22 files changed, 138 insertions, 50 deletions

diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md
index c2da4b632..2b3d4329e 100644
--- a/playbooks/aws/README.md
+++ b/playbooks/aws/README.md
@@ -43,6 +43,8 @@ The current expected work flow should be to provide an AMI with access to Opensh
 
 ```yaml
 ---
+# when creating an AMI set this to True
+# when installing a cluster set this to False
 openshift_node_bootstrap: True
 
 # specify a clusterid
@@ -96,6 +98,11 @@ etcd
 ################################################################################
 # openshift_deployment_type is required for installation
 openshift_deployment_type=origin
+
+# required when building an AMI.  This will
+# be dependent on the version provided by the yum repository
+openshift_pkg_version=-3.6.0
+
 openshift_master_bootstrap_enabled=True
 
 openshift_hosted_router_wait=False
diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml
index d3c0057b5..fc11205d8 100644
--- a/playbooks/aws/openshift-cluster/build_ami.yml
+++ b/playbooks/aws/openshift-cluster/build_ami.yml
@@ -63,15 +63,8 @@
 - name: run the std_include
   include: ../../common/openshift-cluster/initialize_openshift_repos.yml
 
-- hosts: nodes
-  remote_user: root
-  tasks:
-  - set_fact:
-      openshift_node_bootstrap: True
-
-  - name: run openshift image preparation
-    include_role:
-      name: openshift_node
+- name: install node config
+  include: ../../common/openshift-node/config.yml
 
 - hosts: localhost
   connection: local
diff --git a/playbooks/aws/openshift-cluster/provisioning_vars.example.yml b/playbooks/aws/openshift-cluster/provisioning_vars.example.yml
index 5a30ad3a5..28eb9c993 100644
--- a/playbooks/aws/openshift-cluster/provisioning_vars.example.yml
+++ b/playbooks/aws/openshift-cluster/provisioning_vars.example.yml
@@ -1,4 +1,6 @@
 ---
+# when creating an AMI set this option to True
+# when installing the cluster, set this to False
 openshift_node_bootstrap: True
 
 # specify a clusterid
diff --git a/playbooks/byo/openshift-checks/roles b/playbooks/byo/openshift-checks/roles
new file mode 120000
index 000000000..20c4c58cf
--- /dev/null
+++ b/playbooks/byo/openshift-checks/roles
@@ -0,0 +1 @@
+../../../roles
\ No newline at end of file
diff --git a/playbooks/byo/openshift-loadbalancer/config.yml b/playbooks/byo/openshift-loadbalancer/config.yml
new file mode 100644
index 000000000..32c828f97
--- /dev/null
+++ b/playbooks/byo/openshift-loadbalancer/config.yml
@@ -0,0 +1,6 @@
+---
+- include: ../openshift-cluster/initialize_groups.yml
+
+- include: ../../common/openshift-cluster/std_include.yml
+
+- include: ../../common/openshift-loadbalancer/config.yml
diff --git a/playbooks/byo/openshift-master/scaleup.yml b/playbooks/byo/openshift-master/scaleup.yml
index 2179d1416..a09edd55a 100644
--- a/playbooks/byo/openshift-master/scaleup.yml
+++ b/playbooks/byo/openshift-master/scaleup.yml
@@ -1,7 +1,7 @@
 ---
 - include: ../openshift-cluster/initialize_groups.yml
 
-- name: Ensure there are new_masters
+- name: Ensure there are new_masters or new_nodes
   hosts: localhost
   connection: local
   become: no
@@ -13,7 +13,7 @@
         add hosts to the new_masters and new_nodes host groups to add
         masters.
     when:
-    - (g_new_master_hosts | default([]) | length == 0) or (g_new_node_hosts | default([]) | length == 0)
+    - (g_new_master_hosts | default([]) | length == 0) and (g_new_node_hosts | default([]) | length == 0)
 
 - include: ../../common/openshift-cluster/std_include.yml
 
diff --git a/playbooks/byo/openshift-nfs/config.yml b/playbooks/byo/openshift-nfs/config.yml
new file mode 100644
index 000000000..93b24411e
--- /dev/null
+++ b/playbooks/byo/openshift-nfs/config.yml
@@ -0,0 +1,6 @@
+---
+- include: ../openshift-cluster/initialize_groups.yml
+
+- include: ../../common/openshift-cluster/std_include.yml
+
+- include: ../../common/openshift-nfs/config.yml
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 3baa3c54d..bbd5a0185 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -25,10 +25,11 @@
 - name: Set hostname
   hosts: oo_masters_to_config:oo_nodes_to_config
   tasks:
+  # TODO: switch back to hostname module once we depend on ansible-2.4
+  # https://github.com/ansible/ansible/pull/25906
   - name: Set hostname
-    hostname:
-      name: "{{ openshift.common.hostname }}"
-    when: openshift_set_hostname | default(True) | bool
+    command: "hostnamectl set-hostname {{ openshift.common.hostname }}"
+    when: openshift_set_hostname | default(false,true) | bool
 
 - include: ../openshift-etcd/config.yml
 
diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml
index 16a733899..e55b2f964 100644
--- a/playbooks/common/openshift-cluster/evaluate_groups.yml
+++ b/playbooks/common/openshift-cluster/evaluate_groups.yml
@@ -43,11 +43,14 @@
   - name: Evaluate groups - Fail if no etcd hosts group is defined
     fail:
       msg: >
-        No etcd hosts defined. Running an all-in-one master is deprecated and
-        will no longer be supported in a future upgrade.
+        Running etcd as an embedded service is no longer supported. If this is a
+        new install please define an 'etcd' group with either one or three
+        hosts. These hosts may be the same hosts as your masters. If this is an
+        upgrade you may set openshift_master_unsupported_embedded_etcd=true
+        until a migration playbook becomes available.
     when:
-    - g_etcd_hosts | default([]) | length == 0
-    - not openshift_master_unsupported_all_in_one | default(False)
+    - g_etcd_hosts | default([]) | length not in [3,1]
+    - not openshift_master_unsupported_embedded_etcd | default(False)
     - not openshift_node_bootstrap | default(False)
 
   - name: Evaluate oo_all_hosts
diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml
index 7112a6084..1b186f181 100644
--- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml
+++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml
@@ -1,4 +1,12 @@
 ---
+- name: Set version_install_base_package true on masters and nodes
+  hosts: oo_masters_to_config:oo_nodes_to_config
+  tasks:
+  - name: Set version_install_base_package true
+    set_fact:
+      version_install_base_package: True
+    when: version_install_base_package is not defined
+
 # NOTE: requires openshift_facts be run
 - name: Determine openshift_version to configure on first master
   hosts: oo_first_master
@@ -12,5 +20,10 @@
   hosts: oo_all_hosts:!oo_first_master
   vars:
     openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}"
+  pre_tasks:
+  - set_fact:
+      openshift_pkg_version: -{{ openshift_version }}
+    when: openshift_pkg_version is not defined
+  - debug: msg="openshift_pkg_version set to {{ openshift_pkg_version }}"
   roles:
   - openshift_version
diff --git a/playbooks/common/openshift-cluster/sanity_checks.yml b/playbooks/common/openshift-cluster/sanity_checks.yml
index 7e28a11e8..26716a92d 100644
--- a/playbooks/common/openshift-cluster/sanity_checks.yml
+++ b/playbooks/common/openshift-cluster/sanity_checks.yml
@@ -45,3 +45,7 @@
   - fail:
       msg: openshift_hostname must be 63 characters or less
     when: openshift_hostname is defined and openshift_hostname | length > 63
+
+  - fail:
+      msg: openshift_public_hostname must be 63 characters or less
+    when: openshift_public_hostname is defined and openshift_public_hostname | length > 63
diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml
index b2a2eac9a..52345a9ba 100644
--- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml
+++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml
@@ -18,12 +18,16 @@
 - name: Get current version of Docker
   command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker"
   register: curr_docker_version
+  retries: 4
+  until: curr_docker_version | succeeded
   changed_when: false
 
 - name: Get latest available version of Docker
   command: >
     {{ repoquery_cmd }} --qf '%{version}' "docker"
   register: avail_docker_version
+  retries: 4
+  until: avail_docker_version | succeeded
   # Don't expect docker rpm to be available on hosts that don't already have it installed:
   when: pkg_check.rc == 0
   failed_when: false
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
index 616ba04f8..2cc6c9019 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
@@ -2,7 +2,7 @@
 - name: Backup etcd
   hosts: oo_etcd_hosts_to_backup
   roles:
-  - role: openshift_facts
+  - role: openshift_etcd_facts
   - role: etcd_common
     r_etcd_common_action: backup
     r_etcd_common_backup_tag: etcd_backup_tag
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml
index 9d8b73cff..6d8503879 100644
--- a/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml
@@ -1,8 +1,10 @@
 ---
 # Only check if docker upgrade is required if docker_upgrade is not
 # already set to False.
-- include: ../docker/upgrade_check.yml
-  when: docker_upgrade is not defined or docker_upgrade | bool and not openshift.common.is_atomic | bool
+- include: ../../docker/upgrade_check.yml
+  when:
+  - docker_upgrade is not defined or (docker_upgrade | bool)
+  - not (openshift.common.is_atomic | bool)
 
 # Additional checks for Atomic hosts:
 
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 18f10437d..b75aae589 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -13,11 +13,11 @@
       {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig
       migrate storage --include=* --confirm
     register: l_pb_upgrade_control_plane_pre_upgrade_storage
-    when: openshift_upgrade_pre_storage_migration_enabled | default(true,true) | bool
+    when: openshift_upgrade_pre_storage_migration_enabled | default(true) | bool
     failed_when:
-    - openshift_upgrade_pre_storage_migration_enabled | default(true,true) | bool
+    - openshift_upgrade_pre_storage_migration_enabled | default(true) | bool
     - l_pb_upgrade_control_plane_pre_upgrade_storage.rc != 0
-    - openshift_upgrade_pre_storage_migration_fatal | default(true,true) | bool
+    - openshift_upgrade_pre_storage_migration_fatal | default(true) | bool
 
 # If facts cache were for some reason deleted, this fact may not be set, and if not set
 # it will always default to true. This causes problems for the etcd data dir fact detection
@@ -151,11 +151,11 @@
       {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig
       migrate storage --include=clusterpolicies --confirm
     register: l_pb_upgrade_control_plane_post_upgrade_storage
-    when: openshift_upgrade_post_storage_migration_enabled | default(true,true) | bool
+    when: openshift_upgrade_post_storage_migration_enabled | default(true) | bool
     failed_when:
-    - openshift_upgrade_post_storage_migration_enabled | default(true,true) | bool
+    - openshift_upgrade_post_storage_migration_enabled | default(true) | bool
     - l_pb_upgrade_control_plane_post_upgrade_storage.rc != 0
-    - openshift_upgrade_post_storage_migration_fatal | default(false,true) | bool
+    - openshift_upgrade_post_storage_migration_fatal | default(false) | bool
     run_once: true
     delegate_to: "{{ groups.oo_first_master.0 }}"
 
@@ -247,11 +247,11 @@
       migrate storage --include=* --confirm
     run_once: true
     register: l_pb_upgrade_control_plane_post_upgrade_storage
-    when: openshift_upgrade_post_storage_migration_enabled | default(true,true) | bool
+    when: openshift_upgrade_post_storage_migration_enabled | default(true) | bool
     failed_when:
-    - openshift_upgrade_post_storage_migration_enabled | default(true,true) | bool
+    - openshift_upgrade_post_storage_migration_enabled | default(true) | bool
     - l_pb_upgrade_control_plane_post_upgrade_storage.rc != 0
-    - openshift_upgrade_post_storage_migration_fatal | default(false,true) | bool
+    - openshift_upgrade_post_storage_migration_fatal | default(false) | bool
 
   - set_fact:
       reconcile_complete: True
diff --git a/playbooks/common/openshift-etcd/migrate.yml b/playbooks/common/openshift-etcd/migrate.yml
index a2af7bb21..e4ab0aa41 100644
--- a/playbooks/common/openshift-etcd/migrate.yml
+++ b/playbooks/common/openshift-etcd/migrate.yml
@@ -69,7 +69,7 @@
   - role: etcd_migrate
     r_etcd_migrate_action: migrate
     r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
-    etcd_peer: "{{ ansible_default_ipv4.address }}"
+    etcd_peer: "{{ openshift.common.ip }}"
     etcd_url_scheme: "https"
     etcd_peer_url_scheme: "https"
 
@@ -80,7 +80,7 @@
   - role: etcd_migrate
     r_etcd_migrate_action: clean_data
     r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
-    etcd_peer: "{{ ansible_default_ipv4.address }}"
+    etcd_peer: "{{ openshift.common.ip }}"
     etcd_url_scheme: "https"
     etcd_peer_url_scheme: "https"
   post_tasks:
@@ -115,7 +115,7 @@
   roles:
   - role: etcd_migrate
     r_etcd_migrate_action: add_ttls
-    etcd_peer: "{{ hostvars[groups.oo_etcd_to_migrate.0].ansible_default_ipv4.address }}"
+    etcd_peer: "{{ hostvars[groups.oo_etcd_to_migrate.0].openshift.common.ip }}"
     etcd_url_scheme: "https"
     etcd_peer_url_scheme: "https"
     when: etcd_migration_failed | length == 0
diff --git a/playbooks/common/openshift-etcd/scaleup.yml b/playbooks/common/openshift-etcd/scaleup.yml
index 5f8bb1c7a..d3fa48bad 100644
--- a/playbooks/common/openshift-etcd/scaleup.yml
+++ b/playbooks/common/openshift-etcd/scaleup.yml
@@ -23,6 +23,9 @@
                        -C {{ etcd_peer_url_scheme }}://{{ hostvars[etcd_ca_host].etcd_hostname }}:{{ etcd_client_port }}
                        member add {{ etcd_hostname }} {{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}
     delegate_to: "{{ etcd_ca_host }}"
+    failed_when:
+    - etcd_add_check.rc == 1
+    - ("peerURL exists" not in etcd_add_check.stderr)
     register: etcd_add_check
     retries: 3
     delay: 10
@@ -53,3 +56,19 @@
     retries: 3
     delay: 30
     until: scaleup_health.rc == 0
+
+- name: Update master etcd client urls
+  hosts: oo_masters_to_config
+  serial: 1
+  tasks:
+  - include_role:
+      name: openshift_master
+      tasks_from: update_etcd_client_urls
+    vars:
+      etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+      openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+      openshift_master_etcd_hosts: "{{ hostvars
+                                       | oo_select_keys(groups['oo_etcd_to_config'] | union(groups['oo_new_etcd_to_config']))
+                                       | oo_collect('openshift.common.hostname')
+                                       | default(none, true) }}"
+      openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index c77d7bb87..e1b9a4964 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -179,28 +179,36 @@
     openshift_master_count: "{{ openshift.master.master_count }}"
     openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}"
     openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}"
-    openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
-                                                    | union(groups['oo_masters_to_config'])
-                                                    | union(groups['oo_etcd_to_config'] | default([])))
-                                                | oo_collect('openshift.common.hostname') | default([]) | join (',')
-                                                }}"
-    openshift_no_proxy_etcd_host_ips: "{{ hostvars | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
-                                                | oo_collect('openshift.common.ip') | default([]) | join(',')
-                                                }}"
-  roles:
-  - role: os_firewall
-  - role: openshift_master
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
     openshift_master_etcd_hosts: "{{ hostvars
                                      | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
                                      | oo_collect('openshift.common.hostname')
                                      | default(none, true) }}"
-    openshift_master_hosts: "{{ groups.oo_masters_to_config }}"
-    r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
-    etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+    openshift_no_proxy_etcd_host_ips: "{{ hostvars | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
+                                                | oo_collect('openshift.common.ip') | default([]) | join(',')
+                                                }}"
+  roles:
+  - role: os_firewall
+  - role: openshift_master_facts
+  - role: openshift_hosted_facts
+  - role: openshift_master_certificates
+  - role: openshift_etcd_client_certificates
     etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
     etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
     etcd_cert_prefix: "master.etcd-"
+    r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
+    etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+    when: groups.oo_etcd_to_config | default([]) | length != 0
+  - role: openshift_clock
+  - role: openshift_cloud_provider
+  - role: openshift_builddefaults
+  - role: openshift_buildoverrides
+  - role: nickhammond.logrotate
+  - role: contiv
+    contiv_role: netmaster
+    when: openshift_use_contiv | default(False) | bool
+  - role: openshift_master
+    openshift_master_hosts: "{{ groups.oo_masters_to_config }}"
     r_openshift_master_clean_install: "{{ hostvars[groups.oo_first_master.0].l_clean_install }}"
     r_openshift_master_etcd3_storage: "{{ hostvars[groups.oo_first_master.0].l_etcd3_enabled }}"
     openshift_master_is_scaleup_host: "{{ g_openshift_master_is_scaleup | default(false) }}"
@@ -211,7 +219,6 @@
     when: openshift_use_nuage | default(false) | bool
   - role: calico_master
     when: openshift_use_calico | default(false) | bool
-
   post_tasks:
   - name: Create group for deployment type
     group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}
diff --git a/playbooks/common/openshift-master/restart.yml b/playbooks/common/openshift-master/restart.yml
index 6fec346c3..4d73b8124 100644
--- a/playbooks/common/openshift-master/restart.yml
+++ b/playbooks/common/openshift-master/restart.yml
@@ -7,7 +7,7 @@
     openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
   serial: 1
   handlers:
-  - include: roles/openshift_master/handlers/main.yml
+  - include: ../../../roles/openshift_master/handlers/main.yml
     static: yes
   roles:
   - openshift_facts
diff --git a/playbooks/common/openshift-nfs/config.yml b/playbooks/common/openshift-nfs/config.yml
index 000e46e80..64ea0d3c4 100644
--- a/playbooks/common/openshift-nfs/config.yml
+++ b/playbooks/common/openshift-nfs/config.yml
@@ -2,5 +2,5 @@
 - name: Configure nfs
   hosts: oo_nfs_to_config
   roles:
-  - role: openshift_facts
+  - role: os_firewall
   - role: openshift_storage_nfs
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index c7afc78ac..0801c41ff 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -82,6 +82,7 @@
   - role: nickhammond.logrotate
   - role: openshift_manage_node
     openshift_master_host: "{{ groups.oo_first_master.0 }}"
+    when: not openshift_node_bootstrap | default(False)
   tasks:
   - name: Create group for deployment type
     group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }}
diff --git a/playbooks/gcp/openshift-cluster/provision.yml b/playbooks/gcp/openshift-cluster/provision.yml
new file mode 100644
index 000000000..a3d1d46a6
--- /dev/null
+++ b/playbooks/gcp/openshift-cluster/provision.yml
@@ -0,0 +1,19 @@
+---
+- name: Ensure all cloud resources necessary for the cluster, including instances, have been started
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks:
+
+  - name: provision a GCP cluster in the specified project
+    include_role:
+      name: openshift_gcp
+
+- name: normalize groups
+  include: ../../byo/openshift-cluster/initialize_groups.yml
+
+- name: run the std_include
+  include: ../../common/openshift-cluster/std_include.yml
+
+- name: run the config
+  include: ../../common/openshift-cluster/config.yml