4 files changed, 40 insertions, 20 deletions

diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 17bec5352..b4ffc99e3 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -63,10 +63,17 @@
     path: "{{ etcd_data_dir }}"
     state: directory
     mode: 0700
+  when: etcd_is_containerized | bool
+
+- name: Ensure etcd datadir ownership for thirdparty datadir
+  file:
+    path: "{{ etcd_data_dir }}"
+    state: directory
+    mode: 0700
     owner: etcd
     group: etcd
     recurse: True
-  when: etcd_is_containerized | bool or etcd_is_thirdparty | bool
+  when: etcd_is_thirdparty | bool
 
   # TODO: Determine if the below reload would work here, for now just reload
 - name:
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index 39e7de230..d89ce855a 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -56,6 +56,13 @@
     openshift_hosted_registry_force:
     - False
 
+- name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry
+  oc_adm_policy_user:
+    user: system:serviceaccount:default:registry
+    resource_kind: cluster-role
+    resource_name: system:registry
+    state: present
+
 - name: create the default registry service
   oc_service:
     namespace: "{{ openshift_hosted_registry_namespace }}"
@@ -65,7 +72,8 @@
       port: 5000
       protocol: TCP
       targetPort: 5000
-    selector: "{{ openshift_hosted_registry_selector }}"
+    selector:
+      docker-registry: default
     session_affinity: ClientIP
     service_type: ClusterIP
 
diff --git a/roles/openshift_logging/tasks/generate_pvcs.yaml b/roles/openshift_logging/tasks/generate_pvcs.yaml
index d782d621e..d6d1abd06 100644
--- a/roles/openshift_logging/tasks/generate_pvcs.yaml
+++ b/roles/openshift_logging/tasks/generate_pvcs.yaml
@@ -2,28 +2,28 @@
 - name: Init pool of PersistentVolumeClaim names
   set_fact: es_pvc_pool={{es_pvc_pool|default([]) + [pvc_name]}}
   vars:
-    pvc_name: "{{openshift_logging_es_pvc_prefix}}-{{item| int}}"
-    start: "{{es_pvc_names | map('regex_search',openshift_logging_es_pvc_prefix+'.*')|select('string')|list|length}}"
-  with_sequence: start={{start}} end={{ (start|int > openshift_logging_es_cluster_size|int - 1) | ternary(start, openshift_logging_es_cluster_size|int - 1)}}
+    pvc_name: "{{es_pvc_prefix}}-{{item| int}}"
+    start: "{{es_pvc_names | map('regex_search', es_pvc_prefix+'.*')|select('string')|list|length}}"
+  with_sequence: start={{start}} end={{ (start|int > es_cluster_size|int - 1) | ternary(start, es_cluster_size|int - 1)}}
   when:
-    - openshift_logging_es_pvc_size | search('^\d.*')
-    - "{{ es_dc_names|default([]) | length < openshift_logging_es_cluster_size|int }}"
+    - es_pvc_size | search('^\d.*')
+    - "{{ es_dc_names|default([]) | length < es_cluster_size|int }}"
   check_mode: no
 
 - name: Generating PersistentVolumeClaims
   template: src=pvc.j2 dest={{mktemp.stdout}}/templates/logging-{{obj_name}}-pvc.yaml
   vars:
     obj_name: "{{claim_name}}"
-    size: "{{openshift_logging_es_pvc_size}}"
+    size: "{{es_pvc_size}}"
     access_modes:
       - ReadWriteOnce
-    pv_selector: "{{openshift_logging_es_pv_selector}}"
+    pv_selector: "{{es_pv_selector}}"
   with_items:
     - "{{es_pvc_pool | default([])}}"
   loop_control:
     loop_var: claim_name
   when:
-    - not openshift_logging_es_pvc_dynamic
+    - not es_pvc_dynamic
     - es_pvc_pool is defined
   check_mode: no
   changed_when: no
@@ -34,16 +34,16 @@
     obj_name: "{{claim_name}}"
     annotations:
       volume.alpha.kubernetes.io/storage-class: "dynamic"
-    size: "{{openshift_logging_es_pvc_size}}"
+    size: "{{es_pvc_size}}"
     access_modes:
       - ReadWriteOnce
-    pv_selector: "{{openshift_logging_es_pv_selector}}"
+    pv_selector: "{{es_pv_selector}}"
   with_items:
     - "{{es_pvc_pool|default([])}}"
   loop_control:
     loop_var: claim_name
   when:
-    - openshift_logging_es_pvc_dynamic
+    - es_pvc_dynamic
     - es_pvc_pool is defined
   check_mode: no
   changed_when: no
diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml
index 244949505..6b441c4aa 100644
--- a/roles/openshift_logging/tasks/install_elasticsearch.yaml
+++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml
@@ -5,9 +5,13 @@
 - name: Generate PersistentVolumeClaims
   include: "{{ role_path}}/tasks/generate_pvcs.yaml"
   vars:
-    es_pvc_pool: []
+    es_pv_selector: "{{openshift_logging_es_pv_selector}}"
+    es_pvc_dynamic: "{{openshift_logging_es_pvc_dynamic | bool}}"
     es_pvc_names: "{{openshift_logging_facts.elasticsearch.pvcs.keys()}}"
+    es_pvc_prefix: "{{openshift_logging_es_pvc_prefix}}"
+    es_pvc_size: "{{openshift_logging_es_pvc_size}}"
     es_dc_names: "{{openshift_logging_facts.elasticsearch.deploymentconfigs.keys()}}"
+    es_cluster_size: "{{openshift_logging_es_cluster_size}}"
 
 # we should initialize the es_dc_pool with the current keys
 - name: Init pool of DeploymentConfig names for Elasticsearch
@@ -61,17 +65,18 @@
     - "{{es_dcs | length - openshift_logging_es_ops_cluster_size|int | abs > 1}}"
   check_mode: no
 
+- set_fact: es_pvc_pool={{[]}}
+
 - name: Generate PersistentVolumeClaims for Ops
   include: "{{ role_path}}/tasks/generate_pvcs.yaml"
   vars:
-    es_pvc_pool: []
     es_pvc_names: "{{openshift_logging_facts.elasticsearch_ops.pvcs.keys()}}"
     es_dc_names: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys()}}"
-    openshift_logging_es_pvc_prefix: "{{openshift_logging_es_ops_pvc_prefix}}"
-    openshift_logging_es_cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}"
-    openshift_logging_es_pvc_size: "{{openshift_logging_es_ops_pvc_size}}"
-    openshift_logging_es_pvc_dynamic: "{{openshift_logging_es_ops_pvc_dynamic}}"
-    openshift_logging_es_pv_selector: "{{openshift_logging_es_ops_pv_selector}}"
+    es_pvc_size: "{{openshift_logging_es_ops_pvc_size}}"
+    es_pvc_prefix: "{{openshift_logging_es_ops_pvc_prefix}}"
+    es_cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}"
+    es_pvc_dynamic: "{{openshift_logging_es_ops_pvc_dynamic | bool}}"
+    es_pv_selector: "{{openshift_logging_es_ops_pv_selector}}"
   when:
     - openshift_logging_use_ops | bool
   check_mode: no