36 files changed, 136 insertions, 54 deletions

diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml
index 681029332..1975b92e6 100644
--- a/roles/cockpit/tasks/main.yml
+++ b/roles/cockpit/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install cockpit-ws
-  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  package: name={{ item }} state=present
   with_items:
     - cockpit-ws
     - cockpit-shell
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
index 57a7e6269..2abe0d9dd 100644
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@@ -1,5 +1,6 @@
+---
 - name: Install Bind
-  action: "{{ ansible_pkg_mgr }} name=bind"
+  package: name=bind state=present
   when: not openshift.common.is_containerized | bool
 
 - name: Create docker build dir
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 9b7ef0830..a2b18baa1 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -40,7 +40,7 @@
 # Make sure Docker is installed, but does not update a running version.
 # Docker upgrades are handled by a separate playbook.
 - name: Install Docker
-  action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present"
+  package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
   when: not openshift.common.is_atomic | bool
 
 - name: Ensure docker.service.d directory exists
diff --git a/roles/etcd/tasks/etcdctl.yml b/roles/etcd/tasks/etcdctl.yml
index 32c176449..bb6fabf64 100644
--- a/roles/etcd/tasks/etcdctl.yml
+++ b/roles/etcd/tasks/etcdctl.yml
@@ -1,5 +1,6 @@
+---
 - name: Install etcd for etcdctl
-  action: "{{ ansible_pkg_mgr }} name=etcd state=present"
+  package: name=etcd state=present
   when: not openshift.common.is_atomic | bool
 
 - name: Configure etcd profile.d alises
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 790eb3c5a..7b61e9b73 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -7,7 +7,7 @@
     etcd_ip: "{{ etcd_ip }}"
 
 - name: Install etcd
-  action: "{{ ansible_pkg_mgr }} name=etcd state=present"
+  package: name=etcd state=present
   when: not etcd_is_containerized | bool
 
 - name: Pull etcd container
diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml
index 4e68bc962..c4d5efa14 100644
--- a/roles/etcd_ca/tasks/main.yml
+++ b/roles/etcd_ca/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install openssl
-  action: "{{ ansible_pkg_mgr }} name=openssl state=present"
+  package: name=openssl state=present
   when: not etcd_is_atomic | bool
   delegate_to: "{{ etcd_ca_host }}"
   run_once: true
diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml
index d66a0a7bf..b0fd117ed 100644
--- a/roles/etcd_server_certificates/tasks/main.yml
+++ b/roles/etcd_server_certificates/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install etcd
-  action: "{{ ansible_pkg_mgr }} name=etcd state=present"
+  package: name=etcd state=present
   when: not etcd_is_containerized | bool
 
 - name: Check status of etcd certificates
diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index bf400cfe8..a51455bae 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Install flannel
   become: yes
-  action: "{{ ansible_pkg_mgr }} name=flannel state=present"
+  package: name=flannel state=present
   when: not openshift.common.is_atomic | bool
 
 - name: Set flannel etcd options
diff --git a/roles/kube_nfs_volumes/tasks/main.yml b/roles/kube_nfs_volumes/tasks/main.yml
index 5eff30f6f..67f709c8c 100644
--- a/roles/kube_nfs_volumes/tasks/main.yml
+++ b/roles/kube_nfs_volumes/tasks/main.yml
@@ -4,7 +4,10 @@
   when: openshift.common.is_atomic | bool
 
 - name: Install pyparted (RedHat/Fedora)
-  action: "{{ ansible_pkg_mgr }} name=pyparted,python-httplib2 state=present"
+  package: name={{ item }} state=present
+  with_items:
+    - pyparted
+    - python-httplib2
   when: not openshift.common.is_containerized | bool
 
 - name: partition the drives
diff --git a/roles/kube_nfs_volumes/tasks/nfs.yml b/roles/kube_nfs_volumes/tasks/nfs.yml
index 474ec69e5..ebd3d349a 100644
--- a/roles/kube_nfs_volumes/tasks/nfs.yml
+++ b/roles/kube_nfs_volumes/tasks/nfs.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install NFS server
-  action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
+  package: name=nfs-utils state=present
   when: not openshift.common.is_containerized | bool
 
 - name: Start rpcbind on Fedora/Red Hat
diff --git a/roles/nickhammond.logrotate/tasks/main.yml b/roles/nickhammond.logrotate/tasks/main.yml
index 1979c851f..657cb10ec 100644
--- a/roles/nickhammond.logrotate/tasks/main.yml
+++ b/roles/nickhammond.logrotate/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: nickhammond.logrotate | Install logrotate
-  action: "{{ ansible_pkg_mgr }} name=logrotate state=present"
+  package: name=logrotate state=present
   when: not openshift.common.is_atomic | bool
 
 - name: nickhammond.logrotate | Setup logrotate.d scripts
diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml
index 9cfa40b8a..8d73e6840 100644
--- a/roles/nuage_ca/tasks/main.yaml
+++ b/roles/nuage_ca/tasks/main.yaml
@@ -1,6 +1,6 @@
 ---
 - name: Install openssl
-  action: "{{ ansible_pkg_mgr }} name=openssl state=present"
+  package: name=openssl state=present
   when: not openshift.common.is_atomic | bool
 
 - name: Create CA directory
@@ -41,6 +41,6 @@
   delegate_to: "{{ nuage_ca_master }}"
 
 - name: Copy SSL config file
-  copy: src=openssl.cnf dest="{{ nuage_ca_dir }}/openssl.cnf" 
+  copy: src=openssl.cnf dest="{{ nuage_ca_dir }}/openssl.cnf"
   run_once: true
   delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
index 2b3ae0454..41143772e 100644
--- a/roles/nuage_master/tasks/serviceaccount.yml
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -29,7 +29,7 @@
     --config={{nuage_tmp_conf}}
   with_items: "{{nuage_tasks}}"
   register: osnuage_perm_task
-  failed_when: "'already exists' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
+  failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
   changed_when: osnuage_perm_task.rc == 0
 
 - name: Generate the node client config
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index b6d403067..e2a12e5ff 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -8,7 +8,9 @@
   when: openshift_master_ca_certificate is defined and ('certfile' not in openshift_master_ca_certificate or 'keyfile' not in openshift_master_ca_certificate)
 
 - name: Install the base package for admin tooling
-  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+  package:
+    name: "{{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}"
+    state: present
   when: not openshift.common.is_containerized | bool
   register: install_result
   delegate_to: "{{ openshift_ca_host }}"
diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml
index 11c73b25c..07a00189c 100644
--- a/roles/openshift_cli/tasks/main.yml
+++ b/roles/openshift_cli/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install clients
-  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-clients state=present"
+  package: name={{ openshift.common.service_type }}-clients state=present
   when: not openshift.common.is_containerized | bool
 
 - name: Pull CLI Image
@@ -20,5 +20,5 @@
   openshift_facts:
 
 - name: Install bash completion for oc tools
-  action: "{{ ansible_pkg_mgr }} name=bash-completion state=present"
+  package: name=bash-completion state=present
   when: not openshift.common.is_containerized | bool
diff --git a/roles/openshift_clock/tasks/main.yaml b/roles/openshift_clock/tasks/main.yaml
index 5a8403f68..3911201ea 100644
--- a/roles/openshift_clock/tasks/main.yaml
+++ b/roles/openshift_clock/tasks/main.yaml
@@ -6,7 +6,7 @@
       enabled: "{{ openshift_clock_enabled | default(None) }}"
 
 - name: Install ntp package
-  action: "{{ ansible_pkg_mgr }} name=ntp state=present"
+  package: name=ntp state=present
   when: openshift.clock.enabled | bool and not openshift.clock.chrony_installed | bool
 
 - name: Start and enable ntpd/chronyd
diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml
index 3f8ea5dce..c9a44b3f5 100644
--- a/roles/openshift_common/tasks/main.yml
+++ b/roles/openshift_common/tasks/main.yml
@@ -29,7 +29,9 @@
       use_dnsmasq: "{{ openshift_use_dnsmasq | default(None) }}"
 
 - name: Install the base package for versioning
-  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+  package:
+    name: "{{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}"
+    state: present
   when: not openshift.common.is_containerized | bool
 
 - name: Set version facts
diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml
index cdd813e6a..00603f4fa 100644
--- a/roles/openshift_expand_partition/tasks/main.yml
+++ b/roles/openshift_expand_partition/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Ensure growpart is installed
-  action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present"
+  package: name=cloud-utils-growpart state=present
   when: not openshift.common.is_containerized | bool
 
 - name: Determine if growpart is installed
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index 4d4a232cc..70cf49dd4 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -10,12 +10,11 @@
 - set_fact:
     l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}"
 
-- name: Ensure PyYaml is installed
-  action: "{{ ansible_pkg_mgr }} name=PyYAML state=present"
-  when: not l_is_atomic | bool
-
-- name: Ensure yum-utils is installed
-  action: "{{ ansible_pkg_mgr }} name=yum-utils state=present"
+- name: Ensure PyYaml and yum-utils are installed
+  package: name={{ item }} state=present
+  with_items:
+    - PyYAML
+    - yum-utils
   when: not l_is_atomic | bool
 
 - name: Gather Cluster facts and set is_containerized if needed
diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml
index 863738143..1d2804279 100644
--- a/roles/openshift_loadbalancer/tasks/main.yml
+++ b/roles/openshift_loadbalancer/tasks/main.yml
@@ -3,7 +3,7 @@
   when: openshift.common.is_containerized | bool
 
 - name: Install haproxy
-  action: "{{ ansible_pkg_mgr }} name=haproxy state=present"
+  package: name=haproxy state=present
 
 - name: Configure systemd service directory for haproxy
   file:
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index 28e4e46e9..88cdd2d89 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -3,18 +3,51 @@
   command: mktemp -d /tmp/openshift-ansible-XXXXXX
   register: mktemp
   changed_when: False
+  delegate_to: "{{ openshift_master_host }}"
+  run_once: true
 
 - set_fact:
     openshift_manage_node_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+  delegate_to: "{{ openshift_master_host }}"
+  run_once: true
 
 - name: Copy the admin client config(s)
   command: >
     cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_manage_node_kubeconfig }}
   changed_when: False
+  delegate_to: "{{ openshift_master_host }}"
+  run_once: true
+
+# Necessary because when you're on a node that's also a master the master will be
+# restarted after the node restarts docker and it will take up to 60 seconds for
+# systemd to start the master again
+- name: Wait for master API to become available before proceeding
+  # Using curl here since the uri module requires python-httplib2 and
+  # wait_for port doesn't provide health information.
+  command: >
+    curl --silent --tlsv1.2
+    {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+    --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+    {% else %}
+    --cacert {{ openshift.common.config_base }}/master/ca.crt
+    {% endif %}
+    {{ openshift_node_master_api_url }}/healthz/ready
+  args:
+    # Disables the following warning:
+    # Consider using get_url or uri module rather than running curl
+    warn: no
+  register: api_available_output
+  until: api_available_output.stdout == 'ok'
+  retries: 120
+  delay: 1
+  changed_when: false
+  when: openshift.common.is_containerized | bool
+  delegate_to: "{{ openshift_master_host }}"
+  run_once: true
 
 - name: Wait for Node Registration
   command: >
-    {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.node.nodename }}
+    {{ openshift.common.client_binary }} get node {{ openshift.node.nodename }}
     --config={{ openshift_manage_node_kubeconfig }}
     -n default
   register: omd_get_node
@@ -22,26 +55,29 @@
   retries: 50
   delay: 5
   changed_when: false
-  with_items: "{{ openshift_nodes }}"
+  when: "'nodename' in openshift.node"
+  delegate_to: "{{ openshift_master_host }}"
 
 - name: Set node schedulability
   command: >
-    {{ openshift.common.client_binary }} adm manage-node {{ hostvars[item].openshift.node.nodename }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }}
+    {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename }} --schedulable={{ 'true' if openshift.node.schedulable | bool else 'false' }}
     --config={{ openshift_manage_node_kubeconfig }}
     -n default
-  with_items: "{{ openshift_nodes }}"
-  when: hostvars[item].openshift.node.nodename is defined
+  when: "'nodename' in openshift.node"
+  delegate_to: "{{ openshift_master_host }}"
 
 - name: Label nodes
   command: >
-    {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.node.nodename }} {{ hostvars[item].openshift.node.labels | oo_combine_dict  }}
+    {{ openshift.common.client_binary }} label --overwrite node {{ openshift.node.nodename }} {{ openshift.node.labels | oo_combine_dict  }}
     --config={{ openshift_manage_node_kubeconfig }}
     -n default
-  with_items: "{{ openshift_nodes }}"
-  when: hostvars[item].openshift.node.nodename is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {}
+  when: "'nodename' in openshift.node and 'labels' in openshift.node and openshift.node.labels != {}"
+  delegate_to: "{{ openshift_master_host }}"
 
 - name: Delete temp directory
   file:
     name: "{{ mktemp.stdout }}"
     state: absent
   changed_when: False
+  delegate_to: "{{ openshift_master_host }}"
+  run_once: true
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index bdaf64b3f..a7214482f 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -50,6 +50,16 @@
   failed_when: "'already exists' not in osmiq_create_cluster_role.stderr and osmiq_create_cluster_role.rc != 0"
   changed_when: osmiq_create_cluster_role.rc == 0
 
+- name: Create Hawkular Metrics Admin Cluster Role
+  shell: >
+    echo {{ manageiq_metrics_admin_clusterrole | to_json | quote }} |
+    {{ openshift.common.client_binary }}
+    --config={{manage_iq_tmp_conf}}
+    create -f -
+  register: oshawkular_create_cluster_role
+  failed_when: "'already exists' not in oshawkular_create_cluster_role.stderr and oshawkular_create_cluster_role.rc != 0"
+  changed_when: oshawkular_create_cluster_role.rc == 0
+
 - name: Configure role/user permissions
   command: >
     {{ openshift.common.client_binary }} adm {{item}}
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
index 6a0c5b41b..37d4679ef 100644
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -9,6 +9,20 @@ manageiq_cluster_role:
       verbs:
       - '*'
 
+manageiq_metrics_admin_clusterrole:
+  apiVersion: v1
+  kind: ClusterRole
+  metadata:
+    name: hawkular-metrics-admin
+  rules:
+  - apiGroups:
+    - ""
+    resources:
+    - hawkular-metrics
+    - hawkular-alerts
+    verbs:
+    - '*'
+
 manageiq_service_account:
     apiVersion: v1
     kind: ServiceAccount
@@ -31,6 +45,7 @@ manage_iq_tasks:
     - policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin
     - policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin
     - policy add-cluster-role-to-user self-provisioner system:serviceaccount:management-infra:management-admin
+    - policy add-cluster-role-to-user hawkular-metrics-admin system:serviceaccount:management-infra:management-admin
 
 manage_iq_openshift_3_2_tasks:
     - policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 1d6758c4a..79c62e985 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -24,7 +24,9 @@
   when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and openshift.common.is_containerized | bool
 
 - name: Install Master package
-  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+  package:
+    name: "{{ openshift.common.service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}"
+    state: present
   when: not openshift.common.is_containerized | bool
 
 - name: Pull master image
@@ -77,7 +79,7 @@
   - restart master controllers
 
 - name: Install httpd-tools if needed
-  action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present"
+  package: name=httpd-tools state=present
   when: (item.kind == 'HTPasswdPasswordIdentityProvider') and
         not openshift.common.is_atomic | bool
   with_items: "{{ openshift.master.identity_providers }}"
@@ -292,7 +294,7 @@
   when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
 
 - name: Install cluster packages
-  action: "{{ ansible_pkg_mgr }} name=pcs state=present"
+  package: name=pcs state=present
   when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker'
     and not openshift.common.is_containerized | bool
   register: install_result
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 6022694bc..612cc0e20 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -35,15 +35,25 @@
 # We have to add tuned-profiles in the same transaction otherwise we run into depsolving
 # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging.
 - name: Install Node package
-  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+  package:
+    name: "{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}"
+    state: present
   when: not openshift.common.is_containerized | bool
 
+- name: Check for tuned package
+  command: rpm -q tuned
+  register: tuned_installed
+  changed_when: false
+  failed_when: false
+
 - name: Set atomic-guest tuned profile
   command: "tuned-adm profile atomic-guest"
-  when: openshift.common.is_atomic | bool
+  when: tuned_installed.rc == 0 and openshift.common.is_atomic | bool
 
 - name: Install sdn-ovs package
-  action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+  package:
+    name: "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }}"
+    state: present
   when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool
 
 - name: Pull node image
diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml
index eed3c99a3..037efe81a 100644
--- a/roles/openshift_node/tasks/storage_plugins/ceph.yml
+++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml
@@ -1,4 +1,4 @@
 ---
 - name: Install Ceph storage plugin dependencies
-  action: "{{ ansible_pkg_mgr }} name=ceph-common state=present"
-  when: not openshift.common.is_atomic | bool
\ No newline at end of file
+  package: name=ceph-common state=present
+  when: not openshift.common.is_atomic | bool
diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
index 4fd9cd10b..7d8c42ee2 100644
--- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install GlusterFS storage plugin dependencies
-  action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present"
+  package: name=glusterfs-fuse state=present
   when: not openshift.common.is_atomic | bool
 
 - name: Check for existence of virt_use_fusefs seboolean
diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml
index d6684b34a..1c5478c55 100644
--- a/roles/openshift_node/tasks/storage_plugins/iscsi.yml
+++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml
@@ -1,4 +1,4 @@
 ---
 - name: Install iSCSI storage plugin dependencies
-  action: "{{ ansible_pkg_mgr }} name=iscsi-initiator-utils state=present"
+  package: name=iscsi-initiator-utils state=present
   when: not openshift.common.is_atomic | bool
diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml
index 5f99f129c..d40ae66cb 100644
--- a/roles/openshift_node/tasks/storage_plugins/nfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install NFS storage plugin dependencies
-  action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
+  package: name=nfs-utils state=present
   when: not openshift.common.is_atomic | bool
 
 - name: Check for existence of seboolean
diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml
index 396c27295..0167b02b1 100644
--- a/roles/openshift_node_dnsmasq/tasks/main.yml
+++ b/roles/openshift_node_dnsmasq/tasks/main.yml
@@ -4,13 +4,14 @@
     systemctl show NetworkManager
   register: nm_show
   changed_when: false
+  ignore_errors: True
 
 - name: Set fact using_network_manager
   set_fact:
     network_manager_active: "{{ True if 'ActiveState=active' in nm_show.stdout else False }}"
 
 - name: Install dnsmasq
-  action: "{{ ansible_pkg_mgr }} name=dnsmasq state=installed"
+  package: name=dnsmasq state=installed
   when: not openshift.common.is_atomic | bool
 
 - name: Install dnsmasq configuration
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index a81867b98..d5ed9c09d 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -12,7 +12,7 @@
   when: not openshift.common.is_containerized | bool
 
 - name: Ensure libselinux-python is installed
-  action: "{{ ansible_pkg_mgr }} name=libselinux-python state=present"
+  package: name=libselinux-python state=present
   when: not openshift.common.is_containerized | bool
 
 - name: Create any additional repos that are defined
diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml
index 4716c77ae..ecc52e4af 100644
--- a/roles/openshift_storage_nfs/tasks/main.yml
+++ b/roles/openshift_storage_nfs/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install nfs-utils
-  action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
+  package: name=nfs-utils state=present
 
 - name: Configure NFS
   lineinfile:
diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
index fc8de1cb5..e0be9f0b7 100644
--- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
+++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
@@ -1,8 +1,8 @@
 ---
 - name: Install NFS server
-  action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
+  package: name=nfs-utils state=present
   when: not openshift.common.is_containerized | bool
-  
+
 - name: Start rpcbind
   service: name=rpcbind state=started enabled=yes
 
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml
index b6777c51f..a6039b5f1 100644
--- a/roles/os_firewall/tasks/firewall/firewalld.yml
+++ b/roles/os_firewall/tasks/firewall/firewalld.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install firewalld packages
-  action: "{{ ansible_pkg_mgr }} name=firewalld state=present"
+  package: name=firewalld state=present
   when: not openshift.common.is_containerized | bool
 
 - name: Ensure iptables services are not enabled
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 4c587495e..704819d8a 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -10,7 +10,7 @@
   failed_when: "task_result|failed and 'Could not find' not in task_result.msg"
 
 - name: Install iptables packages
-  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  package: name={{ item }} state=present
   with_items:
     - iptables
     - iptables-services
diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml
index ff2b52275..6b5fd0106 100644
--- a/roles/os_update_latest/tasks/main.yml
+++ b/roles/os_update_latest/tasks/main.yml
@@ -1,3 +1,3 @@
 ---
 - name: Update all packages
-  action: "{{ ansible_pkg_mgr }} name=* state=latest"
+  package: name=* state=latest