17 files changed, 119 insertions, 48 deletions
diff --git a/roles/container_runtime/templates/crio-network.j2 b/roles/container_runtime/templates/crio-network.j2
index 763be97d7..ae8a506fe 100644
--- a/roles/container_runtime/templates/crio-network.j2
+++ b/roles/container_runtime/templates/crio-network.j2
@@ -1,9 +1,9 @@
 {% if 'http_proxy' in openshift.common %}
-HTTP_PROXY={{ openshift.common.http_proxy }}
+export HTTP_PROXY={{ openshift.common.http_proxy }}
 {% endif %}
 {% if 'https_proxy' in openshift.common %}
-HTTPS_PROXY={{ openshift.common.https_proxy }}
+export HTTPS_PROXY={{ openshift.common.https_proxy }}
 {% endif %}
 {% if 'no_proxy' in openshift.common %}
-NO_PROXY={{ openshift.common.no_proxy }}
+export NO_PROXY={{ openshift.common.no_proxy }}
 {% endif %}
diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml
index c8d385db5..1696c2751 100644
--- a/roles/openshift_aws/defaults/main.yml
+++ b/roles/openshift_aws/defaults/main.yml
@@ -322,3 +322,8 @@ openshift_aws_masters_groups: masters,etcd,nodes
 # By default, don't delete things like the shared IAM instance
 # profile and uploaded ssh keys
 openshift_aws_enable_uninstall_shared_objects: False
+# S3 bucket names are global by default and can take minutes/hours for the
+# name to become available for re-use (assuming someone doesn't take the
+# name in the meantime). Default to just emptying the contents of the S3
+# bucket if we've been asked to create the bucket during provisioning.
+openshift_aws_really_delete_s3_bucket: False
diff --git a/roles/openshift_aws/tasks/uninstall_s3.yml b/roles/openshift_aws/tasks/uninstall_s3.yml
new file mode 100644
index 000000000..0b08cbeed
--- /dev/null
+++ b/roles/openshift_aws/tasks/uninstall_s3.yml
@@ -0,0 +1,26 @@
+---
+- name: empty S3 bucket
+  block:
+  - name: get S3 object list
+    aws_s3:
+      bucket: "{{ openshift_aws_s3_bucket_name }}"
+      mode: list
+      region: "{{ openshift_aws_region }}"
+    register: s3_out
+
+  - name: delete S3 objects
+    aws_s3:
+      bucket: "{{ openshift_aws_s3_bucket_name }}"
+      mode: delobj
+      object: "{{ item }}"
+    with_items: "{{ s3_out.s3_keys }}"
+  when: openshift_aws_create_s3 | bool
+
+- name: delete S3 bucket
+  aws_s3:
+    bucket: "{{ openshift_aws_s3_bucket_name }}"
+    mode: delete
+    region: "{{ openshift_aws_region }}"
+  when:
+  - openshift_aws_create_s3 | bool
+  - openshift_aws_really_delete_s3_bucket | bool
diff --git a/roles/openshift_certificate_expiry/examples/playbooks b/roles/openshift_certificate_expiry/examples/playbooks
index 586afb0d5..751c3d14e 120000
--- a/roles/openshift_certificate_expiry/examples/playbooks
+++ b/roles/openshift_certificate_expiry/examples/playbooks
@@ -1 +1 @@
-../../../playbooks/certificate_expiry
-\ No newline at end of file
+../../../playbooks/openshift-checks/certificate_expiry
+\ No newline at end of file
diff --git a/roles/openshift_cloud_provider/defaults/main.yml b/roles/openshift_cloud_provider/defaults/main.yml
new file mode 100644
index 000000000..37cbf5603
--- /dev/null
+++ b/roles/openshift_cloud_provider/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+openshift_gcp_project: ''
+openshift_gcp_prefix: ''
+openshift_gcp_network_name: "{{ openshift_gcp_prefix }}network"
diff --git a/roles/openshift_cloud_provider/tasks/gce.yml b/roles/openshift_cloud_provider/tasks/gce.yml
index 395bd304c..9e1c31b1d 100644
--- a/roles/openshift_cloud_provider/tasks/gce.yml
+++ b/roles/openshift_cloud_provider/tasks/gce.yml
@@ -1,4 +1,12 @@
 ---
+- name: check variables are passed
+  fail:
+    msg: "Ensure correct variables are defined for gcp. {{ item }}"
+  when: item == ''
+  with_items:
+  - "{{ openshift_gcp_project }}"
+  - "{{ openshift_gcp_prefix }}"
+
 # Work around ini_file create option in 2.2 which defaults to no
 - name: Create cloud config file
   file:
@@ -16,8 +24,8 @@
     option: "{{ item.key }}"
     value: "{{ item.value }}"
   with_items:
-    - { key: 'project-id', value: '{{ openshift_gcp_project }}' }
-    - { key: 'network-name', value: '{{ openshift_gcp_network_name }}' }
-    - { key: 'node-tags', value: '{{ openshift_gcp_prefix }}ocp' }
-    - { key: 'node-instance-prefix', value: '{{ openshift_gcp_prefix }}' }
-    - { key: 'multizone', value: 'false' }
+  - { key: 'project-id', value: '{{ openshift_gcp_project }}' }
+  - { key: 'network-name', value: '{{ openshift_gcp_network_name }}' }
+  - { key: 'node-tags', value: '{{ openshift_gcp_prefix }}ocp' }
+  - { key: 'node-instance-prefix', value: '{{ openshift_gcp_prefix }}' }
+  - { key: 'multizone', value: 'false' }
diff --git a/roles/openshift_hosted/tasks/storage/glusterfs.yml b/roles/openshift_hosted/tasks/storage/glusterfs.yml
index b39c44b01..7223a5afe 100644
--- a/roles/openshift_hosted/tasks/storage/glusterfs.yml
+++ b/roles/openshift_hosted/tasks/storage/glusterfs.yml
@@ -35,7 +35,7 @@
   mount:
     state: mounted
     fstype: glusterfs
-    src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% elif 'glusterfs' in groups %}{% set node = groups.glusterfs[0] %}{% endif %}{% if openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips|length > 0 %}{{ openshift_hosted_registry_storage_glusterfs_ips[0] }}{% elif 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift_hosted_registry_storage_glusterfs_path }}"
+    src: "{% if 'glusterfs_registry' in groups and groups['glusterfs_registry'] | length > 0  %}{% set node = groups.glusterfs_registry[0] %}{% elif 'glusterfs' in groups and groups['glusterfs'] | length > 0 %}{% set node = groups.glusterfs[0] %}{% endif %}{% if openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips|length > 0 %}{{ openshift_hosted_registry_storage_glusterfs_ips[0] }}{% elif 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}"
     name: "{{ mktemp.stdout }}"
 
 - name: Set registry volume permissions
diff --git a/roles/openshift_metrics/tasks/generate_cassandra_pvcs.yaml b/roles/openshift_metrics/tasks/generate_cassandra_pvcs.yaml
new file mode 100644
index 000000000..6aa48f9c3
--- /dev/null
+++ b/roles/openshift_metrics/tasks/generate_cassandra_pvcs.yaml
@@ -0,0 +1,46 @@
+---
+- name: Check to see if PVC already exists
+  oc_obj:
+    state: list
+    kind: pvc
+    name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
+    namespace: "{{ openshift_metrics_project }}"
+  register: _metrics_pvc
+
+# _metrics_pvc.results.results | length > 0 returns a false positive
+# so we check for the presence of 'stderr' to determine if the obj exists or not
+# the RC for existing and not existing is both 0
+- when:
+    - _metrics_pvc.results.stderr is defined
+  block:
+    - name: generate hawkular-cassandra persistent volume claims
+      template:
+        src: pvc.j2
+        dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ metrics_pvc_index }}.yaml"
+      vars:
+        obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
+        labels:
+          metrics-infra: hawkular-cassandra
+        access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}"
+        size: "{{ openshift_metrics_cassandra_pvc_size }}"
+        pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}"
+        storage_class_name: "{{ openshift_metrics_cassanda_pvc_storage_class_name | default('', true) }}"
+      when:
+        - openshift_metrics_cassandra_storage_type != 'emptydir'
+        - openshift_metrics_cassandra_storage_type != 'dynamic'
+      changed_when: false
+
+    - name: generate hawkular-cassandra persistent volume claims (dynamic)
+      template:
+        src: pvc.j2
+        dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ metrics_pvc_index }}.yaml"
+      vars:
+        obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
+        labels:
+          metrics-infra: hawkular-cassandra
+        access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}"
+        size: "{{ openshift_metrics_cassandra_pvc_size }}"
+        pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}"
+        storage_class_name: "{{ openshift_metrics_cassanda_pvc_storage_class_name | default('', true) }}"
+      when: openshift_metrics_cassandra_storage_type == 'dynamic'
+      changed_when: false
diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml
index 9026cc897..158e596ec 100644
--- a/roles/openshift_metrics/tasks/install_cassandra.yaml
+++ b/roles/openshift_metrics/tasks/install_cassandra.yaml
@@ -25,36 +25,7 @@
 - set_fact: openshift_metrics_cassandra_pvc_prefix="hawkular-metrics"
   when: "not openshift_metrics_cassandra_pvc_prefix or openshift_metrics_cassandra_pvc_prefix == ''"
 
-- name: generate hawkular-cassandra persistent volume claims
-  template:
-    src: pvc.j2
-    dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
-  vars:
-    obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}"
-    labels:
-      metrics-infra: hawkular-cassandra
-    access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}"
-    size: "{{ openshift_metrics_cassandra_pvc_size }}"
-    pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}"
-    storage_class_name: "{{ openshift_metrics_cassanda_pvc_storage_class_name | default('', true) }}"
-  with_sequence: count={{ openshift_metrics_cassandra_replicas }}
-  when:
-  - openshift_metrics_cassandra_storage_type != 'emptydir'
-  - openshift_metrics_cassandra_storage_type != 'dynamic'
-  changed_when: false
-
-- name: generate hawkular-cassandra persistent volume claims (dynamic)
-  template:
-    src: pvc.j2
-    dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
-  vars:
-    obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}"
-    labels:
-      metrics-infra: hawkular-cassandra
-    access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}"
-    size: "{{ openshift_metrics_cassandra_pvc_size }}"
-    pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}"
-    storage_class_name: "{{ openshift_metrics_cassanda_pvc_storage_class_name | default('', true) }}"
+- include_tasks: generate_cassandra_pvcs.yaml
   with_sequence: count={{ openshift_metrics_cassandra_replicas }}
-  when: openshift_metrics_cassandra_storage_type == 'dynamic'
-  changed_when: false
+  loop_control:
+    loop_var: metrics_pvc_index
diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml
index 72415f9a6..e31433dbc 100644
--- a/roles/openshift_node/tasks/storage_plugins/iscsi.yml
+++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml
@@ -15,6 +15,7 @@
     name: "{{ item }}"
     state: started
     enabled: True
+  when: not openshift_is_atomic | bool
   with_items:
     - multipathd
     - rpcbind
diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml
index 77be1f2b1..2bdb81632 100644
--- a/roles/openshift_openstack/defaults/main.yml
+++ b/roles/openshift_openstack/defaults/main.yml
@@ -93,3 +93,8 @@ openshift_openstack_node_volume_size: "{{ openshift_openstack_docker_volume_size
 openshift_openstack_etcd_volume_size: 2
 openshift_openstack_lb_volume_size: 5
 openshift_openstack_ephemeral_volumes: false
+
+
+# cloud-config
+openshift_openstack_disable_root: true
+openshift_openstack_user: openshift
diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2
index eb65f7cec..ccaa5d464 100644
--- a/roles/openshift_openstack/templates/user_data.j2
+++ b/roles/openshift_openstack/templates/user_data.j2
@@ -1,9 +1,9 @@
 #cloud-config
-disable_root: true
+disable_root: {{ openshift_openstack_disable_root }}
 
 system_info:
   default_user:
-    name: openshift
+    name: {{ openshift_openstack_user }}
     sudo: ["ALL=(ALL) NOPASSWD: ALL"]
 
 write_files:
diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
index a5fdae803..e6e261b52 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
@@ -313,7 +313,10 @@
   - glusterfs_storageclass or glusterfs_s3_deploy
 
 - include_tasks: glusterblock_deploy.yml
-  when: glusterfs_block_deploy
+  when:
+  - glusterfs_block_deploy
+  #TODO: Remove this when multipathd will be available on atomic
+  - not openshift_is_atomic | bool
 
 - block:
   - name: Create heketi block secret
diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml
index befacb04f..10c29fd37 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml
@@ -48,7 +48,7 @@
     glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_registry_heketi_ssh_sudo | bool }}"
     glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_registry_heketi_ssh_keyfile }}"
     glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_registry_heketi_fstab }}"
-    glusterfs_nodes: "{% if groups.glusterfs_registry is defined %}{% set nodes = groups.glusterfs_registry %}{% elif 'groups.glusterfs' is defined %}{% set nodes = groups.glusterfs %}{% else %}{% set nodes = '[]' %}{% endif %}{{ nodes }}"
+    glusterfs_nodes: "{% if groups.glusterfs_registry is defined and groups['glusterfs_registry'] | length > 0 %}{% set nodes = groups.glusterfs_registry %}{% elif 'groups.glusterfs' is defined and groups['glusterfs'] | length > 0 %}{% set nodes = groups.glusterfs %}{% else %}{% set nodes = '[]' %}{% endif %}{{ nodes }}"
 
 - include_tasks: glusterfs_common.yml
   when:
diff --git a/roles/openshift_version/tasks/first_master.yml b/roles/openshift_version/tasks/first_master.yml
index e01a56dc1..b0d155c2c 100644
--- a/roles/openshift_version/tasks/first_master.yml
+++ b/roles/openshift_version/tasks/first_master.yml
@@ -19,7 +19,7 @@
   - set_fact:
       openshift_pkg_version: -{{ openshift_version }}
   when:
-  - openshift_pkg_version is not defined
+  - openshift_pkg_version is not defined or openshift_pkg_version == ""
   - openshift_upgrade_target is not defined
 
 - block:
@@ -28,5 +28,5 @@
   - set_fact:
       openshift_image_tag: v{{ openshift_version }}
   when: >
-    openshift_image_tag is not defined
+    openshift_image_tag is not defined or openshift_image_tag == ""
     or l_force_image_tag_to_version | bool
diff --git a/roles/openshift_version/tasks/first_master_containerized_version.yml b/roles/openshift_version/tasks/first_master_containerized_version.yml
index 3ed1d2cfe..9eb38cb2b 100644
--- a/roles/openshift_version/tasks/first_master_containerized_version.yml
+++ b/roles/openshift_version/tasks/first_master_containerized_version.yml
@@ -6,6 +6,7 @@
     openshift_version: "{{ openshift_image_tag[1:].split('-')[0] if openshift_image_tag != 'latest' else openshift_image_tag }}"
   when:
   - openshift_image_tag is defined
+  - openshift_image_tag != ""
   - openshift_version is not defined
   - not (openshift_version_reinit | default(false))
 
diff --git a/roles/openshift_version/tasks/first_master_rpm_version.yml b/roles/openshift_version/tasks/first_master_rpm_version.yml
index 5d92f90c6..85e440513 100644
--- a/roles/openshift_version/tasks/first_master_rpm_version.yml
+++ b/roles/openshift_version/tasks/first_master_rpm_version.yml
@@ -5,6 +5,7 @@
     openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}"
   when:
   - openshift_pkg_version is defined
+  - openshift_pkg_version != ""
   - openshift_version is not defined
   - not (openshift_version_reinit | default(false))