8 files changed, 108 insertions, 10 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index 3bd2751f4..76c4f860d 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.7.0-0.191.0 ./
+3.7.0-0.194.0 ./
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index 5376b83fc..a1611d80e 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -10,7 +10,7 @@
 
 Name:           openshift-ansible
 Version:        3.7.0
-Release:        0.191.0%{?dist}
+Release:        0.194.0%{?dist}
 Summary:        Openshift and Atomic Enterprise Ansible
 License:        ASL 2.0
 URL:            https://github.com/openshift/openshift-ansible
@@ -285,6 +285,33 @@ Atomic OpenShift Utilities includes
 
 
 %changelog
+* Sun Nov 05 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.194.0
+- Revert "Bootstrap enhancements." (ccoleman@redhat.com)
+
+* Sun Nov 05 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.193.0
+- management: enterprise users must acknowledge use of beta software
+  (tbielawa@redhat.com)
+
+* Sat Nov 04 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.192.0
+- Bootstrap enhancements. (kwoodson@redhat.com)
+- Fix master upgrade version detect and systemd enable (mgugino@redhat.com)
+- Correct groupname during upgrade_control_plane play (mgugino@redhat.com)
+- openshift_hosted: Add docker-gc (smilner@redhat.com)
+- Remove old /etc/yum.repos.d/openshift_additional.repo file.
+  (abutcher@redhat.com)
+- CFME: Use cluster_hostname if cluster_public_hostname isn't available
+  (tbielawa@redhat.com)
+- Use client binary and well defined kubeconfig (sdodson@redhat.com)
+- Ensure install and remove are mutually exclusive via
+  openshift_sanitize_inventory (sdodson@redhat.com)
+- Enable SC, ASB, TSB by default (sdodson@redhat.com)
+- Using the currently attached pvc for an ES dc if available, otherwise falling
+  back to current logic (ewolinet@redhat.com)
+- Adding elb changes to provision elbs and add to scale group.
+  (kwoodson@redhat.com)
+- Give admin and edit roles permission to patch ServiceInstances and
+  ServiceBindings (staebler@redhat.com)
+
 * Fri Nov 03 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.191.0
 - Adding CONFIG_FILE option back. (kwoodson@redhat.com)
 - Configurable node config location. (kwoodson@redhat.com)
diff --git a/playbooks/byo/openshift-management/config.yml b/playbooks/byo/openshift-management/config.yml
index e8795ef85..209c66502 100644
--- a/playbooks/byo/openshift-management/config.yml
+++ b/playbooks/byo/openshift-management/config.yml
@@ -1,6 +1,6 @@
 ---
 - include: ../openshift-cluster/initialize_groups.yml
 
-- include: ../../common/openshift-cluster/evaluate_groups.yml
+- include: ../../common/openshift-cluster/std_include.yml
 
 - include: ../../common/openshift-management/config.yml
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 33028fea4..a88945538 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1289,7 +1289,7 @@ def get_container_openshift_version(facts):
     If containerized, see if we can determine the installed version via the
     systemd environment files.
     """
-    for filename in ['/etc/sysconfig/%s-master', '/etc/sysconfig/%s-node']:
+    for filename in ['/etc/sysconfig/%s-master-controllers', '/etc/sysconfig/%s-node']:
         env_path = filename % facts['common']['service_type']
         if not os.path.exists(env_path):
             continue
diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml
index b98e281a3..cec295d65 100644
--- a/roles/openshift_logging/tasks/install_logging.yaml
+++ b/roles/openshift_logging/tasks/install_logging.yaml
@@ -78,7 +78,7 @@
     generated_certs_dir: "{{openshift.common.config_base}}/logging"
     openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}"
     openshift_logging_elasticsearch_deployment_name: "{{ outer_item.0.name }}"
-    openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix ~ '-' ~ outer_item.2 if outer_item.1 is none else outer_item.1 }}"
+    openshift_logging_elasticsearch_pvc_name: "{{ outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim.claimName if outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim is defined else openshift_logging_es_pvc_prefix ~ '-' ~ outer_item.2 if outer_item.1 is none else outer_item.1 }}"
     openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_cluster_size | int }}"
 
     openshift_logging_elasticsearch_storage_type: "{{ elasticsearch_storage_type }}"
@@ -136,7 +136,7 @@
     generated_certs_dir: "{{openshift.common.config_base}}/logging"
     openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}"
     openshift_logging_elasticsearch_deployment_name: "{{ outer_item.0.name }}"
-    openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix ~ '-' ~ outer_item.2 if outer_item.1 is none else outer_item.1 }}"
+    openshift_logging_elasticsearch_pvc_name: "{{ outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim.claimName if outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim is defined else openshift_logging_es_ops_pvc_prefix ~ '-' ~ outer_item.2 if outer_item.1 is none else outer_item.1 }}"
     openshift_logging_elasticsearch_ops_deployment: true
     openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}"
 
diff --git a/roles/openshift_management/README.md b/roles/openshift_management/README.md
index 05ca27913..96de82669 100644
--- a/roles/openshift_management/README.md
+++ b/roles/openshift_management/README.md
@@ -89,6 +89,16 @@ App is created` task, we recommend running the
 [uninstall scripts](#uninstall) first before running the installer
 again.
 
+### Beta
+
+Only required for enterprise
+(`openshift_deployment_type=openshift-enterprise`) users:
+
+* `openshift_management_install_beta` - by setting this value to
+  `true` you acknowledge that this software is currently in BETA and
+  support may be limited nonexistent. This is required to begin the
+  installation.
+
 
 # Requirements
 
@@ -129,6 +139,7 @@ installer.
 | `openshift_management_project`                       | **No**   | `openshift-management`         | Namespace for the installation.     |
 | `openshift_management_project_description`           | **No**   | *CloudForms Management Engine* | Namespace/project description.      |
 | `openshift_management_install_management`            | **No**   | `false`                        | Boolean, set to `true` to install the application |
+| `openshift_management_install_beta`                  | **No**   | `false`                        | Boolean, by setting this value to `true` you acknowledge that this software is currently in BETA and support may be limited. Only required for *openshift-enterprise* users. |
 | `openshift_management_username`                      | **No**   | `admin`                        | Default management username. Changing this values **does not change the username**. Only change this value if you have changed the name already and are running integration scripts (such as the [add container provider](#container-provider) script) |
 | `openshift_management_password`                      | **No**   | `smartvm`                      | Default management password. Changing this values **does not change the password**. Only change this value if you have changed the password already and are running integration scripts (such as the [add-container-provider](#container-provider) script) |
 | **PRODUCT CHOICE**  | | | | |
@@ -310,7 +321,7 @@ inventory. The following keys are required:
 **NOTE:** Ensure your are running PostgreSQL 9.5 or you may not be
 able to deploy the app successfully.
 
-Your inventory would contain a line similar to this:
+Your inventory would contain lines similar to this:
 
 ```ini
 [OSEv3:vars]
@@ -328,7 +339,11 @@ At run time you may run into errors similar to this:
 TASK [openshift_management : Ensure the CFME App is created] ***********************************
 task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_management/tasks/main.yml:74
 Tuesday 03 October 2017  15:30:44 -0400 (0:00:00.056)       0:00:12.278 *******
-{"cmd": "/usr/bin/oc create -f /tmp/postgresql-ZPEWQS -n openshift-management", "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "Error from server (BadRequest): error when creating \"/tmp/postgresql-ZPEWQS\": Endpoints in version \"v1\" cannot be handled as a Endpoints: [pos 218]: json: decNum: got first char 'f'\n", "stdout": ""}
+{"cmd": "/usr/bin/oc create -f /tmp/postgresql-ZPEWQS -n openshift-management",
+  "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "Error from server
+  (BadRequest): error when creating \"/tmp/postgresql-ZPEWQS\": Endpoints in version
+  \"v1\" cannot be handled as a Endpoints: [pos 218]: json: decNum: got first char
+  'f'\n", "stdout": ""}
 ```
 
 Or like this:
@@ -338,7 +353,10 @@ TASK [openshift_management : Ensure the CFME App is created] *******************
 task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_management/tasks/main.yml:74
 Tuesday 03 October 2017  16:05:36 -0400 (0:00:00.052)       0:00:18.948 *******
 fatal: [m01.example.com]: FAILED! => {"changed": true, "failed": true, "msg":
-{"cmd": "/usr/bin/oc create -f /tmp/postgresql-igS5sx -n openshift-management", "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "The Endpoints \"postgresql\" is invalid: subsets[0].addresses[0].ip: Invalid value: \"doo\": must be a valid IP address, (e.g. 10.9.8.7)\n", "stdout": ""},
+{"cmd": "/usr/bin/oc create -f /tmp/postgresql-igS5sx -n openshift-management", "kind":
+ "Endpoints", "results": {}, "returncode": 1, "stderr": "The Endpoints \"postgresql\"
+  is invalid: subsets[0].addresses[0].ip: Invalid value: \"doo\": must be a valid IP
+  address, (e.g. 10.9.8.7)\n", "stdout": ""},
 ```
 
 While intimidating at first, there are useful bits of information in
@@ -568,6 +586,35 @@ automatically removed. You are urged to manually erase any data from
 old application or database deployments before attempting to
 initialize a new deployment.
 
+Failure to erase old PostgreSQL data can result in cascading
+errors. The postgres pod may enter a `crashloopbackoff` state. This
+will block the management pod from ever starting. The cause of the
+`crashloopbackoff` is due to incorrect file permissions on the
+database NFS export created during a previous deployment.
+
+To continue, erase all data from the postgres export and delete the
+pod (**not** the deployer pod). For example, if you have pods like
+such:
+
+```
+# oc get pods
+NAME                 READY     STATUS             RESTARTS   AGE
+httpd-1-cx7fk        1/1       Running            1          21h
+manageiq-0           0/1       Running            1          21h
+memcached-1-vkc7p    1/1       Running            1          21h
+postgresql-1-deploy  1/1       Running            1          21h
+postgresql-1-6w2t4   0/1       CrashLoopBackOff   1          21h
+```
+
+Then you would:
+
+1. Erase the data from the database NFS export
+2. `oc delete postgresql-1-6w2t4`
+
+The postgres deployer pod will try to scale up a new postgres pod to
+replace the one you deleted. Once the postgres pod is running the
+manageiq pod will stop blocking and begin application initialization.
+
 # Additional Information
 
 The upstream project,
diff --git a/roles/openshift_management/tasks/validate.yml b/roles/openshift_management/tasks/validate.yml
index 8b20bdc5e..b22f36a4f 100644
--- a/roles/openshift_management/tasks/validate.yml
+++ b/roles/openshift_management/tasks/validate.yml
@@ -2,12 +2,25 @@
 # Validate configuration parameters passed to the openshift_management role
 
 ######################################################################
+# BETA ACKNOWLEDGEMENT
+- name: Ensure BETA software notice has been acknowledged
+  assert:
+    that:
+      - openshift_management_install_beta | default(false) | bool
+    msg: |
+      openshift-management (CFME/MIQ) is currently BETA status. You
+      must set openshift_management_install_beta to true to
+      acknowledge that you accept this risk and understand that
+      support is limited or nonexistent.
+  when:
+    - openshift_deployment_type == 'openshift-enterprise'
+
+######################################################################
 # CORE PARAMETERS
 - name: Ensure openshift_management_app_template is valid
   assert:
     that:
       - openshift_management_app_template in __openshift_management_app_templates
-
     msg: |
       "openshift_management_app_template must be one of {{
       __openshift_management_app_templates | join(', ') }}"
diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml
index 5751723ab..8420dfb8c 100644
--- a/roles/openshift_master/tasks/systemd_units.yml
+++ b/roles/openshift_master/tasks/systemd_units.yml
@@ -58,6 +58,17 @@
   - l_create_ha_unit_files | changed
 # end workaround for missing systemd unit files
 
+- name: enable master services
+  systemd:
+    name: "{{ openshift.common.service_type }}-master-{{ item }}"
+    enabled: yes
+  with_items:
+  - api
+  - controllers
+  when:
+  - openshift.master.cluster_method == "native"
+  - not openshift.common.is_master_system_container | bool
+
 - name: Preserve Master API Proxy Config options
   command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api
   register: l_master_api_proxy