7 files changed, 40 insertions, 52 deletions

diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 159e9aa79..3ac70a035 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -301,6 +301,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 #openshift_hosted_registry_storage_s3_bucket=bucket_name
 #openshift_hosted_registry_storage_s3_region=bucket_region
 #openshift_hosted_registry_storage_s3_chunksize=26214400
+#openshift_hosted_registry_pullthrough=true
 
 # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
 # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 5da6c4604..4c0737cb7 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -295,6 +295,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 #openshift_hosted_registry_storage_s3_bucket=bucket_name
 #openshift_hosted_registry_storage_s3_region=bucket_region
 #openshift_hosted_registry_storage_s3_chunksize=26214400
+#openshift_hosted_registry_pullthrough=true
 
 # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
 # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
diff --git a/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml b/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml
index 72fcd77b3..1438fd7d5 100755
--- a/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml
+++ b/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml
@@ -16,7 +16,7 @@
 #  * You may need to re-deploy docker images after this is run (like monitoring)
 
 - name: Fix docker to have a provisioned iops drive
-  hosts: "{{ cli_name }}"
+  hosts: "{{ cli_host }}"
   user: root
   connection: ssh
   gather_facts: no
diff --git a/playbooks/openstack/openshift-cluster/dns.yml b/playbooks/openstack/openshift-cluster/dns.yml
index 31113d5f0..446a1846f 100644
--- a/playbooks/openstack/openshift-cluster/dns.yml
+++ b/playbooks/openstack/openshift-cluster/dns.yml
@@ -35,6 +35,11 @@
   - vars.yml
   - cluster_hosts.yml
   roles:
+    # Explicitly calling openshift_facts because it appears that when
+    # rhel_subscribe is skipped that the openshift_facts dependency for
+    # openshift_repos is also skipped (this is the case at least for Ansible
+    # 2.0.2)
+    - openshift_facts
     - role: rhel_subscribe
       when: deployment_type in ["enterprise", "atomic-enterprise", "openshift-enterprise"] and
             ansible_distribution == "RedHat" and
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index 422e6dafe..2d0098784 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -280,6 +280,10 @@ resources:
           port_range_max: 8443
         - direction: ingress
           protocol: tcp
+          port_range_min: 8444
+          port_range_max: 8444
+        - direction: ingress
+          protocol: tcp
           port_range_min: 53
           port_range_max: 53
         - direction: ingress
@@ -302,6 +306,22 @@ resources:
           protocol: udp
           port_range_min: 24224
           port_range_max: 24224
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 2224
+          port_range_max: 2224
+        - direction: ingress
+          protocol: udp
+          port_range_min: 5404
+          port_range_max: 5404
+        - direction: ingress
+          protocol: udp
+          port_range_min: 5405
+          port_range_max: 5405
+        - direction: ingress
+          protocol: tcp
+          port_range_min: 9090
+          port_range_max: 9090
 
   etcd-secgrp:
     type: OS::Neutron::SecurityGroup
@@ -359,6 +379,16 @@ resources:
           port_range_max: 10250
           remote_mode: remote_group_id
         - direction: ingress
+          protocol: tcp
+          port_range_min: 10255
+          port_range_max: 10255
+          remote_mode: remote_group_id
+        - direction: ingress
+          protocol: udp
+          port_range_min: 10255
+          port_range_max: 10255
+          remote_mode: remote_group_id
+        - direction: ingress
           protocol: udp
           port_range_min: 4789
           port_range_max: 4789
diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml
index 4dc4cfb56..7ea39f51e 100644
--- a/roles/openshift_examples/tasks/main.yml
+++ b/roles/openshift_examples/tasks/main.yml
@@ -58,57 +58,6 @@
   failed_when: "'already exists' not in oex_import_infrastructure.stderr and oex_import_infrastructure.rc != 0"
   changed_when: false
 
-# The 1.1 release of the xpaas content for OpenShift renamed all the templates
-- name: Remove old xpaas templates from filesystem
-  file:
-    path: "{{ xpaas_templates_base }}/{{ item }}"
-    state: absent
-  with_items:
-    - amq6-persistent.json
-    - amq6.json
-    - eap6-amq-persistent-sti.json
-    - eap6-amq-sti.json
-    - eap6-basic-sti.json
-    - eap6-https-sti.json
-    - eap6-mongodb-persistent-sti.json
-    - eap6-mongodb-sti.json
-    - eap6-mysql-persistent-sti.json
-    - eap6-mysql-sti.json
-    - eap6-postgresql-persistent-sti.json
-    - eap6-postgresql-sti.json
-    - jws-tomcat7-basic-sti.json
-    - jws-tomcat7-https-sti.json
-    - jws-tomcat7-mongodb-sti.json
-    - jws-tomcat7-mongodb-persistent-sti.json
-    - jws-tomcat7-mysql-persistent-sti.json
-    - jws-tomcat7-mysql-sti.json
-    - jws-tomcat7-postgresql-persistent-sti.json
-    - jws-tomcat8-postgresql-persistent-sti.json
-    - jws-tomcat8-basic-sti.json
-    - jws-tomcat8-https-sti.json
-    - jws-tomcat8-mongodb-sti.json
-    - jws-tomcat8-mongodb-persistent-sti.json
-    - jws-tomcat8-mysql-sti.json
-    - jws-tomcat8-mysql-persistent-sti.json
-    - jws-tomcat8-postgresql-sti.json
-    - jws-tomcat7-postgresql-sti.json
-
-- name: Remove old xpaas templates from openshift namespace
-  command: >
-    {{ openshift.common.client_binary }} -n openshift delete
-    templates/amq6 templates/amq6-persistent templates/eap6-amq-persistent-sti templates/eap6-amq-sti \
-    templates/eap6-basic-sti templates/eap6-basic-sti templates/eap6-mongodb-persistent-sti templates/eap6-mongodb-sti \
-    templates/eap6-mysql-persistent-sti templates/eap6-mysql-sti templates/eap6-postgresql-persistent-sti \
-    templates/eap6-postgresql-sti templates/jws-tomcat7-basic-sti templates/jws-tomcat7-basic-sti \
-    templates/jws-tomcat7-mongodb-persistent-sti templates/jws-tomcat7-mongodb-sti \
-    templates/jws-tomcat7-mysql-persistent-sti templates/jws-tomcat7-mysql-sti \
-    templates/jws-tomcat7-postgresql-persistent-sti templates/jws-tomcat7-postgresql-sti \
-    templates/jws-tomcat8-basic-sti templates/jws-tomcat8-basic-sti templates/jws-tomcat8-mongodb-persistent-sti
-  when: openshift_examples_load_xpaas | bool
-  register: oex_delete_old_xpaas_templates
-  failed_when: "'not found' not in oex_delete_old_xpaas_templates.stderr and oex_delete_old_xpaas_templates.rc != 0"
-  changed_when: false
-
 - name: Import xPaas image streams
   command: >
     {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ xpaas_image_streams }}
diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2
index 88704d968..ea5626642 100644
--- a/roles/openshift_hosted/templates/registry_config.j2
+++ b/roles/openshift_hosted/templates/registry_config.j2
@@ -60,6 +60,8 @@ auth:
 middleware:
   repository:
   - name: openshift
+    options:
+      pullthrough: {{ openshift.hosted.registry.pullthrough | default(true) }}
 {% if openshift.hosted.registry.storage.provider == 's3' and 'cloudfront' in openshift.hosted.registry.storage.s3 %}
   storage:
   - name: cloudfront