9 files changed, 123 insertions, 63 deletions

diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 11e5b68f6..2cad4b362 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -1,6 +1,8 @@
 ---
 - include: evaluate_groups.yml
 
+- include: validate_hostnames.yml
+
 - include: ../openshift-docker/config.yml
 
 - include: ../openshift-etcd/config.yml
diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml
index db7105ed5..7917bfba5 100644
--- a/playbooks/common/openshift-cluster/evaluate_groups.yml
+++ b/playbooks/common/openshift-cluster/evaluate_groups.yml
@@ -47,7 +47,7 @@
 
   # Use g_new_node_hosts if it exists otherwise g_node_hosts
   - set_fact:
-      g_node_hosts_to_config: "{{ g_new_node_hosts | default(g_node_hosts | default([])) }}"
+      g_node_hosts_to_config: "{{ g_new_node_hosts | default(g_node_hosts | default([], true), true) }}"
 
   - name: Evaluate oo_nodes_to_config
     add_host:
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
index 8ec379109..3f5c37dde 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
@@ -74,6 +74,11 @@
 
   - set_fact:
       g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}"
+    when: openshift_pkg_version is not defined
+
+  - set_fact:
+      g_new_version: "{{ openshift_pkg_version | replace('-','') }}"
+    when: openshift_pkg_version is defined
 
   - fail:
       msg: This playbook requires Origin 1.0.6 or later
@@ -229,12 +234,19 @@
   hosts: oo_masters_to_config
   vars:
     openshift_version: "{{ openshift_pkg_version | default('') }}"
+  roles:
+  - openshift_facts
   tasks:
   - name: Upgrade to latest available kernel
     action: "{{ ansible_pkg_mgr}} name=kernel state=latest"
 
   - name: Upgrade master packages
     command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-master{{ openshift_version }}"
+    when: openshift_pkg_version is not defined
+
+  - name: Upgrade packages
+    command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}"
+    when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise'
 
   - name: Ensure python-yaml present for config upgrade
     action: "{{ ansible_pkg_mgr }} name=PyYAML state=present"
@@ -251,7 +263,7 @@
       openshift_master_certs_no_etcd:
       - admin.crt
       - master.kubelet-client.crt
-      - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
+      - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}"
       - master.server.crt
       - openshift-master.crt
       - openshift-registry.crt
@@ -415,6 +427,11 @@
   tasks:
   - name: Upgrade node packages
     command: "{{ ansible_pkg_mgr }} update -y {{ openshift.common.service_type }}-node{{ openshift_version }}"
+    when: openshift_pkg_version is not defined
+
+  - name: Upgrade packages
+    command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}"
+    when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise'
 
   - name: Restart node service
     service: name="{{ openshift.common.service_type }}-node" state=restarted
@@ -555,46 +572,55 @@
   - role: openshift_examples
     openshift_examples_import_command: replace
   pre_tasks:
-  - name: Check for default router
+  - name: Collect all routers
     command: >
-      {{ oc_cmd }} get -n default dc/router
-    register: _default_router
+      {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json
+    register: all_routers
     failed_when: false
     changed_when: false
 
+  - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}"
+    when: all_routers.rc == 0
+
+  - set_fact: haproxy_routers=[]
+    when: all_routers.rc != 0
+
   - name: Check for allowHostNetwork and allowHostPorts
-    when: _default_router.rc == 0
+    when: all_routers.rc == 0
     shell: >
       {{ oc_cmd }} get -o yaml scc/privileged | /usr/bin/grep -e allowHostPorts -e allowHostNetwork
     register: _scc
 
   - name: Grant allowHostNetwork and allowHostPorts
     when:
-    - _default_router.rc == 0
+    - all_routers.rc == 0
     - "'false' in _scc.stdout"
     command: >
       {{ oc_cmd }} patch scc/privileged -p
       '{"allowHostPorts":true,"allowHostNetwork":true}' --api-version=v1
 
   - name: Update deployment config to 1.0.4/3.0.1 spec
-    when: _default_router.rc == 0
+    when: all_routers.rc == 0
     command: >
-      {{ oc_cmd }} patch dc/router -p
+      {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p
       '{"spec":{"strategy":{"rollingParams":{"updatePercent":-10},"spec":{"serviceAccount":"router","serviceAccountName":"router"}}}}'
       --api-version=v1
+    with_items: haproxy_routers
 
   - name: Switch to hostNetwork=true
-    when: _default_router.rc == 0
+    when: all_routers.rc == 0
     command: >
-      {{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}'
+      {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}'
       --api-version=v1
+    with_items: haproxy_routers
 
   - name: Update router image to current version
-    when: _default_router.rc == 0
+    when: all_routers.rc == 0
     command: >
-      {{ oc_cmd }} patch dc/router -p
+      {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p
       '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
       --api-version=v1
+    with_items: haproxy_routers
 
   - name: Check for default registry
     command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml
index d8336fcae..d7a2ac405 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml
@@ -20,13 +20,27 @@
   - role: openshift_examples
     openshift_examples_import_command: replace
   pre_tasks:
-  - name: Check for default router
+  - name: Collect all routers
     command: >
-      {{ oc_cmd }} get -n default dc/router
-    register: _default_router
+      {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json
+    register: all_routers
     failed_when: false
     changed_when: false
 
+  - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}"
+    when: all_routers.rc == 0
+
+  - set_fact: haproxy_routers=[]
+    when: all_routers.rc != 0
+
+  - name: Update router image to current version
+    when: all_routers.rc == 0
+    command: >
+      {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p
+      '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
+      --api-version=v1
+    with_items: haproxy_routers
+
   - name: Check for default registry
     command: >
       {{ oc_cmd }} get -n default dc/docker-registry
@@ -34,13 +48,6 @@
     failed_when: false
     changed_when: false
 
-  - name: Update router image to current version
-    when: _default_router.rc == 0
-    command: >
-      {{ oc_cmd }} patch dc/router -p
-      '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
-      --api-version=v1
-
   - name: Update registry image to current version
     when: _default_registry.rc == 0
     command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml
index 91780de09..12b9c84d3 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml
@@ -41,7 +41,7 @@
       g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}"
 
   - name: Determine available versions
-    script: ../files/versions.sh {{ g_new_service_name }} openshift
+    script: ../files/versions.sh {{ g_new_service_name }}
     register: g_versions_result
 
   - set_fact:
diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml
new file mode 100644
index 000000000..047431b63
--- /dev/null
+++ b/playbooks/common/openshift-cluster/validate_hostnames.yml
@@ -0,0 +1,26 @@
+---
+- include: evaluate_groups.yml
+
+- name: Gather and set facts for node hosts
+  hosts: oo_nodes_to_config
+  roles:
+  - openshift_facts
+  tasks:
+  - openshift_facts:
+      role: "{{ item.role }}"
+      local_facts: "{{ item.local_facts }}"
+    with_items:
+      - role: common
+        local_facts:
+          hostname: "{{ openshift_hostname | default(None) }}"
+          public_hostname: "{{ openshift_public_hostname | default(None) }}"
+  - shell:
+      getent ahostsv4 {{ openshift.common.hostname }} | head -n 1 | awk '{ print $1 }'
+    register: lookupip
+    changed_when: false
+    failed_when: false
+  - name: Warn user about bad openshift_hostname values
+    pause:
+       prompt: "The hostname \"{{ openshift.common.hostname }}\" for \"{{ ansible_nodename }}\" doesn't resolve to an ip address owned by this host. Please set openshift_hostname variable to a hostname that when resolved on the host in question resolves to an IP address matching an interface on this host. This host will fail liveness checks for pods utilizing hostPorts, press CTRL-C to continue."
+       seconds: "{{ 10 if openshift_override_hostname_check | default(false) | bool else omit }}"
+    when: lookupip.stdout not in ansible_all_ipv4_addresses
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 1a3f24371..77edbd1a6 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -18,6 +18,10 @@
     - .config_managed
 
   - set_fact:
+      openshift_master_pod_eviction_timeout: "{{ lookup('oo_option', 'openshift_master_pod_eviction_timeout') | default(none, true) }}"
+    when: openshift_master_pod_eviction_timeout is not defined
+
+  - set_fact:
       openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
       openshift_master_etcd_hosts: "{{ hostvars
                                        | oo_select_keys(groups['oo_etcd_to_config']
@@ -53,6 +57,11 @@
           console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}"
           public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
           portal_net: "{{ openshift_master_portal_net | default(None) }}"
+  - openshift_facts:
+      role: hosted
+      openshift_env:
+        openshift_hosted_registry_storage_kind: 'nfs'
+    when: openshift_hosted_registry_storage_kind is not defined and groups.oo_nfs_to_config is defined and groups.oo_nfs_to_config | length > 0
   - name: Check status of external etcd certificatees
     stat:
       path: "{{ openshift.common.config_base }}/master/{{ item }}"
@@ -141,7 +150,7 @@
       openshift_master_certs_no_etcd:
       - admin.crt
       - master.kubelet-client.crt
-      - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
+      - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}"
       - master.server.crt
       - openshift-master.crt
       - openshift-registry.crt
@@ -165,10 +174,10 @@
       master_cert_subdir: master-{{ openshift.common.hostname }}
       master_cert_config_dir: "{{ openshift.common.config_base }}/master"
   - set_fact:
-      openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['nodes'])
+      openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'])
                                  | oo_nodes_with_label('region', 'infra')
                                  | oo_collect('inventory_hostname') }}"
-    when: openshift_infra_nodes is not defined
+    when: openshift_infra_nodes is not defined and groups.oo_nodes_to_config | default([]) | length > 0
 
 - name: Configure master certificates
   hosts: oo_first_master
@@ -353,6 +362,8 @@
 - name: Additional master configuration
   hosts: oo_first_master
   vars:
+    cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}"
+    etcd_urls: "{{ openshift.master.etcd_urls }}"
     openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
     omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}"
   roles:
@@ -364,30 +375,16 @@
     when: openshift.common.use_cluster_metrics | bool
   - role: openshift_manageiq
     when: openshift.common.use_manageiq | bool
-
-- name: Enable cockpit
-  hosts: oo_first_master
-  vars:
-    cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}"
-  roles:
   - role: cockpit
     when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and
       (osm_use_cockpit | bool or osm_use_cockpit is undefined )
-
-- name: Configure flannel
-  hosts: oo_first_master
-  vars:
-    etcd_urls: "{{ openshift.master.etcd_urls }}"
-  roles:
   - role: flannel_register
     when: openshift.common.use_flannel | bool
+  - role: pods
+    when: openshift.common.deployment_type == 'online'
+  - role: os_env_extras
+    when: openshift.common.deployment_type == 'online'
 
-# Additional instance config for online deployments
-- name: Additional instance config
-  hosts: oo_masters_deployment_type_online
-  roles:
-  - pods
-  - os_env_extras
 
 - name: Delete temporary directory on localhost
   hosts: localhost
@@ -398,26 +395,25 @@
   - file: name={{ g_master_mktemp.stdout }} state=absent
     changed_when: False
 
-- name: Configure service accounts
-  hosts: oo_first_master
-
-  vars:
-    accounts: ["router", "registry"]
-
-  roles:
-  - openshift_serviceaccounts
-
-- name: Create services
+- name: Create persistent volumes and create hosted services
   hosts: oo_first_master
   vars:
-    attach_registry_volume: "{{ groups.oo_nfs_to_config | length > 0 }}"
-  pre_tasks:
-  - set_fact:
-      nfs_host: "{{ groups.oo_nfs_to_config.0 }}"
-      registry_volume_path: "{{ hostvars[groups.oo_nfs_to_config.0].openshift.nfs.exports_dir + '/' + hostvars[groups.oo_nfs_to_config.0].openshift.nfs.registry_volume }}"
-    when: attach_registry_volume | bool
+    attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}"
+    deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}"
+    persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
+    persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
   roles:
+  - role: openshift_persistent_volumes
+    when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0
+  - role: openshift_serviceaccounts
+    openshift_serviceaccounts_names:
+    - router
+    - registry
+    openshift_serviceaccounts_namespace: default
+    openshift_serviceaccounts_sccs:
+    - privileged
   - role: openshift_router
-    when: openshift.master.infra_nodes is defined
+    when: deploy_infra | bool
   - role: openshift_registry
-    when: openshift.master.infra_nodes is defined and attach_registry_volume | bool
+    when: deploy_infra | bool and attach_registry_volume | bool
+
diff --git a/playbooks/common/openshift-nfs/config.yml b/playbooks/common/openshift-nfs/config.yml
index e3f5c17ca..ba7530ed7 100644
--- a/playbooks/common/openshift-nfs/config.yml
+++ b/playbooks/common/openshift-nfs/config.yml
@@ -2,4 +2,5 @@
 - name: Configure nfs hosts
   hosts: oo_nfs_to_config
   roles:
+  - role: openshift_facts
   - role: openshift_storage_nfs
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 263da5455..56d30e9b9 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -80,6 +80,7 @@
     when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
   roles:
   - role: etcd_certificates
+    when: openshift_use_flannel | default(false) | bool
   post_tasks:
   - name: Create a tarball of the etcd flannel certs
     command: >
@@ -175,6 +176,7 @@
 - name: Evaluate node groups
   hosts: localhost
   become: no
+  connection: local
   tasks:
   - name: Evaluate oo_containerized_master_nodes
     add_host: