Merge pull request #209 from openshift/master

Merge Master Into Stage

24 files changed, 777 insertions, 154 deletions

diff --git a/.gitignore b/.gitignore
index e25d99eeb..cacc711a1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@
 .DS_Store
 gce.ini
 multi_ec2.yaml
+.vagrant
diff --git a/README.md b/README.md
index 87dbfc1ea..20f571ccc 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,10 @@ Setup
   - [GCE](README_GCE.md)
   - [local VMs](README_libvirt.md)
 
+- Bring your own host deployments:
+  - [OpenShift Enterprise](README_OSE.md)
+  - [OpenShift Origin](README_origin.md)
+
 - Build
   - [How to build the openshift-ansible rpms](BUILD.md)
 
diff --git a/README_AWS.md b/README_AWS.md
index 888abe939..dc93357ee 100644
--- a/README_AWS.md
+++ b/README_AWS.md
@@ -65,7 +65,7 @@ If needed, these values can be changed by setting environment variables on your
 - export ec2_ami='ami-307b3658'
 - export ec2_region='us-east-1'
 - export ec2_keypair='libra'
-- export ec2_security_group='public'
+- export ec2_security_groups="['public']"
 - export os_master_root_vol_size='20'
 - export os_master_root_vol_type='standard'
 - export os_node_root_vol_size='15'
diff --git a/README_OSE.md b/README_OSE.md
index cd0b9f7a6..41a6f2935 100644
--- a/README_OSE.md
+++ b/README_OSE.md
@@ -12,7 +12,7 @@
 ## Requirements
 * ansible
   * Tested using ansible-1.8.4-1.fc20.noarch, but should work with version 1.8+
-  * There is currently a known issue with ansible-1.9.0, you can downgrade to 1.8.4 on Fedora by installing one of the bulids from Koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=13842
+  * There is currently a known issue with ansible-1.9.0, you can downgrade to 1.8.4 on Fedora by installing one of the builds from Koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=13842
   * Available in Fedora channels
   * Available for EL with EPEL and Optional channel
 * One or more RHEL 7.1 VMs
@@ -119,9 +119,8 @@ inventory file use the -i option for ansible-playbook.
 #### Create the default router
 On the master host:
 ```sh
-systemctl restart openshift-sdn-master
 openshift ex router --create=true \
-  --credentials=/var/lib/openshift/openshift.local.certificates/openshift-client/.kubeconfig \
+  --credentials=/var/lib/openshift/openshift.local.certificates/openshift-router/.kubeconfig \
   --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}'
 ```
 
@@ -129,7 +128,7 @@ openshift ex router --create=true \
 On the master host:
 ```sh
 openshift ex registry --create=true \
-  --credentials=/var/lib/openshift/openshift.local.certificates/openshift-client/.kubeconfig \
+  --credentials=/var/lib/openshift/openshift.local.certificates/openshift-registry/.kubeconfig \
   --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:${version}' \
   --mount-host=/var/lib/openshift/docker-registry
 ```
diff --git a/README_origin.md b/README_origin.md
new file mode 100644
index 000000000..5b3fd2435
--- /dev/null
+++ b/README_origin.md
@@ -0,0 +1,210 @@
+# Installing OpenShift Origin against existing hosts
+
+* [Requirements](#requirements)
+* [Caveats](#caveats)
+* [Known Issues](#known-issues)
+* [Configuring the host inventory](#configuring-the-host-inventory)
+* [Creating the default variables for the hosts and host groups](#creating-the-default-variables-for-the-hosts-and-host-groups)
+* [Running the ansible playbooks](#running-the-ansible-playbooks)
+* [Post-ansible steps](#post-ansible-steps)
+* [Overriding detected ip addresses and hostnames](#overriding-detected-ip-addresses-and-hostnames)
+
+## Requirements
+* ansible
+  * Tested using ansible-1.8.4-1.fc20.noarch, but should work with version 1.8+
+  * There is currently a known issue with ansible-1.9.0, you can downgrade to 1.8.4 on Fedora by installing one of the builds from Koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=13842
+  * Available in Fedora channels
+  * Available for EL with EPEL and Optional channel
+* One or more RHEL 7.1 or CentOS 7.1 VMs
+* Either ssh key based auth for the root user or ssh key based auth for a user
+  with sudo access (no password)
+* A checkout of openshift-ansible from https://github.com/openshift/openshift-ansible/
+  
+  ```sh
+  git clone https://github.com/openshift/openshift-ansible.git
+  cd openshift-ansible
+  ```
+## Known Issues
+* RHEL - Host subscriptions are not configurable yet, the hosts need to be
+  pre-registered with subscription-manager or have the RHEL base repo
+  pre-configured. If using subscription-manager the following commands will
+  disable all but the rhel-7-server rhel-7-server-extras and
+  rhel-server7-ose-beta repos:
+```sh
+subscription-manager repos --disable="*"
+subscription-manager repos \
+--enable="rhel-7-server-rpms" \
+--enable="rhel-7-server-extras-rpms" \
+--enable="rhel-server-7-ose-beta-rpms"
+```
+* Configuration of router is not automated yet
+* Configuration of docker-registry is not automated yet
+
+## Configuring the host inventory
+[Ansible docs](http://docs.ansible.com/intro_inventory.html)
+
+Example inventory file for configuring one master and two nodes for the test
+environment. This can be configured in the default inventory file
+(/etc/ansible/hosts), or using a custom file and passing the --inventory
+option to ansible-playbook.
+
+/etc/ansible/hosts:
+```ini
+# This is an example of a bring your own (byo) host inventory
+
+# Create an OSEv3 group that contains the masters and nodes groups
+[OSv3:children]
+masters
+nodes
+
+# Set variables common for all OSEv3 hosts
+[OSv3:vars]
+# SSH user, this user should allow ssh based auth without requiring a password
+ansible_ssh_user=root
+
+# If ansible_ssh_user is not root, ansible_sudo must be set to true
+#ansible_sudo=true
+
+deployment_type=origin
+
+# host group for masters
+[masters]
+osv3-master.example.com
+
+# host group for nodes
+[nodes]
+osv3-node[1:2].example.com
+```
+
+The hostnames above should resolve both from the hosts themselves and
+the host where ansible is running (if different).
+
+## Running the ansible playbooks
+From the openshift-ansible checkout run:
+```sh
+ansible-playbook playbooks/byo/config.yml
+```
+**Note:** this assumes that the host inventory is /etc/ansible/hosts, if using a different
+inventory file use the -i option for ansible-playbook.
+
+## Post-ansible steps
+#### Create the default router
+On the master host:
+```sh
+openshift ex router --create=true \
+  --credentials=/var/lib/openshift/openshift.local.certificates/openshift-router/.kubeconfig
+```
+
+#### Create the default docker-registry
+On the master host:
+```sh
+openshift ex registry --create=true \
+  --credentials=/var/lib/openshift/openshift.local.certificates/openshift-registry/.kubeconfig \
+  --mount-host=/var/lib/openshift/docker-registry
+```
+
+## Overriding detected ip addresses and hostnames
+Some deployments will require that the user override the detected hostnames
+and ip addresses for the hosts. To see what the default values will be you can
+run the openshift_facts playbook:
+```sh
+ansible-playbook playbooks/byo/openshift_facts.yml
+```
+The output will be similar to:
+```
+ok: [10.3.9.45] => {
+    "result": {
+        "ansible_facts": {
+            "openshift": {
+                "common": {
+                    "hostname": "jdetiber-osev3-ansible-005dcfa6-27c6-463d-9b95-ef059579befd.os1.phx2.redhat.com",
+                    "ip": "172.16.4.79",
+                    "public_hostname": "jdetiber-osev3-ansible-005dcfa6-27c6-463d-9b95-ef059579befd.os1.phx2.redhat.com",
+                    "public_ip": "10.3.9.45",
+                    "use_openshift_sdn": true
+                },
+                "provider": {
+                  ... <snip> ...
+                }
+            }
+        },
+        "changed": false,
+        "invocation": {
+            "module_args": "",
+            "module_name": "openshift_facts"
+        }
+    }
+}
+ok: [10.3.9.42] => {
+    "result": {
+        "ansible_facts": {
+            "openshift": {
+                "common": {
+                    "hostname": "jdetiber-osev3-ansible-c6ae8cdc-ba0b-4a81-bb37-14549893f9d3.os1.phx2.redhat.com",
+                    "ip": "172.16.4.75",
+                    "public_hostname": "jdetiber-osev3-ansible-c6ae8cdc-ba0b-4a81-bb37-14549893f9d3.os1.phx2.redhat.com",
+                    "public_ip": "10.3.9.42",
+                    "use_openshift_sdn": true
+                },
+                "provider": {
+                  ...<snip>...
+                }
+            }
+        },
+        "changed": false,
+        "invocation": {
+            "module_args": "",
+            "module_name": "openshift_facts"
+        }
+    }
+}
+ok: [10.3.9.36] => {
+    "result": {
+        "ansible_facts": {
+            "openshift": {
+                "common": {
+                    "hostname": "jdetiber-osev3-ansible-bc39a3d3-cdd7-42fe-9c12-9fac9b0ec320.os1.phx2.redhat.com",
+                    "ip": "172.16.4.73",
+                    "public_hostname": "jdetiber-osev3-ansible-bc39a3d3-cdd7-42fe-9c12-9fac9b0ec320.os1.phx2.redhat.com",
+                    "public_ip": "10.3.9.36",
+                    "use_openshift_sdn": true
+                },
+                "provider": {
+                    ...<snip>...
+                }
+            }
+        },
+        "changed": false,
+        "invocation": {
+            "module_args": "",
+            "module_name": "openshift_facts"
+        }
+    }
+}
+```
+Now, we want to verify the detected common settings to verify that they are
+what we expect them to be (if not, we can override them).
+
+* hostname
+  * Should resolve to the internal ip from the instances themselves.
+  * openshift_hostname will override.
+* ip
+  * Should be the internal ip of the instance.
+  * openshift_ip will override.
+* public hostname
+  * Should resolve to the external ip from hosts outside of the cloud
+  * provider openshift_public_hostname will override.
+* public_ip
+  * Should be the externally accessible ip associated with the instance
+  * openshift_public_ip will override
+* use_openshift_sdn
+  * Should be true unless the cloud is GCE.
+  * openshift_use_openshift_sdn overrides
+
+To override the the defaults, you can set the variables in your inventory:
+```
+...snip...
+[masters]
+osv3-master.example.com openshift_ip=1.1.1.1 openshift_hostname=osv3-master.example.com openshift_public_ip=2.2.2.2 openshift_public_hostname=osv3-master.public.example.com
+...snip...
+```
diff --git a/README_vagrant.md b/README_vagrant.md
new file mode 100644
index 000000000..e3b3b5551
--- /dev/null
+++ b/README_vagrant.md
@@ -0,0 +1,25 @@
+Requirements
+------------
+- vagrant (tested against version 1.7.2)
+- vagrant-hostmaster plugin (tested against version 1.5.0)
+- vagrant-libvirt (tested against version 0.0.26)
+  - Only required if using libvirt instead of virtualbox
+
+Usage
+-----
+```
+vagrant up --no-provision
+vagrant provision
+```
+
+Using libvirt:
+```
+vagrant up --provider=libvirt --no-provision
+vagrant provision
+```
+
+Environment Variables
+---------------------
+The following environment variables can be overriden:
+- OPENSHIFT_DEPLOYMENT_TYPE (defaults to origin, choices: origin, enterprise, online)
+- OPENSHIFT_NUM_NODES (the number of nodes to create, defaults to 2)
diff --git a/Vagrantfile b/Vagrantfile
new file mode 100644
index 000000000..648bc5171
--- /dev/null
+++ b/Vagrantfile
@@ -0,0 +1,62 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+VAGRANTFILE_API_VERSION = "2"
+
+unless Vagrant.has_plugin?("vagrant-hostmanager")
+  raise 'vagrant-hostmanager plugin is required'
+end
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+
+  deployment_type = ENV['OPENSHIFT_DEPLOYMENT_TYPE'] || 'origin'
+  num_nodes = (ENV['OPENSHIFT_NUM_NODES'] || 2).to_i
+
+  config.hostmanager.enabled = true
+  config.hostmanager.manage_host = true
+  config.hostmanager.include_offline = true
+  config.ssh.insert_key = false
+  config.vm.provider "virtualbox" do |vbox, override|
+    override.vm.box = "chef/centos-7.1"
+    vbox.memory = 1024
+    vbox.cpus = 2
+
+    # Enable multiple guest CPUs if available
+    vbox.customize ["modifyvm", :id, "--ioapic", "on"]
+  end
+
+  config.vm.provider "libvirt" do |libvirt, override|
+    libvirt.cpus = 2
+    libvirt.memory = 1024
+    libvirt.driver = 'kvm'
+    override.vm.box = "centos-7.1"
+    override.vm.box_url = "https://download.gluster.org/pub/gluster/purpleidea/vagrant/centos-7.1/centos-7.1.box"
+    override.vm.box_download_checksum = "b2a9f7421e04e73a5acad6fbaf4e9aba78b5aeabf4230eebacc9942e577c1e05"
+    override.vm.box_download_checksum_type = "sha256"
+  end
+
+  num_nodes.times do |n|
+    node_index = n+1
+    config.vm.define "node#{node_index}" do |node|
+      node.vm.hostname = "ose3-node#{node_index}.example.com"
+      node.vm.network :private_network, ip: "192.168.100.#{200 + n}"
+    end
+  end
+
+  config.vm.define "master" do |master|
+    master.vm.hostname = "ose3-master.example.com"
+    master.vm.network :private_network, ip: "192.168.100.100"
+    master.vm.network :forwarded_port, guest: 8443, host: 8443
+    master.vm.provision "ansible" do |ansible|
+      ansible.limit = 'all'
+      ansible.sudo = true
+      ansible.groups = {
+        "masters" => ["master"],
+        "nodes"   => ["node1", "node2"],
+      }
+      ansible.extra_vars = {
+        openshift_deployment_type: "origin",
+      }
+      ansible.playbook = "playbooks/byo/config.yml"
+    end
+  end
+end
diff --git a/bin/ohi b/bin/ohi
index 408961ee4..bb52166df 100755
--- a/bin/ohi
+++ b/bin/ohi
@@ -12,12 +12,15 @@ import subprocess
 import ConfigParser
 
 from openshift_ansible import awsutil
+from openshift_ansible import utils
 from openshift_ansible.awsutil import ArgumentError
 
 CONFIG_MAIN_SECTION = 'main'
 CONFIG_HOST_TYPE_ALIAS_SECTION = 'host_type_aliases'
 CONFIG_INVENTORY_OPTION = 'inventory'
 
+
+
 class Ohi(object):
     def __init__(self):
         self.inventory = None
@@ -60,8 +63,12 @@ class Ohi(object):
             # We weren't able to determine what they wanted to do
             raise ArgumentError("Invalid combination of arguments")
 
-        for host in hosts:
-            print host
+        for host in sorted(hosts, key=utils.normalize_dnsname):
+            if self.args.user:
+                print "%s@%s" % (self.args.user, host)
+            else:
+                print host
+
         return 0
 
     def parse_config_file(self):
@@ -94,6 +101,10 @@ class Ohi(object):
         parser.add_argument('-t', '--host-type', action="store",
                        help="Which host type to use")
 
+        parser.add_argument('-l', '--user', action='store', default=None,
+                               help='username')
+
+
         self.args = parser.parse_args()
 
 
diff --git a/bin/openshift-ansible-bin.spec b/bin/openshift-ansible-bin.spec
index c7db6f684..29aaff9ae 100644
--- a/bin/openshift-ansible-bin.spec
+++ b/bin/openshift-ansible-bin.spec
@@ -1,6 +1,6 @@
 Summary:       OpenShift Ansible Scripts for working with metadata hosts
 Name:          openshift-ansible-bin
-Version:       0.0.8
+Version:       0.0.12
 Release:       1%{?dist}
 License:       ASL 2.0
 URL:           https://github.com/openshift/openshift-ansible
@@ -23,7 +23,7 @@ mkdir -p %{buildroot}%{python_sitelib}/openshift_ansible
 mkdir -p %{buildroot}/etc/bash_completion.d
 mkdir -p %{buildroot}/etc/openshift_ansible
 
-cp -p ossh oscp opssh ohi %{buildroot}%{_bindir}
+cp -p ossh oscp opssh opscp ohi %{buildroot}%{_bindir}
 cp -p openshift_ansible/* %{buildroot}%{python_sitelib}/openshift_ansible
 cp -p ossh_bash_completion %{buildroot}/etc/bash_completion.d
 
@@ -36,6 +36,23 @@ cp -p openshift_ansible.conf.example %{buildroot}/etc/openshift_ansible/openshif
 %config(noreplace) /etc/openshift_ansible/
 
 %changelog
+* Tue May 05 2015 Thomas Wiest <twiest@redhat.com> 0.0.12-1
+- fixed opssh and opscp to allow just environment or just host-type.
+  (twiest@redhat.com)
+
+* Mon May 04 2015 Thomas Wiest <twiest@redhat.com> 0.0.11-1
+- changed opssh to a bash script using ohi to make it easier to maintain, and
+  to expose all of the pssh features directly. (twiest@redhat.com)
+- Added --user option to ohi to pre-pend the username in the hostlist output.
+  (twiest@redhat.com)
+- Added utils.py that contains a normalize_dnsname function good for sorting
+  dns names to a human readable list. (twiest@redhat.com)
+
+* Thu Apr 30 2015 Thomas Wiest <twiest@redhat.com> 0.0.10-1
+- added --list-host-types option to opscp (twiest@redhat.com)
+
+* Thu Apr 30 2015 Thomas Wiest <twiest@redhat.com> 0.0.9-1
+- added opscp (twiest@redhat.com)
 * Mon Apr 13 2015 Thomas Wiest <twiest@redhat.com> 0.0.8-1
 - fixed bug in opssh where it wouldn't actually run pssh (twiest@redhat.com)
 
diff --git a/bin/openshift_ansible/utils.py b/bin/openshift_ansible/utils.py
new file mode 100644
index 000000000..e6243aa5a
--- /dev/null
+++ b/bin/openshift_ansible/utils.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+# vim: expandtab:tabstop=4:shiftwidth=4
+
+''' The purpose of this module is to contain small utility functions.
+'''
+
+import re
+
+def normalize_dnsname(name, padding=10):
+    ''' The purpose of this function is to return a dns name with zero padding,
+        so that it sorts properly (as a human would expect).
+
+        Example: name=ex-lrg-node10.prod.rhcloud.com
+        Returns: ex-lrg-node0000000010.prod.rhcloud.com
+
+        Example Usage:
+            sorted(['a3.example.com', 'a10.example.com', 'a1.example.com'],
+                   key=normalize_dnsname)
+
+        Returns: ['a1.example.com', 'a3.example.com', 'a10.example.com']
+    '''
+    parts = re.split(r'(\d+)', name)
+    retval = []
+    for part in parts:
+        if re.match(r'^\d+$', part):
+            retval.append(part.zfill(padding))
+        else:
+            retval.append(part)
+
+    return ''.join(retval)
diff --git a/bin/opscp b/bin/opscp
new file mode 100755
index 000000000..391cb6696
--- /dev/null
+++ b/bin/opscp
@@ -0,0 +1,131 @@
+#!/bin/bash
+# vim: expandtab:tabstop=4:shiftwidth=4
+
+
+function usage() {
+    cat << EOF
+Usage: opscp [OPTIONS] local remote
+
+Options:
+  --version             show program's version number and exit
+  --help                show this help message and exit
+  -l USER, --user=USER  username (OPTIONAL)
+  -p PAR, --par=PAR     max number of parallel threads (OPTIONAL)
+  --outdir=OUTDIR       output directory for stdout files (OPTIONAL)
+  --errdir=ERRDIR       output directory for stderr files (OPTIONAL)
+  -e ENV, --env ENV     which environment to use
+  -t HOST_TYPE, --host-type HOST_TYPE
+                        which host type to use
+  --list-host-types     list all of the host types
+  --timeout=TIMEOUT     timeout (secs) (0 = no timeout) per host (OPTIONAL)
+  -O OPTION, --option=OPTION
+                        SSH option (OPTIONAL)
+  -v, --verbose         turn on warning and diagnostic messages (OPTIONAL)
+  -A, --askpass         Ask for a password (OPTIONAL)
+  -x ARGS, --extra-args=ARGS
+                        Extra command-line arguments, with processing for
+                        spaces, quotes, and backslashes
+  -X ARG, --extra-arg=ARG
+                        Extra command-line argument
+  -r, --recursive       recusively copy directories (OPTIONAL)
+
+Example: opscp -t ex-srv -e stg -l irb2 foo.txt /home/irb2/foo.txt
+
+EOF
+}
+
+if [ $# -eq 0 ] || [ "$1" == "--help" ]
+then
+    usage
+    exit 1
+fi
+
+# See if ohi is installed
+if ! which ohi &>/dev/null ; then
+    echo "ERROR: can't find ohi (OpenShift Host Inventory) on your system, please either install the openshift-ansible-bin package, or add openshift-ansible/bin to your path."
+
+    exit 10
+fi
+
+PAR=200
+USER=root
+TIMEOUT=0
+ENV=""
+HOST_TYPE=""
+
+while [ $# -gt 0 ] ; do
+    case $1 in
+        -t|--host-type)
+            shift # get past the option
+            HOST_TYPE=$1
+            shift # get past the value of the option
+            ;;
+
+        -e)
+            shift # get past the option
+            ENV=$1
+            shift # get past the value of the option
+            ;;
+
+        --timeout)
+            shift # get past the option
+            TIMEOUT=$1
+            shift # get past the value of the option
+            ;;
+
+        -p|--par)
+            shift # get past the option
+            PAR=$1
+            shift # get past the value of the option
+            ;;
+
+        -l|--user)
+            shift # get past the option
+            USER=$1
+            shift # get past the value of the option
+            ;;
+
+        --list-host-types)
+            ohi --list-host-types
+            exit 0
+            ;;
+
+        -h|--hosts|-H|--host|-o)
+            echo "ERROR: unknown option $1"
+            exit 20
+            ;;
+
+        *)
+            args+=("$1")
+            shift
+            ;;
+    esac
+done
+
+# Get host list from ohi
+if [ -n "$ENV" -a -n "$HOST_TYPE" ] ; then
+    HOSTS="$(ohi -t "$HOST_TYPE" -e "$ENV" 2>/dev/null)"
+    OHI_ECODE=$?
+elif [ -n "$ENV" ] ; then
+    HOSTS="$(ohi -e "$ENV" 2>/dev/null)"
+    OHI_ECODE=$?
+elif [ -n "$HOST_TYPE" ] ; then
+    HOSTS="$(ohi -t "$HOST_TYPE" 2>/dev/null)"
+    OHI_ECODE=$?
+else
+    echo
+    echo "Error: either -e or -t must be specified"
+    echo
+    exit 10
+fi
+
+if [ $OHI_ECODE -ne 0 ] ; then
+    echo
+    echo "ERROR: ohi failed with exit code $OHI_ECODE"
+    echo
+    echo "This is usually caused by a bad value passed for host-type or environment."
+    echo
+    exit 25
+fi
+
+exec pscp.pssh -t $TIMEOUT -p $PAR -l $USER -h <(echo "$HOSTS") "${args[@]}"
diff --git a/bin/opssh b/bin/opssh
index a4fceb6a8..8ac526049 100755
--- a/bin/opssh
+++ b/bin/opssh
@@ -1,146 +1,134 @@
-#!/usr/bin/env python
+#!/bin/bash
 # vim: expandtab:tabstop=4:shiftwidth=4
 
-import argparse
-import traceback
-import sys
-import os
-import re
-import tempfile
-import time
-import subprocess
-import ConfigParser
 
-from openshift_ansible import awsutil
-from openshift_ansible.awsutil import ArgumentError
-
-DEFAULT_PSSH_PAR = 200
-PSSH = '/usr/bin/pssh'
-CONFIG_MAIN_SECTION = 'main'
-CONFIG_HOST_TYPE_ALIAS_SECTION = 'host_type_aliases'
-CONFIG_INVENTORY_OPTION = 'inventory'
-
-class Opssh(object):
-    def __init__(self):
-        self.inventory = None
-        self.host_type_aliases = {}
-        self.file_path = os.path.join(os.path.dirname(os.path.realpath(__file__)))
-
-        # Default the config path to /etc
-        self.config_path = os.path.join(os.path.sep, 'etc',  \
-                                        'openshift_ansible', \
-                                        'openshift_ansible.conf')
-
-        self.parse_cli_args()
-        self.parse_config_file()
-
-        self.aws = awsutil.AwsUtil(self.inventory, self.host_type_aliases)
-
-    def run(self):
-        if self.args.list_host_types:
-            self.aws.print_host_types()
-            return 0
-
-        if self.args.host_type is not None or \
-           self.args.env is not None:
-            return self.run_pssh()
-
-        # We weren't able to determine what they wanted to do
-        raise ArgumentError("Invalid combination of arguments")
-
-    def run_pssh(self):
-        """Actually run the pssh command based off of the supplied options
-        """
-
-        # Default set of options
-        pssh_args = [PSSH, '-t', '0', '-p', str(self.args.par), '--user', self.args.user]
-
-        if self.args.inline:
-            pssh_args.append("--inline")
-
-        if self.args.outdir:
-            pssh_args.extend(["--outdir", self.args.outdir])
-
-        if self.args.errdir:
-            pssh_args.extend(["--errdir", self.args.errdir])
-
-        hosts = self.aws.get_host_list(host_type=self.args.host_type,
-                                       env=self.args.env)
-
-        with tempfile.NamedTemporaryFile(prefix='opssh-', delete=True) as f:
-            for h in hosts:
-                f.write(h + os.linesep)
-            f.flush()
-
-            pssh_args.extend(["-h", f.name])
-            pssh_args.append(self.args.command)
-
-            print
-            print "Running: %s" % ' '.join(pssh_args)
-            print
-            return subprocess.call(pssh_args)
-
-        return None
-
-    def parse_config_file(self):
-        if os.path.isfile(self.config_path):
-            config = ConfigParser.ConfigParser()
-            config.read(self.config_path)
-
-            if config.has_section(CONFIG_MAIN_SECTION) and \
-               config.has_option(CONFIG_MAIN_SECTION, CONFIG_INVENTORY_OPTION):
-                self.inventory = config.get(CONFIG_MAIN_SECTION, CONFIG_INVENTORY_OPTION)
-
-            self.host_type_aliases = {}
-            if config.has_section(CONFIG_HOST_TYPE_ALIAS_SECTION):
-                for alias in config.options(CONFIG_HOST_TYPE_ALIAS_SECTION):
-                    value = config.get(CONFIG_HOST_TYPE_ALIAS_SECTION, alias).split(',')
-                    self.host_type_aliases[alias] = value
-
-    def parse_cli_args(self):
-        """Setup the command line parser with the options we want
-        """
-
-        parser = argparse.ArgumentParser(description='Openshift Online PSSH Tool.')
-
-        parser.add_argument('--list-host-types', default=False, action='store_true',
-                       help='List all of the host types')
-
-        parser.add_argument('-e', '--env', action="store",
-                       help="Which environment to use")
-
-        parser.add_argument('-t', '--host-type', action="store", default=None,
-                       help="Which host type to use")
-
-        parser.add_argument('-c', '--command', action='store',
-                       help='Command to run on remote host(s)')
-
-        parser.add_argument('--user', action='store', default='root',
-                       help='username')
-
-        parser.add_argument('-i', '--inline', default=False, action='store_true',
-                       help='inline aggregated output and error for each server')
-
-        parser.add_argument('-p', '--par', action='store', default=DEFAULT_PSSH_PAR,
-                       help=('max number of parallel threads (default %s)' % DEFAULT_PSSH_PAR))
-
-        parser.add_argument('--outdir', action='store',
-                       help='output directory for stdout files')
-
-        parser.add_argument('--errdir', action='store',
-                       help='output directory for stderr files')
-
-        self.args = parser.parse_args()
-
-
-if __name__ == '__main__':
-    if len(sys.argv) == 1:
-        print "\nError: No options given. Use --help to see the available options\n"
-        sys.exit(0)
-
-    try:
-        opssh = Opssh()
-        exitcode = opssh.run()
-        sys.exit(exitcode)
-    except ArgumentError as e:
-        print "\nError: %s\n" % e.message
+function usage() {
+    cat << EOF
+Usage: opssh [OPTIONS] command [...]
+
+Options:
+  --version             show program's version number and exit
+  --help                show this help message and exit
+  -l USER, --user=USER  username (OPTIONAL)
+  -p PAR, --par=PAR     max number of parallel threads (OPTIONAL)
+  --outdir=OUTDIR       output directory for stdout files (OPTIONAL)
+  --errdir=ERRDIR       output directory for stderr files (OPTIONAL)
+  -e ENV, --env ENV     which environment to use
+  -t HOST_TYPE, --host-type HOST_TYPE
+                        which host type to use
+  --list-host-types     list all of the host types
+  --timeout=TIMEOUT     timeout (secs) (0 = no timeout) per host (OPTIONAL)
+  -O OPTION, --option=OPTION
+                        SSH option (OPTIONAL)
+  -v, --verbose         turn on warning and diagnostic messages (OPTIONAL)
+  -A, --askpass         Ask for a password (OPTIONAL)
+  -x ARGS, --extra-args=ARGS
+                        Extra command-line arguments, with processing for
+                        spaces, quotes, and backslashes
+  -X ARG, --extra-arg=ARG
+                        Extra command-line argument
+  -i, --inline          inline aggregated output and error for each server
+  --inline-stdout       inline standard output for each server
+  -I, --send-input      read from standard input and send as input to ssh
+  -P, --print           print output as we get it
+
+Example: opssh -t ex-srv -e stg -l irb2 --outdir /tmp/foo uptime
+
+EOF
+}
+
+if [ $# -eq 0 ] || [ "$1" == "--help" ]
+then
+    usage
+    exit 1
+fi
+
+# See if ohi is installed
+if ! which ohi &>/dev/null ; then
+    echo "ERROR: can't find ohi (OpenShift Host Inventory) on your system, please either install the openshift-ansible-bin package, or add openshift-ansible/bin to your path."
+
+    exit 10
+fi
+
+PAR=200
+USER=root
+TIMEOUT=0
+ARGS=()
+ENV=""
+HOST_TYPE=""
+while [ $# -gt 0 ] ; do
+    case $1 in
+        -t|--host-type)
+            shift # get past the option
+            HOST_TYPE=$1
+            shift # get past the value of the option
+            ;;
+
+        -e)
+            shift # get past the option
+            ENV=$1
+            shift # get past the value of the option
+            ;;
+
+        --timeout)
+            shift # get past the option
+            TIMEOUT=$1
+            shift # get past the value of the option
+            ;;
+
+        -p|--par)
+            shift # get past the option
+            PAR=$1
+            shift # get past the value of the option
+            ;;
+
+        -l|--user)
+            shift # get past the option
+            USER=$1
+            shift # get past the value of the option
+            ;;
+
+        --list-host-types)
+            ohi --list-host-types
+            exit 0
+            ;;
+
+        -h|--hosts|-H|--host|-o)
+            echo "ERROR: unknown option $1"
+            exit 20
+            ;;
+
+        *)
+            args+=("$1")
+            shift
+            ;;
+    esac
+done
+
+# Get host list from ohi
+if [ -n "$ENV" -a -n "$HOST_TYPE" ] ; then
+    HOSTS="$(ohi -t "$HOST_TYPE" -e "$ENV" 2>/dev/null)"
+    OHI_ECODE=$?
+elif [ -n "$ENV" ] ; then
+    HOSTS="$(ohi -e "$ENV" 2>/dev/null)"
+    OHI_ECODE=$?
+elif [ -n "$HOST_TYPE" ] ; then
+    HOSTS="$(ohi -t "$HOST_TYPE" 2>/dev/null)"
+    OHI_ECODE=$?
+else
+    echo
+    echo "Error: either -e or -t must be specified"
+    echo
+    exit 10
+fi
+
+if [ $OHI_ECODE -ne 0 ] ; then
+    echo
+    echo "ERROR: ohi failed with exit code $OHI_ECODE"
+    echo
+    echo "This is usually caused by a bad value passed for host-type or environment."
+    echo
+    exit 25
+fi
+
+exec pssh -t $TIMEOUT -p $PAR -l $USER -h <(echo "$HOSTS") "${args[@]}"
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 5a6c89489..433cfeb87 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -28,6 +28,8 @@
 
 - name: Create temp directory for syncing certs
   hosts: localhost
+  connection: local
+  sudo: false
   gather_facts: no
   tasks:
   - name: Create local temp directory for syncing certs
@@ -112,6 +114,8 @@
 
 - name: Delete temporary directory on localhost
   hosts: localhost
+  connection: local
+  sudo: false
   gather_facts: no
   tasks:
   - file: name={{ mktemp.stdout }} state=absent
diff --git a/rel-eng/packages/openshift-ansible-bin b/rel-eng/packages/openshift-ansible-bin
index 500e1f4b1..8a9624397 100644
--- a/rel-eng/packages/openshift-ansible-bin
+++ b/rel-eng/packages/openshift-ansible-bin
@@ -1 +1 @@
-0.0.8-1 bin/
+0.0.12-1 bin/
diff --git a/roles/ansible_tower/tasks/main.yaml b/roles/ansible_tower/tasks/main.yaml
index 1d75a95e6..c110a3b70 100644
--- a/roles/ansible_tower/tasks/main.yaml
+++ b/roles/ansible_tower/tasks/main.yaml
@@ -9,7 +9,6 @@
   - ansible
   - telnet
   - ack
-  - python-ansible-tower-cli
 
 - name: download Tower setup
   get_url: url=http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-2.1.1.tar.gz dest=/opt/ force=no
@@ -32,3 +31,12 @@
 - name: Set (httpd_can_network_connect_db) flag on and keep it persistent across reboots
   seboolean: name=httpd_can_network_connect_db state=yes persistent=yes
 
+- name: Setup proot to allow access to /etc/tower/
+  lineinfile:
+    dest: /etc/tower/settings.py
+    backrefs: yes
+    regexp: "^({{ item.option }})( *)="
+    line: '\1\2= {{ item.value }}'
+  with_items: config_changes | default([], true)
+    
+
diff --git a/roles/ansible_tower_cli/README.md b/roles/ansible_tower_cli/README.md
new file mode 100644
index 000000000..d2d68146f
--- /dev/null
+++ b/roles/ansible_tower_cli/README.md
@@ -0,0 +1,50 @@
+ansible_tower_cli
+==============
+
+Install ansible-tower-cli rpm.
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+None
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - roles/ansible_tower_cli
+
+License
+-------
+
+Copyright 2012-2014 Red Hat, Inc., All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Author Information
+------------------
+
+openshift operations
diff --git a/roles/ansible_tower_cli/defaults/main.yml b/roles/ansible_tower_cli/defaults/main.yml
new file mode 100644
index 000000000..bef66bbfd
--- /dev/null
+++ b/roles/ansible_tower_cli/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for ansible_tower_cli
diff --git a/roles/ansible_tower_cli/handlers/main.yml b/roles/ansible_tower_cli/handlers/main.yml
new file mode 100644
index 000000000..0ce873648
--- /dev/null
+++ b/roles/ansible_tower_cli/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for ansible_tower_cli
diff --git a/roles/ansible_tower_cli/meta/main.yml b/roles/ansible_tower_cli/meta/main.yml
new file mode 100644
index 000000000..41dd23720
--- /dev/null
+++ b/roles/ansible_tower_cli/meta/main.yml
@@ -0,0 +1,9 @@
+---
+galaxy_info:
+  author: openshift operations name
+  description: install ansible-tower-cli
+  company: Red Hat, inc
+  license: ASL 2.0
+  min_ansible_version: 1.2
+dependencies: []
+  
diff --git a/roles/ansible_tower_cli/tasks/main.yml b/roles/ansible_tower_cli/tasks/main.yml
new file mode 100644
index 000000000..41fac22a0
--- /dev/null
+++ b/roles/ansible_tower_cli/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- name: Install python-ansible-tower-cli
+  yum: name=python-ansible-tower-cli
+
+- template:
+    src: tower_cli.cfg.j2
+    dest: /etc/tower/tower_cli.cfg
+    owner: awx
+    group: awx
+    mode: 0640
+
+- file:
+    state: link
+    src: /etc/tower
+    dest: /etc/awx
+    owner: awx
+    group: awx
+
diff --git a/roles/ansible_tower_cli/templates/tower_cli.cfg.j2 b/roles/ansible_tower_cli/templates/tower_cli.cfg.j2
new file mode 100644
index 000000000..5a0a275b0
--- /dev/null
+++ b/roles/ansible_tower_cli/templates/tower_cli.cfg.j2
@@ -0,0 +1,5 @@
+[general]
+host = {{ oo_towercli_host }}
+username = {{ oo_towercli_username }}
+password = {{ oo_towercli_password }}
+verify_ssl = true
diff --git a/roles/ansible_tower_cli/vars/main.yml b/roles/ansible_tower_cli/vars/main.yml
new file mode 100644
index 000000000..a4c9abfb4
--- /dev/null
+++ b/roles/ansible_tower_cli/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for ansible_tower_cli
diff --git a/roles/openshift_ansible_inventory/tasks/main.yml b/roles/openshift_ansible_inventory/tasks/main.yml
index 3990d5750..dddfe24e3 100644
--- a/roles/openshift_ansible_inventory/tasks/main.yml
+++ b/roles/openshift_ansible_inventory/tasks/main.yml
@@ -9,3 +9,37 @@
     group: "{{ oo_inventory_group }}"
     owner: "{{ oo_inventory_owner }}"
     mode: "0640"
+
+- file:
+    state: directory
+    dest: /etc/ansible/inventory
+    owner: root
+    group: libra_ops
+    mode: 0750
+
+- file:
+    state: link
+    src: /usr/share/ansible/inventory/multi_ec2.py
+    dest: /etc/ansible/inventory/multi_ec2.py
+    owner: root
+    group: libra_ops
+
+- lineinfile:
+    dest: /etc/ansible/ansible.cfg
+    backrefs: yes
+    regexp: '^(hostfile|inventory)( *)='
+    line: '\1\2= /etc/ansible/inventory'
+
+- name: setting ec2.ini destination_format
+  lineinfile:
+    dest: /usr/share/ansible/inventory/aws/ec2.ini
+    regexp: '^destination_format *='
+    line: "destination_format = {{ oo_ec2_destination_format }}"
+  when: oo_ec2_destination_format is defined
+
+- name: setting ec2.ini destination_format_tags
+  lineinfile:
+    dest: /usr/share/ansible/inventory/aws/ec2.ini
+    regexp: '^destination_format_tags *='
+    line: "destination_format_tags = {{ oo_ec2_destination_format_tags }}"
+  when: oo_ec2_destination_format_tags is defined
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 28bdda618..f9e6199a5 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -104,3 +104,14 @@
   with_items:
   - root
   - "{{ ansible_ssh_user }}"
+
+- name: Update the permissions on the OpenShift client config(s)
+  file:
+    path: "~{{ item }}/.config/openshift/.config"
+    state: file
+    mode: 0700
+    owner: "{{ item }}"
+    group: "{{ item }}"
+  with_items:
+  - root
+  - "{{ ansible_ssh_user }}"