6 files changed, 102 insertions, 79 deletions

diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml
index c3077e3c2..4d4a09828 100644
--- a/playbooks/common/openshift-cluster/openshift_hosted.yml
+++ b/playbooks/common/openshift-cluster/openshift_hosted.yml
@@ -15,4 +15,27 @@
       openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
     when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
   roles:
+  - role: openshift_cli
+  - role: openshift_hosted_facts
+  - role: openshift_projects
+    # TODO: Move standard project definitions to openshift_hosted/vars/main.yml
+    # Vars are not accessible in meta/main.yml in ansible-1.9.x
+    openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
+  - role: openshift_serviceaccounts
+    openshift_serviceaccounts_names:
+    - router
+    openshift_serviceaccounts_namespace: default
+    openshift_serviceaccounts_sccs:
+    - hostnetwork
+    when: openshift.common.version_gte_3_2_or_1_2
+  - role: openshift_serviceaccounts
+    openshift_serviceaccounts_names:
+    - router
+    - registry
+    openshift_serviceaccounts_namespace: default
+    openshift_serviceaccounts_sccs:
+    - privileged
+    when: not openshift.common.version_gte_3_2_or_1_2
+  - role: openshift_metrics
+    when: openshift.hosted.metrics.deploy | bool
   - role: openshift_hosted
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 34c96a3af..73b4bc594 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -248,7 +248,9 @@
     when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
             openshift_generate_no_proxy_hosts | default(True) | bool }}"
   roles:
-  - role: openshift_master
+  - role: openshift_master_facts
+  - role: openshift_hosted_facts
+  - role: openshift_master_certificates
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
     openshift_master_etcd_hosts: "{{ hostvars
                                      | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
@@ -258,6 +260,32 @@
                                     | oo_select_keys(groups['oo_masters_to_config'] | default([]))
                                     | oo_collect('openshift.common.all_hostnames')
                                     | oo_flatten | unique }}"
+  - role: openshift_clock
+  - role: openshift_cloud_provider
+  - role: openshift_builddefaults
+  - role: os_firewall
+    os_firewall_allow:
+    - service: etcd embedded
+      port: 4001/tcp
+    - service: api server https
+      port: "{{ openshift.master.api_port }}/tcp"
+    - service: api controllers https
+      port: "{{ openshift.master.controllers_port }}/tcp"
+    - service: skydns tcp
+      port: "{{ openshift.master.dns_port }}/tcp"
+    - service: skydns udp
+      port: "{{ openshift.master.dns_port }}/udp"
+    - service: Fluentd td-agent tcp
+      port: 24224/tcp
+    - service: Fluentd td-agent udp
+      port: 24224/udp
+    - service: pcsd
+      port: 2224/tcp
+    - service: Corosync UDP
+      port: 5404/udp
+    - service: Corosync UDP
+      port: 5405/udp
+  - role: openshift_master
     openshift_master_hosts: "{{ groups.oo_masters_to_config }}"
   - role: nickhammond.logrotate
   - role: nuage_master
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index a8c49d37b..fc6e57439 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -60,8 +60,30 @@
     when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
             openshift_generate_no_proxy_hosts | default(True) | bool }}"
   roles:
-  - role: openshift_node
+  - role: openshift_clock
+  - role: openshift_docker
+  - role: openshift_node_certificates
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+  - role: openshift_cloud_provider
+  - role: openshift_common
+  - role: openshift_node_dnsmasq
+    when: openshift.common.use_dnsmasq
+  - role: os_firewall
+    os_firewall_allow:
+    - service: Kubernetes kubelet
+      port: 10250/tcp
+    - service: http
+      port: 80/tcp
+    - service: https
+      port: 443/tcp
+    - service: Openshift kubelet ReadOnlyPort
+      port: 10255/tcp
+    - service: Openshift kubelet ReadOnlyPort udp
+      port: 10255/udp
+    - service: OpenShift OVS sdn
+      port: 4789/udp
+      when: openshift.node.use_openshift_sdn | bool
+  - role: openshift_node
 
 - name: Configure node instances
   hosts: oo_nodes_to_config:!oo_containerized_master_nodes
@@ -77,8 +99,30 @@
     when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
             openshift_generate_no_proxy_hosts | default(True) | bool }}"
   roles:
-  - role: openshift_node
+  - role: openshift_clock
+  - role: openshift_docker
+  - role: openshift_node_certificates
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+  - role: openshift_cloud_provider
+  - role: openshift_common
+  - role: openshift_node_dnsmasq
+    when: openshift.common.use_dnsmasq
+  - role: os_firewall
+    os_firewall_allow:
+    - service: Kubernetes kubelet
+      port: 10250/tcp
+    - service: http
+      port: 80/tcp
+    - service: https
+      port: 443/tcp
+    - service: Openshift kubelet ReadOnlyPort
+      port: 10255/tcp
+    - service: Openshift kubelet ReadOnlyPort udp
+      port: 10255/udp
+    - service: OpenShift OVS sdn
+      port: 4789/udp
+      when: openshift.node.use_openshift_sdn | bool
+  - role: openshift_node
 
 - name: Gather and set facts for flannel certificatess
   hosts: oo_nodes_to_config
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index c7d20f88b..74c50ae1d 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -11,27 +11,4 @@ galaxy_info:
     - 7
   categories:
   - cloud
-dependencies:
-- role: openshift_cli
-- role: openshift_hosted_facts
-- role: openshift_projects
-  # TODO: Move standard project definitions to openshift_hosted/vars/main.yml
-  # Vars are not accessible in meta/main.yml in ansible-1.9.x
-  openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
-- role: openshift_serviceaccounts
-  openshift_serviceaccounts_names:
-  - router
-  openshift_serviceaccounts_namespace: default
-  openshift_serviceaccounts_sccs:
-  - hostnetwork
-  when: openshift.common.version_gte_3_2_or_1_2
-- role: openshift_serviceaccounts
-  openshift_serviceaccounts_names:
-  - router
-  - registry
-  openshift_serviceaccounts_namespace: default
-  openshift_serviceaccounts_sccs:
-  - privileged
-  when: not openshift.common.version_gte_3_2_or_1_2
-- role: openshift_metrics
-  when: openshift.hosted.metrics.deploy | bool
+dependencies: []
diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml
index be70d9102..e391acfaa 100644
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -11,32 +11,5 @@ galaxy_info:
     - 7
   categories:
   - cloud
-dependencies:
-- role: openshift_clock
-- role: openshift_master_certificates
-- role: openshift_cloud_provider
-- role: openshift_builddefaults
-- role: openshift_master_facts
-- role: openshift_hosted_facts
-- role: os_firewall
-  os_firewall_allow:
-  - service: etcd embedded
-    port: 4001/tcp
-  - service: api server https
-    port: "{{ openshift.master.api_port }}/tcp"
-  - service: api controllers https
-    port: "{{ openshift.master.controllers_port }}/tcp"
-  - service: skydns tcp
-    port: "{{ openshift.master.dns_port }}/tcp"
-  - service: skydns udp
-    port: "{{ openshift.master.dns_port }}/udp"
-  - service: Fluentd td-agent tcp
-    port: 24224/tcp
-  - service: Fluentd td-agent udp
-    port: 24224/udp
-  - service: pcsd
-    port: 2224/tcp
-  - service: Corosync UDP
-    port: 5404/udp
-  - service: Corosync UDP
-    port: 5405/udp
+dependencies: []
+
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index fd493340b..c39269f33 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -11,26 +11,4 @@ galaxy_info:
     - 7
   categories:
   - cloud
-dependencies:
-- role: openshift_clock
-- role: openshift_docker
-- role: openshift_node_certificates
-- role: openshift_cloud_provider
-- role: openshift_common
-- role: openshift_node_dnsmasq
-  when: openshift.common.use_dnsmasq
-- role: os_firewall
-  os_firewall_allow:
-  - service: Kubernetes kubelet
-    port: 10250/tcp
-  - service: http
-    port: 80/tcp
-  - service: https
-    port: 443/tcp
-  - service: Openshift kubelet ReadOnlyPort
-    port: 10255/tcp
-  - service: Openshift kubelet ReadOnlyPort udp
-    port: 10255/udp
-  - service: OpenShift OVS sdn
-    port: 4789/udp
-    when: openshift.node.use_openshift_sdn | bool
+dependencies: []