9 files changed, 52 insertions, 35 deletions
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates.yml b/playbooks/common/openshift-cluster/redeploy-certificates.yml
index 5f008a045..5fc81bf3a 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates.yml
@@ -204,7 +204,7 @@
       cp {{ openshift.common.config_base }}/master//admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
     changed_when: False
 
-- name: Serially evacuate all nodes to trigger redeployments
+- name: Serially drain all nodes to trigger redeployments
   hosts: oo_nodes_to_config
   serial: 1
   any_errors_fatal: true
@@ -222,7 +222,7 @@
       was_schedulable: "{{ 'unschedulable' not in (node_output.stdout | from_json).spec }}"
     when: openshift_certificates_redeploy_ca | default(false) | bool
 
-  - name: Prepare for node evacuation
+  - name: Prepare for node draining
     command: >
       {{ openshift.common.client_binary }} adm --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
       manage-node {{ openshift.node.nodename }}
@@ -230,11 +230,11 @@
     delegate_to: "{{ groups.oo_first_master.0 }}"
     when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool
 
-  - name: Evacuate node
+  - name: Drain node
     command: >
       {{ openshift.common.client_binary }} adm --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
       manage-node {{ openshift.node.nodename }}
-      --evacuate --force
+      --drain --force
     delegate_to: "{{ groups.oo_first_master.0 }}"
     when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool
 
diff --git a/playbooks/common/openshift-cluster/upgrades/docker/restart.yml b/playbooks/common/openshift-cluster/upgrades/docker/restart.yml
index d800b289b..1b418920f 100644
--- a/playbooks/common/openshift-cluster/upgrades/docker/restart.yml
+++ b/playbooks/common/openshift-cluster/upgrades/docker/restart.yml
@@ -19,11 +19,9 @@
   when: openshift.common.is_containerized | bool
 
 - name: Wait for master API to come back online
-  become: no
-  local_action:
-    module: wait_for
-      host="{{ inventory_hostname }}"
-      state=started
-      delay=10
-      port="{{ openshift.master.api_port }}"
+  wait_for:
+    host: "{{ openshift.common.hostname }}"
+    state: started
+    delay: 10
+    port: "{{ openshift.master.api_port }}"
   when: inventory_hostname in groups.oo_masters_to_config
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
index 0a972adf6..be42f005f 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
@@ -42,15 +42,28 @@
         {{ avail_disk.stdout }} Kb available.
     when: (embedded_etcd | bool) and (etcd_disk_usage.stdout|int > avail_disk.stdout|int)
 
-  # TODO - Refactor containerized backup to use etcd_container to backup the data so we don't rely on
-  # the host's etcdctl binary which may be of a different version.
-
-  # for non containerized and non embedded we should have the correct version of etcd installed already
-  # For embedded we need to use the latest because OCP 3.3 uses a version of etcd that can only be backed
-  # up with etcd-3.x
+  # For non containerized and non embedded we should have the correct version of
+  # etcd installed already. So don't do anything.
+  #
+  # For embedded or containerized we need to use the latest because OCP 3.3 uses
+  # a version of etcd that can only be backed up with etcd-3.x and if it's
+  # containerized then etcd version may be newer than that on the host so
+  # upgrade it.
+  #
+  # On atomic we have neither yum nor dnf so ansible throws a hard to debug error
+  # if you use package there, like this: "Could not find a module for unknown."
+  # see https://bugzilla.redhat.com/show_bug.cgi?id=1408668
+  #
+  # TODO - We should refactor all containerized backups to use the containerized
+  # version of etcd to perform the backup rather than relying on the host's
+  # binaries. Until we do that we'll continue to have problems backing up etcd
+  # when atomic host has an older version than the version that's running in the
+  # container whether that's embedded or not
   - name: Install latest etcd for containerized or embedded
-    package: name=etcd state=latest
-    when: ( openshift.common.is_containerized and not openshift.common.is_atomic ) or embedded_etcd | bool
+    package:
+      name: etcd
+      state: latest
+    when: ( embedded_etcd | bool or openshift.common.is_containerized ) and not openshift.common.is_atomic
 
   - name: Generate etcd backup
     command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml b/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml
index f88981a0b..5f8b59e17 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml
@@ -8,8 +8,7 @@
 
 - name: Set new_etcd_image
   set_fact:
-    new_etcd_image: "{{ current_image.stdout | regex_replace('/etcd.*$','/etcd3:' ~ upgrade_version ) if upgrade_version | version_compare('3.0','>=')
-                        else current_image.stdout.split(':')[0] ~ ':' ~ upgrade_version }}"
+    new_etcd_image: "{{ current_image.stdout | regex_replace('/etcd.*$','/etcd:' ~ upgrade_version ) }}"
 
 - name: Pull new etcd image
   command: "docker pull {{ new_etcd_image }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml
index 5ff9521ec..0f8d94737 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml
@@ -75,7 +75,7 @@
   hosts: etcd_hosts_to_upgrade
   serial: 1
   vars:
-    upgrade_version: 3.0.14
+    upgrade_version: 3.0.15
   tasks:
   - include: containerized_tasks.yml
     when: etcd_container_version.stdout | default('99') | version_compare('3.0','<') and openshift.common.is_containerized | bool
diff --git a/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py b/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py
index 1238acb05..673f11889 100755
--- a/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py
+++ b/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py
@@ -146,7 +146,7 @@ def main():
 
     # ignore broad-except error to avoid stack trace to ansible user
     # pylint: disable=broad-except
-    except Exception, e:
+    except Exception as e:
         return module.fail_json(msg=str(e))
 
 
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 474e6311e..6950b6166 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -51,6 +51,14 @@
 
 - include: create_service_signer_cert.yml
 
+# Set openshift_master_facts separately. In order to reconcile
+# admission_config's, we currently must run openshift_master_facts and
+# then run openshift_facts.
+- name: Set OpenShift master facts
+  hosts: oo_masters_to_config
+  roles:
+  - openshift_master_facts
+
 - name: Upgrade master config and systemd units
   hosts: oo_masters_to_config
   handlers:
@@ -58,8 +66,9 @@
     static: yes
   roles:
   - openshift_facts
-  - openshift_master_facts
-  tasks:
+  post_tasks:
+  - include_vars: ../../../../roles/openshift_master_facts/vars/main.yml
+
   - include: upgrade_scheduler.yml
 
   - include: "{{ master_config_hook }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index cefc7d12b..68b111df4 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -1,5 +1,5 @@
 ---
-- name: Evacuate and upgrade nodes
+- name: Drain and upgrade nodes
   hosts: oo_nodes_to_upgrade
   # This var must be set with -e on invocation, as it is not a per-host inventory var
   # and is evaluated early. Values such as "20%" can also be used.
@@ -39,9 +39,9 @@
     retries: 3
     delay: 1
 
-  - name: Evacuate Node for Kubelet upgrade
+  - name: Drain Node for Kubelet upgrade
     command: >
-      {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --evacuate --force
+      {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --drain --force
     delegate_to: "{{ groups.oo_first_master.0 }}"
     when: inventory_hostname in groups.oo_nodes_to_upgrade
 
diff --git a/playbooks/common/openshift-master/restart_services.yml b/playbooks/common/openshift-master/restart_services.yml
index 25fa10450..b40c32669 100644
--- a/playbooks/common/openshift-master/restart_services.yml
+++ b/playbooks/common/openshift-master/restart_services.yml
@@ -10,13 +10,11 @@
     state: restarted
   when: openshift_master_ha | bool and openshift.master.cluster_method != 'pacemaker'
 - name: Wait for master API to come back online
-  become: no
-  local_action:
-    module: wait_for
-      host="{{ openshift.common.hostname }}"
-      state=started
-      delay=10
-      port="{{ openshift.master.api_port }}"
+  wait_for:
+    host: "{{ openshift.common.hostname }}"
+    state: started
+    delay: 10
+    port: "{{ openshift.master.api_port }}"
   when: openshift_master_ha | bool and openshift.master.cluster_method != 'pacemaker'
 - name: Restart master controllers
   service: