From 4e8f6d1923782e7aef863441f7c1434ca1029164 Mon Sep 17 00:00:00 2001
From: Lénaïc Huard <lhuard@amadeus.com>
Date: Wed, 20 May 2015 13:26:04 +0200
Subject: [libvirt cluster] Use net-dhcp-leases to find VMs’ IPs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Query libvirt’s DHCP leases rather than inspecting the host’s ARP cache
to find the VMs’ IPs.
---
 inventory/libvirt/hosts/libvirt_generic.py | 26 +++++++-------------------
 1 file changed, 7 insertions(+), 19 deletions(-)

(limited to 'inventory')

diff --git a/inventory/libvirt/hosts/libvirt_generic.py b/inventory/libvirt/hosts/libvirt_generic.py
index 4652f112e..d1e1069f9 100755
--- a/inventory/libvirt/hosts/libvirt_generic.py
+++ b/inventory/libvirt/hosts/libvirt_generic.py
@@ -113,8 +113,6 @@ class LibvirtInventory(object):
             print "Failed to list domains for connection %s" % libvirt_uri
             sys.exit(1)
 
-        arp_entries = self.parse_arp_entries()
-
         for domain in domains:
             hostvars = dict(libvirt_name=domain.name(),
                             libvirt_id=domain.ID(),
@@ -140,11 +138,13 @@ class LibvirtInventory(object):
             # interface types other than 'network'
             interface = root.find("./devices/interface[@type='network']")
             if interface is not None:
-                mac_elem = interface.find('mac')
-                if mac_elem is not None:
-                    mac = mac_elem.get('address')
-                    if mac in arp_entries:
-                        ip_address = arp_entries[mac]['ip_address']
+                source_elem = interface.find('source')
+                mac_elem    = interface.find('mac')
+                if source_elem is not None and \
+                   mac_elem    is not None:
+                    dhcp_leases = conn.networkLookupByName(source_elem.get('network')).DHCPLeases(mac_elem.get('address'))
+                    if len(dhcp_leases) > 0:
+                        ip_address = dhcp_leases[0]['ipaddr']
                         hostvars['ansible_ssh_host'] = ip_address
                         hostvars['libvirt_ip_address'] = ip_address
 
@@ -152,18 +152,6 @@ class LibvirtInventory(object):
 
         return inventory
 
-    def parse_arp_entries(self):
-        arp_entries = dict()
-        with open('/proc/net/arp', 'r') as f:
-            # throw away the header
-            f.readline()
-
-            for line in f:
-                ip_address, _, _, mac, _, device = line.strip().split()
-                arp_entries[mac] = dict(ip_address=ip_address, device=device)
-
-        return arp_entries
-
     def push(self, my_dict, key, element):
         if key in my_dict:
             my_dict[key].append(element)
-- 
cgit v1.2.3


From 716bc587e72980119eff9c3b124777f3d300c2c3 Mon Sep 17 00:00:00 2001
From: Lénaïc Huard <lhuard@amadeus.com>
Date: Wed, 20 May 2015 14:09:28 +0200
Subject: Fix some of the pylint warnings

---
 inventory/libvirt/hosts/libvirt_generic.py | 43 +++++++++++++++---------------
 1 file changed, 21 insertions(+), 22 deletions(-)

(limited to 'inventory')

diff --git a/inventory/libvirt/hosts/libvirt_generic.py b/inventory/libvirt/hosts/libvirt_generic.py
index d1e1069f9..02898c70a 100755
--- a/inventory/libvirt/hosts/libvirt_generic.py
+++ b/inventory/libvirt/hosts/libvirt_generic.py
@@ -36,9 +36,7 @@ info about all of your managed instances.
 import argparse
 import ConfigParser
 import os
-import re
 import sys
-from time import time
 import libvirt
 import xml.etree.ElementTree as ET
 
@@ -59,11 +57,11 @@ class LibvirtInventory(object):
         self.parse_cli_args()
 
         if self.args.host:
-            print self.json_format_dict(self.get_host_info(), self.args.pretty)
+            print _json_format_dict(self.get_host_info(), self.args.pretty)
         elif self.args.list:
-            print self.json_format_dict(self.get_inventory(), self.args.pretty)
+            print _json_format_dict(self.get_inventory(), self.args.pretty)
         else:  # default action with no options
-            print self.json_format_dict(self.get_inventory(), self.args.pretty)
+            print _json_format_dict(self.get_inventory(), self.args.pretty)
 
     def read_settings(self):
         config = ConfigParser.SafeConfigParser()
@@ -105,12 +103,12 @@ class LibvirtInventory(object):
 
         conn = libvirt.openReadOnly(self.libvirt_uri)
         if conn is None:
-            print "Failed to open connection to %s" % libvirt_uri
+            print "Failed to open connection to %s" % self.libvirt_uri
             sys.exit(1)
 
         domains = conn.listAllDomains()
         if domains is None:
-            print "Failed to list domains for connection %s" % libvirt_uri
+            print "Failed to list domains for connection %s" % self.libvirt_uri
             sys.exit(1)
 
         for domain in domains:
@@ -131,18 +129,19 @@ class LibvirtInventory(object):
             ns = {'ansible': 'https://github.com/ansible/ansible'}
             for tag_elem in root.findall('./metadata/ansible:tags/ansible:tag', ns):
                 tag = tag_elem.text
-                self.push(inventory, "tag_%s" % tag, domain_name)
-                self.push(hostvars, 'libvirt_tags', tag)
+                _push(inventory, "tag_%s" % tag, domain_name)
+                _push(hostvars, 'libvirt_tags', tag)
 
             # TODO: support more than one network interface, also support
             # interface types other than 'network'
             interface = root.find("./devices/interface[@type='network']")
             if interface is not None:
                 source_elem = interface.find('source')
-                mac_elem    = interface.find('mac')
+                mac_elem = interface.find('mac')
                 if source_elem is not None and \
                    mac_elem    is not None:
-                    dhcp_leases = conn.networkLookupByName(source_elem.get('network')).DHCPLeases(mac_elem.get('address'))
+                    dhcp_leases = conn.networkLookupByName(source_elem.get('network')) \
+                                      .DHCPLeases(mac_elem.get('address'))
                     if len(dhcp_leases) > 0:
                         ip_address = dhcp_leases[0]['ipaddr']
                         hostvars['ansible_ssh_host'] = ip_address
@@ -152,16 +151,16 @@ class LibvirtInventory(object):
 
         return inventory
 
-    def push(self, my_dict, key, element):
-        if key in my_dict:
-            my_dict[key].append(element)
-        else:
-            my_dict[key] = [element]
-
-    def json_format_dict(self, data, pretty=False):
-        if pretty:
-            return json.dumps(data, sort_keys=True, indent=2)
-        else:
-            return json.dumps(data)
+def _push(my_dict, key, element):
+    if key in my_dict:
+        my_dict[key].append(element)
+    else:
+        my_dict[key] = [element]
+
+def _json_format_dict(data, pretty=False):
+    if pretty:
+        return json.dumps(data, sort_keys=True, indent=2)
+    else:
+        return json.dumps(data)
 
 LibvirtInventory()
-- 
cgit v1.2.3


From 5c1c05b486b618fa0e44b758b9a6a7269a8b0ac3 Mon Sep 17 00:00:00 2001
From: Lénaïc Huard <lhuard@amadeus.com>
Date: Fri, 22 May 2015 08:56:53 +0200
Subject: Fix the remaining pylint warnings

---
 inventory/libvirt/hosts/libvirt_generic.py | 32 ++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

(limited to 'inventory')

diff --git a/inventory/libvirt/hosts/libvirt_generic.py b/inventory/libvirt/hosts/libvirt_generic.py
index 02898c70a..1c9c17308 100755
--- a/inventory/libvirt/hosts/libvirt_generic.py
+++ b/inventory/libvirt/hosts/libvirt_generic.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python2
 
-"""
+'''
 libvirt external inventory script
 =================================
 
@@ -12,7 +12,7 @@ To use this, copy this file over /etc/ansible/hosts and chmod +x the file.
 This, more or less, allows you to keep one central database containing
 info about all of your managed instances.
 
-"""
+'''
 
 # (c) 2015, Jason DeTiberus <jdetiber@redhat.com>
 #
@@ -47,8 +47,11 @@ except ImportError:
 
 
 class LibvirtInventory(object):
+    ''' libvirt dynamic inventory '''
 
     def __init__(self):
+        ''' Main execution path '''
+
         self.inventory = dict()  # A list of groups and the hosts in that group
         self.cache = dict()  # Details about hosts in the inventory
 
@@ -64,6 +67,8 @@ class LibvirtInventory(object):
             print _json_format_dict(self.get_inventory(), self.args.pretty)
 
     def read_settings(self):
+        ''' Reads the settings from the libvirt.ini file '''
+
         config = ConfigParser.SafeConfigParser()
         config.read(
             os.path.dirname(os.path.realpath(__file__)) + '/libvirt.ini'
@@ -71,6 +76,8 @@ class LibvirtInventory(object):
         self.libvirt_uri = config.get('libvirt', 'uri')
 
     def parse_cli_args(self):
+        ''' Command line argument processing '''
+
         parser = argparse.ArgumentParser(
             description='Produce an Ansible Inventory file based on libvirt'
         )
@@ -94,11 +101,15 @@ class LibvirtInventory(object):
         self.args = parser.parse_args()
 
     def get_host_info(self):
+        ''' Get variables about a specific host '''
+
         inventory = self.get_inventory()
         if self.args.host in inventory['_meta']['hostvars']:
             return inventory['_meta']['hostvars'][self.args.host]
 
     def get_inventory(self):
+        ''' Construct the inventory '''
+
         inventory = dict(_meta=dict(hostvars=dict()))
 
         conn = libvirt.openReadOnly(self.libvirt_uri)
@@ -126,8 +137,8 @@ class LibvirtInventory(object):
             hostvars['libvirt_status'] = 'running'
 
             root = ET.fromstring(domain.XMLDesc())
-            ns = {'ansible': 'https://github.com/ansible/ansible'}
-            for tag_elem in root.findall('./metadata/ansible:tags/ansible:tag', ns):
+            ansible_ns = {'ansible': 'https://github.com/ansible/ansible'}
+            for tag_elem in root.findall('./metadata/ansible:tags/ansible:tag', ansible_ns):
                 tag = tag_elem.text
                 _push(inventory, "tag_%s" % tag, domain_name)
                 _push(hostvars, 'libvirt_tags', tag)
@@ -140,6 +151,12 @@ class LibvirtInventory(object):
                 mac_elem = interface.find('mac')
                 if source_elem is not None and \
                    mac_elem    is not None:
+                    # Adding this to disable pylint check specifically
+                    # ignoring libvirt-python versions that
+                    # do not include DHCPLeases
+                    # This is needed until we upgrade the build bot to
+                    # RHEL7 (>= 1.2.6 libvirt)
+                    # pylint: disable=no-member
                     dhcp_leases = conn.networkLookupByName(source_elem.get('network')) \
                                       .DHCPLeases(mac_elem.get('address'))
                     if len(dhcp_leases) > 0:
@@ -152,12 +169,19 @@ class LibvirtInventory(object):
         return inventory
 
 def _push(my_dict, key, element):
+    '''
+    Push element to the my_dict[key] list.
+    After having initialized my_dict[key] if it dosn't exist.
+    '''
+
     if key in my_dict:
         my_dict[key].append(element)
     else:
         my_dict[key] = [element]
 
 def _json_format_dict(data, pretty=False):
+    ''' Serialize data to a JSON formated str '''
+
     if pretty:
         return json.dumps(data, sort_keys=True, indent=2)
     else:
-- 
cgit v1.2.3


From 28c279382f0b5d7570e10a8c56ffffbb6666ed2d Mon Sep 17 00:00:00 2001
From: Jhon Honce <jhonce@redhat.com>
Date: Mon, 1 Jun 2015 15:49:06 -0700
Subject: * rename openshift_registry_url oreg_url * rename option_images to
 _{oreg|ortr}_images

---
 README_OSE.md                                 |  2 +-
 inventory/byo/hosts                           |  2 +-
 roles/openshift_master/README.md              |  2 +-
 roles/openshift_master/tasks/main.yml         | 14 +++++++-------
 roles/openshift_node/README.md                |  2 +-
 roles/openshift_register_nodes/tasks/main.yml | 14 +++++++-------
 roles/openshift_registry/tasks/main.yml       | 10 +++++-----
 roles/openshift_router/tasks/main.yml         | 10 +++++-----
 8 files changed, 28 insertions(+), 28 deletions(-)

(limited to 'inventory')

diff --git a/README_OSE.md b/README_OSE.md
index 41a6f2935..dffabc714 100644
--- a/README_OSE.md
+++ b/README_OSE.md
@@ -80,7 +80,7 @@ ansible_ssh_user=root
 deployment_type=enterprise
 
 # Pre-release registry URL
-openshift_registry_url=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}
+oreg_url=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}
 
 # Pre-release additional repo
 openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel',
diff --git a/inventory/byo/hosts b/inventory/byo/hosts
index 728eec8aa..9a1cbce29 100644
--- a/inventory/byo/hosts
+++ b/inventory/byo/hosts
@@ -17,7 +17,7 @@ ansible_ssh_user=root
 deployment_type=enterprise
 
 # Pre-release registry URL
-openshift_registry_url=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}
+oreg_url=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}
 
 # Pre-release additional repo
 #openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md
index 9f9d0a613..cc5b06964 100644
--- a/roles/openshift_master/README.md
+++ b/roles/openshift_master/README.md
@@ -17,7 +17,7 @@ From this role:
 |-------------------------------------|-----------------------|--------------------------------------------------|
 | openshift_master_debug_level        | openshift_debug_level | Verbosity of the debug logs for openshift-master |
 | openshift_node_ips                  | []                    | List of the openshift node ip addresses to pre-register when openshift-master starts up |
-| openshift_registry_url              | UNDEF                 | Default docker registry to use |
+| oreg_url              | UNDEF                 | Default docker registry to use |
 | openshift_master_api_port           | UNDEF                 | |
 | openshift_master_console_port       | UNDEF                 | |
 | openshift_master_api_url            | UNDEF                 | |
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index f9e6199a5..ac96e2b48 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -49,15 +49,15 @@
 # TODO: should probably use a template lookup for this
 # TODO: should allow for setting --etcd, --kubernetes options
 # TODO: recreate config if values change
-- name: Use enterprise default for openshift_registry_url if not set
+- name: Use enterprise default for oreg_url if not set
   set_fact:
-    openshift_registry_url: "openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'enterprise' and openshift_registry_url is not defined
+    oreg_url: "openshift3_beta/ose-${component}:${version}"
+  when: openshift.common.deployment_type == 'enterprise' and oreg_url is not defined
 
-- name: Use online default for openshift_registry_url if not set
+- name: Use online default for oreg_url if not set
   set_fact:
-    openshift_registry_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'online' and openshift_registry_url is not defined
+    oreg_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
+  when: openshift.common.deployment_type == 'online' and oreg_url is not defined
 
 - name: Create master config
   command: >
@@ -67,7 +67,7 @@
     --master={{ openshift.master.api_url }}
     --public-master={{ openshift.master.public_api_url }}
     --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://0.0.0.0:{{ openshift.master.api_port }}
-    {{ ('--images=' ~ openshift_registry_url) if (openshift_registry_url | default('', true) != '') else '' }}
+    {{ ('--images=' ~ oreg_url) if (oreg_url | default('', true) != '') else '' }}
     {{ ('--nodes=' ~ openshift_node_ips | join(',')) if (openshift_node_ips | default('', true) != '') else '' }}
   args:
     chdir: "{{ openshift_cert_parent_dir }}"
diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md
index 83359f164..19d0c8db6 100644
--- a/roles/openshift_node/README.md
+++ b/roles/openshift_node/README.md
@@ -17,7 +17,7 @@ From this role:
 | Name                                     | Default value         |                                        |
 |------------------------------------------|-----------------------|----------------------------------------|
 | openshift_node_debug_level               | openshift_debug_level | Verbosity of the debug logs for openshift-node |
-| openshift_registry_url                   | UNDEF (Optional)      | Default docker registry to use |
+| oreg_url                   | UNDEF (Optional)      | Default docker registry to use |
 
 From openshift_common:
 | Name                          |  Default Value      |                     | 
diff --git a/roles/openshift_register_nodes/tasks/main.yml b/roles/openshift_register_nodes/tasks/main.yml
index d4d72d126..dcb96bbf9 100644
--- a/roles/openshift_register_nodes/tasks/main.yml
+++ b/roles/openshift_register_nodes/tasks/main.yml
@@ -6,15 +6,15 @@
 
 # TODO: use a template lookup here
 # TODO: create a failed_when condition
-- name: Use enterprise default for openshift_registry_url if not set
+- name: Use enterprise default for oreg_url if not set
   set_fact:
-    openshift_registry_url: "openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'enterprise' and openshift_registry_url is not defined
+    oreg_url: "openshift3_beta/ose-${component}:${version}"
+  when: openshift.common.deployment_type == 'enterprise' and oreg_url is not defined
 
-- name: Use online default for openshift_registry_url if not set
+- name: Use online default for oreg_url if not set
   set_fact:
-    openshift_registry_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'online' and openshift_registry_url is not defined
+    oreg_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
+  when: openshift.common.deployment_type == 'online' and oreg_url is not defined
 
 - name: Create node config
   command: >
@@ -30,7 +30,7 @@
       --certificate-authority={{ openshift_master_ca_cert }}
       --signer-serial={{ openshift_master_ca_dir }}/serial.txt
       --node-client-certificate-authority={{ openshift_master_ca_cert }}
-      {{ ('--images=' ~ openshift_registry_url) if openshift_registry_url is defined else '' }}
+      {{ ('--images=' ~ oreg_url) if oreg_url is defined else '' }}
       --listen=https://0.0.0.0:10250
   args:
     chdir: "{{ openshift_cert_parent_dir }}"
diff --git a/roles/openshift_registry/tasks/main.yml b/roles/openshift_registry/tasks/main.yml
index ea362bb7d..7e6982d99 100644
--- a/roles/openshift_registry/tasks/main.yml
+++ b/roles/openshift_registry/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
-- set_fact: _option_images="--images={{ openshift_registry_url|quote }}"
-  when: openshift_registry_url is defined
+- set_fact: _oreg_images="--images={{ oreg_url|quote }}"
+  when: oreg_url is defined
 
 - name: Deploy OpenShift Registry
-  command: openshift admin registry --create --credentials=/var/lib/openshift/openshift.local.certificates/openshift-registry/.kubeconfig {{ _option_images|default() }}
-  register: _openshift_registry__results
-  changed_when: "'service exists' not in _openshift_registry__results.stdout"
+  command: openshift admin registry --create --credentials=/var/lib/openshift/openshift.local.certificates/openshift-registry/.kubeconfig {{ _oreg_images|default() }}
+  register: _oreg_results
+  changed_when: "'service exists' not in _oreg_results.stdout"
diff --git a/roles/openshift_router/tasks/main.yml b/roles/openshift_router/tasks/main.yml
index ae52063cb..f1ee99dd3 100644
--- a/roles/openshift_router/tasks/main.yml
+++ b/roles/openshift_router/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
-- set_fact: _option_images="--images={{ openshift_registry_url|quote }}"
-  when: openshift_registry_url is defined
+- set_fact: _ortr_images="--images={{ oreg_url|quote }}"
+  when: oreg_url is defined
 
 - name: Deploy OpenShift Router
-  command: openshift ex router --create --credentials=/var/lib/openshift/openshift.local.certificates/openshift-router/.kubeconfig {{ _option_images|default() }}
-  register: _openshift_router__results
-  changed_when: "'service exists' not in _openshift_router__results.stdout"
+  command: openshift ex router --create --credentials=/var/lib/openshift/openshift.local.certificates/openshift-router/.kubeconfig {{ _ortr_images|default() }}
+  register: _ortr_results
+  changed_when: "'service exists' not in _ortr_results.stdout"
-- 
cgit v1.2.3


From 901f0ee491efb34f9788e11dd6d572928146da91 Mon Sep 17 00:00:00 2001
From: Lénaïc Huard <lhuard@amadeus.com>
Date: Mon, 20 Apr 2015 14:11:48 +0200
Subject: Implement OpenStack provider

---
 README_openstack.md                                |  80 ++++++++
 bin/cluster                                        |  13 +-
 filter_plugins/oo_filters.py                       |   7 +
 inventory/openstack/hosts/hosts                    |   1 +
 inventory/openstack/hosts/nova.ini                 |  45 +++++
 inventory/openstack/hosts/nova.py                  | 224 +++++++++++++++++++++
 playbooks/openstack/openshift-cluster/config.yml   |  34 ++++
 .../openshift-cluster/files/heat_stack.yml         | 149 ++++++++++++++
 .../openstack/openshift-cluster/files/user-data    |   7 +
 .../openstack/openshift-cluster/filter_plugins     |   1 +
 playbooks/openstack/openshift-cluster/launch.yml   |  31 +++
 playbooks/openstack/openshift-cluster/list.yml     |  24 +++
 playbooks/openstack/openshift-cluster/roles        |   1 +
 .../tasks/configure_openstack.yml                  |  27 +++
 .../openshift-cluster/tasks/launch_instances.yml   |  48 +++++
 .../openstack/openshift-cluster/terminate.yml      |  43 ++++
 playbooks/openstack/openshift-cluster/update.yml   |  18 ++
 playbooks/openstack/openshift-cluster/vars.yml     |  39 ++++
 18 files changed, 790 insertions(+), 2 deletions(-)
 create mode 100644 README_openstack.md
 create mode 100644 inventory/openstack/hosts/hosts
 create mode 100644 inventory/openstack/hosts/nova.ini
 create mode 100755 inventory/openstack/hosts/nova.py
 create mode 100644 playbooks/openstack/openshift-cluster/config.yml
 create mode 100644 playbooks/openstack/openshift-cluster/files/heat_stack.yml
 create mode 100644 playbooks/openstack/openshift-cluster/files/user-data
 create mode 120000 playbooks/openstack/openshift-cluster/filter_plugins
 create mode 100644 playbooks/openstack/openshift-cluster/launch.yml
 create mode 100644 playbooks/openstack/openshift-cluster/list.yml
 create mode 120000 playbooks/openstack/openshift-cluster/roles
 create mode 100644 playbooks/openstack/openshift-cluster/tasks/configure_openstack.yml
 create mode 100644 playbooks/openstack/openshift-cluster/tasks/launch_instances.yml
 create mode 100644 playbooks/openstack/openshift-cluster/terminate.yml
 create mode 100644 playbooks/openstack/openshift-cluster/update.yml
 create mode 100644 playbooks/openstack/openshift-cluster/vars.yml

(limited to 'inventory')

diff --git a/README_openstack.md b/README_openstack.md
new file mode 100644
index 000000000..57977d1f5
--- /dev/null
+++ b/README_openstack.md
@@ -0,0 +1,80 @@
+OPENSTACK Setup instructions
+============================
+
+Requirements
+------------
+
+The OpenStack instance must have Neutron and Heat enabled.
+
+Install Dependencies
+--------------------
+
+1. The OpenStack python clients for Nova, Neutron and Heat are required:
+
+* `python-novaclient`
+* `python-neutronclient`
+* `python-heatclient`
+
+On RHEL / CentOS / Fedora:
+```
+  yum install -y ansible python-novaclient python-neutronclient python-heatclient
+```
+
+Configuration
+-------------
+
+The following options can be passed via the `-o` flag of the `create` command:
+
+* `image_name`: Name of the image to use to spawn VMs
+* `keypair` (default to `${LOGNAME}_key`): Name of the ssh key
+* `public_key` (default to `~/.ssh/id_rsa.pub`): filename of the ssh public key
+* `master_flavor_ram` (default to `2048`): VM flavor for the master (by amount of RAM)
+* `master_flavor_id`: VM flavor for the master (by ID)
+* `master_flavor_include`: VM flavor for the master (by name)
+* `node_flavor_ram` (default to `4096`): VM flavor for the nodes (by amount of RAM)
+* `node_flavor_id`: VM flavor for the nodes (by ID)
+* `node_flavor_include`: VM flavor for the nodes (by name)
+* `infra_heat_stack` (default to `playbooks/openstack/openshift-cluster/files/heat_stack.yml`): filename of the HEAT template to use to create the cluster infrastructure
+
+The following options are used only by `heat_stack.yml`. They are so used only if the `infra_heat_stack` option is left with its default value.
+
+* `network_prefix` (default to `openshift-ansible-<cluster_id>`): prefix prepended to all network objects (net, subnet, router, security groups)
+* `dns` (default to `8.8.8.8,8.8.4.4`): comma separated list of DNS to use
+* `net_cidr` (default to `192.168.<rand()>.0/24`): CIDR of the network created by `heat_stack.yml`
+* `external_net` (default to `external`): Name of the external network to connect to
+* `floating_ip_pools` (default to `external`): comma separated list of floating IP pools
+* `ssh_from` (default to `0.0.0.0/0`): IPs authorized to connect to the VMs via ssh
+
+
+Creating a cluster
+------------------
+
+1. To create a cluster with one master and two nodes
+
+```
+  bin/cluster create openstack <cluster-id>
+```
+
+2. To create a cluster with one master and three nodes, a custom VM image and custom DNS:
+
+```
+  bin/cluster create -n 3 -o image_name=rhel-7.1-openshift-2015.05.21 -o dns=172.16.50.210,172.16.50.250 openstack lenaic
+```
+
+Updating a cluster
+------------------
+
+1. To update the cluster
+
+```
+  bin/cluster update openstack <cluster-id>
+```
+
+Terminating a cluster
+---------------------
+
+1. To terminate the cluster
+
+```
+  bin/cluster terminate openstack <cluster-id>
+```
diff --git a/bin/cluster b/bin/cluster
index bf8198de9..2ea389523 100755
--- a/bin/cluster
+++ b/bin/cluster
@@ -143,6 +143,8 @@ class Cluster(object):
             inventory = '-i inventory/aws/hosts'
         elif 'libvirt' == provider:
             inventory = '-i inventory/libvirt/hosts'
+        elif 'openstack' == provider:
+            inventory = '-i inventory/openstack/hosts'
         else:
             # this code should never be reached
             raise ValueError("invalid PROVIDER {}".format(provider))
@@ -163,6 +165,11 @@ class Cluster(object):
         if args.verbose > 0:
             verbose = '-{}'.format('v' * args.verbose)
 
+        if args.option:
+            for opt in args.option:
+                k, v = opt.split('=', 1)
+                env['opt_'+k] = v
+
         ansible_env = '-e \'{}\''.format(
             ' '.join(['%s=%s' % (key, value) for (key, value) in env.items()])
         )
@@ -189,13 +196,13 @@ if __name__ == '__main__':
       [DEFAULT]
       validate_cluster_ids = False
       cluster_ids = marketing,sales
-      providers = gce,aws,libvirt
+      providers = gce,aws,libvirt,openstack
     """
 
     environment = ConfigParser.SafeConfigParser({
         'cluster_ids': 'marketing,sales',
         'validate_cluster_ids': 'False',
-        'providers': 'gce,aws,libvirt',
+        'providers': 'gce,aws,libvirt,openstack',
     })
 
     path = os.path.expanduser("~/.openshift-ansible")
@@ -224,6 +231,8 @@ if __name__ == '__main__':
     meta_parser.add_argument('-t', '--deployment-type',
                              choices=['origin', 'online', 'enterprise'],
                              help='Deployment type. (default: origin)')
+    meta_parser.add_argument('-o', '--option', action='append',
+                             help='options')
 
     action_parser = parser.add_subparsers(dest='action', title='actions',
                                           description='Choose from valid actions')
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index 33d5e6cc3..f705b2c7f 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -203,6 +203,12 @@ class FilterModule(object):
             return [root_vol, docker_vol]
         return [root_vol]
 
+    @staticmethod
+    def oo_split(string, separator=','):
+        ''' This splits the input string into a list
+        '''
+        return string.split(separator)
+
     def filters(self):
         ''' returns a mapping of filters to methods '''
         return {
@@ -215,4 +221,5 @@ class FilterModule(object):
             "oo_ami_selector": self.oo_ami_selector,
             "oo_ec2_volume_definition": self.oo_ec2_volume_definition,
             "oo_combine_key_value": self.oo_combine_key_value,
+            "oo_split": self.oo_split,
         }
diff --git a/inventory/openstack/hosts/hosts b/inventory/openstack/hosts/hosts
new file mode 100644
index 000000000..9cdc31449
--- /dev/null
+++ b/inventory/openstack/hosts/hosts
@@ -0,0 +1 @@
+localhost ansible_sudo=no ansible_python_interpreter=/usr/bin/python2 connection=local
diff --git a/inventory/openstack/hosts/nova.ini b/inventory/openstack/hosts/nova.ini
new file mode 100644
index 000000000..4900c4965
--- /dev/null
+++ b/inventory/openstack/hosts/nova.ini
@@ -0,0 +1,45 @@
+# Ansible OpenStack external inventory script
+
+[openstack]
+
+#-------------------------------------------------------------------------
+#  Required settings
+#-------------------------------------------------------------------------
+
+# API version
+version       = 2
+
+# OpenStack nova username
+username      =
+
+# OpenStack nova api_key or password
+api_key       =
+
+# OpenStack nova auth_url
+auth_url      =
+
+# OpenStack nova project_id or tenant name
+project_id    =
+
+#-------------------------------------------------------------------------
+#  Optional settings
+#-------------------------------------------------------------------------
+
+# Authentication system
+# auth_system = keystone
+
+# Serverarm region name to use
+# region_name   =
+
+# Specify a preference for public or private IPs (public is default)
+# prefer_private = False
+
+# What service type (required for newer nova client)
+# service_type = compute
+
+
+# TODO: Some other options
+# insecure      =
+# endpoint_type =
+# extensions    =
+# service_name  =
diff --git a/inventory/openstack/hosts/nova.py b/inventory/openstack/hosts/nova.py
new file mode 100755
index 000000000..d5bd8d1ee
--- /dev/null
+++ b/inventory/openstack/hosts/nova.py
@@ -0,0 +1,224 @@
+#!/usr/bin/env python2
+
+# pylint: skip-file
+
+# (c) 2012, Marco Vito Moscaritolo <marco@agavee.com>
+#
+# This file is part of Ansible,
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+import re
+import os
+import ConfigParser
+from novaclient import client as nova_client
+
+try:
+    import json
+except ImportError:
+    import simplejson as json
+
+###################################################
+# executed with no parameters, return the list of
+# all groups and hosts
+
+NOVA_CONFIG_FILES = [os.getcwd() + "/nova.ini",
+                     os.path.expanduser(os.environ.get('ANSIBLE_CONFIG', "~/nova.ini")),
+                     "/etc/ansible/nova.ini"]
+
+NOVA_DEFAULTS = {
+    'auth_system': None,
+    'region_name': None,
+    'service_type': 'compute',
+}
+
+
+def nova_load_config_file():
+    p = ConfigParser.SafeConfigParser(NOVA_DEFAULTS)
+
+    for path in NOVA_CONFIG_FILES:
+        if os.path.exists(path):
+            p.read(path)
+            return p
+
+    return None
+
+
+def get_fallback(config, value, section="openstack"):
+    """
+    Get value from config object and return the value
+    or false
+    """
+    try:
+        return config.get(section, value)
+    except ConfigParser.NoOptionError:
+        return False
+
+
+def push(data, key, element):
+    """
+    Assist in items to a dictionary of lists
+    """
+    if (not element) or (not key):
+        return
+
+    if key in data:
+        data[key].append(element)
+    else:
+        data[key] = [element]
+
+
+def to_safe(word):
+    '''
+    Converts 'bad' characters in a string to underscores so they can
+    be used as Ansible groups
+    '''
+    return re.sub(r"[^A-Za-z0-9\-]", "_", word)
+
+
+def get_ips(server, access_ip=True):
+    """
+    Returns a list of the server's IPs, or the preferred
+    access IP
+    """
+    private = []
+    public = []
+    address_list = []
+    # Iterate through each servers network(s), get addresses and get type
+    addresses = getattr(server, 'addresses', {})
+    if len(addresses) > 0:
+        for network in addresses.itervalues():
+            for address in network:
+                if address.get('OS-EXT-IPS:type', False) == 'fixed':
+                    private.append(address['addr'])
+                elif address.get('OS-EXT-IPS:type', False) == 'floating':
+                    public.append(address['addr'])
+
+    if not access_ip:
+        address_list.append(server.accessIPv4)
+        address_list.extend(private)
+        address_list.extend(public)
+        return address_list
+
+    access_ip = None
+    # Append group to list
+    if server.accessIPv4:
+        access_ip = server.accessIPv4
+    if (not access_ip) and public and not (private and prefer_private):
+        access_ip = public[0]
+    if private and not access_ip:
+        access_ip = private[0]
+
+    return access_ip
+
+
+def get_metadata(server):
+    """Returns dictionary of all host metadata"""
+    get_ips(server, False)
+    results = {}
+    for key in vars(server):
+        # Extract value
+        value = getattr(server, key)
+
+        # Generate sanitized key
+        key = 'os_' + re.sub(r"[^A-Za-z0-9\-]", "_", key).lower()
+
+        # Att value to instance result (exclude manager class)
+        #TODO: maybe use value.__class__ or similar inside of key_name
+        if key != 'os_manager':
+            results[key] = value
+    return results
+
+config = nova_load_config_file()
+if not config:
+    sys.exit('Unable to find configfile in %s' % ', '.join(NOVA_CONFIG_FILES))
+
+# Load up connections info based on config and then environment
+# variables
+username = (get_fallback(config, 'username') or
+            os.environ.get('OS_USERNAME', None))
+api_key = (get_fallback(config, 'api_key') or
+           os.environ.get('OS_PASSWORD', None))
+auth_url = (get_fallback(config, 'auth_url') or
+            os.environ.get('OS_AUTH_URL', None))
+project_id = (get_fallback(config, 'project_id') or
+              os.environ.get('OS_TENANT_NAME', None))
+region_name = (get_fallback(config, 'region_name') or
+               os.environ.get('OS_REGION_NAME', None))
+auth_system = (get_fallback(config, 'auth_system') or
+               os.environ.get('OS_AUTH_SYSTEM', None))
+
+# Determine what type of IP is preferred to return
+prefer_private = False
+try:
+    prefer_private = config.getboolean('openstack', 'prefer_private')
+except ConfigParser.NoOptionError:
+    pass
+
+client = nova_client.Client(
+    version=config.get('openstack', 'version'),
+    username=username,
+    api_key=api_key,
+    auth_url=auth_url,
+    region_name=region_name,
+    project_id=project_id,
+    auth_system=auth_system,
+    service_type=config.get('openstack', 'service_type'),
+)
+
+# Default or added list option
+if (len(sys.argv) == 2 and sys.argv[1] == '--list') or len(sys.argv) == 1:
+    groups = {'_meta': {'hostvars': {}}}
+    # Cycle on servers
+    for server in client.servers.list():
+        access_ip = get_ips(server)
+
+        # Push to name group of 1
+        push(groups, server.name, access_ip)
+
+        # Run through each metadata item and add instance to it
+        for key, value in server.metadata.iteritems():
+            composed_key = to_safe('tag_{0}_{1}'.format(key, value))
+            push(groups, composed_key, access_ip)
+
+        # Do special handling of group for backwards compat
+        # inventory groups
+        group = server.metadata['group'] if 'group' in server.metadata else 'undefined'
+        push(groups, group, access_ip)
+
+        # Add vars to _meta key for performance optimization in
+        # Ansible 1.3+
+        groups['_meta']['hostvars'][access_ip] = get_metadata(server)
+
+    # Return server list
+    print(json.dumps(groups, sort_keys=True, indent=2))
+    sys.exit(0)
+
+#####################################################
+# executed with a hostname as a parameter, return the
+# variables for that host
+
+elif len(sys.argv) == 3 and (sys.argv[1] == '--host'):
+    results = {}
+    ips = []
+    for server in client.servers.list():
+        if sys.argv[2] in (get_ips(server) or []):
+            results = get_metadata(server)
+    print(json.dumps(results, sort_keys=True, indent=2))
+    sys.exit(0)
+
+else:
+    print "usage: --list  ..OR.. --host <hostname>"
+    sys.exit(1)
diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml
new file mode 100644
index 000000000..1c0644e04
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/config.yml
@@ -0,0 +1,34 @@
+- name: Populate oo_masters_to_config host group
+  hosts: localhost
+  gather_facts: no
+  vars_files:
+  - vars.yml
+  tasks:
+  - name: Evaluate oo_masters_to_config
+    add_host:
+      name: "{{ item }}"
+      ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+      ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+      groups: oo_masters_to_config
+    with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | default([])
+  - name: Evaluate oo_nodes_to_config
+    add_host:
+      name: "{{ item }}"
+      ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+      ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+      groups: oo_nodes_to_config
+    with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-node"] | default([])
+  - name: Evaluate oo_first_master
+    add_host:
+      name: "{{ groups['tag_env-host-type_' ~ cluster_id ~ '-openshift-master'][0] }}"
+      ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+      ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+      groups: oo_first_master
+    when: "'tag_env-host-type_{{ cluster_id }}-openshift-master' in groups"
+
+- include: ../../common/openshift-cluster/config.yml
+  vars:
+    openshift_cluster_id: "{{ cluster_id }}"
+    openshift_debug_level: 4
+    openshift_deployment_type: "{{ deployment_type }}"
+    openshift_hostname: "{{ ansible_default_ipv4.address }}"
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yml b/playbooks/openstack/openshift-cluster/files/heat_stack.yml
new file mode 100644
index 000000000..c5f95d87d
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yml
@@ -0,0 +1,149 @@
+heat_template_version: 2014-10-16
+
+description: OpenShift cluster
+
+parameters:
+  cluster-id:
+    type: string
+    label: Cluster ID
+    description: Identifier of the cluster
+
+  network-prefix:
+    type: string
+    label: Network prefix
+    description: Prefix of the network objects
+
+  cidr:
+    type: string
+    label: CIDR
+    description: CIDR of the network of the cluster
+
+  dns-nameservers:
+    type: comma_delimited_list
+    label: DNS nameservers list
+    description: List of DNS nameservers
+
+  external-net:
+    type: string
+    label: External network
+    description: Name of the external network
+    default: external
+
+  ssh-incoming:
+    type: string
+    label: Source of ssh connections
+    description: Source of legitimate ssh connections
+
+resources:
+  net:
+    type: OS::Neutron::Net
+    properties:
+      name:
+        str_replace:
+          template: network-prefix-net
+          params:
+            network-prefix: { get_param: network-prefix }
+
+  subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      name:
+        str_replace:
+          template: network-prefix-subnet
+          params:
+            network-prefix: { get_param: network-prefix }
+      network: { get_resource: net }
+      cidr: { get_param: cidr }
+      dns_nameservers: { get_param: dns-nameservers }
+
+  router:
+    type: OS::Neutron::Router
+    properties:
+      name:
+        str_replace:
+          template: network-prefix-router
+          params:
+            network-prefix: { get_param: network-prefix }
+      external_gateway_info:
+        network: { get_param: external-net }
+
+  interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router_id: { get_resource: router }
+      subnet_id: { get_resource: subnet }
+
+  node-secgrp:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      name:
+        str_replace:
+          template: network-prefix-node-secgrp
+          params:
+            network-prefix: { get_param: network-prefix }
+      description:
+        str_replace:
+          template: Security group for cluster-id OpenShift cluster nodes
+          params:
+            cluster-id: { get_param: cluster-id }
+      rules:
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 22
+          port_range_max: 22
+          remote_ip_prefix: { get_param: ssh-incoming }
+        - direction: ingress
+          protocol: udp
+          port_range_min: 4789
+          port_range_max: 4789
+          remote_mode: remote_group_id
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 10250
+          port_range_max: 10250
+          remote_mode: remote_group_id
+          remote_group_id: { get_resource: master-secgrp }
+
+  master-secgrp:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      name:
+        str_replace:
+          template: network-prefix-master-secgrp
+          params:
+            network-prefix: { get_param: network-prefix }
+      description:
+        str_replace:
+          template: Security group for cluster-id OpenShift cluster master
+          params:
+            cluster-id: { get_param: cluster-id }
+      rules:
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 22
+          port_range_max: 22
+          remote_ip_prefix: { get_param: ssh-incoming }
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 4001
+          port_range_max: 4001
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 8443
+          port_range_max: 8443
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 53
+          port_range_max: 53
+        - direction: ingress
+          protocol: udp
+          port_range_min: 53
+          port_range_max: 53
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 24224
+          port_range_max: 24224
+        - direction: ingress
+          protocol: udp
+          port_range_min: 24224
+          port_range_max: 24224
diff --git a/playbooks/openstack/openshift-cluster/files/user-data b/playbooks/openstack/openshift-cluster/files/user-data
new file mode 100644
index 000000000..e789a5b69
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/files/user-data
@@ -0,0 +1,7 @@
+#cloud-config
+disable_root: true
+
+system_info:
+  default_user:
+    name: openshift
+    sudo: ["ALL=(ALL) NOPASSWD: ALL"]
diff --git a/playbooks/openstack/openshift-cluster/filter_plugins b/playbooks/openstack/openshift-cluster/filter_plugins
new file mode 120000
index 000000000..99a95e4ca
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/filter_plugins
@@ -0,0 +1 @@
+../../../filter_plugins
\ No newline at end of file
diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml
new file mode 100644
index 000000000..5c86ade3f
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/launch.yml
@@ -0,0 +1,31 @@
+---
+- name: Launch instance(s)
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  vars_files:
+  - vars.yml
+  tasks:
+  - fail:
+      msg: "Deployment type not supported for OpenStack provider yet"
+    when: deployment_type in ['online', 'enterprise']
+
+  - include: tasks/configure_openstack.yml
+
+  - include: ../../common/openshift-cluster/set_master_launch_facts_tasks.yml
+  - include: tasks/launch_instances.yml
+    vars:
+      instances: "{{ master_names }}"
+      cluster: "{{ cluster_id }}"
+      type: "{{ k8s_type }}"
+
+  - include: ../../common/openshift-cluster/set_node_launch_facts_tasks.yml
+  - include: tasks/launch_instances.yml
+    vars:
+      instances: "{{ node_names }}"
+      cluster: "{{ cluster_id }}"
+      type: "{{ k8s_type }}"
+
+- include: update.yml
+
+- include: list.yml
diff --git a/playbooks/openstack/openshift-cluster/list.yml b/playbooks/openstack/openshift-cluster/list.yml
new file mode 100644
index 000000000..a75e350c7
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/list.yml
@@ -0,0 +1,24 @@
+---
+- name: Generate oo_list_hosts group
+  hosts: localhost
+  gather_facts: no
+  vars_files:
+  - vars.yml
+  tasks:
+  - set_fact: scratch_group=tag_env_{{ cluster_id }}
+    when: cluster_id != ''
+  - set_fact: scratch_group=all
+    when: cluster_id == ''
+  - add_host:
+      name: "{{ item }}"
+      groups: oo_list_hosts
+      ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+      ansible_ssh_host: "{{ hostvars[item].ansible_ssh_host | default(item) }}"
+      ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+    with_items: groups[scratch_group] | default([]) | difference(['localhost'])
+
+- name: List Hosts
+  hosts: oo_list_hosts
+  tasks:
+  - debug:
+      msg: 'public:{{ansible_ssh_host}} private:{{ansible_default_ipv4.address}}'
diff --git a/playbooks/openstack/openshift-cluster/roles b/playbooks/openstack/openshift-cluster/roles
new file mode 120000
index 000000000..20c4c58cf
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/roles
@@ -0,0 +1 @@
+../../../roles
\ No newline at end of file
diff --git a/playbooks/openstack/openshift-cluster/tasks/configure_openstack.yml b/playbooks/openstack/openshift-cluster/tasks/configure_openstack.yml
new file mode 100644
index 000000000..2cbdb4805
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/tasks/configure_openstack.yml
@@ -0,0 +1,27 @@
+---
+- name: Check infra
+  command: 'heat stack-show {{ openstack_network_prefix }}-stack'
+  register: stack_show_result
+  changed_when: false
+  failed_when: stack_show_result.rc != 0 and 'Stack not found' not in stack_show_result.stderr
+
+- name: Create infra
+  command: 'heat stack-create -f {{ openstack_infra_heat_stack }} -P cluster-id={{ cluster_id }} -P network-prefix={{ openstack_network_prefix }} -P dns-nameservers={{ openstack_network_dns | join(",") }} -P cidr={{ openstack_network_cidr }} -P ssh-incoming={{ openstack_ssh_access_from }} {{ openstack_network_prefix }}-stack'
+  when: stack_show_result.rc == 1
+
+- name: Update infra
+  command: 'heat stack-update -f {{ openstack_infra_heat_stack }} -P cluster-id={{ cluster_id }} -P network-prefix={{ openstack_network_prefix }} -P dns-nameservers={{ openstack_network_dns | join(",") }} -P cidr={{ openstack_network_cidr }} -P ssh-incoming={{ openstack_ssh_access_from }} {{ openstack_network_prefix }}-stack'
+  when: stack_show_result.rc == 0
+
+- name: Wait for infra readiness
+  shell: 'heat stack-show {{ openstack_network_prefix }}-stack | awk ''$2 == "stack_status" {print $4}'''
+  register: stack_show_status_result
+  until: stack_show_status_result.stdout not in ['CREATE_IN_PROGRESS', 'UPDATE_IN_PROGRESS']
+  retries: 30
+  delay: 1
+  failed_when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE']
+
+- name: Create ssh keypair
+  nova_keypair:
+    name: "{{ openstack_ssh_keypair }}"
+    public_key: "{{ openstack_ssh_public_key }}"
diff --git a/playbooks/openstack/openshift-cluster/tasks/launch_instances.yml b/playbooks/openstack/openshift-cluster/tasks/launch_instances.yml
new file mode 100644
index 000000000..1b9696aac
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/tasks/launch_instances.yml
@@ -0,0 +1,48 @@
+---
+- name: Get net id
+  shell: 'neutron net-show {{ openstack_network_prefix }}-net | awk "/\\<id\\>/ {print \$4}"'
+  register: net_id_result
+
+- name: Launch instance(s)
+  nova_compute:
+    name: '{{ item }}'
+    image_name:     '{{ deployment_vars[deployment_type].image.name | default(omit, true) }}'
+    image_id:       '{{ deployment_vars[deployment_type].image.id   | default(omit, true) }}'
+    flavor_ram:     '{{ openstack_flavor[k8s_type].ram              | default(omit, true) }}'
+    flavor_id:      '{{ openstack_flavor[k8s_type].id               | default(omit, true) }}'
+    flavor_include: '{{ openstack_flavor[k8s_type].include          | default(omit, true) }}'
+    key_name: '{{ openstack_ssh_keypair }}'
+    security_groups: '{{ openstack_network_prefix }}-{{ k8s_type }}-secgrp'
+    nics:
+      - net-id: '{{ net_id_result.stdout }}'
+    user_data: "{{ lookup('file','files/user-data') }}"
+    meta:
+      env: '{{ cluster }}'
+      host-type: '{{ type }}'
+      env-host-type: '{{ cluster }}-openshift-{{ type }}'
+    floating_ip_pools: '{{ openstack_floating_ip_pools }}'
+  with_items: instances
+  register: nova_compute_result
+
+- name: Add new instances groups and variables
+  add_host:
+    hostname: '{{ item.item }}'
+    ansible_ssh_host: '{{ item.public_ip }}'
+    ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+    ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+    groups: 'tag_env_{{ cluster }}, tag_host-type_{{ type }}, tag_env-host-type_{{ cluster }}-openshift-{{ type }}'
+  with_items: nova_compute_result.results
+
+- name: Wait for ssh
+  wait_for:
+    host: '{{ item.public_ip }}'
+    port: 22
+  with_items: nova_compute_result.results
+
+- name: Wait for user setup
+  command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ hostvars[item.item].ansible_ssh_user }}@{{ item.public_ip }} echo {{ hostvars[item.item].ansible_ssh_user }} user is setup'
+  register: result
+  until: result.rc == 0
+  retries: 30
+  delay: 1
+  with_items: nova_compute_result.results
diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml
new file mode 100644
index 000000000..2f05f0992
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/terminate.yml
@@ -0,0 +1,43 @@
+- name: Terminate instance(s)
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  vars_files:
+  - vars.yml
+  tasks:
+  - set_fact: cluster_group=tag_env_{{ cluster_id }}
+  - add_host:
+      name: "{{ item }}"
+      groups: oo_hosts_to_terminate
+      ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+      ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+    with_items: groups[cluster_group] | default([])
+
+- hosts: oo_hosts_to_terminate
+
+- hosts: localhost
+  connection: local
+  gather_facts: no
+  vars_files:
+  - vars.yml
+  tasks:
+  - name: Retrieve the floating IPs
+    shell: "neutron floatingip-list | awk '/{{ hostvars[item].ansible_default_ipv4.address }}/ {print $2}'"
+    with_items: groups['oo_hosts_to_terminate'] | default([])
+    register: floating_ips_to_delete
+
+  - name: Terminate instance(s)
+    nova_compute:
+      name: "{{ hostvars[item].os_name }}"
+      state: absent
+    with_items: groups['oo_hosts_to_terminate'] | default([])
+
+  - name: Delete floating IPs
+    command: "neutron floatingip-delete {{ item.stdout }}"
+    with_items: floating_ips_to_delete.results | default([])
+
+  - name: Destroy the network
+    command: "heat stack-delete {{ openstack_network_prefix }}-stack"
+    register: stack_delete_result
+    changed_when: stack_delete_result.rc == 0
+    failed_when: stack_delete_result.rc != 0 and 'could not be found' not in stack_delete_result.stdout
diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml
new file mode 100644
index 000000000..5e7ab4e58
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/update.yml
@@ -0,0 +1,18 @@
+---
+- name: Populate oo_hosts_to_update group
+  hosts: localhost
+  gather_facts: no
+  vars_files:
+  - vars.yml
+  tasks:
+  - name: Evaluate oo_hosts_to_update
+    add_host:
+      name: "{{ item }}"
+      groups: oo_hosts_to_update
+      ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+      ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+    with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | union(groups["tag_env-host-type_{{ cluster_id }}-openshift-node"]) | default([])
+
+- include: ../../common/openshift-cluster/update_repos_and_packages.yml
+
+- include: config.yml
diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml
new file mode 100644
index 000000000..c754f19fc
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/vars.yml
@@ -0,0 +1,39 @@
+---
+openstack_infra_heat_stack:     "{{ opt_infra_heat_stack  | default('files/heat_stack.yml') }}"
+openstack_network_prefix:       "{{ opt_network_prefix    | default('openshift-ansible-'+cluster_id) }}"
+openstack_network_cidr:         "{{ opt_net_cidr          | default('192.168.' + ( ( 1048576 | random % 256 ) | string() ) + '.0/24') }}"
+openstack_network_external_net: "{{ opt_external_net      | default('external') }}"
+openstack_floating_ip_pools:    "{{ opt_floating_ip_pools | default('external')        | oo_split() }}"
+openstack_network_dns:          "{{ opt_dns               | default('8.8.8.8,8.8.4.4') | oo_split() }}"
+openstack_ssh_keypair:          "{{ opt_keypair           | default(lookup('env', 'LOGNAME')+'_key') }}"
+openstack_ssh_public_key:       "{{ lookup('file', opt_public_key | default('~/.ssh/id_rsa.pub')) }}"
+openstack_ssh_access_from:      "{{ opt_ssh_from          | default('0.0.0.0/0') }}"
+openstack_flavor:
+  master:
+    ram:     "{{ opt_master_flavor_ram     | default(2048) }}"
+    id:      "{{ opt_master_flavor_id      | default() }}"
+    include: "{{ opt_master_flavor_include | default() }}"
+  node:
+    ram:     "{{ opt_node_flavor_ram     | default(4096) }}"
+    id:      "{{ opt_node_flavor_id      | default() }}"
+    include: "{{ opt_node_flavor_include | default() }}"
+
+deployment_vars:
+  origin:
+    image:
+      name: "{{ opt_image_name | default('centos-70-raw') }}"
+      id:
+    ssh_user: openshift
+    sudo: yes
+  online:
+    image:
+      name:
+      id:
+    ssh_user: root
+    sudo: no
+  enterprise:
+    image:
+      name: "{{ opt_image_name | default('centos-70-raw') }}"
+      id:
+    ssh_user: openshift
+    sudo: yes
-- 
cgit v1.2.3


From 9636fd100f5391a5404da2175d31ec744b73cd50 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Tue, 9 Jun 2015 13:56:10 -0400
Subject: Added more verbosity when error happens.  Also fixed a bug.

---
 inventory/multi_ec2.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'inventory')

diff --git a/inventory/multi_ec2.py b/inventory/multi_ec2.py
index f8196aefd..b7ce9e5dc 100755
--- a/inventory/multi_ec2.py
+++ b/inventory/multi_ec2.py
@@ -82,7 +82,6 @@ class MultiEc2(object):
         else:
             raise RuntimeError("Could not find valid ec2 credentials in the environment.")
 
-        # Set the default cache path but if its defined we'll assign it.
         if self.config.has_key('cache_location'):
             self.cache_path = self.config['cache_location']
 
@@ -217,7 +216,12 @@ class MultiEc2(object):
             # For any non-zero, raise an error on it
             for result in provider_results:
                 if result['code'] != 0:
-                    raise RuntimeError(result['err'])
+                    err_msg = ['\nProblem fetching account: {name}',
+                               'Error Code: {code}',
+                               'StdErr: {err}',
+                               'Stdout: {out}',
+                              ]
+                    raise RuntimeError('\n'.join(err_msg).format(**result))
                 else:
                     self.all_ec2_results[result['name']] = json.loads(result['out'])
 
@@ -248,8 +252,9 @@ class MultiEc2(object):
                     data[str(host_property)] = str(value)
 
             # Add this group
-            results["%s_%s" % (host_property, value)] = \
-              copy.copy(results[acc_config['all_group']])
+            if results.has_key(acc_config['all_group']):
+                results["%s_%s" % (host_property, value)] = \
+                  copy.copy(results[acc_config['all_group']])
 
         # store the results back into all_ec2_results
         self.all_ec2_results[acc_config['name']] = results
-- 
cgit v1.2.3


From fe458e2c29bffdab7708b67539a36a08506560da Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Tue, 9 Jun 2015 14:09:58 -0400
Subject: Automatic commit of package [openshift-ansible-inventory] release
 [0.0.8-1].

---
 inventory/openshift-ansible-inventory.spec   | 13 ++++++++++++-
 rel-eng/packages/openshift-ansible-inventory |  2 +-
 2 files changed, 13 insertions(+), 2 deletions(-)

(limited to 'inventory')

diff --git a/inventory/openshift-ansible-inventory.spec b/inventory/openshift-ansible-inventory.spec
index cd2332549..900a27f3a 100644
--- a/inventory/openshift-ansible-inventory.spec
+++ b/inventory/openshift-ansible-inventory.spec
@@ -1,6 +1,6 @@
 Summary:       OpenShift Ansible Inventories
 Name:          openshift-ansible-inventory
-Version:       0.0.7
+Version:       0.0.8
 Release:       1%{?dist}
 License:       ASL 2.0
 URL:           https://github.com/openshift/openshift-ansible
@@ -36,6 +36,17 @@ cp -p gce/hosts/gce.py %{buildroot}/usr/share/ansible/inventory/gce
 /usr/share/ansible/inventory/gce/gce.py*
 
 %changelog
+* Tue Jun 09 2015 Kenny Woodson <kwoodson@redhat.com> 0.0.8-1
+- Added more verbosity when error happens.  Also fixed a bug.
+  (kwoodson@redhat.com)
+- Implement OpenStack provider (lhuard@amadeus.com)
+- * rename openshift_registry_url oreg_url * rename option_images to
+  _{oreg|ortr}_images (jhonce@redhat.com)
+- Fix the remaining pylint warnings (lhuard@amadeus.com)
+- Fix some of the pylint warnings (lhuard@amadeus.com)
+- [libvirt cluster] Use net-dhcp-leases to find VMs’ IPs (lhuard@amadeus.com)
+- fixed the openshift-ansible-bin build (twiest@redhat.com)
+
 * Fri May 15 2015 Kenny Woodson <kwoodson@redhat.com> 0.0.7-1
 - Making multi_ec2 into a library (kwoodson@redhat.com)
 
diff --git a/rel-eng/packages/openshift-ansible-inventory b/rel-eng/packages/openshift-ansible-inventory
index df529d9fd..4851be122 100644
--- a/rel-eng/packages/openshift-ansible-inventory
+++ b/rel-eng/packages/openshift-ansible-inventory
@@ -1 +1 @@
-0.0.7-1 inventory/
+0.0.8-1 inventory/
-- 
cgit v1.2.3


From 94a77cb1d81b6e4e316ae679890df4994816532f Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Fri, 22 May 2015 13:13:17 -0400
Subject: Templatize configs and 0.5.2 changes

- Templatize node config
- Templatize master config
- Integrated sdn changes
- Updates for openshift_facts
  - Added support for node, master and sdn related changes
    - registry_url
  - added identity provider facts
- Removed openshift_sdn_* roles
- Install httpd-tools if configuring htpasswd auth
- Remove references to external_id
  - Setting external_id interferes with nodes associating with the generated
    node object when pre-registering nodes.
- osc/oc and osadm/oadm binary detection in openshift_facts

Misc Changes:
- make non-errata puddle default for byo example
- comment out master in list of nodes in inventory/byo/hosts
- remove non-error errors from fluentd_* roles
- Use admin kubeconfig instead of openshift-client
---
 filter_plugins/oo_filters.py                       |  21 ++
 inventory/byo/hosts                                |   9 +-
 playbooks/aws/openshift-cluster/config.yml         |   1 +
 playbooks/aws/openshift-node/config.yml            |   1 +
 playbooks/byo/openshift-node/config.yml            |   4 +-
 playbooks/common/openshift-master/config.yml       |   4 -
 playbooks/common/openshift-node/config.yml         |  80 ++++----
 playbooks/gce/openshift-cluster/config.yml         |   1 +
 playbooks/gce/openshift-node/config.yml            |   1 +
 playbooks/libvirt/openshift-cluster/config.yml     |   1 +
 playbooks/openstack/openshift-cluster/config.yml   |   1 +
 roles/fluentd_master/tasks/main.yml                |   3 +-
 roles/fluentd_node/tasks/main.yml                  |   3 +-
 roles/openshift_common/tasks/main.yml              |   2 +
 roles/openshift_common/vars/main.yml               |   2 +
 roles/openshift_facts/library/openshift_facts.py   | 196 +++++++++++++-----
 roles/openshift_master/tasks/main.yml              | 110 ++++++----
 roles/openshift_master/templates/master.yaml.v1.j2 |  98 +++++++++
 roles/openshift_master/templates/scheduler.json.j2 |  12 ++
 .../templates/v1_partials/oauthConfig.j2           |  78 +++++++
 roles/openshift_master/vars/main.yml               |  10 +-
 roles/openshift_node/defaults/main.yml             |   4 +
 roles/openshift_node/handlers/main.yml             |   1 -
 roles/openshift_node/tasks/main.yml                |  67 +++---
 roles/openshift_node/templates/node.yaml.v1.j2     |  18 ++
 roles/openshift_node/vars/main.yml                 |   3 +-
 roles/openshift_register_nodes/defaults/main.yml   |   2 -
 .../library/kubernetes_register_node.py            | 226 +++++++--------------
 roles/openshift_register_nodes/tasks/main.yml      |  59 +++---
 roles/openshift_register_nodes/vars/main.yml       |   2 +-
 roles/openshift_sdn_master/README.md               |  41 ----
 roles/openshift_sdn_master/handlers/main.yml       |   3 -
 roles/openshift_sdn_master/meta/main.yml           |  15 --
 roles/openshift_sdn_master/tasks/main.yml          |  37 ----
 roles/openshift_sdn_node/README.md                 |  44 ----
 roles/openshift_sdn_node/handlers/main.yml         |   3 -
 roles/openshift_sdn_node/meta/main.yml             |  15 --
 roles/openshift_sdn_node/tasks/main.yml            |  60 ------
 38 files changed, 656 insertions(+), 582 deletions(-)
 create mode 100644 roles/openshift_master/templates/master.yaml.v1.j2
 create mode 100644 roles/openshift_master/templates/scheduler.json.j2
 create mode 100644 roles/openshift_master/templates/v1_partials/oauthConfig.j2
 create mode 100644 roles/openshift_node/templates/node.yaml.v1.j2
 delete mode 100644 roles/openshift_register_nodes/defaults/main.yml
 delete mode 100644 roles/openshift_sdn_master/README.md
 delete mode 100644 roles/openshift_sdn_master/handlers/main.yml
 delete mode 100644 roles/openshift_sdn_master/meta/main.yml
 delete mode 100644 roles/openshift_sdn_master/tasks/main.yml
 delete mode 100644 roles/openshift_sdn_node/README.md
 delete mode 100644 roles/openshift_sdn_node/handlers/main.yml
 delete mode 100644 roles/openshift_sdn_node/meta/main.yml
 delete mode 100644 roles/openshift_sdn_node/tasks/main.yml

(limited to 'inventory')

diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index 476761715..b7248efaa 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -202,6 +202,26 @@ class FilterModule(object):
         '''
         return string.split(separator)
 
+    @staticmethod
+    def oo_filter_list(data, filter_attr=None):
+        ''' This returns a list, which contains all items where filter_attr
+            evaluates to true
+            Ex: data = [ { a: 1, b: True },
+                         { a: 3, b: False },
+                         { a: 5, b: True } ]
+                filter_attr = 'b'
+                returns [ { a: 1, b: True },
+                          { a: 5, b: True } ]
+        '''
+        if not issubclass(type(data), list):
+            raise errors.AnsibleFilterError("|failed expects to filter on a list")
+
+        if not issubclass(type(filter_attr), str):
+            raise errors.AnsibleFilterError("|failed expects filter_attr is a str")
+
+        # Gather up the values for the list of keys passed in
+        return [x for x in data if x[filter_attr]]
+
     def filters(self):
         ''' returns a mapping of filters to methods '''
         return {
@@ -214,4 +234,5 @@ class FilterModule(object):
             "oo_ec2_volume_definition": self.oo_ec2_volume_definition,
             "oo_combine_key_value": self.oo_combine_key_value,
             "oo_split": self.oo_split,
+            "oo_filter_list": self.oo_filter_list
         }
diff --git a/inventory/byo/hosts b/inventory/byo/hosts
index 9a1cbce29..4d4da5468 100644
--- a/inventory/byo/hosts
+++ b/inventory/byo/hosts
@@ -20,17 +20,20 @@ deployment_type=enterprise
 oreg_url=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}
 
 # Pre-release additional repo
-#openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
-openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterpriseErrata/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
+openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
+#openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterpriseErrata/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
 
 # Origin copr repo
 #openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
 
+# htpasswd auth
+#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/openshift/htpasswd'}]
+
 # host group for masters
 [masters]
 ose3-master-ansible.test.example.com
 
 # host group for nodes
 [nodes]
-ose3-master-ansible.test.example.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
+#ose3-master-ansible.test.example.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
 ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml
index b8961704e..7188312ed 100644
--- a/playbooks/aws/openshift-cluster/config.yml
+++ b/playbooks/aws/openshift-cluster/config.yml
@@ -32,5 +32,6 @@
     openshift_cluster_id: "{{ cluster_id }}"
     openshift_debug_level: 4
     openshift_deployment_type: "{{ deployment_type }}"
+    openshift_first_master: "{{ groups.oo_first_master.0 }}"
     openshift_hostname: "{{ ec2_private_ip_address }}"
     openshift_public_hostname: "{{ ec2_ip_address }}"
diff --git a/playbooks/aws/openshift-node/config.yml b/playbooks/aws/openshift-node/config.yml
index fc9b397b4..a993a1e99 100644
--- a/playbooks/aws/openshift-node/config.yml
+++ b/playbooks/aws/openshift-node/config.yml
@@ -21,5 +21,6 @@
     openshift_cluster_id: "{{ cluster_id }}"
     openshift_debug_level: 4
     openshift_deployment_type: "{{ deployment_type }}"
+    openshift_first_master: "{{ groups.oo_first_master.0 }}"
     openshift_hostname: "{{ ec2_private_ip_address }}"
     openshift_public_hostname: "{{ ec2_ip_address }}"
diff --git a/playbooks/byo/openshift-node/config.yml b/playbooks/byo/openshift-node/config.yml
index d569827b4..f50903061 100644
--- a/playbooks/byo/openshift-node/config.yml
+++ b/playbooks/byo/openshift-node/config.yml
@@ -10,12 +10,14 @@
     with_items: groups.nodes
   - name: Evaluate oo_first_master
     add_host:
-      name: "{{ groups.masters[0] }}"
+      name: "{{ item }}"
       groups: oo_first_master
+    with_items: groups.masters.0
 
 
 - include: ../../common/openshift-node/config.yml
   vars:
+    openshift_first_master: "{{ groups.masters.0 }}"
     openshift_cluster_id: "{{ cluster_id | default('default') }}"
     openshift_debug_level: 4
     openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index a9a4e6afc..052ed14c7 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -1,12 +1,8 @@
 ---
 - name: Configure master instances
   hosts: oo_masters_to_config
-  vars:
-    openshift_sdn_master_url: https://{{ openshift.common.hostname }}:4001
   roles:
   - openshift_master
-  - role: openshift_sdn_master
-    when: openshift.common.use_openshift_sdn | bool
   - role: fluentd_master
     when: openshift.common.use_fluentd | bool
   tasks:
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index feaeaab95..a650796c7 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -4,9 +4,9 @@
   roles:
   - openshift_facts
   tasks:
-  # Since the master is registering the nodes before they are configured, we
-  # need to make sure to set the node properties beforehand if we do not want
-  # the defaults
+  # Since the master is generating the node certificates before they are
+  # configured, we need to make sure to set the node properties beforehand if
+  # we do not want the defaults
   - openshift_facts:
       role: "{{ item.role }}"
       local_facts: "{{ item.local_facts }}"
@@ -18,13 +18,26 @@
           deployment_type: "{{ openshift_deployment_type }}"
       - role: node
         local_facts:
-          external_id: "{{ openshift_node_external_id | default(None) }}"
           resources_cpu: "{{ openshift_node_resources_cpu | default(None) }}"
           resources_memory: "{{ openshift_node_resources_memory | default(None) }}"
           pod_cidr: "{{ openshift_node_pod_cidr | default(None) }}"
           labels: "{{ openshift_node_labels | default(None) }}"
           annotations: "{{ openshift_node_annotations | default(None) }}"
-
+  - name: Check status of node certificates
+    stat:
+      path: "{{ item }}"
+    with_items:
+    - "/etc/openshift/node/node.key"
+    - "/etc/openshift/node/node.kubeconfig"
+    - "/etc/openshift/node/ca.crt"
+    - "/etc/openshift/node/server.key"
+    register: stat_result
+  - set_fact:
+      certs_missing: "{{ stat_result.results | map(attribute='stat.exists')
+                         | list | intersect([false])}}"
+      node_subdir: node-{{ openshift.common.hostname }}
+      config_dir: /etc/openshift/generated-configs/node-{{ openshift.common.hostname }}
+      node_cert_dir: /etc/openshift/node
 
 - name: Create temp directory for syncing certs
   hosts: localhost
@@ -37,66 +50,57 @@
     register: mktemp
     changed_when: False
 
-
 - name: Register nodes
   hosts: oo_first_master
   vars:
-    openshift_nodes: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']) }}"
+    nodes_needing_certs: "{{ hostvars
+                             | oo_select_keys(groups['oo_nodes_to_config'])
+                             | oo_filter_list(filter_attr='certs_missing') }}"
+    openshift_nodes: "{{ hostvars
+                         | oo_select_keys(groups['oo_nodes_to_config']) }}"
     sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
   roles:
   - openshift_register_nodes
-  tasks:
-  # TODO: update so that we only sync necessary configs/directories, currently
-  # we sync for all nodes in oo_nodes_to_config.  We will need to inspect the
-  # configs on the nodes to make the determination on whether to sync or not.
-  - name: Create the temp directory on the master
-    file:
-      path: "{{ sync_tmpdir }}"
-      owner: "{{ ansible_ssh_user }}"
-      mode: 0700
-      state: directory
-    changed_when: False
-
+  post_tasks:
   - name: Create a tarball of the node config directories
-    command: tar -czvf {{ sync_tmpdir }}/{{ item.openshift.common.hostname }}.tgz ./
+    command: >
+      tar -czvf {{ item.config_dir }}.tgz ./
+        --transform 's|system:{{ item.node_subdir }}|node|'
+        -C {{ item.config_dir }} .
     args:
-      chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
-    with_items: openshift_nodes
-    changed_when: False
+      creates: "{{ item.config_dir }}.tgz"
+    with_items: nodes_needing_certs
 
   - name: Retrieve the node config tarballs from the master
     fetch:
-      src: "{{ sync_tmpdir }}/{{ item.openshift.common.hostname }}.tgz"
+      src: "{{ item.config_dir }}.tgz"
       dest: "{{ sync_tmpdir }}/"
+      flat: yes
       fail_on_missing: yes
       validate_checksum: yes
-    with_items: openshift_nodes
-    changed_when: False
-
+    with_items: nodes_needing_certs
 
 - name: Configure node instances
   hosts: oo_nodes_to_config
-  gather_facts: no
   vars:
-    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}/{{ groups['oo_first_master'][0] }}/{{ hostvars.localhost.mktemp.stdout }}"
-    openshift_sdn_master_url: "https://{{ hostvars[groups['oo_first_master'][0]].openshift.common.hostname }}:4001"
+    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
+    openshift_node_master_api_url: "{{ hostvars[openshift_first_master].openshift.master.api_url }}"
   pre_tasks:
   - name: Ensure certificate directory exists
     file:
-      path: "{{ openshift_node_cert_dir }}"
+      path: "{{ node_cert_dir }}"
       state: directory
 
-  # TODO: notify restart openshift-node and/or restart openshift-sdn-node,
+  # TODO: notify restart openshift-node
   # possibly test service started time against certificate/config file
-  # timestamps in openshift-node or openshift-sdn-node to trigger notify
+  # timestamps in openshift-node to trigger notify
   - name: Unarchive the tarball on the node
     unarchive:
-      src: "{{ sync_tmpdir }}/{{ openshift.common.hostname }}.tgz"
-      dest: "{{ openshift_node_cert_dir }}"
+      src: "{{ sync_tmpdir }}/{{ node_subdir }}.tgz"
+      dest: "{{ node_cert_dir }}"
+    when: certs_missing
   roles:
   - openshift_node
-  - role: openshift_sdn_node
-    when: openshift.common.use_openshift_sdn | bool
   - role: fluentd_node
     when: openshift.common.use_fluentd | bool
   tasks:
@@ -113,7 +117,6 @@
   - file: name={{ sync_tmpdir }} state=absent
     changed_when: False
 
-
 - name: Delete temporary directory on localhost
   hosts: localhost
   connection: local
@@ -123,7 +126,6 @@
   - file: name={{ mktemp.stdout }} state=absent
     changed_when: False
 
-
 # Additional config for online type deployments
 - name: Additional instance config
   hosts: oo_nodes_deployment_type_online
diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml
index 8b8490246..8c320dbd2 100644
--- a/playbooks/gce/openshift-cluster/config.yml
+++ b/playbooks/gce/openshift-cluster/config.yml
@@ -34,4 +34,5 @@
     openshift_cluster_id: "{{ cluster_id }}"
     openshift_debug_level: 4
     openshift_deployment_type: "{{ deployment_type }}"
+    openshift_first_master: "{{ groups.oo_first_master.0 }}"
     openshift_hostname: "{{ gce_private_ip }}"
diff --git a/playbooks/gce/openshift-node/config.yml b/playbooks/gce/openshift-node/config.yml
index 5b1601176..54b0da2ca 100644
--- a/playbooks/gce/openshift-node/config.yml
+++ b/playbooks/gce/openshift-node/config.yml
@@ -21,4 +21,5 @@
     openshift_cluster_id: "{{ cluster_id }}"
     openshift_debug_level: 4
     openshift_deployment_type: "{{ deployment_type }}"
+    openshift_first_master: "{{ groups.oo_first_master.0 }}"
     openshift_hostname: "{{ gce_private_ip }}"
diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml
index faf278b10..75e2005a2 100644
--- a/playbooks/libvirt/openshift-cluster/config.yml
+++ b/playbooks/libvirt/openshift-cluster/config.yml
@@ -36,3 +36,4 @@
     openshift_cluster_id: "{{ cluster_id }}"
     openshift_debug_level: 4
     openshift_deployment_type: "{{ deployment_type }}"
+    openshift_first_master: "{{ groups.oo_first_master.0 }}"
diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml
index 1c0644e04..abadaf5ca 100644
--- a/playbooks/openstack/openshift-cluster/config.yml
+++ b/playbooks/openstack/openshift-cluster/config.yml
@@ -31,4 +31,5 @@
     openshift_cluster_id: "{{ cluster_id }}"
     openshift_debug_level: 4
     openshift_deployment_type: "{{ deployment_type }}"
+    openshift_first_master: "{{ groups.oo_first_master.0 }}"
     openshift_hostname: "{{ ansible_default_ipv4.address }}"
diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml
index 28caaa5b8..d828db52a 100644
--- a/roles/fluentd_master/tasks/main.yml
+++ b/roles/fluentd_master/tasks/main.yml
@@ -8,7 +8,8 @@
 - name: Verify fluentd plugin installed
   command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes'
   register: _fluent_plugin_check
-  ignore_errors: yes
+  failed_when: false
+  changed_when: false
 
 - name: install Kubernetes fluentd plugin
   command: '/opt/td-agent/embedded/bin/gem install fluent-plugin-kubernetes'
diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml
index 2526057cb..f9ef30b83 100644
--- a/roles/fluentd_node/tasks/main.yml
+++ b/roles/fluentd_node/tasks/main.yml
@@ -8,7 +8,8 @@
 - name: Verify fluentd plugin installed
   command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes'
   register: _fluent_plugin_check
-  ignore_errors: yes
+  failed_when: false
+  changed_when: false
 
 - name: install Kubernetes fluentd plugin
   command: '/opt/td-agent/embedded/bin/gem install fluent-plugin-kubernetes'
diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml
index c55677c3f..f76dd84ed 100644
--- a/roles/openshift_common/tasks/main.yml
+++ b/roles/openshift_common/tasks/main.yml
@@ -10,7 +10,9 @@
       public_hostname: "{{ openshift_public_hostname | default(None) }}"
       public_ip: "{{ openshift_public_ip | default(None) }}"
       use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}"
+      sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}"
       deployment_type: "{{ openshift_deployment_type }}"
+
 - name: Set hostname
   hostname: name={{ openshift.common.hostname }}
 
diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml
index 50816d319..8e7d71154 100644
--- a/roles/openshift_common/vars/main.yml
+++ b/roles/openshift_common/vars/main.yml
@@ -5,3 +5,5 @@
 # chains with the public zone (or the zone associated with the correct
 # interfaces)
 os_firewall_use_firewalld: False
+
+openshift_data_dir: /var/lib/openshift
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index aff7d723e..e4d3bf26f 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1,10 +1,6 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 # vim: expandtab:tabstop=4:shiftwidth=4
-# disable pylint checks
-# temporarily disabled until items can be addressed:
-#   fixme - until all TODO comments have been addressed
-# pylint:disable=fixme
 """Ansible module for retrieving and setting openshift related facts"""
 
 DOCUMENTATION = '''
@@ -19,6 +15,7 @@ EXAMPLES = '''
 
 import ConfigParser
 import copy
+import os
 
 
 def hostname_valid(hostname):
@@ -166,7 +163,6 @@ def normalize_gce_facts(metadata, facts):
         facts['network']['interfaces'].append(int_info)
     _, _, zone = metadata['instance']['zone'].rpartition('/')
     facts['zone'] = zone
-    facts['external_id'] = metadata['instance']['id']
 
     # Default to no sdn for GCE deployments
     facts['use_openshift_sdn'] = False
@@ -215,7 +211,6 @@ def normalize_aws_facts(metadata, facts):
             int_info['network_id'] = None
         facts['network']['interfaces'].append(int_info)
     facts['zone'] = metadata['placement']['availability-zone']
-    facts['external_id'] = metadata['instance-id']
 
     # TODO: actually attempt to determine default local and public ips
     # by using the ansible default ip fact and the ipv4-associations
@@ -247,7 +242,7 @@ def normalize_openstack_facts(metadata, facts):
     # metadata api, should be updated if neutron exposes this.
 
     facts['zone'] = metadata['availability_zone']
-    facts['external_id'] = metadata['uuid']
+
     facts['network']['ip'] = metadata['ec2_compat']['local-ipv4']
     facts['network']['public_ip'] = metadata['ec2_compat']['public-ipv4']
 
@@ -288,14 +283,39 @@ def normalize_provider_facts(provider, metadata):
         facts = normalize_openstack_facts(metadata, facts)
     return facts
 
-def set_fluentd_facts_if_unset(facts):
-    """ Set fluentd facts if not already present in facts dict
+def set_registry_url_if_unset(facts):
+    """ Set registry_url fact if not already present in facts dict
 
         Args:
             facts (dict): existing facts
         Returns:
+            dict: the facts dict updated with the generated identity providers
+            facts if they were not already present
+    """
+    for role in ('master', 'node'):
+        if role in facts:
+            deployment_type = facts['common']['deployment_type']
+            if 'registry_url' not in facts[role]:
+                registry_url = "openshift/origin-${component}:${version}"
+                if deployment_type == 'enterprise':
+                    registry_url = "openshift3_beta/ose-${component}:${version}"
+                elif deployment_type == 'online':
+                    registry_url = ("docker-registry.ops.rhcloud.com/"
+                                    "openshift3_beta/ose-${component}:${version}")
+                facts[role]['registry_url'] = registry_url
+
+    return facts
+
+def set_fluentd_facts_if_unset(facts):
+    """ Set fluentd facts if not already present in facts dict
             dict: the facts dict updated with the generated fluentd facts if
             missing
+        Args:
+            facts (dict): existing facts
+        Returns:
+            dict: the facts dict updated with the generated fluentd
+            facts if they were not already present
+
     """
     if 'common' in facts:
         deployment_type = facts['common']['deployment_type']
@@ -304,6 +324,32 @@ def set_fluentd_facts_if_unset(facts):
             facts['common']['use_fluentd'] = use_fluentd
     return facts
 
+def set_identity_providers_if_unset(facts):
+    """ Set identity_providers fact if not already present in facts dict
+
+        Args:
+            facts (dict): existing facts
+        Returns:
+            dict: the facts dict updated with the generated identity providers
+            facts if they were not already present
+    """
+    if 'master' in facts:
+        deployment_type = facts['common']['deployment_type']
+        if 'identity_providers' not in facts['master']:
+            identity_provider = dict(
+                name='allow_all', challenge=True, login=True,
+                kind='AllowAllPasswordIdentityProvider'
+            )
+            if deployment_type == 'enterprise':
+                identity_provider = dict(
+                    name='deny_all', challenge=True, login=True,
+                    kind='DenyAllPasswordIdentityProvider'
+                )
+
+            facts['master']['identity_providers'] = [identity_provider]
+
+    return facts
+
 def set_url_facts_if_unset(facts):
     """ Set url facts if not already present in facts dict
 
@@ -314,34 +360,77 @@ def set_url_facts_if_unset(facts):
                   were not already present
     """
     if 'master' in facts:
-        for (url_var, use_ssl, port, default) in [
-                ('api_url',
-                 facts['master']['api_use_ssl'],
-                 facts['master']['api_port'],
-                 facts['common']['hostname']),
-                ('public_api_url',
-                 facts['master']['api_use_ssl'],
-                 facts['master']['api_port'],
-                 facts['common']['public_hostname']),
-                ('console_url',
-                 facts['master']['console_use_ssl'],
-                 facts['master']['console_port'],
-                 facts['common']['hostname']),
-                ('public_console_url' 'console_use_ssl',
-                 facts['master']['console_use_ssl'],
-                 facts['master']['console_port'],
-                 facts['common']['public_hostname'])]:
-            if url_var not in facts['master']:
-                scheme = 'https' if use_ssl else 'http'
-                netloc = default
-                if ((scheme == 'https' and port != '443')
-                        or (scheme == 'http' and port != '80')):
-                    netloc = "%s:%s" % (netloc, port)
-                facts['master'][url_var] = urlparse.urlunparse(
-                    (scheme, netloc, '', '', '', '')
-                )
+        api_use_ssl = facts['master']['api_use_ssl']
+        api_port = facts['master']['api_port']
+        console_use_ssl = facts['master']['console_use_ssl']
+        console_port = facts['master']['console_port']
+        console_path = facts['master']['console_path']
+        etcd_use_ssl = facts['master']['etcd_use_ssl']
+        etcd_port = facts['master']['etcd_port'],
+        hostname = facts['common']['hostname']
+        public_hostname = facts['common']['public_hostname']
+
+        if 'etcd_urls' not in facts['master']:
+            facts['master']['etcd_urls'] = [format_url(etcd_use_ssl, hostname,
+                                                       etcd_port)]
+        if 'api_url' not in facts['master']:
+            facts['master']['api_url'] = format_url(api_use_ssl, hostname,
+                                                    api_port)
+        if 'public_api_url' not in facts['master']:
+            facts['master']['public_api_url'] = format_url(api_use_ssl,
+                                                           public_hostname,
+                                                           api_port)
+        if 'console_url' not in facts['master']:
+            facts['master']['console_url'] = format_url(console_use_ssl,
+                                                        hostname,
+                                                        console_port,
+                                                        console_path)
+        if 'public_console_url' not in facts['master']:
+            facts['master']['public_console_url'] = format_url(console_use_ssl,
+                                                               public_hostname,
+                                                               console_port,
+                                                               console_path)
+    return facts
+
+def set_sdn_facts_if_unset(facts):
+    """ Set sdn facts if not already present in facts dict
+
+        Args:
+            facts (dict): existing facts
+        Returns:
+            dict: the facts dict updated with the generated sdn facts if they
+                  were not already present
+    """
+    if 'common' in facts:
+        if 'sdn_network_plugin_name' not in facts['common']:
+            use_sdn = facts['common']['use_openshift_sdn']
+            plugin = 'redhat/openshift-ovs-subnet' if use_sdn else ''
+            facts['common']['sdn_network_plugin_name'] = plugin
+
+    if 'master' in facts:
+        if 'sdn_cluster_network_cidr' not in facts['master']:
+            facts['master']['sdn_cluster_network_cidr'] = '10.1.0.0/16'
+        if 'sdn_host_subnet_length' not in facts['master']:
+            facts['master']['sdn_host_subnet_length'] = '8'
+
     return facts
 
+def format_url(use_ssl, hostname, port, path=''):
+    """ Format url based on ssl flag, hostname, port and path
+
+        Args:
+            use_ssl (bool): is ssl enabled
+            hostname (str): hostname
+            port (str): port
+            path (str): url path
+        Returns:
+            str: The generated url string
+    """
+    scheme = 'https' if use_ssl else 'http'
+    netloc = hostname
+    if (use_ssl and port != '443') or (not use_ssl and port != '80'):
+        netloc += ":%s" % port
+    return urlparse.urlunparse((scheme, netloc, path, '', '', ''))
 
 def get_current_config(facts):
     """ Get current openshift config
@@ -405,7 +494,7 @@ def get_current_config(facts):
     return current_config
 
 
-def apply_provider_facts(facts, provider_facts, roles):
+def apply_provider_facts(facts, provider_facts):
     """ Apply provider facts to supplied facts dict
 
         Args:
@@ -433,11 +522,6 @@ def apply_provider_facts(facts, provider_facts, roles):
             facts['common'][ip_var]
         )
 
-    if 'node' in roles:
-        ext_id = provider_facts.get('external_id')
-        if ext_id:
-            facts['node']['external_id'] = ext_id
-
     facts['provider'] = provider_facts
     return facts
 
@@ -571,11 +655,14 @@ class OpenShiftFacts(object):
 
         defaults = self.get_defaults(roles)
         provider_facts = self.init_provider_facts()
-        facts = apply_provider_facts(defaults, provider_facts, roles)
+        facts = apply_provider_facts(defaults, provider_facts)
         facts = merge_facts(facts, local_facts)
         facts['current_config'] = get_current_config(facts)
         facts = set_url_facts_if_unset(facts)
         facts = set_fluentd_facts_if_unset(facts)
+        facts = set_identity_providers_if_unset(facts)
+        facts = set_registry_url_if_unset(facts)
+        facts = set_sdn_facts_if_unset(facts)
         return dict(openshift=facts)
 
     def get_defaults(self, roles):
@@ -589,31 +676,36 @@ class OpenShiftFacts(object):
         """
         defaults = dict()
 
-        common = dict(use_openshift_sdn=True)
         ip_addr = self.system_facts['default_ipv4']['address']
-        common['ip'] = ip_addr
-        common['public_ip'] = ip_addr
-
         exit_code, output, _ = module.run_command(['hostname', '-f'])
         hostname_f = output.strip() if exit_code == 0 else ''
         hostname_values = [hostname_f, self.system_facts['nodename'],
                            self.system_facts['fqdn']]
         hostname = choose_hostname(hostname_values)
 
-        common['hostname'] = hostname
-        common['public_hostname'] = hostname
+        common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr,
+                      deployment_type='origin', hostname=hostname,
+                      public_hostname=hostname)
+        common['client_binary'] = 'oc' if os.path.isfile('/usr/bin/oc') else 'osc'
+        common['admin_binary'] = 'oadm' if os.path.isfile('/usr/bin/oadm') else 'osadm'
         defaults['common'] = common
 
         if 'master' in roles:
             master = dict(api_use_ssl=True, api_port='8443',
                           console_use_ssl=True, console_path='/console',
-                          console_port='8443', etcd_use_ssl=False,
-                          etcd_port='4001', portal_net='172.30.17.0/24')
+                          console_port='8443', etcd_use_ssl=True,
+                          etcd_port='4001', portal_net='172.30.0.0/16',
+                          embedded_etcd=True, embedded_kube=True,
+                          embedded_dns=True, dns_port='53',
+                          bind_addr='0.0.0.0', session_max_seconds=3600,
+                          session_name='ssn', session_secrets_file='',
+                          access_token_max_seconds=86400,
+                          auth_token_max_seconds=500,
+                          oauth_grant_method='auto')
             defaults['master'] = master
 
         if 'node' in roles:
-            node = dict(external_id=common['hostname'], pod_cidr='',
-                        labels={}, annotations={})
+            node = dict(pod_cidr='', labels={}, annotations={})
             node['resources_cpu'] = self.system_facts['processor_cores']
             node['resources_memory'] = int(
                 int(self.system_facts['memtotal_mb']) * 1024 * 1024 * 0.75
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index f243825b2..b718ab6d1 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -1,10 +1,16 @@
 ---
-# TODO: actually have api_port, api_use_ssl, console_port, console_use_ssl,
-# etcd_use_ssl actually change the master config.
+# TODO: add validation for openshift_master_identity_providers
+# TODO: add ability to configure certificates given either a local file to
+#       point to or certificate contents, set in default cert locations.
+
+- assert:
+    that:
+    - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods
+  when: openshift_master_oauth_grant_method is defined
 
 - name: Set master OpenShift facts
   openshift_facts:
-    role: 'master'
+    role: master
     local_facts:
       debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}"
       api_port: "{{ openshift_master_api_port | default(None) }}"
@@ -18,15 +24,32 @@
       public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
       etcd_port: "{{ openshift_master_etcd_port | default(None) }}"
       etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}"
+      etcd_urls: "{{ openshift_master_etcd_urls | default(None) }}"
+      embedded_etcd: "{{ openshift_master_embedded_etcd | default(None) }}"
+      embedded_kube: "{{ openshift_master_embedded_kube | default(None) }}"
+      embedded_dns: "{{ openshift_master_embedded_dns | default(None) }}"
+      dns_port: "{{ openshift_master_dns_port | default(None) }}"
+      bind_addr: "{{ openshift_master_bind_addr | default(None) }}"
       portal_net: "{{ openshift_master_portal_net | default(None) }}"
+      session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}"
+      session_name: "{{ openshift_master_session_name | default(None) }}"
+      session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}"
+      access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}"
+      auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}"
+      identity_providers: "{{ openshift_master_identity_providers | default(None) }}"
+      registry_url: "{{ oreg_url | default(None) }}"
+      oauth_grant_method: "{{ openshift_master_oauth_grant_method | default(None) }}"
+      sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}"
+      sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}"
 
 # TODO: These values need to be configurable
 - name: Set dns OpenShift facts
   openshift_facts:
-    role: 'dns'
+    role: dns
     local_facts:
       ip: "{{ openshift.common.ip }}"
-      domain: local
+      domain: cluster.local
+  when: openshift.master.embedded_dns
 
 - name: Install OpenShift Master package
   yum: pkg=openshift-master state=installed
@@ -41,34 +64,53 @@
     path: "{{ openshift_master_config_dir }}"
     state: directory
 
-# TODO: should probably use a template lookup for this
-# TODO: should allow for setting --etcd, --kubernetes options
-# TODO: recreate config if values change
-- name: Use enterprise default for oreg_url if not set
-  set_fact:
-    oreg_url: "openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'enterprise' and oreg_url is not defined
-
-- name: Use online default for oreg_url if not set
-  set_fact:
-    oreg_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'online' and oreg_url is not defined
+- name: Create the master certificates if they do not already exist
+  command: >
+    {{ openshift.common.admin_binary }} create-master-certs
+      --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }}
+      --master={{ openshift.master.api_url }}
+      --public-master={{ openshift.master.public_api_url }}
+      --cert-dir={{ openshift_master_config_dir }} --overwrite=false
+  args:
+    creates: "{{ openshift_master_config_dir }}/master.server.key"
 
-# TODO: Need to get a flag added for volumes path, i think it'll get put in
-- name: Create master config
+- name: Create the policy file if it does not already exist
   command: >
-    /usr/bin/openshift start master
-    --write-config={{ openshift_master_config_dir }}
-    --portal-net={{ openshift.master.portal_net }}
-    --etcd-dir={{ openshift_data_dir }}/openshift.local.etcd
-    --master={{ openshift.master.api_url }}
-    --public-master={{ openshift.master.public_api_url }}
-    --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://0.0.0.0:{{ openshift.master.api_port }}
-    {{ ('--images=' ~ oreg_url) if (oreg_url | default('', true) != '') else '' }}
-    {{ ('--nodes=' ~ openshift_node_ips | join(',')) if (openshift_node_ips | default('', true) != '') else '' }}
+    {{ openshift.common.admin_binary }} create-bootstrap-policy-file
+      --filename={{ openshift_master_policy }}
   args:
-    chdir: "{{ openshift_master_config_dir }}"
-    creates: "{{ openshift_master_config_file }}"
+    creates: "{{ openshift_master_policy }}"
+  notify:
+  - restart openshift-master
+
+- name: Create the scheduler config
+  template:
+    dest: "{{ openshift_master_scheduler_conf }}"
+    src: scheduler.json.j2
+  notify:
+  - restart openshift-master
+
+- name: Install httpd-tools if needed
+  yum: pkg=httpd-tools state=installed
+  when: item.kind == 'HTPasswdPasswordIdentityProvider'
+  with_items: openshift.master.identity_providers
+
+- name: Create the htpasswd file if needed
+  copy:
+    dest: "{{ item.filename }}"
+    content: ""
+    mode: 0600
+    force: no
+  when: item.kind == 'HTPasswdPasswordIdentityProvider'
+  with_items: openshift.master.identity_providers
+
+# TODO: add the validate parameter when there is a validation command to run
+- name: Create master config
+  template:
+    dest: "{{ openshift_master_config_file }}"
+    src: master.yaml.v1.j2
+  notify:
+  - restart openshift-master
 
 - name: Configure OpenShift settings
   lineinfile:
@@ -79,7 +121,7 @@
     - regex: '^OPTIONS='
       line: "OPTIONS=--loglevel={{ openshift.master.debug_level }}"
     - regex: '^CONFIG_FILE='
-      line: "CONFIG_FILE={{ openshift_master_config_file}}"
+      line: "CONFIG_FILE={{ openshift_master_config_file }}"
   notify:
   - restart openshift-master
 
@@ -99,15 +141,15 @@
 
 # TODO: Update this file if the contents of the source file are not present in
 # the dest file, will need to make sure to ignore things that could be added
-- name: Create the OpenShift client config(s)
-  command: cp {{ openshift_master_config_dir }}/openshift-client.kubeconfig ~{{ item }}/.config/openshift/.config
+- name: Copy the OpenShift admin client config(s)
+  command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.config/openshift/.config
   args:
     creates: ~{{ item }}/.config/openshift/.config
   with_items:
   - root
   - "{{ ansible_ssh_user }}"
 
-- name: Update the permissions on the OpenShift client config(s)
+- name: Update the permissions on the OpenShift admin client config(s)
   file:
     path: "~{{ item }}/.config/openshift/.config"
     state: file
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
new file mode 100644
index 000000000..1c2d37b63
--- /dev/null
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -0,0 +1,98 @@
+apiVersion: v1
+assetConfig:
+  logoutURL: ""
+  masterPublicURL: {{ openshift.master.public_api_url }}
+  publicURL: {{ openshift.master.public_console_url }}/
+  servingInfo:
+    bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }}
+    certFile: master.server.crt
+    clientCA: ""
+    keyFile: master.server.key
+corsAllowedOrigins:
+{# TODO: add support for user specified corsAllowedOrigins #}
+{% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %}
+  - {{ origin }}
+{% endfor %}
+{% if openshift.master.embedded_dns %}
+dnsConfig:
+  bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}
+{% endif %}
+etcdClientInfo:
+  ca: ca.crt
+  certFile: master.etcd-client.crt
+  keyFile: master.etcd-client.key
+  urls:
+{% for etcd_url in openshift.master.etcd_urls %}
+    - {{ etcd_url }}
+{% endfor %}
+{% if openshift.master.embedded_etcd %}
+etcdConfig:
+  address: {{ openshift.common.hostname }}:{{ openshift.master.etcd_port }}
+  peerAddress: {{ openshift.common.hostname }}:7001
+  peerServingInfo:
+    bindAddress: {{ openshift.master.bind_addr }}:7001
+    certFile: etcd.server.crt
+    clientCA: ca.crt
+    keyFile: etcd.server.key
+  servingInfo:
+    bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }}
+    certFile: etcd.server.crt
+    clientCA: ca.crt
+    keyFile: etcd.server.key
+  storageDirectory: {{ openshift_data_dir }}/openshift.local.etcd
+{% endif %}
+etcdStorageConfig:
+  kubernetesStoragePrefix: kubernetes.io
+  kubernetesStorageVersion: v1beta3
+  kubernetesStoragePrefix: kubernetes.io
+  openShiftStorageVersion: v1beta3
+imageConfig:
+  format: {{ openshift.master.registry_url }}
+  latest: false
+kind: MasterConfig
+kubeletClientInfo:
+{# TODO: allow user specified kubelet port #}
+  ca: ca.crt
+  certFile: master.kubelet-client.crt
+  keyFile: master.kubelet-client.key
+  port: 10250
+{% if openshift.master.embedded_kube %}
+kubernetesMasterConfig:
+{# TODO: support overriding masterCount #}
+  masterCount: 1
+  masterIP: ""
+  schedulerConfigFile: {{ openshift_master_scheduler_conf }}
+  servicesSubnet: {{ openshift.master.portal_net }}
+  staticNodeNames: {{ openshift_node_ips | default([], true) }}
+{% endif %}
+masterClients:
+{# TODO: allow user to set externalKubernetesKubeConfig #}
+  deployerKubeConfig: openshift-deployer.kubeconfig
+  externalKubernetesKubeConfig: ""
+  openshiftLoopbackKubeConfig: openshift-client.kubeconfig
+masterPublicURL: {{ openshift.master.public_api_url }}
+networkConfig:
+  clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }}
+  hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }}
+  networkPluginName: {{ openshift.common.sdn_network_plugin_name }}
+{% include 'v1_partials/oauthConfig.j2' %}
+policyConfig:
+  bootstrapPolicyFile: {{ openshift_master_policy }}
+  openshiftSharedResourcesNamespace: openshift
+{# TODO: Allow users to override projectConfig items #}
+projectConfig:
+  defaultNodeSelector: ""
+  projectRequestMessage: ""
+  projectRequestTemplate: ""
+serviceAccountConfig:
+  managedNames:
+  - default
+  - builder
+  privateKeyFile: serviceaccounts.private.key
+  publicKeyFiles:
+  - serviceaccounts.public.key
+servingInfo:
+  bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }}
+  certFile: master.server.crt
+  clientCA: ca.crt
+  keyFile: master.server.key
diff --git a/roles/openshift_master/templates/scheduler.json.j2 b/roles/openshift_master/templates/scheduler.json.j2
new file mode 100644
index 000000000..833e7f3e1
--- /dev/null
+++ b/roles/openshift_master/templates/scheduler.json.j2
@@ -0,0 +1,12 @@
+{
+  "predicates": [
+    {"name": "PodFitsResources"},
+    {"name": "PodFitsPorts"},
+    {"name": "NoDiskConflict"},
+    {"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}}
+  ],"priorities": [
+    {"name": "LeastRequestedPriority", "weight": 1},
+    {"name": "ServiceSpreadingPriority", "weight": 1},
+    {"name": "Zone", "weight" : 2, "argument": {"serviceAntiAffinity" : {"label": "zone"}}}
+  ]
+}
diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2
new file mode 100644
index 000000000..f6fd88c65
--- /dev/null
+++ b/roles/openshift_master/templates/v1_partials/oauthConfig.j2
@@ -0,0 +1,78 @@
+{% macro identity_provider_config(identity_provider) %}
+      apiVersion: v1
+      kind: {{ identity_provider.kind }}
+{% if identity_provider.kind == 'HTPasswdPasswordIdentityProvider' %}
+      file: {{ identity_provider.filename }}
+{% elif identity_provider.kind == 'BasicAuthPasswordIdentityProvider' %}
+      url: {{ identity_provider.url }}
+{% for key in ('ca', 'certFile', 'keyFile') %}
+{% if key in identity_provider %}
+      {{ key }}: {{ identity_provider[key] }}"
+{% endif %}
+{% endfor %}
+{% elif identity_provider.kind == 'RequestHeaderIdentityProvider' %}
+      headers: {{ identity_provider.headers }}
+{% if 'clientCA' in identity_provider %}
+      clientCA: {{ identity_provider.clientCA }}
+{% endif %}
+{% elif identity_provider.kind == 'GitHubIdentityProvider' %}
+      clientID: {{ identity_provider.clientID }}
+      clientSecret: {{ identity_provider.clientSecret }}
+{% elif identity_provider.kind == 'GoogleIdentityProvider' %}
+      clientID: {{ identity_provider.clientID }}
+      clientSecret: {{ identity_provider.clientSecret }}
+{% if 'hostedDomain' in identity_provider %}
+      hostedDomain: {{ identity_provider.hostedDomain }}
+{% endif %}
+{% elif identity_provider.kind == 'OpenIDIdentityProvider' %}
+      clientID: {{ identity_provider.clientID }}
+      clientSecret: {{ identity_provider.clientSecret }}
+      claims:
+        id: identity_provider.claims.id
+{% for claim_key in ('preferredUsername', 'name', 'email') %}
+{% if claim_key in identity_provider.claims %}
+        {{ claim_key }}: {{ identity_provider.claims[claim_key] }}
+{% endif %}
+{% endfor %}
+      urls:
+        authorize: {{ identity_provider.urls.authorize }}
+        token: {{ identity_provider.urls.token }}
+{% if 'userInfo' in identity_provider.urls %}
+        userInfo: {{ identity_provider.userInfo }}
+{% endif %}
+{% if 'extraScopes' in identity_provider %}
+      extraScopes:
+{% for scope in identity_provider.extraScopes %}
+      - {{ scope }}
+{% endfor %}
+{% endif %}
+{% if 'extraAuthorizeParameters' in identity_provider %}
+      extraAuthorizeParameters:
+{% for param_key, param_value in identity_provider.extraAuthorizeParameters.iteritems() %}
+        {{ param_key }}: {{ param_value }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endmacro %}
+oauthConfig:
+  assetPublicURL: {{ openshift.master.public_console_url }}/
+  grantConfig:
+    method: {{ openshift.master.oauth_grant_method }}
+  identityProviders:
+{% for identity_provider in openshift.master.identity_providers %}
+  - name: {{ identity_provider.name }}
+    challenge: {{ identity_provider.challenge }}
+    login: {{ identity_provider.login }}
+    provider:
+{{ identity_provider_config(identity_provider) }}
+{%- endfor %}
+  masterPublicURL: {{ openshift.master.public_api_url }}
+  masterURL: {{ openshift.master.api_url }}
+  sessionConfig:
+    sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }}
+    sessionName: {{ openshift.master.session_name }}
+    sessionSecretsFile: {{ openshift.master.session_secrets_file }}
+  tokenConfig:
+    accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }}
+    authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }}
+{# Comment to preserve newline after authorizeTokenMaxAgeSeconds #}
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index 0739e2b44..f6f69966a 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -1,6 +1,10 @@
 ---
-openshift_data_dir: /var/lib/openshift
 openshift_master_config_dir: /etc/openshift/master
 openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
-openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
-openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
+openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json"
+openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"
+
+openshift_master_valid_grant_methods:
+- auto
+- prompt
+- deny
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index df7ec41b6..be51195f2 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -2,3 +2,7 @@
 os_firewall_allow:
 - service: OpenShift kubelet
   port: 10250/tcp
+- service: http
+  port: 80/tcp
+- service: https
+  port: 443/tcp
diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml
index ca2992637..953a1421b 100644
--- a/roles/openshift_node/handlers/main.yml
+++ b/roles/openshift_node/handlers/main.yml
@@ -1,4 +1,3 @@
 ---
 - name: restart openshift-node
   service: name=openshift-node state=restarted
-  when: not openshift.common.use_openshift_sdn|bool
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index dc2b491aa..338ef055b 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -1,44 +1,58 @@
 ---
 # TODO: allow for overriding default ports where possible
-# TODO: trigger the external service when restart is needed
-# TODO: work with upstream to fix naming of 'master-client.crt/master-client.key'
 
 - name: Set node OpenShift facts
   openshift_facts:
-    role: 'node'
+    role: "{{ item.role }}"
+    local_facts: "{{ item.local_facts }}"
+  with_items:
+  - role: common
+    local_facts:
+      hostname: "{{ openshift_hostname | default(none) }}"
+      public_hostname: "{{ openshift_public_hostname | default(none) }}"
+      deployment_type: "{{ openshift_deployment_type }}"
+  - role: node
     local_facts:
+      resources_cpu: "{{ openshift_node_resources_cpu | default(none) }}"
+      resources_memory: "{{ openshift_node_resources_memory | default(none) }}"
+      pod_cidr: "{{ openshift_node_pod_cidr | default(none) }}"
+      labels: "{{ openshift_node_labels | default(none) }}"
+      annotations: "{{ openshift_node_annotations | default(none) }}"
+      registry_url: "{{ oreg_url | default(none) }}"
       debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}"
 
-- name: Test if node certs and config exist
-  stat: path={{ item }}
-  failed_when: not result.stat.exists
-  register: result
-  with_items:
-  - "{{ openshift_node_cert_dir }}"
-  - "{{ openshift_node_cert_dir }}/ca.crt"
-  - "{{ openshift_node_cert_dir }}/master-client.crt"
-  - "{{ openshift_node_cert_dir }}/master-client.key"
-  - "{{ openshift_node_cert_dir }}/node.kubeconfig"
-  - "{{ openshift_node_cert_dir }}/node-config.yaml"
-  - "{{ openshift_node_cert_dir }}/server.crt"
-  - "{{ openshift_node_cert_dir }}/server.key"
-
 - name: Install OpenShift Node package
   yum: pkg=openshift-node state=installed
-  register: install_result
+  register: node_install_result
+
+- name: Install openshift-sdn-ovs
+  yum: pkg=openshift-sdn-ovs state=installed
+  register: sdn_install_result
+  when: openshift.common.use_openshift_sdn
 
 - name: Reload systemd units
   command: systemctl daemon-reload
-  when: install_result | changed
+  when: (node_install_result | changed or (openshift.common.use_openshift_sdn
+          and sdn_install_result | changed))
+
+# TODO: add the validate parameter when there is a validation command to run
+- name: Create the Node config
+  template:
+    dest: "{{ openshift_node_config_file }}"
+    src: node.yaml.v1.j2
+  notify:
+  - restart openshift-node
 
-# --create-certs=false is a temporary workaround until
-# https://github.com/openshift/origin/pull/1361 is merged upstream and it is
-# the default for nodes
 - name: Configure OpenShift Node settings
   lineinfile:
     dest: /etc/sysconfig/openshift-node
-    regexp: '^OPTIONS='
-    line: "OPTIONS=\"--loglevel={{ openshift.node.debug_level }} --config={{ openshift_node_cert_dir }}/node-config.yaml\""
+    regexp: "{{ item.regex }}"
+    line: "{{ item.line }}"
+  with_items:
+    - regex: '^OPTIONS='
+      line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}"
+    - regex: '^CONFIG_FILE='
+      line: "CONFIG_FILE={{ openshift_node_config_file }}"
   notify:
   - restart openshift-node
 
@@ -47,8 +61,3 @@
 
 - name: Start and enable openshift-node
   service: name=openshift-node enabled=yes state=started
-  when: not openshift.common.use_openshift_sdn|bool
-
-- name: Disable openshift-node if openshift-node is managed externally
-  service: name=openshift-node enabled=false
-  when: openshift.common.use_openshift_sdn|bool
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
new file mode 100644
index 000000000..cab75cd49
--- /dev/null
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -0,0 +1,18 @@
+allowDisabledDocker: false
+apiVersion: v1
+dnsDomain: {{ hostvars[openshift_first_master].openshift.dns.domain }}
+dnsIP: {{ hostvars[openshift_first_master].openshift.dns.ip }}
+imageConfig:
+  format: {{ openshift.node.registry_url }}
+  latest: false
+kind: NodeConfig
+masterKubeConfig: node.kubeconfig
+networkPluginName: {{ openshift.common.sdn_network_plugin_name }}
+nodeName: {{ openshift.common.hostname }}
+podManifestConfig: null
+servingInfo:
+  bindAddress: 0.0.0.0:10250
+  certFile: server.crt
+  clientCA: ca.crt
+  keyFile: server.key
+volumeDirectory: {{ openshift_data_dir }}/openshift.local.volumes
diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml
index c6be83139..cf47f8354 100644
--- a/roles/openshift_node/vars/main.yml
+++ b/roles/openshift_node/vars/main.yml
@@ -1,2 +1,3 @@
 ---
-openshift_node_cert_dir: /etc/openshift/node
+openshift_node_config_dir: /etc/openshift/node
+openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml"
diff --git a/roles/openshift_register_nodes/defaults/main.yml b/roles/openshift_register_nodes/defaults/main.yml
deleted file mode 100644
index a0befab44..000000000
--- a/roles/openshift_register_nodes/defaults/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-openshift_kube_api_version: v1beta1
diff --git a/roles/openshift_register_nodes/library/kubernetes_register_node.py b/roles/openshift_register_nodes/library/kubernetes_register_node.py
index afa9eb27d..ee24d4166 100755
--- a/roles/openshift_register_nodes/library/kubernetes_register_node.py
+++ b/roles/openshift_register_nodes/library/kubernetes_register_node.py
@@ -3,15 +3,13 @@
 # vim: expandtab:tabstop=4:shiftwidth=4
 #
 # disable pylint checks
-# temporarily disabled until items can be addressed:
-#   fixme - until all TODO comments have been addressed
 # permanently disabled unless someone wants to refactor the object model:
 #   too-few-public-methods
 #   no-self-use
 #   too-many-arguments
 #   too-many-locals
 #   too-many-branches
-# pylint:disable=fixme, too-many-arguments, no-self-use
+# pylint:disable=too-many-arguments, no-self-use
 # pylint:disable=too-many-locals, too-many-branches, too-few-public-methods
 """Ansible module to register a kubernetes node to the cluster"""
 
@@ -41,24 +39,6 @@ options:
             - IP Address to associate with the node when registering.
               Available in the following API versions: v1beta1.
         required: false
-    hostnames:
-        default: []
-        description:
-            - Valid hostnames for this node. Available in the following API
-              versions: v1beta3.
-        required: false
-    external_ips:
-        default: []
-        description:
-            - External IP Addresses for this node. Available in the following API
-              versions: v1beta3.
-        required: false
-    internal_ips:
-        default: []
-        description:
-            - Internal IP Addresses for this node. Available in the following API
-              versions: v1beta3.
-        required: false
     cpu:
         default: null
         description:
@@ -87,17 +67,6 @@ EXAMPLES = '''
     hostIP: 192.168.1.1
     cpu: 1
     memory: 500000000
-
-# Node registration using the v1beta3 API, setting an alternate hostname,
-# internalIP, externalIP and assigning 3.5 CPU cores and 1 TiB of Memory
-- openshift_register_node:
-    name: ose3.node.example.com
-    api_version: v1beta3
-    external_ips: ['192.168.1.5']
-    internal_ips: ['10.0.0.5']
-    hostnames: ['ose2.node.internal.local']
-    cpu: 3.5
-    memory: 1Ti
 '''
 
 
@@ -313,57 +282,11 @@ class NodeSpec(object):
         """
         return Util.remove_empty_elements(self.spec)
 
-class NodeStatus(object):
-    """ Kubernetes Node Status
-
-        Attributes:
-            status (dict): A dictionary representing the node status
-
-        Args:
-            version (str): kubernetes api version
-            externalIPs (list, optional): externalIPs for the node
-            internalIPs (list, optional): internalIPs for the node
-            hostnames (list, optional): hostnames for the node
-    """
-    def add_addresses(self, address_type, addresses):
-        """ Adds addresses of the specified type
-
-            Args:
-                address_type (str): address type
-                addresses (list): addresses to add
-        """
-        address_list = []
-        for address in addresses:
-            address_list.append(dict(type=address_type, address=address))
-        return address_list
-
-    def __init__(self, version, externalIPs=None, internalIPs=None,
-                 hostnames=None):
-        if version == 'v1beta3':
-            addresses = []
-            if externalIPs is not None:
-                addresses += self.add_addresses('ExternalIP', externalIPs)
-            if internalIPs is not None:
-                addresses += self.add_addresses('InternalIP', internalIPs)
-            if hostnames is not None:
-                addresses += self.add_addresses('Hostname', hostnames)
-
-            self.status = dict(addresses=addresses)
-
-    def get_status(self):
-        """ Get the dict representing the node status
-
-            Returns:
-                dict: representation of the node status with any empty elements
-                    removed
-        """
-        return Util.remove_empty_elements(self.status)
-
 class Node(object):
     """ Kubernetes Node
 
         Attributes:
-            status (dict): A dictionary representing the node
+            node (dict): A dictionary representing the node
 
         Args:
             module (AnsibleModule):
@@ -371,9 +294,6 @@ class Node(object):
             version (str, optional): kubernetes api version
             node_name (str, optional): name for node
             hostIP (str, optional): node host ip
-            hostnames (list, optional): hostnames for the node
-            externalIPs (list, optional): externalIPs for the node
-            internalIPs (list, optional): internalIPs for the node
             cpu (str, optional): cpu resources for the node
             memory (str, optional): memory resources for the node
             labels (list, optional): labels for the node
@@ -382,8 +302,7 @@ class Node(object):
             externalID (str, optional): external id of the node
     """
     def __init__(self, module, client_opts, version='v1beta1', node_name=None,
-                 hostIP=None, hostnames=None, externalIPs=None,
-                 internalIPs=None, cpu=None, memory=None, labels=None,
+                 hostIP=None, cpu=None, memory=None, labels=None,
                  annotations=None, podCIDR=None, externalID=None):
         self.module = module
         self.client_opts = client_opts
@@ -405,9 +324,7 @@ class Node(object):
                              apiVersion=version,
                              metadata=metadata,
                              spec=NodeSpec(version, cpu, memory, podCIDR,
-                                           externalID),
-                             status=NodeStatus(version, externalIPs,
-                                               internalIPs, hostnames))
+                                           externalID))
 
     def get_name(self):
         """ Get the name for the node
@@ -432,7 +349,6 @@ class Node(object):
             node['resources'] = self.node['resources'].get_resources()
         elif self.node['apiVersion'] == 'v1beta3':
             node['spec'] = self.node['spec'].get_spec()
-            node['status'] = self.node['status'].get_status()
         return Util.remove_empty_elements(node)
 
     def exists(self):
@@ -473,52 +389,15 @@ class Node(object):
         else:
             return True
 
-def main():
-    """ main """
-    module = AnsibleModule(
-        argument_spec=dict(
-            name=dict(required=True, type='str'),
-            host_ip=dict(type='str'),
-            hostnames=dict(type='list', default=[]),
-            external_ips=dict(type='list', default=[]),
-            internal_ips=dict(type='list', default=[]),
-            api_version=dict(type='str', default='v1beta1',
-                             choices=['v1beta1', 'v1beta3']),
-            cpu=dict(type='str'),
-            memory=dict(type='str'),
-            # TODO: needs documented
-            labels=dict(type='dict', default={}),
-            # TODO: needs documented
-            annotations=dict(type='dict', default={}),
-            # TODO: needs documented
-            pod_cidr=dict(type='str'),
-            # TODO: needs documented
-            external_id=dict(type='str'),
-            # TODO: needs documented
-            client_config=dict(type='str'),
-            # TODO: needs documented
-            client_cluster=dict(type='str', default='master'),
-            # TODO: needs documented
-            client_context=dict(type='str', default='default'),
-            # TODO: needs documented
-            client_namespace=dict(type='str', default='default'),
-            # TODO: needs documented
-            client_user=dict(type='str', default='system:openshift-client'),
-            # TODO: needs documented
-            kubectl_cmd=dict(type='list', default=['kubectl']),
-            # TODO: needs documented
-            kubeconfig_flag=dict(type='str'),
-            # TODO: needs documented
-            default_client_config=dict(type='str')
-        ),
-        mutually_exclusive=[
-            ['host_ip', 'external_ips'],
-            ['host_ip', 'internal_ips'],
-            ['host_ip', 'hostnames'],
-        ],
-        supports_check_mode=True
-    )
+def generate_client_opts(module):
+    """ Generates the client options
 
+        Args:
+            module(AnsibleModule)
+
+        Returns:
+            str: client options
+    """
     client_config = '~/.kube/.kubeconfig'
     if 'default_client_config' in module.params:
         client_config = module.params['default_client_config']
@@ -533,8 +412,7 @@ def main():
         kubeconfig_flag = '--kubeconfig'
         if 'kubeconfig_flag' in module.params:
             kubeconfig_flag = module.params['kubeconfig_flag']
-        client_opts.append(kubeconfig_flag + '=' +
-                           os.path.expanduser(module.params['client_config']))
+        client_opts.append(kubeconfig_flag + '=' + os.path.expanduser(module.params['client_config']))
 
     try:
         config = ClientConfig(client_opts, module)
@@ -547,51 +425,85 @@ def main():
         if client_context != config.current_context():
             client_opts.append("--context=%s" % client_context)
     else:
-        module.fail_json(msg="Context %s not found in client config" %
-                         client_context)
+        module.fail_json(msg="Context %s not found in client config" % client_context)
 
     client_user = module.params['client_user']
     if config.has_user(client_user):
         if client_user != config.get_user_for_context(client_context):
             client_opts.append("--user=%s" % client_user)
     else:
-        module.fail_json(msg="User %s not found in client config" %
-                         client_user)
+        module.fail_json(msg="User %s not found in client config" % client_user)
 
     client_cluster = module.params['client_cluster']
     if config.has_cluster(client_cluster):
         if client_cluster != config.get_cluster_for_context(client_context):
             client_opts.append("--cluster=%s" % client_cluster)
     else:
-        module.fail_json(msg="Cluster %s not found in client config" %
-                         client_cluster)
+        module.fail_json(msg="Cluster %s not found in client config" % client_cluster)
 
     client_namespace = module.params['client_namespace']
     if client_namespace != config.get_namespace_for_context(client_context):
         client_opts.append("--namespace=%s" % client_namespace)
 
-    node = Node(module, client_opts, module.params['api_version'],
-                module.params['name'], module.params['host_ip'],
-                module.params['hostnames'], module.params['external_ips'],
-                module.params['internal_ips'], module.params['cpu'],
-                module.params['memory'], module.params['labels'],
-                module.params['annotations'], module.params['pod_cidr'],
-                module.params['external_id'])
+    return client_opts
+
+
+def main():
+    """ main """
+    module = AnsibleModule(
+        argument_spec=dict(
+            name=dict(required=True, type='str'),
+            host_ip=dict(type='str'),
+            api_version=dict(type='str', default='v1beta1',
+                             choices=['v1beta1', 'v1beta3']),
+            cpu=dict(type='str'),
+            memory=dict(type='str'),
+            # TODO: needs documented
+            labels=dict(type='dict', default={}),
+            # TODO: needs documented
+            annotations=dict(type='dict', default={}),
+            # TODO: needs documented
+            pod_cidr=dict(type='str'),
+            # TODO: needs documented
+            client_config=dict(type='str'),
+            # TODO: needs documented
+            client_cluster=dict(type='str', default='master'),
+            # TODO: needs documented
+            client_context=dict(type='str', default='default'),
+            # TODO: needs documented
+            client_namespace=dict(type='str', default='default'),
+            # TODO: needs documented
+            client_user=dict(type='str', default='system:admin'),
+            # TODO: needs documented
+            kubectl_cmd=dict(type='list', default=['kubectl']),
+            # TODO: needs documented
+            kubeconfig_flag=dict(type='str'),
+            # TODO: needs documented
+            default_client_config=dict(type='str')
+        ),
+        supports_check_mode=True
+    )
+
+    labels = module.params['labels']
+    kube_hostname_label = 'kubernetes.io/hostname'
+    if kube_hostname_label not in labels:
+        labels[kube_hostname_label] = module.params['name']
+
+    node = Node(module, generate_client_opts(module),
+                module.params['api_version'], module.params['name'],
+                module.params['host_ip'], module.params['cpu'],
+                module.params['memory'], labels, module.params['annotations'],
+                module.params['pod_cidr'])
 
-    # TODO: attempt to support changing node settings where possible and/or
-    # modifying node resources
     if node.exists():
         module.exit_json(changed=False, node=node.get_node())
     elif module.check_mode:
         module.exit_json(changed=True, node=node.get_node())
+    elif node.create():
+        module.exit_json(changed=True, msg="Node created successfully",
+                         node=node.get_node())
     else:
-        if node.create():
-            module.exit_json(changed=True,
-                             msg="Node created successfully",
-                             node=node.get_node())
-        else:
-            module.fail_json(msg="Unknown error creating node",
-                             node=node.get_node())
+        module.fail_json(msg="Unknown error creating node", node=node.get_node())
 
 # ignore pylint errors related to the module_utils import
 # pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import
diff --git a/roles/openshift_register_nodes/tasks/main.yml b/roles/openshift_register_nodes/tasks/main.yml
index 7a85f6624..b78e00a98 100644
--- a/roles/openshift_register_nodes/tasks/main.yml
+++ b/roles/openshift_register_nodes/tasks/main.yml
@@ -1,51 +1,42 @@
 ---
-# TODO: support new create-config command to generate node certs and config
-# TODO: recreate master/node configs if settings that affect the configs
-# change (hostname, public_hostname, ip, public_ip, etc)
-
-
-# TODO: use a template lookup here
-# TODO: create a failed_when condition
-- name: Use enterprise default for oreg_url if not set
-  set_fact:
-    oreg_url: "openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'enterprise' and oreg_url is not defined
-
-- name: Use online default for oreg_url if not set
-  set_fact:
-    oreg_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
-  when: openshift.common.deployment_type == 'online' and oreg_url is not defined
-
 - name: Create openshift_generated_configs_dir if it doesn't exist
   file:
     path: "{{ openshift_generated_configs_dir }}"
     state: directory
 
-- name: Create node config
+- name: Generate the node client config
   command: >
-    /usr/bin/openshift admin create-node-config
-      --node-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}
-      --node={{ item.openshift.common.hostname }}
-      --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }}
-      --dns-domain={{ openshift.dns.domain }}
-      --dns-ip={{ openshift.dns.ip }}
+    {{ openshift.common.admin_binary }} create-api-client-config
+      --certificate-authority={{ openshift_master_ca_cert }}
+      --client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}
+      --groups=system:nodes
       --master={{ openshift.master.api_url }}
-      --signer-key={{ openshift_master_ca_key }}
       --signer-cert={{ openshift_master_ca_cert }}
-      --certificate-authority={{ openshift_master_ca_cert }}
+      --signer-key={{ openshift_master_ca_key }}
       --signer-serial={{ openshift_master_ca_serial }}
-      --node-client-certificate-authority={{ openshift_master_ca_cert }}
-      {{ ('--images=' ~ oreg_url) if oreg_url is defined else '' }}
-      --listen=https://0.0.0.0:10250
-      --volume-dir={{ openshift_data_dir }}/openshift.local.volumes
+      --user=system:node-{{ item.openshift.common.hostname }}
   args:
     chdir: "{{ openshift_generated_configs_dir }}"
     creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
-  with_items: openshift_nodes
+  with_items: nodes_needing_certs
+
+- name: Generate the node server certificate
+  delegate_to: "{{ openshift_first_master }}"
+  command: >
+    {{ openshift.common.admin_binary }} create-server-cert
+      --cert=server.crt --key=server.key --overwrite=true
+      --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }}
+      --signer-cert={{ openshift_master_ca_cert }}
+      --signer-key={{ openshift_master_ca_key }}
+      --signer-serial={{ openshift_master_ca_serial }}
+  args:
+    chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
+    creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt"
+  with_items: nodes_needing_certs
 
 - name: Register unregistered nodes
   kubernetes_register_node:
-    kubectl_cmd: ['osc']
+    kubectl_cmd: "{{ [openshift.common.client_binary] }}"
     default_client_config: '~/.config/openshift/.config'
     name: "{{ item.openshift.common.hostname }}"
     api_version: "{{ openshift_kube_api_version }}"
@@ -55,8 +46,6 @@
     host_ip: "{{ item.openshift.common.ip }}"
     labels: "{{ item.openshift.node.labels | default({}) }}"
     annotations: "{{ item.openshift.node.annotations | default({}) }}"
-    external_id: "{{ item.openshift.node.external_id }}"
-    # TODO: support customizing other attributes such as: client_config,
-    # client_cluster, client_context, client_user
   with_items: openshift_nodes
   register: register_result
+
diff --git a/roles/openshift_register_nodes/vars/main.yml b/roles/openshift_register_nodes/vars/main.yml
index ebc0a0ef4..3801b8427 100644
--- a/roles/openshift_register_nodes/vars/main.yml
+++ b/roles/openshift_register_nodes/vars/main.yml
@@ -2,7 +2,7 @@
 openshift_node_config_dir: /etc/openshift/node
 openshift_master_config_dir: /etc/openshift/master
 openshift_generated_configs_dir: /etc/openshift/generated-configs
-openshift_data_dir: /var/lib/openshift
 openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
 openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
 openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
+openshift_kube_api_version: v1beta3
diff --git a/roles/openshift_sdn_master/README.md b/roles/openshift_sdn_master/README.md
deleted file mode 100644
index d0dcf6d11..000000000
--- a/roles/openshift_sdn_master/README.md
+++ /dev/null
@@ -1,41 +0,0 @@
-OpenShift SDN Master
-====================
-
-OpenShift SDN Master service installation
-
-Requirements
-------------
-
-A host with the openshift_master role applied
-
-Role Variables
---------------
-
-From this role:
-| Name                             | Default value         |                                                  |
-|----------------------------------|-----------------------|--------------------------------------------------|
-| openshift_sdn_master_debug_level | openshift_debug_level | Verbosity of the debug logs for openshift-master |
-
-From openshift_common:
-| Name                  | Default value |                                      |
-|-----------------------|---------------|--------------------------------------|
-| openshift_debug_level | 0             | Global openshift debug log verbosity |
-
-Dependencies
-------------
-
-
-Example Playbook
-----------------
-
-TODO
-
-License
--------
-
-Apache License, Version 2.0
-
-Author Information
-------------------
-
-TODO
diff --git a/roles/openshift_sdn_master/handlers/main.yml b/roles/openshift_sdn_master/handlers/main.yml
deleted file mode 100644
index cd645f2c5..000000000
--- a/roles/openshift_sdn_master/handlers/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- name: restart openshift-sdn-master
-  service: name=openshift-sdn-master state=restarted
diff --git a/roles/openshift_sdn_master/meta/main.yml b/roles/openshift_sdn_master/meta/main.yml
deleted file mode 100644
index 5de32cc13..000000000
--- a/roles/openshift_sdn_master/meta/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-galaxy_info:
-  author: Jason DeTiberus
-  description: OpenShift SDN Master
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 1.7
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-dependencies:
-- { role: openshift_common }
diff --git a/roles/openshift_sdn_master/tasks/main.yml b/roles/openshift_sdn_master/tasks/main.yml
deleted file mode 100644
index e64199b74..000000000
--- a/roles/openshift_sdn_master/tasks/main.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-# TODO: add task to set the sdn subnet if openshift-sdn-master hasn't been
-# started yet
-
-- name: Set master sdn OpenShift facts
-  openshift_facts:
-    role: 'master_sdn'
-    local_facts:
-      debug_level: "{{ openshift_master_sdn_debug_level | default(openshift.common.debug_level) }}"
-
-- name: Install openshift-sdn-master
-  yum:
-    pkg: openshift-sdn-master
-    state: installed
-  register: install_result
-
-- name: Reload systemd units
-  command: systemctl daemon-reload
-  when: install_result | changed
-
-# TODO: we should probably generate certs specifically for sdn
-- name: Configure openshift-sdn-master settings
-  lineinfile:
-    dest: /etc/sysconfig/openshift-sdn-master
-    regexp: '^OPTIONS='
-    line: "OPTIONS=\"-v={{ openshift.master_sdn.debug_level }} -etcd-endpoints={{ openshift_sdn_master_url}}
-      -etcd-cafile={{ openshift_master_config_dir }}/ca.crt
-      -etcd-certfile={{ openshift_master_config_dir }}/master.etcd-client.crt
-      -etcd-keyfile={{ openshift_master_config_dir }}/master.etcd-client.key\""
-  notify:
-  - restart openshift-sdn-master
-
-- name: Enable openshift-sdn-master
-  service:
-    name: openshift-sdn-master
-    enabled: yes
-    state: started
diff --git a/roles/openshift_sdn_node/README.md b/roles/openshift_sdn_node/README.md
deleted file mode 100644
index e6b6a9503..000000000
--- a/roles/openshift_sdn_node/README.md
+++ /dev/null
@@ -1,44 +0,0 @@
-OpenShift SDN Node
-==================
-
-OpenShift SDN Node service installation
-
-Requirements
-------------
-
-A host with the openshift_node role applied
-
-Role Variables
---------------
-
-From this role:
-| Name                           | Default value         |                                                  |
-|--------------------------------|-----------------------|--------------------------------------------------|
-| openshift_sdn_node_debug_level | openshift_debug_level | Verbosity of the debug logs for openshift-master |
-
-
-From openshift_common:
-| Name                          | Default value       |                                        |
-|-------------------------------|---------------------|----------------------------------------|
-| openshift_debug_level         | 0                   | Global openshift debug log verbosity   |
-| openshift_public_ip           | UNDEF (Required)    | Public IP address to use for this host |
-| openshift_hostname            | UNDEF (Required)    | hostname to use for this instance |
-
-Dependencies
-------------
-
-
-Example Playbook
-----------------
-
-TODO
-
-License
--------
-
-Apache License, Version 2.0
-
-Author Information
-------------------
-
-TODO
diff --git a/roles/openshift_sdn_node/handlers/main.yml b/roles/openshift_sdn_node/handlers/main.yml
deleted file mode 100644
index 402d82149..000000000
--- a/roles/openshift_sdn_node/handlers/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- name: restart openshift-sdn-node
-  service: name=openshift-sdn-node state=restarted
diff --git a/roles/openshift_sdn_node/meta/main.yml b/roles/openshift_sdn_node/meta/main.yml
deleted file mode 100644
index ffe10f836..000000000
--- a/roles/openshift_sdn_node/meta/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-galaxy_info:
-  author: Jason DeTiberus
-  description: OpenShift SDN Node
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 1.7
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-dependencies:
-- { role: openshift_common }
diff --git a/roles/openshift_sdn_node/tasks/main.yml b/roles/openshift_sdn_node/tasks/main.yml
deleted file mode 100644
index 591839056..000000000
--- a/roles/openshift_sdn_node/tasks/main.yml
+++ /dev/null
@@ -1,60 +0,0 @@
----
-- name: Set node sdn OpenShift facts
-  openshift_facts:
-    role: 'node_sdn'
-    local_facts:
-      debug_level: "{{ openshift_node_sdn_debug_level | default(openshift.common.debug_level) }}"
-
-- name: Install openshift-sdn-node
-  yum:
-    pkg: openshift-sdn-node
-    state: installed
-  register: install_result
-
-- name: Reload systemd units
-  command: systemctl daemon-reload
-  when: install_result | changed
-
-# TODO: we are specifying -hostname= for OPTIONS as a workaround for
-# openshift-sdn-node not properly detecting the hostname.
-# TODO: we should probably generate certs specifically for sdn
-- name: Configure openshift-sdn-node settings
-  lineinfile:
-    dest: /etc/sysconfig/openshift-sdn-node
-    regexp: "{{ item.regex }}"
-    line: "{{ item.line }}"
-    backrefs: yes
-  with_items:
-    - regex: '^(OPTIONS=)'
-      line: '\1"-v={{ openshift.node_sdn.debug_level }} -hostname={{ openshift.common.hostname }}
-        -etcd-cafile={{ openshift_node_cert_dir }}/ca.crt
-        -etcd-certfile={{ openshift_node_cert_dir }}/master-client.crt
-        -etcd-keyfile={{ openshift_node_cert_dir }}/master-client.key\"'
-    - regex: '^(MASTER_URL=)'
-      line: '\1"{{ openshift_sdn_master_url }}"'
-    - regex: '^(MINION_IP=)'
-      line: '\1"{{ openshift.common.ip }}"'
-  notify: restart openshift-sdn-node
-
-- name: Ensure we aren't setting DOCKER_OPTIONS in /etc/sysconfig/openshift-sdn-node
-  lineinfile:
-    dest: /etc/sysconfig/openshift-sdn-node
-    regexp: '^DOCKER_OPTIONS='
-    state: absent
-  notify: restart openshift-sdn-node
-
-# TODO lock down the insecure-registry config to a more sane value than
-# 0.0.0.0/0
-- name: Configure docker insecure-registry setting
-  lineinfile:
-    dest: /etc/sysconfig/docker
-    regexp: INSECURE_REGISTRY=
-    line: INSECURE_REGISTRY='--insecure-registry=0.0.0.0/0'
-  notify: restart openshift-sdn-node
-
-
-- name: Start and enable openshift-sdn-node
-  service:
-    name: openshift-sdn-node
-    enabled: yes
-    state: started
-- 
cgit v1.2.3