4 files changed, 43 insertions, 13 deletions

diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 165010afb..97a21544d 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -31,21 +31,21 @@
 # We have to add tuned-profiles in the same transaction otherwise we run into depsolving
 # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging.
 - name: Install Node package
-  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
   when: not openshift.common.is_containerized | bool
 
 - name: Install sdn-ovs package
-  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
   when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool
 
 - name: Pull node image
   command: >
-    docker pull {{ openshift.node.node_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+    docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }}
   when: openshift.common.is_containerized | bool
 
 - name: Pull OpenVSwitch image
   command: >
-    docker pull {{ openshift.node.ovs_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+    docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }}
   when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool
 
 - name: Install the systemd units
diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
index 8fc8497fa..4fd9cd10b 100644
--- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
@@ -3,14 +3,30 @@
   action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present"
   when: not openshift.common.is_atomic | bool
 
-- name: Set sebooleans to allow gluster storage plugin access from containers
+- name: Check for existence of virt_use_fusefs seboolean
+  command: getsebool virt_use_fusefs
+  register: virt_use_fusefs_output
+  when: ansible_selinux and ansible_selinux.status == "enabled"
+  failed_when: false
+  changed_when: false
+
+- name: Set seboolean to allow gluster storage plugin access from containers
   seboolean:
-    name: "{{ item }}"
+    name: virt_use_fusefs
     state: yes
     persistent: yes
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_fusefs_output.rc == 0
+
+- name: Check for existence of virt_sandbox_use_fusefs seboolean
+  command: getsebool virt_sandbox_use_fusefs
+  register: virt_sandbox_use_fusefs_output
   when: ansible_selinux and ansible_selinux.status == "enabled"
-  with_items:
-  - virt_use_fusefs
-  - virt_sandbox_use_fusefs
-  register: sebool_result
-  failed_when: "'state' not in sebool_result and 'msg' in sebool_result and 'SELinux boolean {{ item }} does not exist' not in sebool_result.msg"
+  failed_when: false
+  changed_when: false
+
+- name: Set seboolean to allow gluster storage plugin access from containers(sandbox)
+  seboolean:
+    name: virt_sandbox_use_fusefs
+    state: yes
+    persistent: yes
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_fusefs_output.rc == 0
diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml
index 8380714d4..e384c1bd7 100644
--- a/roles/openshift_node/tasks/storage_plugins/nfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml
@@ -3,16 +3,30 @@
   action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
   when: not openshift.common.is_atomic | bool
 
+- name: Check for existence of virt_use_nfs seboolean
+  command: getsebool virt_use_nfs
+  register: virt_use_nfs_output
+  when: ansible_selinux and ansible_selinux.status == "enabled"
+  failed_when: false
+  changed_when: false
+
 - name: Set seboolean to allow nfs storage plugin access from containers
   seboolean:
     name: virt_use_nfs
     state: yes
     persistent: yes
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0
+
+- name: Check for existence of virt_sandbox_use_nfs seboolean
+  command: getsebool virt_sandbox_use_nfs
+  register: virt_sandbox_use_nfs_output
   when: ansible_selinux and ansible_selinux.status == "enabled"
+  failed_when: false
+  changed_when: false
 
 - name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
   seboolean:
     name: virt_sandbox_use_nfs
     state: yes
     persistent: yes
-  when: ansible_selinux and ansible_selinux.status == "enabled"
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index e2a268260..39e5386d4 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -44,6 +44,6 @@
     - regex: '^CONFIG_FILE='
       line: "CONFIG_FILE={{ openshift_node_config_file }}"
     - regex: '^IMAGE_VERSION='
-      line: "IMAGE_VERSION={{ openshift_version }}"
+      line: "IMAGE_VERSION={{ openshift_image_tag }}"
   notify:
   - restart node