11 files changed, 104 insertions, 60 deletions

diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml
index d8257cf31..3eb7b73b3 100644
--- a/roles/openshift_aws/tasks/elb.yml
+++ b/roles/openshift_aws/tasks/elb.yml
@@ -2,26 +2,8 @@
 - name: "dump the elb listeners for {{ l_elb_dict_item.key }}"
   debug:
     msg: "{{ l_elb_dict_item.value }}"
+    verbosity: 1
 
-- name: "Create ELB {{ l_elb_dict_item.key }}"
-  ec2_elb_lb:
-    name: "{{ item.value.name }}"
-    state: present
-    cross_az_load_balancing: "{{ item.value.cross_az_load_balancing }}"
-    security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
-    idle_timeout: "{{ item.value.idle_timout }}"
-    region: "{{ openshift_aws_region }}"
-    subnets:
-    - "{{ subnetout.subnets[0].id }}"
-    health_check: "{{ item.value.health_check }}"
-    listeners: "{{ item.value.listeners }}"
-    scheme: "{{ (item.key == 'internal') | ternary('internal','internet-facing') }}"
-    tags: "{{ item.value.tags }}"
-    wait: True
-  register: new_elb
+- name: Create ELB(s)
+  include_tasks: elb_single.yml
   with_dict: "{{ l_elb_dict_item.value }}"
-
-- debug:
-    msg: "{{ item }}"
-  with_items:
-  - "{{ new_elb }}"
diff --git a/roles/openshift_aws/tasks/elb_single.yml b/roles/openshift_aws/tasks/elb_single.yml
new file mode 100644
index 000000000..864757549
--- /dev/null
+++ b/roles/openshift_aws/tasks/elb_single.yml
@@ -0,0 +1,34 @@
+---
+- name: "dump the elb listeners for {{ item.key }}"
+  debug:
+    msg: "{{ item.value }}"
+    verbosity: 1
+
+- name: "Create ELB {{ item.value.name }}"
+  ec2_elb_lb:
+    name: "{{ item.value.name }}"
+    state: present
+    cross_az_load_balancing: "{{ item.value.cross_az_load_balancing }}"
+    security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
+    idle_timeout: "{{ item.value.idle_timout }}"
+    region: "{{ openshift_aws_region }}"
+    subnets:
+    - "{{ subnetout.subnets[0].id }}"
+    health_check: "{{ item.value.health_check }}"
+    listeners: "{{ item.value.listeners }}"
+    scheme: "{{ (item.key == 'internal') | ternary('internal','internet-facing') }}"
+    tags: "{{ item.value.tags }}"
+    wait: True
+  register: new_elb
+  retries: 20
+  delay: 5
+  until: new_elb | succeeded
+  ignore_errors: yes
+
+- fail:
+    msg: "couldn't create ELB {{ item.value.name }}"
+  when: not new_elb | succeeded
+
+- debug:
+    msg: "{{ new_elb }}"
+    verbosity: 1
diff --git a/roles/openshift_aws/tasks/iam_cert.yml b/roles/openshift_aws/tasks/iam_cert.yml
index f74a62b8b..42d7d951c 100644
--- a/roles/openshift_aws/tasks/iam_cert.yml
+++ b/roles/openshift_aws/tasks/iam_cert.yml
@@ -18,7 +18,9 @@
   - openshift_aws_iam_cert_key_path != ''
   - openshift_aws_elb_cert_arn == ''
 
-- debug: msg="{{ elb_cert_chain }}"
+- debug:
+    msg: "{{ elb_cert_chain }}"
+    verbosity: 1
 
 - name: set_fact openshift_aws_elb_cert_arn
   set_fact:
@@ -28,8 +30,3 @@
   - openshift_aws_iam_cert_path != ''
   - openshift_aws_iam_cert_key_path != ''
   - openshift_aws_elb_cert_arn == ''
-
-- name: wait for cert to propagate
-  pause:
-    seconds: 5
-  when: elb_cert_chain.changed
diff --git a/roles/openshift_aws/tasks/uninstall_elb.yml b/roles/openshift_aws/tasks/uninstall_elb.yml
new file mode 100644
index 000000000..147e9a905
--- /dev/null
+++ b/roles/openshift_aws/tasks/uninstall_elb.yml
@@ -0,0 +1,11 @@
+---
+- name: delete elbs
+  ec2_elb_lb:
+    name: "{{ item }}"
+    region: "{{ openshift_aws_region }}"
+    state: absent
+  with_items: "{{ openshift_aws_elb_dict | json_query('*.*.name') | sum(start = []) }}"
+
+- when: openshift_aws_create_iam_cert | bool
+  name: delete the iam_cert for elb certificate
+  include_tasks: uninstall_iam_cert.yml
diff --git a/roles/openshift_aws/tasks/uninstall_iam_cert.yml b/roles/openshift_aws/tasks/uninstall_iam_cert.yml
new file mode 100644
index 000000000..7b47673ee
--- /dev/null
+++ b/roles/openshift_aws/tasks/uninstall_iam_cert.yml
@@ -0,0 +1,25 @@
+---
+- when:
+  - openshift_aws_create_iam_cert | bool
+  - openshift_aws_iam_cert_path != ''
+  - openshift_aws_iam_cert_key_path != ''
+  - openshift_aws_elb_cert_arn == ''
+  block:
+  - name: delete AWS IAM certificates
+    iam_cert23:
+      state: absent
+      name: "{{ openshift_aws_iam_cert_name }}"
+    register: elb_cert_chain
+    retries: 20
+    delay: 10
+    until: elb_cert_chain | succeeded
+    ignore_errors: yes
+
+  - debug:
+      var: elb_cert_chain
+      verbosity: 1
+
+  - name: check for iam cert error
+    fail:
+      msg: "Couldn't delete IAM cert {{ openshift_aws_iam_cert_name }}"
+    when: not elb_cert_chain | succeeded
diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml
index 1b754f863..c2c345faf 100644
--- a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml
+++ b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml
@@ -7,7 +7,9 @@
   register: vpcout
 
 - name: debug vcpout
-  debug: var=vpcout
+  debug:
+    var: vpcout
+    verbosity: 1
 
 - name: fetch the default subnet id
   ec2_vpc_subnet_facts:
@@ -18,4 +20,6 @@
   register: subnetout
 
 - name: debug subnetout
-  debug: var=subnetout
+  debug:
+    var: subnetout
+    verbosity: 1
diff --git a/roles/openshift_health_checker/openshift_checks/ovs_version.py b/roles/openshift_health_checker/openshift_checks/ovs_version.py
index 4352778c2..fa398e5a9 100644
--- a/roles/openshift_health_checker/openshift_checks/ovs_version.py
+++ b/roles/openshift_health_checker/openshift_checks/ovs_version.py
@@ -22,7 +22,7 @@ class OvsVersion(NotContainerizedMixin, OpenShiftCheck):
         (3, 7): ["2.6", "2.7", "2.8", "2.9"],
         (3, 8): ["2.6", "2.7", "2.8", "2.9"],
         (3, 9): ["2.6", "2.7", "2.8", "2.9"],
-        (3, 10): ["2.8", "2.9"],
+        (3, 10): ["2.7", "2.8", "2.9"],
     }
 
     def is_active(self):
diff --git a/roles/openshift_health_checker/openshift_checks/package_version.py b/roles/openshift_health_checker/openshift_checks/package_version.py
index 3e8c1dac3..68022deca 100644
--- a/roles/openshift_health_checker/openshift_checks/package_version.py
+++ b/roles/openshift_health_checker/openshift_checks/package_version.py
@@ -18,7 +18,7 @@ class PackageVersion(NotContainerizedMixin, OpenShiftCheck):
         (3, 7): ["2.6", "2.7", "2.8", "2.9"],
         (3, 8): ["2.6", "2.7", "2.8", "2.9"],
         (3, 9): ["2.6", "2.7", "2.8", "2.9"],
-        (3, 10): ["2.8", "2.9"],
+        (3, 10): ["2.7", "2.8", "2.9"],
     }
 
     openshift_to_docker_version = {
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index ce27e238f..a92b63979 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -1,25 +1,16 @@
 ---
-- set_fact:
-    openshift_master_certs_no_etcd:
-    - admin.crt
-    - master.kubelet-client.crt
-    - master.proxy-client.crt
-    - master.server.crt
-    - openshift-master.crt
-    - openshift-registry.crt
-    - openshift-router.crt
-    - etcd.server.crt
-    openshift_master_certs_etcd:
-    - master.etcd-client.crt
-
-- set_fact:
-    openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd )) if openshift_master_etcd_hosts | length > 0 else openshift_master_certs_no_etcd }}"
-
 - name: Check status of master certificates
   stat:
     path: "{{ openshift_master_config_dir }}/{{ item }}"
   with_items:
-  - "{{ openshift_master_certs }}"
+  - admin.crt
+  - ca.crt
+  - ca-bundle.crt
+  - master.kubelet-client.crt
+  - master.proxy-client.crt
+  - master.server.crt
+  - openshift-master.crt
+  - service-signer.crt
   register: g_master_cert_stat_result
   when: not openshift_certificates_redeploy | default(false) | bool
 
diff --git a/roles/openshift_provisioners/defaults/main.yaml b/roles/openshift_provisioners/defaults/main.yaml
index 34ba78404..a54bf6de2 100644
--- a/roles/openshift_provisioners/defaults/main.yaml
+++ b/roles/openshift_provisioners/defaults/main.yaml
@@ -11,7 +11,7 @@ openshift_provisioners_project: openshift-infra
 
 openshift_provisioners_image_prefix_dict:
   origin: "docker.io/openshift/origin-"
-  openshift-enterprise: "registry.access.redhat.com/openshift3/ose-"
+  openshift-enterprise: "registry.access.redhat.com/openshift3/"
 
 openshift_provisioners_image_version_dict:
   origin: "latest"
diff --git a/roles/openshift_storage_glusterfs/README.md b/roles/openshift_storage_glusterfs/README.md
index 70a89b0ba..65d38793c 100644
--- a/roles/openshift_storage_glusterfs/README.md
+++ b/roles/openshift_storage_glusterfs/README.md
@@ -81,8 +81,8 @@ GlusterFS cluster into a new or existing OpenShift cluster:
 | openshift_storage_glusterfs_name                       | 'storage'               | A name to identify the GlusterFS cluster, which will be used in resource names
 | openshift_storage_glusterfs_nodeselector               | 'glusterfs=storage-host'| Selector to determine which nodes will host GlusterFS pods in native mode. **NOTE:** The label value is taken from the cluster name
 | openshift_storage_glusterfs_use_default_selector       | False                   | Whether to use a default node selector for the GlusterFS namespace/project. If False, the namespace/project will have no restricting node selector. If True, uses pre-existing or default (e.g. osm_default_node_selector) node selectors. **NOTE:** If True, nodes which will host GlusterFS pods must already have the additional labels.
-| openshift_storage_glusterfs_storageclass               | True                    | Automatically create a StorageClass for each GlusterFS cluster
-| openshift_storage_glusterfs_storageclass_default       | False                   | Sets the StorageClass for each GlusterFS cluster as default
+| openshift_storage_glusterfs_storageclass               | True                    | Automatically create a GlusterFS StorageClass for this group
+| openshift_storage_glusterfs_storageclass_default       | False                   | Sets the GlusterFS StorageClass for this group as cluster-wide default
 | openshift_storage_glusterfs_image                      | 'gluster/gluster-centos'| Container image to use for GlusterFS pods, enterprise default is 'rhgs3/rhgs-server-rhel7'
 | openshift_storage_glusterfs_version                    | 'latest'                | Container image version to use for GlusterFS pods
 | openshift_storage_glusterfs_block_deploy               | True                    | Deploy glusterblock provisioner service
@@ -91,8 +91,8 @@ GlusterFS cluster into a new or existing OpenShift cluster:
 | openshift_storage_glusterfs_block_host_vol_create      | True                    | Automatically create GlusterFS volumes to host glusterblock volumes. **NOTE:** If this is False, block-hosting volumes will need to be manually created before glusterblock volumes can be provisioned
 | openshift_storage_glusterfs_block_host_vol_size        | 100                     | Size, in GB, of GlusterFS volumes that will be automatically create to host glusterblock volumes if not enough space is available for a glusterblock volume create request. **NOTE:** This value is effectively an upper limit on the size of glusterblock volumes unless you manually create larger GlusterFS block-hosting volumes
 | openshift_storage_glusterfs_block_host_vol_max         | 15                      | Max number of GlusterFS volumes to host glusterblock volumes
-| openshift_storage_glusterfs_block_storageclass         | False                   | Automatically create a StorageClass for each Gluster Block cluster
-| openshift_storage_glusterfs_block_storageclass_default | False                   | Sets the StorageClass for each Gluster Block cluster as default
+| openshift_storage_glusterfs_block_storageclass         | False                   | Automatically create a StorageClass for each glusterblock cluster
+| openshift_storage_glusterfs_block_storageclass_default | False                   | Sets the glusterblock StorageClass for this group as cluster-wide default
 | openshift_storage_glusterfs_s3_deploy                  | True                    | Deploy gluster-s3 service
 | openshift_storage_glusterfs_s3_image                   | 'gluster/gluster-object'| Container image to use for gluster-s3 pod, enterprise default is 'rhgs3/rhgs-gluster-s3-server-rhel7'
 | openshift_storage_glusterfs_s3_version                 | 'latest'                | Container image version to use for gluster=s3 pod
@@ -118,8 +118,8 @@ GlusterFS cluster into a new or existing OpenShift cluster:
 | openshift_storage_glusterfs_heketi_ssh_user            | 'root'                  | SSH user for external GlusterFS nodes via native heketi
 | openshift_storage_glusterfs_heketi_ssh_sudo            | False                   | Whether to sudo (if non-root user) for SSH to external GlusterFS nodes via native heketi
 | openshift_storage_glusterfs_heketi_ssh_keyfile         | Undefined               | Path to a private key file for use with SSH connections to external GlusterFS nodes via native heketi **NOTE:** This must be an absolute path
-| openshift_storage_glusterfs_heketi_fstab         | '/var/lib/heketi/fstab' | When heketi is native, sets the path to the fstab file on the GlusterFS nodes to update on LVM volume mounts, changes to '/etc/fstab/' when the heketi executor is 'ssh' **NOTE:** This should not need to be changed
-| openshift_storage_glusterfs_heketi_wipe          | False                   | Destroy any existing heketi resources, defaults to the value of `openshift_storage_glusterfs_wipe`
+| openshift_storage_glusterfs_heketi_fstab               | '/var/lib/heketi/fstab' | When heketi is native, sets the path to the fstab file on the GlusterFS nodes to update on LVM volume mounts, changes to '/etc/fstab/' when the heketi executor is 'ssh' **NOTE:** This should not need to be changed
+| openshift_storage_glusterfs_heketi_wipe                | False                   | Destroy any existing heketi resources, defaults to the value of `openshift_storage_glusterfs_wipe`
 
 Each role variable also has a corresponding variable to optionally configure a
 separate GlusterFS cluster for use as storage for an integrated Docker
@@ -131,11 +131,11 @@ are an exception:
 | Name                                                            | Default value         | Description                             |
 |-----------------------------------------------------------------|-----------------------|-----------------------------------------|
 | openshift_storage_glusterfs_registry_namespace                  | registry namespace    | Default is to use the hosted registry's namespace, otherwise 'glusterfs'
-| openshift_storage_glusterfs_registry_name                       | 'registry'            | This allows for the logical separation of the registry GlusterFS cluster from other GlusterFS clusters
-| openshift_storage_glusterfs_registry_storageclass               | False                 | It is recommended to not create a StorageClass for GlusterFS clusters serving registry storage, so as to avoid performance penalties
-| openshift_storage_glusterfs_registry_storageclass_default       | False                 | Sets the StorageClass for each GlusterFS cluster as default
-| openshift_storage_glusterfs_registry_block_storageclass         | False                 | It is recommended to not create a StorageClass for Gluster Block clusters serving registry storage, so as to avoid performance penalties
-| openshift_storage_glusterfs_registry_block_storageclass_default | False                 | Sets the StorageClass for each Gluster Block cluster as default
+| openshift_storage_glusterfs_registry_name                       | 'registry'            | This allows for the logical separation of the registry group from other Gluster groups
+| openshift_storage_glusterfs_registry_storageclass               | False                 | It is recommended to not create a StorageClass for this group, so as to avoid noisy neighbor complications
+| openshift_storage_glusterfs_registry_storageclass_default       | False                 | Separate from the above
+| openshift_storage_glusterfs_registry_block_storageclass         | False                 | Only enable this for use by Logging and Metrics
+| openshift_storage_glusterfs_registry_block_storageclass_default | False                 | Separate from the above
 | openshift_storage_glusterfs_registry_heketi_admin_key           | auto-generated        | Separate from the above
 | openshift_storage_glusterfs_registry_heketi_user_key            | auto-generated        | Separate from the above