13 files changed, 100 insertions, 47 deletions

diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index 326e75c7e..2a4f80a36 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,13 +1,31 @@
 #### Description
-Please provide a brief description of your issue.
+
+Provide a brief description of your issue here. For example:
+
+> On a multi master install, if the first master goes down we can no
+> longer scaleup the cluster with new nodes or masters.
+
 
 ##### Version
-If you're operating from a git clone provide the output of `git describe`. If
-you're running from playbooks installed via RPM or atomic-openshift-utils `rpm
--q atomic-openshift-utils openshift-ansible`. Please also provide your version
-of ansible, `ansible --version`. Please the output between the code block below.
+
+Please put the following version information in the code block
+indicated below.
+
+* Your ansible version per `ansible --version`
+
+If you're operating from a **git clone**:
+
+* The output of `git describe`
+
+If you're running from playbooks installed via RPM or
+`atomic-openshift-utils`
+
+* The output of `rpm -q atomic-openshift-utils openshift-ansible`
+
+Place the output between the code block below:
+
 ```
-Please place output here
+VERSION INFORMATION HERE PLEASE
 ```
 
 ##### Steps To Reproduce
@@ -15,20 +33,32 @@ Please place output here
 2. [step 2]
 
 
-##### Current Result
+##### Expected Results
+Describe what you expected to happen.
+
 ```
 Example command and output or error messages
 ```
 
-##### Expected Result
+##### Observed Results
+Describe what is actually happening.
+
 ```
 Example command and output or error messages
 ```
 
+For long output or logs, consider using a [gist](https://gist.github.com/)
+
+
 ##### Additional Information
+
+Provide any additional information which may help us diagnose the
+issue.
+
+* Your operating system and version, ie: RHEL 7.2, Fedora 23 (`$ cat /etc/redhat-release`)
+* Your inventory file (especially any non-standard configuration parameters)
+* Sample code, etc
+
 ```
-Your operating system and version, ie: RHEL 7.2, Fedora 23]
-Your inventory file
-Sample code, etc
-code, etc
+EXTRA INFORMATION GOES HERE
 ```
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py
index ec09b09f6..437f4c400 100644
--- a/filter_plugins/openshift_master.py
+++ b/filter_plugins/openshift_master.py
@@ -161,7 +161,7 @@ class LDAPPasswordIdentityProvider(IdentityProviderBase):
             AnsibleFilterError:
     """
     def __init__(self, api_version, idp):
-        IdentityProviderBase.__init__(self, api_version, idp)
+        super(self.__class__, self).__init__(api_version, idp)
         self._allow_additional = False
         self._required += [['attributes'], ['url'], ['insecure']]
         self._optional += [['ca'],
@@ -176,7 +176,6 @@ class LDAPPasswordIdentityProvider(IdentityProviderBase):
 
     def validate(self):
         ''' validate this idp instance '''
-        IdentityProviderBase.validate(self)
         if not isinstance(self.provider['attributes'], dict):
             raise errors.AnsibleFilterError("|failed attributes for provider "
                                             "{0} must be a dictionary".format(self.__class__.__name__))
@@ -206,7 +205,7 @@ class KeystonePasswordIdentityProvider(IdentityProviderBase):
             AnsibleFilterError:
     """
     def __init__(self, api_version, idp):
-        IdentityProviderBase.__init__(self, api_version, idp)
+        super(self.__class__, self).__init__(api_version, idp)
         self._allow_additional = False
         self._required += [['url'], ['domainName', 'domain_name']]
         self._optional += [['ca'], ['certFile', 'cert_file'], ['keyFile', 'key_file']]
@@ -225,7 +224,7 @@ class RequestHeaderIdentityProvider(IdentityProviderBase):
             AnsibleFilterError:
     """
     def __init__(self, api_version, idp):
-        IdentityProviderBase.__init__(self, api_version, idp)
+        super(self.__class__, self).__init__(api_version, idp)
         self._allow_additional = False
         self._required += [['headers']]
         self._optional += [['challengeURL', 'challenge_url'],
@@ -238,7 +237,6 @@ class RequestHeaderIdentityProvider(IdentityProviderBase):
 
     def validate(self):
         ''' validate this idp instance '''
-        IdentityProviderBase.validate(self)
         if not isinstance(self.provider['headers'], list):
             raise errors.AnsibleFilterError("|failed headers for provider {0} "
                                             "must be a list".format(self.__class__.__name__))
@@ -257,7 +255,7 @@ class AllowAllPasswordIdentityProvider(IdentityProviderBase):
             AnsibleFilterError:
     """
     def __init__(self, api_version, idp):
-        IdentityProviderBase.__init__(self, api_version, idp)
+        super(self.__class__, self).__init__(api_version, idp)
         self._allow_additional = False
 
 
@@ -274,7 +272,7 @@ class DenyAllPasswordIdentityProvider(IdentityProviderBase):
             AnsibleFilterError:
     """
     def __init__(self, api_version, idp):
-        IdentityProviderBase.__init__(self, api_version, idp)
+        super(self.__class__, self).__init__(api_version, idp)
         self._allow_additional = False
 
 
@@ -291,7 +289,7 @@ class HTPasswdPasswordIdentityProvider(IdentityProviderBase):
             AnsibleFilterError:
     """
     def __init__(self, api_version, idp):
-        IdentityProviderBase.__init__(self, api_version, idp)
+        super(self.__class__, self).__init__(api_version, idp)
         self._allow_additional = False
         self._required += [['file', 'filename', 'fileName', 'file_name']]
 
@@ -316,7 +314,7 @@ class BasicAuthPasswordIdentityProvider(IdentityProviderBase):
             AnsibleFilterError:
     """
     def __init__(self, api_version, idp):
-        IdentityProviderBase.__init__(self, api_version, idp)
+        super(self.__class__, self).__init__(api_version, idp)
         self._allow_additional = False
         self._required += [['url']]
         self._optional += [['ca'], ['certFile', 'cert_file'], ['keyFile', 'key_file']]
@@ -335,13 +333,12 @@ class IdentityProviderOauthBase(IdentityProviderBase):
             AnsibleFilterError:
     """
     def __init__(self, api_version, idp):
-        IdentityProviderBase.__init__(self, api_version, idp)
+        super(self.__class__, self).__init__(api_version, idp)
         self._allow_additional = False
         self._required += [['clientID', 'client_id'], ['clientSecret', 'client_secret']]
 
     def validate(self):
         ''' validate this idp instance '''
-        IdentityProviderBase.validate(self)
         if self.challenge:
             raise errors.AnsibleFilterError("|failed provider {0} does not "
                                             "allow challenge authentication".format(self.__class__.__name__))
diff --git a/inventory/README.md b/inventory/README.md
index b8edfcbb0..b61bfff18 100644
--- a/inventory/README.md
+++ b/inventory/README.md
@@ -5,5 +5,5 @@ You can install OpenShift on:
 * [Amazon Web Services](aws/hosts/)
 * [BYO](byo/) (Bring your own), use this inventory config file to install OpenShift on your bare metal servers
 * [GCE](gce/) (Google Compute Engine)
-* [libvirt](libviert/hosts/)
+* [libvirt](libvirt/hosts/)
 * [OpenStack](openstack/hosts/)
diff --git a/library/modify_yaml.py b/library/modify_yaml.py
index d8d22d5ea..8706e80c2 100755
--- a/library/modify_yaml.py
+++ b/library/modify_yaml.py
@@ -6,6 +6,11 @@
 
 import yaml
 
+# ignore pylint errors related to the module_utils import
+# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import
+from ansible.module_utils.basic import *  # noqa: F402,F403
+
+
 DOCUMENTATION = '''
 ---
 module: modify_yaml
@@ -21,8 +26,18 @@ EXAMPLES = '''
 '''
 
 
-# pylint: disable=missing-docstring
 def set_key(yaml_data, yaml_key, yaml_value):
+    ''' Updates a parsed yaml structure setting a key to a value.
+
+        :param yaml_data: yaml structure to modify.
+        :type yaml_data: dict
+        :param yaml_key: Key to modify.
+        :type yaml_key: mixed
+        :param yaml_value: Value use for yaml_key.
+        :type yaml_value: mixed
+        :returns: Changes to the yaml_data structure
+        :rtype: dict(tuple())
+    '''
     changes = []
     ptr = yaml_data
     final_key = yaml_key.split('.')[-1]
@@ -75,6 +90,7 @@ def main():
     # pylint: disable=missing-docstring, unused-argument
     def none_representer(dumper, data):
         return yaml.ScalarNode(tag=u'tag:yaml.org,2002:null', value=u'')
+
     yaml.add_representer(type(None), none_representer)
 
     try:
@@ -95,14 +111,9 @@ def main():
 
     # ignore broad-except error to avoid stack trace to ansible user
     # pylint: disable=broad-except
-    except Exception as e:
-        return module.fail_json(msg=str(e))
-
+    except Exception as error:
+        return module.fail_json(msg=str(error))
 
-# ignore pylint errors related to the module_utils import
-# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, wrong-import-position
-# import module snippets
-from ansible.module_utils.basic import *  # noqa: F402,F403
 
 if __name__ == '__main__':
     main()
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 21f3c80a1..39d64a126 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -74,11 +74,6 @@
         public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
         ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}"
         master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}"
-  - openshift_facts:
-      role: hosted
-      openshift_env:
-        openshift_hosted_registry_storage_kind: 'nfs'
-    when: openshift_hosted_registry_storage_kind is not defined and groups.oo_nfs_to_config is defined and groups.oo_nfs_to_config | length > 0
 
 - name: Create temp directory for syncing certs
   hosts: localhost
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 81546c829..fcb8125e9 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -123,7 +123,7 @@ kubernetesMasterConfig:
     keyFile: master.proxy-client.key
   schedulerArguments: {{ openshift_master_scheduler_args | default(None) | to_padded_yaml( level=3 ) }}
   schedulerConfigFile: {{ openshift_master_scheduler_conf }}
-  servicesNodePortRange: ""
+  servicesNodePortRange: "{{ openshift_node_port_range | default("") }}"
   servicesSubnet: {{ openshift.common.portal_net }}
   staticNodeNames: {{ openshift_node_ips | default([], true) }}
 {% endif %}
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index 56dee2958..91f118191 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -31,6 +31,15 @@ dependencies:
     port: 10255/tcp
   - service: Openshift kubelet ReadOnlyPort udp
     port: 10255/udp
+- role: os_firewall
+  os_firewall_allow:
   - service: OpenShift OVS sdn
     port: 4789/udp
-    when: openshift.node.use_openshift_sdn | bool
+  when: openshift.common.use_openshift_sdn | bool
+- role: os_firewall
+  os_firewall_allow:
+  - service: Kubernetes service NodePort TCP
+    port: "{{ openshift_node_port_range | default('') }}/tcp"
+  - service: Kubernetes service NodePort UDP
+    port: "{{ openshift_node_port_range | default('') }}/udp"
+  when: openshift_node_port_range is defined
diff --git a/roles/openshift_storage_nfs_lvm/meta/main.yml b/roles/openshift_storage_nfs_lvm/meta/main.yml
index ea7c9bb45..50d94f6a3 100644
--- a/roles/openshift_storage_nfs_lvm/meta/main.yml
+++ b/roles/openshift_storage_nfs_lvm/meta/main.yml
@@ -14,4 +14,5 @@ galaxy_info:
     - all
   categories:
   - openshift
-dependencies: []
+dependencies:
+- role: openshift_facts
diff --git a/roles/openshift_storage_nfs_lvm/tasks/main.yml b/roles/openshift_storage_nfs_lvm/tasks/main.yml
index ea0cc2a94..49dd657b5 100644
--- a/roles/openshift_storage_nfs_lvm/tasks/main.yml
+++ b/roles/openshift_storage_nfs_lvm/tasks/main.yml
@@ -2,7 +2,7 @@
 # TODO -- this may actually work on atomic hosts
 - fail:
     msg: "openshift_storage_nfs_lvm is not compatible with atomic host"
-    when: openshift.common.is_atomic | true
+  when: openshift.common.is_atomic | bool
 
 - name: Create lvm volumes
   lvol: vg={{osnl_volume_group}} lv={{ item }} size={{osnl_volume_size}}G
diff --git a/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 b/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2
index 19e150f7d..c273aca9f 100644
--- a/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2
+++ b/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2
@@ -14,8 +14,8 @@
     "accessModes": [ "ReadWriteOnce", "ReadWriteMany" ],
     "persistentVolumeReclaimPolicy": "{{ osnl_volume_reclaim_policy }}",
     "nfs": {
-      "Server": "{{ inventory_hostname }}",
-      "Path": "{{ osnl_mount_dir }}/{{ item }}"
+      "server": "{{ inventory_hostname }}",
+      "path": "{{ osnl_mount_dir }}/{{ item }}"
     }
   }
 }
diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py
index b60e52dfe..8ba650994 100755
--- a/roles/os_firewall/library/os_firewall_manage_iptables.py
+++ b/roles/os_firewall/library/os_firewall_manage_iptables.py
@@ -127,9 +127,17 @@ class IpTablesManager(object):  # pylint: disable=too-many-instance-attributes
         check_cmd = self.cmd + ['-C'] + rule
         return True if subprocess.call(check_cmd) == 0 else False
 
+    @staticmethod
+    def port_as_argument(port):
+        if isinstance(port, int):
+            return str(port)
+        if isinstance(port, basestring):  # noqa: F405
+            return port.replace('-', ":")
+        return port
+
     def gen_rule(self, port, proto):
         return [self.chain, '-p', proto, '-m', 'state', '--state', 'NEW',
-                '-m', proto, '--dport', str(port), '-j', 'ACCEPT']
+                '-m', proto, '--dport', IpTablesManager.port_as_argument(port), '-j', 'ACCEPT']
 
     def create_jump(self):
         if self.check_mode:
@@ -231,7 +239,7 @@ def main():
             create_jump_rule=dict(required=False, type='bool', default=True),
             jump_rule_chain=dict(required=False, default='INPUT'),
             protocol=dict(required=False, choices=['tcp', 'udp']),
-            port=dict(required=False, type='int'),
+            port=dict(required=False, type='str'),
             ip_version=dict(required=False, default='ipv4',
                             choices=['ipv4', 'ipv6']),
         ),
diff --git a/setup.cfg b/setup.cfg
index d55df9d37..06346852c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -22,6 +22,6 @@ excludes=.tox,utils,files
 lint_disable=fixme,locally-disabled,file-ignored,duplicate-code
 
 [flake8]
-exclude=.tox/*,setup.py,utils/*,inventory/*
+exclude=.tox/*,utils/*,inventory/*
 max_line_length = 120
 ignore = E501,T003
diff --git a/setup.py b/setup.py
index 05a23b7bb..c826c167f 100644
--- a/setup.py
+++ b/setup.py
@@ -17,6 +17,7 @@ from yamllint.config import YamlLintConfig
 from yamllint.cli import Format
 from yamllint import linter
 
+
 def find_files(base_dir, exclude_dirs, include_dirs, file_regex):
     ''' find files matching file_regex '''
     found = []
@@ -111,7 +112,8 @@ class OpenShiftAnsibleYamlLint(Command):
 
         if has_errors or has_warnings:
             print('yammlint issues found')
-            exit(1)
+            raise SystemExit(1)
+
 
 class OpenShiftAnsiblePylint(PylintCommand):
     ''' Class to override the default behavior of PylintCommand '''