7 files changed, 73 insertions, 67 deletions

diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index 4edd44fe4..a6c523e26 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -338,7 +338,7 @@
     - /etc/ansible/facts.d/openshift.fact
     - /etc/etcd
     - /etc/systemd/system/etcd_container.service
-    - /var/lib/etcd
+    - /var/lib/etcd/*
 
 - hosts: lb
   become: yes
diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh b/playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh
new file mode 120000
index 000000000..d5d864b63
--- /dev/null
+++ b/playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh
@@ -0,0 +1 @@
+../../../../common/openshift-cluster/upgrades/files/nuke_images.sh
\ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/upgrade.yml
index 3ec47d6f3..f7ff16fb8 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade.yml
@@ -110,6 +110,52 @@
     when: master_update_failed | length > 0
 
 ###############################################################################
+# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints
+###############################################################################
+
+- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints
+  hosts: oo_masters_to_config
+  roles:
+  - { role: openshift_cli }
+  vars:
+    origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}"
+    ent_reconcile_bindings: true
+    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
+    # Similar to pre.yml, we don't want to upgrade docker during the openshift_cli role,
+    # it will be updated when we perform node upgrade.
+    docker_protect_installed_version: True
+  tasks:
+  - name: Verifying the correct commandline tools are available
+    shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
+    when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
+
+  - name: Reconcile Cluster Roles
+    command: >
+      {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+      policy reconcile-cluster-roles --additive-only=true --confirm
+    run_once: true
+
+  - name: Reconcile Cluster Role Bindings
+    command: >
+      {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+      policy reconcile-cluster-role-bindings
+      --exclude-groups=system:authenticated
+      --exclude-groups=system:authenticated:oauth
+      --exclude-groups=system:unauthenticated
+      --exclude-users=system:anonymous
+      --additive-only=true --confirm
+    when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
+    run_once: true
+
+  - name: Reconcile Security Context Constraints
+    command: >
+      {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true
+    run_once: true
+
+  - set_fact:
+      reconcile_complete: True
+
+###############################################################################
 # Upgrade Nodes
 ###############################################################################
 
@@ -160,49 +206,6 @@
     when: inventory_hostname in groups.oo_nodes_to_config and openshift.node.schedulable | bool
 
 
-###############################################################################
-# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints
-###############################################################################
-
-- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints
-  hosts: oo_masters_to_config
-  roles:
-  - { role: openshift_cli }
-  vars:
-    origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}"
-    ent_reconcile_bindings: true
-    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
-  tasks:
-  - name: Verifying the correct commandline tools are available
-    shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
-    when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
-
-  - name: Reconcile Cluster Roles
-    command: >
-      {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
-      policy reconcile-cluster-roles --additive-only=true --confirm
-    run_once: true
-
-  - name: Reconcile Cluster Role Bindings
-    command: >
-      {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
-      policy reconcile-cluster-role-bindings
-      --exclude-groups=system:authenticated
-      --exclude-groups=system:authenticated:oauth
-      --exclude-groups=system:unauthenticated
-      --exclude-users=system:anonymous
-      --additive-only=true --confirm
-    when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
-    run_once: true
-
-  - name: Reconcile Security Context Constraints
-    command: >
-      {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true
-    run_once: true
-
-  - set_fact:
-      reconcile_complete: True
-
 ##############################################################################
 # Gate on reconcile
 ##############################################################################
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index c56353430..e7c7ffb38 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -43,7 +43,7 @@
       ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
       ansible_become: "{{ g_sudo | default(omit) }}"
     with_items: "{{ groups.oo_nodes_to_config | default([]) }}"
-    when: hostvars[item].openshift.common.is_containerized | bool and (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config)
+    when: hostvars[item].openshift.common is defined and hostvars[item].openshift.common.is_containerized | bool and (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config)
 
 - name: Configure node instances
   hosts: oo_containerized_master_nodes
diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml
index b9aae2f4c..36ac7513d 100644
--- a/playbooks/openstack/openshift-cluster/launch.yml
+++ b/playbooks/openstack/openshift-cluster/launch.yml
@@ -48,6 +48,8 @@
              -P infra_flavor={{ openstack_flavor["infra"] }}
              -P dns_flavor={{ openstack_flavor["dns"] }}
              openshift-ansible-{{ cluster_id }}-stack'
+    args:
+      chdir: '{{ playbook_dir }}'
 
   - name: Wait for OpenStack Stack readiness
     shell: 'heat stack-show openshift-ansible-{{ cluster_id }}-stack | awk ''$2 == "stack_status" {print $4}'''
@@ -107,9 +109,9 @@
       openshift_node_labels:
         type: "etcd"
     with_together:
-      - parsed_outputs.etcd_names
-      - parsed_outputs.etcd_ips
-      - parsed_outputs.etcd_floating_ips
+      - '{{ parsed_outputs.etcd_names }}'
+      - '{{ parsed_outputs.etcd_ips }}'
+      - '{{ parsed_outputs.etcd_floating_ips }}'
 
   - name: Add new master instances groups and variables
     add_host:
@@ -121,9 +123,9 @@
       openshift_node_labels:
         type: "master"
     with_together:
-      - parsed_outputs.master_names
-      - parsed_outputs.master_ips
-      - parsed_outputs.master_floating_ips
+      - '{{ parsed_outputs.master_names }}'
+      - '{{ parsed_outputs.master_ips }}'
+      - '{{ parsed_outputs.master_floating_ips }}'
 
   - name: Add new node instances groups and variables
     add_host:
@@ -135,9 +137,9 @@
       openshift_node_labels:
         type: "compute"
     with_together:
-      - parsed_outputs.node_names
-      - parsed_outputs.node_ips
-      - parsed_outputs.node_floating_ips
+      - '{{ parsed_outputs.node_names }}'
+      - '{{ parsed_outputs.node_ips }}'
+      - '{{ parsed_outputs.node_floating_ips }}'
 
   - name: Add new infra instances groups and variables
     add_host:
@@ -149,9 +151,9 @@
       openshift_node_labels:
         type: "infra"
     with_together:
-      - parsed_outputs.infra_names
-      - parsed_outputs.infra_ips
-      - parsed_outputs.infra_floating_ips
+      - '{{ parsed_outputs.infra_names }}'
+      - '{{ parsed_outputs.infra_ips }}'
+      - '{{ parsed_outputs.infra_floating_ips }}'
 
   - name: Add DNS groups and variables
     add_host:
@@ -166,10 +168,10 @@
       host: '{{ item }}'
       port: 22
     with_flattened:
-      - parsed_outputs.master_floating_ips
-      - parsed_outputs.node_floating_ips
-      - parsed_outputs.infra_floating_ips
-      - parsed_outputs.dns_floating_ip
+      - '{{ parsed_outputs.master_floating_ips }}'
+      - '{{ parsed_outputs.node_floating_ips }}'
+      - '{{ parsed_outputs.infra_floating_ips }}'
+      - '{{ parsed_outputs.dns_floating_ip }}'
 
   - name: Wait for user setup
     command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ deployment_vars[deployment_type].ssh_user }}@{{ item }} echo {{ deployment_vars[deployment_type].ssh_user }} user is setup'
@@ -178,10 +180,10 @@
     retries: 30
     delay: 1
     with_flattened:
-      - parsed_outputs.master_floating_ips
-      - parsed_outputs.node_floating_ips
-      - parsed_outputs.infra_floating_ips
-      - parsed_outputs.dns_floating_ip
+      - '{{ parsed_outputs.master_floating_ips }}'
+      - '{{ parsed_outputs.node_floating_ips }}'
+      - '{{ parsed_outputs.infra_floating_ips }}'
+      - '{{ parsed_outputs.dns_floating_ip }}'
 
 - include: update.yml
 
diff --git a/playbooks/openstack/openshift-cluster/list.yml b/playbooks/openstack/openshift-cluster/list.yml
index ba9c6bf9c..60372e262 100644
--- a/playbooks/openstack/openshift-cluster/list.yml
+++ b/playbooks/openstack/openshift-cluster/list.yml
@@ -17,7 +17,7 @@
       ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
       ansible_ssh_host: "{{ hostvars[item].ansible_ssh_host | default(item) }}"
       ansible_become: "{{ deployment_vars[deployment_type].become }}"
-    with_items: groups[scratch_group] | default([]) | difference(['localhost'])
+    with_items: "{{ groups[scratch_group] | default([]) | difference(['localhost']) }}"
 
 - name: List Hosts
   hosts: oo_list_hosts
diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml
index 5bd8476f1..980ab7337 100644
--- a/playbooks/openstack/openshift-cluster/terminate.yml
+++ b/playbooks/openstack/openshift-cluster/terminate.yml
@@ -11,7 +11,7 @@
       groups: oo_hosts_to_terminate
       ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
       ansible_become: "{{ deployment_vars[deployment_type].become }}"
-    with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([]))
+    with_items: "{{ (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([])) }}"
 
 - name: Unsubscribe VMs
   hosts: oo_hosts_to_terminate