = 'docker'
             defaults['docker'] = docker
 
-        if 'clock' in roles:
-            exit_code, _, _ = module.run_command(['rpm', '-q', 'chrony'])  # noqa: F405
-            chrony_installed = bool(exit_code == 0)
-            defaults['clock'] = dict(
-                enabled=True,
-                chrony_installed=chrony_installed)
-
         if 'cloudprovider' in roles:
             defaults['cloudprovider'] = dict(kind=None)
 
diff --git a/roles/openshift_storage_glusterfs/defaults/main.yml b/roles/openshift_storage_glusterfs/defaults/main.yml
index 8d21a3f27..0b3d3aef1 100644
--- a/roles/openshift_storage_glusterfs/defaults/main.yml
+++ b/roles/openshift_storage_glusterfs/defaults/main.yml
@@ -52,8 +52,8 @@ openshift_storage_glusterfs_registry_heketi_ssh_port: "{{ openshift_storage_glus
 openshift_storage_glusterfs_registry_heketi_ssh_user: "{{ openshift_storage_glusterfs_heketi_ssh_user }}"
 openshift_storage_glusterfs_registry_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo }}"
 openshift_storage_glusterfs_registry_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile | default(omit) }}"
-r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
-r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
+r_openshift_storage_glusterfs_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
+r_openshift_storage_glusterfs_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
 r_openshift_storage_glusterfs_os_firewall_deny: []
 r_openshift_storage_glusterfs_os_firewall_allow:
 - service: glusterfs_sshd