16 files changed, 108 insertions, 50 deletions

diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index 4ea639cbe..be1070f73 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -84,7 +84,7 @@
     - firewalld
 
   - name: Remove packages
-    action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent"
+    package: name={{ item }} state=absent
     when: not is_atomic | bool
     with_items:
     - atomic-enterprise
@@ -114,7 +114,7 @@
     - tuned-profiles-origin-node
 
   - name: Remove flannel package
-    action: "{{ ansible_pkg_mgr }} name=flannel state=absent"
+    package: name=flannel state=absent
     when: openshift_use_flannel | default(false) | bool and not is_atomic | bool
 
   - shell: systemctl reset-failed
@@ -247,7 +247,7 @@
     - atomic-openshift-master
 
   - name: Remove packages
-    action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent"
+    package: name={{ item }} state=absent
     when: not is_atomic | bool
     with_items:
     - atomic-enterprise
@@ -349,7 +349,7 @@
     failed_when: false
 
   - name: Remove packages
-    action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent"
+    package: name={{ item }} state=absent
     when: not is_atomic | bool
     with_items:
     - etcd
@@ -388,7 +388,7 @@
     - firewalld
 
   - name: Remove packages
-    action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent"
+    package: name={{ item }} state=absent
     when: not is_atomic | bool
     with_items:
     - haproxy
diff --git a/playbooks/byo/openshift-node/network_manager.yml b/playbooks/byo/openshift-node/network_manager.yml
new file mode 100644
index 000000000..8c810096f
--- /dev/null
+++ b/playbooks/byo/openshift-node/network_manager.yml
@@ -0,0 +1,36 @@
+---
+- hosts: localhost
+  connection: local
+  become: no
+  gather_facts: no
+  tasks:
+  - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+  - add_host:
+      name: "{{ item }}"
+      groups: l_oo_all_hosts
+    with_items: "{{ g_all_hosts }}"
+
+- hosts: l_oo_all_hosts
+  become: yes
+  tasks:
+    - name: install NetworkManager
+      package:
+        name: 'NetworkManager'
+        state: present
+
+    - name: configure NetworkManager
+      lineinfile:
+        dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}"
+        regexp: '^{{ item }}='
+        line: '{{ item }}=yes'
+        state: present
+        create: yes
+      with_items:
+        - 'USE_PEERDNS'
+        - 'NM_CONTROLLED'
+
+    - name: enable and start NetworkManager
+      service:
+        name: 'NetworkManager'
+        state: started
+        enabled: yes
\ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml
index 6d83d2527..18f99728c 100644
--- a/playbooks/common/openshift-cluster/initialize_facts.yml
+++ b/playbooks/common/openshift-cluster/initialize_facts.yml
@@ -1,7 +1,11 @@
 ---
+- name: Ensure that all non-node hosts are accessible
+  hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nfs_to_config
+  any_errors_fatal: true
+  tasks:
+
 - name: Initialize host facts
   hosts: oo_all_hosts
-  any_errors_fatal: true
   roles:
   - openshift_facts
   tasks:
diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml
index 2f384ddea..a1bd1bd92 100644
--- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml
+++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml
@@ -12,9 +12,10 @@
       {{ repoquery_cmd }} --installed --qf '%{version}' "yum"
     register: yum_ver_test
     changed_when: false
+    when: not openshift.common.is_atomic | bool
   - fail:
       msg: Incompatible versions of yum and subscription-manager found. You may need to update yum and yum-utils.
-    when: "'Plugin \"search-disabled-repos\" requires API 2.7. Supported API is 2.6.' in yum_ver_test.stdout"
+    when: "not openshift.common.is_atomic | bool and 'Plugin \"search-disabled-repos\" requires API 2.7. Supported API is 2.6.' in yum_ver_test.stdout"
 
 - name: Determine openshift_version to configure on first master
   hosts: oo_first_master
diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml
index 417096dd0..5d753447c 100644
--- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml
@@ -35,7 +35,7 @@
 - service: name=docker state=stopped
 
 - name: Upgrade Docker
-  action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version }} state=present"
+  package: name=docker{{ '-' + docker_version }} state=present
 
 - service: name=docker state=started
 
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
index 57b156b1c..b7f0267c1 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
@@ -1,7 +1,7 @@
 - name: Backup etcd
   hosts: etcd_hosts_to_backup
   vars:
-    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+    embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
     timestamp: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}"
   roles:
   - openshift_facts
@@ -42,7 +42,7 @@
     when: (embedded_etcd | bool) and (etcd_disk_usage.stdout|int > avail_disk.stdout|int)
 
   - name: Install etcd (for etcdctl)
-    action: "{{ ansible_pkg_mgr }} name=etcd state=present"
+    package: name=etcd state=present
     when: not openshift.common.is_atomic | bool
 
   - name: Generate etcd backup
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml b/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml
index 35f391f8c..f88981a0b 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml
@@ -30,7 +30,7 @@
 ## will fail on atomic host. We need to revisit how to do etcd backups there as
 ## the container may be newer than etcdctl on the host. Assumes etcd3 obsoletes etcd (7.3.1)
 - name: Upgrade etcd for etcdctl when not atomic
-  action: "{{ ansible_pkg_mgr }} name=etcd ensure=latest"
+  package: name=etcd state=latest
   when: not openshift.common.is_atomic | bool
 
 - name: Verify cluster is healthy
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/main.yml b/playbooks/common/openshift-cluster/upgrades/etcd/main.yml
index cce844403..192799376 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/main.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/main.yml
@@ -14,6 +14,9 @@
   connection: local
   become: no
   tasks:
+  - fail:
+      msg: 'The etcd upgrade playbook does not support upgrading embedded etcd, simply run the normal playbooks and etcd will be upgraded when your master is updated.'
+    when:  "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
   - name: Evaluate etcd_hosts_to_upgrade
     add_host:
       name: "{{ item }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml
index cd1139b29..d7d1fe548 100644
--- a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml
@@ -1,9 +1,10 @@
+---
 # We verified latest rpm available is suitable, so just yum update.
 - name: Upgrade packages
-  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-{{ component }}{{ openshift_pkg_version }} state=present"
+  package: "name={{ openshift.common.service_type }}-{{ component }}{{ openshift_pkg_version }} state=present"
 
 - name: Ensure python-yaml present for config upgrade
-  action: "{{ ansible_pkg_mgr }} name=PyYAML state=present"
+  package: name=PyYAML state=present
   when: not openshift.common.is_atomic | bool
 
 - name: Restart node service
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index 1f314c854..53d670196 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -17,7 +17,7 @@
   # we merge upgrade functionality into the base roles and a normal config.yml playbook run.
   - name: Determine if node is currently scheduleable
     command: >
-      {{ openshift.common.client_binary }} get node {{ openshift.node.nodename | lower }} -o json
+      {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} get node {{ openshift.node.nodename | lower }} -o json
     register: node_output
     delegate_to: "{{ groups.oo_first_master.0 }}"
     changed_when: false
@@ -29,7 +29,7 @@
 
   - name: Mark unschedulable if host is a node
     command: >
-      {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=false
+      {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=false
     delegate_to: "{{ groups.oo_first_master.0 }}"
     when: inventory_hostname in groups.oo_nodes_to_upgrade
     # NOTE: There is a transient "object has been modified" error here, allow a couple
@@ -41,7 +41,7 @@
 
   - name: Evacuate Node for Kubelet upgrade
     command: >
-      {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --evacuate --force
+      {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --evacuate --force
     delegate_to: "{{ groups.oo_first_master.0 }}"
     when: inventory_hostname in groups.oo_nodes_to_upgrade
   tasks:
@@ -64,7 +64,7 @@
 
   - name: Set node schedulability
     command: >
-      {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=true
+      {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=true
     delegate_to: "{{ groups.oo_first_master.0 }}"
     when: inventory_hostname in groups.oo_nodes_to_upgrade and was_schedulable | bool
     register: node_sched
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
index 684eea343..8c0bd272c 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
@@ -48,3 +48,18 @@
     dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
     yaml_key: 'controllerConfig.servicesServingCert.signer.keyFile'
     yaml_value: service-signer.key
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'admissionConfig.pluginConfig'
+    yaml_value: "{{ openshift.master.admission_plugin_config }}"
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'admissionConfig.pluginOrderOverride'
+    yaml_value:
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'kubernetesMasterConfig.admissionConfig'
+    yaml_value:
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml
new file mode 100644
index 000000000..32de9d94a
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml
@@ -0,0 +1,15 @@
+---
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'admissionConfig.pluginConfig'
+    yaml_value: "{{ openshift.master.admission_plugin_config }}"
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'admissionConfig.pluginOrderOverride'
+    yaml_value:
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'kubernetesMasterConfig.admissionConfig'
+    yaml_value:
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 4824eeef3..e28da5713 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -139,6 +139,8 @@
   - role: nuage_node
     when: openshift.common.use_nuage | bool
   - role: nickhammond.logrotate
+  - role: openshift_manage_node
+    openshift_master_host: "{{ groups.oo_first_master.0 }}"
   tasks:
   - name: Create group for deployment type
     group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }}
@@ -152,35 +154,3 @@
   tasks:
   - file: name={{ mktemp.stdout }} state=absent
     changed_when: False
-
-- name: Set node schedulability
-  hosts: oo_first_master
-  vars:
-    openshift_nodes: "{{ groups.oo_nodes_to_config | default([]) }}"
-  pre_tasks:
-  # Necessary because when you're on a node that's also a master the master will be
-  # restarted after the node restarts docker and it will take up to 60 seconds for
-  # systemd to start the master again
-  - name: Wait for master API to become available before proceeding
-    # Using curl here since the uri module requires python-httplib2 and
-    # wait_for port doesn't provide health information.
-    command: >
-      curl --silent --tlsv1.2
-      {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
-      --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
-      {% else %}
-      --cacert {{ openshift.common.config_base }}/master/ca.crt
-      {% endif %}
-      {{ openshift.master.api_url }}/healthz/ready
-    args:
-      # Disables the following warning:
-      # Consider using get_url or uri module rather than running curl
-      warn: no
-    register: api_available_output
-    until: api_available_output.stdout == 'ok'
-    retries: 120
-    delay: 1
-    changed_when: false
-    when: openshift.common.is_containerized | bool
-  roles:
-  - openshift_manage_node
diff --git a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml
index b7604580c..87b30aee4 100644
--- a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml
+++ b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml
@@ -13,7 +13,7 @@
 # unsupported in 1.9.+
     #service_account_permissions: "datastore,logging-write"
     tags:
-      - created-by-{{ lookup('env', 'LOGNAME') |default(cluster, true) }}
+      - created-by-{{ lookup('env', 'LOGNAME') | regex_replace('[^a-z0-9]+', '') | default(cluster, true) }}
       - environment-{{ cluster_env }}
       - clusterid-{{ cluster_id }}
       - host-type-{{ type }}
diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
index e0afc43ba..31a13aa2a 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
@@ -116,6 +116,7 @@
     ansible_become: "{{ deployment_vars[deployment_type].become }}"
     groups: "tag_environment-{{ cluster_env }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}, tag_clusterid-{{ cluster_id }}"
     openshift_node_labels: "{{ node_label }}"
+    libvirt_ip_address: "{{ item.1 }}"
   with_together:
     - '{{ instances }}'
     - '{{ ips }}'
diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml
index 7e037f2af..f460b14c8 100644
--- a/playbooks/openstack/openshift-cluster/launch.yml
+++ b/playbooks/openstack/openshift-cluster/launch.yml
@@ -107,6 +107,9 @@
       groups: 'meta-environment_{{ cluster_env }}, meta-host-type_etcd, meta-sub-host-type_default, meta-clusterid_{{ cluster_id }}'
       openshift_node_labels:
         type: "etcd"
+      openstack:
+        public_v4: '{{ item[2] }}'
+        private_v4: '{{ item[1] }}'
     with_together:
       - '{{ parsed_outputs.etcd_names }}'
       - '{{ parsed_outputs.etcd_ips }}'
@@ -121,6 +124,9 @@
       groups: 'meta-environment_{{ cluster_env }}, meta-host-type_master, meta-sub-host-type_default, meta-clusterid_{{ cluster_id }}'
       openshift_node_labels:
         type: "master"
+      openstack:
+        public_v4: '{{ item[2] }}'
+        private_v4: '{{ item[1] }}'
     with_together:
       - '{{ parsed_outputs.master_names }}'
       - '{{ parsed_outputs.master_ips }}'
@@ -135,6 +141,9 @@
       groups: 'meta-environment_{{ cluster_env }}, meta-host-type_node, meta-sub-host-type_compute, meta-clusterid_{{ cluster_id }}'
       openshift_node_labels:
         type: "compute"
+      openstack:
+        public_v4: '{{ item[2] }}'
+        private_v4: '{{ item[1] }}'
     with_together:
       - '{{ parsed_outputs.node_names }}'
       - '{{ parsed_outputs.node_ips }}'
@@ -149,6 +158,9 @@
       groups: 'meta-environment_{{ cluster_env }}, meta-host-type_node, meta-sub-host-type_infra, meta-clusterid_{{ cluster_id }}'
       openshift_node_labels:
         type: "infra"
+      openstack:
+        public_v4: '{{ item[2] }}'
+        private_v4: '{{ item[1] }}'
     with_together:
       - '{{ parsed_outputs.infra_names }}'
       - '{{ parsed_outputs.infra_ips }}'