5 files changed, 29 insertions, 14 deletions
diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml
index 4d88db037..94c0f4472 100644
--- a/roles/openshift_aws/defaults/main.yml
+++ b/roles/openshift_aws/defaults/main.yml
@@ -17,7 +17,6 @@ openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}"
 
 openshift_aws_iam_cert_name: "{{ openshift_aws_clusterid }}-master-external"
 openshift_aws_iam_cert_path: ''
-openshift_aws_iam_cert_chain_path: ''
 openshift_aws_iam_cert_key_path: ''
 openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift {{ openshift_aws_node_group_type }}"
 
@@ -144,6 +143,11 @@ openshift_aws_elb_instance_filter:
   "tag:host-type": "{{ openshift_aws_node_group_type }}"
   instance-state-name: running
 
+openshift_aws_launch_config_security_groups:
+- "{{ openshift_aws_clusterid }}"  # default sg
+- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}"  # node type sg
+- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s"  # node type sg k8s
+
 openshift_aws_node_security_groups:
   default:
     name: "{{ openshift_aws_clusterid }}"
diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml
index a1fdd66fc..7bc3184df 100644
--- a/roles/openshift_aws/tasks/elb.yml
+++ b/roles/openshift_aws/tasks/elb.yml
@@ -29,9 +29,9 @@
                    if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type
                    else openshift_aws_elb_listeners }}"
 
-- name: "Create ELB {{ openshift_aws_elb_name }}"
+- name: "Create ELB {{ l_openshift_aws_elb_name }}"
   ec2_elb_lb:
-    name: "{{ openshift_aws_elb_name }}"
+    name: "{{ l_openshift_aws_elb_name }}"
     state: present
     security_group_names: "{{ openshift_aws_elb_security_groups }}"
     idle_timeout: "{{ openshift_aws_elb_idle_timout }}"
@@ -49,10 +49,10 @@
 
 # It is necessary to ignore_errors here because the instances are not in 'ready'
 #  state when first added to ELB
-- name: "Add instances to ELB {{ openshift_aws_elb_name }}"
+- name: "Add instances to ELB {{ l_openshift_aws_elb_name }}"
   ec2_elb:
     instance_id: "{{ item.id }}"
-    ec2_elbs: "{{ openshift_aws_elb_name }}"
+    ec2_elbs: "{{ l_openshift_aws_elb_name }}"
     state: present
     region: "{{ openshift_aws_region }}"
     wait: False
diff --git a/roles/openshift_aws/tasks/iam_cert.yml b/roles/openshift_aws/tasks/iam_cert.yml
index cd9772a25..f74a62b8b 100644
--- a/roles/openshift_aws/tasks/iam_cert.yml
+++ b/roles/openshift_aws/tasks/iam_cert.yml
@@ -11,17 +11,23 @@
   - "'failed' in elb_cert_chain"
   - elb_cert_chain.failed
   - "'msg' in elb_cert_chain"
-  - "'already exists and has a different certificate body' in elb_cert_chain.msg"
-  - "'BotoServerError' in elb_cert_chain.msg"
+  - "'already exists and has a different certificate body' in elb_cert_chain.msg or 'BotoServerError' in elb_cert_chain.msg or 'Traceback' in elb_cert_chain.msg.module_stderr"
   when:
   - openshift_aws_create_iam_cert | bool
   - openshift_aws_iam_cert_path != ''
   - openshift_aws_iam_cert_key_path != ''
   - openshift_aws_elb_cert_arn == ''
 
+- debug: msg="{{ elb_cert_chain }}"
+
 - name: set_fact openshift_aws_elb_cert_arn
   set_fact:
     openshift_aws_elb_cert_arn: "{{ elb_cert_chain.arn }}"
+  when:
+  - openshift_aws_create_iam_cert | bool
+  - openshift_aws_iam_cert_path != ''
+  - openshift_aws_iam_cert_key_path != ''
+  - openshift_aws_elb_cert_arn == ''
 
 - name: wait for cert to propagate
   pause:
diff --git a/roles/openshift_aws/tasks/launch_config.yml b/roles/openshift_aws/tasks/launch_config.yml
index 65c5a6cc0..e6be9969c 100644
--- a/roles/openshift_aws/tasks/launch_config.yml
+++ b/roles/openshift_aws/tasks/launch_config.yml
@@ -4,13 +4,18 @@
   when:
   - openshift_aws_ami is undefined
 
+- name: query vpc
+  ec2_vpc_net_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      'tag:Name': "{{ openshift_aws_vpc_name }}"
+  register: vpcout
+
 - name: fetch the security groups for launch config
   ec2_group_facts:
     filters:
-      group-name:
-      - "{{ openshift_aws_clusterid }}"  # default sg
-      - "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}"  # node type sg
-      - "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s"  # node type sg k8s
+      group-name: "{{ openshift_aws_launch_config_security_groups }}"
+      vpc-id: "{{ vpcout.vpcs[0].id }}"
     region: "{{ openshift_aws_region }}"
   register: ec2sgs
 
@@ -21,7 +26,7 @@
     region: "{{ openshift_aws_region }}"
     image_id: "{{ openshift_aws_ami }}"
     instance_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].instance_type }}"
-    security_groups: "{{ ec2sgs.security_groups | map(attribute='group_id')| list }}"
+    security_groups: "{{ openshift_aws_launch_config_security_group_id  | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}"
     user_data: |-
       #cloud-config
       {%  if openshift_aws_node_group_type != 'master' %}
diff --git a/roles/openshift_aws/tasks/provision.yml b/roles/openshift_aws/tasks/provision.yml
index 189caeaee..a2920b744 100644
--- a/roles/openshift_aws/tasks/provision.yml
+++ b/roles/openshift_aws/tasks/provision.yml
@@ -34,14 +34,14 @@
   include: elb.yml
   vars:
     openshift_aws_elb_direction: internal
-    openshift_aws_elb_name: "{{ openshift_aws_clusterid }}-{{openshift_aws_node_group_type }}-internal"
+    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name }}-internal"
     openshift_aws_elb_scheme: internal
 
 - name: create our master external load balancers
   include: elb.yml
   vars:
     openshift_aws_elb_direction: external
-    openshift_aws_elb_name: "{{ openshift_aws_clusterid }}-{{openshift_aws_node_group_type }}-external"
+    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name }}-external"
     openshift_aws_elb_scheme: internet-facing
 
 - name: wait for ssh to become available