Move firewall install and fix scaleup playbooks

playbooks/byo/openshift-master/scaleup.yml

@@ -15,6 +15,8 @@
     when:
     - (g_new_master_hosts | default([]) | length == 0) or (g_new_node_hosts | default([]) | length == 0)
 
+- include: ../../common/openshift-cluster/std_include.yml
+
 - include: ../../common/openshift-master/scaleup.yml
   vars:
     openshift_cluster_id: "{{ cluster_id | default('default') }}"

playbooks/byo/openshift-node/scaleup.yml

@@ -14,6 +14,8 @@
     when:
     - g_new_node_hosts | default([]) | length == 0
 
+- include: ../../common/openshift-cluster/std_include.yml
+
 - include: ../../common/openshift-node/scaleup.yml
   vars:
     openshift_cluster_id: "{{ cluster_id | default('default') }}"

playbooks/common/openshift-cluster/config.yml

@@ -18,10 +18,6 @@
       - docker_image_availability
       - docker_storage
 
-- include: initialize_firewall.yml
-  tags:
-  - always
-
 - hosts: localhost
   tasks:
   - fail:

playbooks/common/openshift-cluster/initialize_firewall.yml

@@ -1,7 +0,0 @@
----
-- name: Initialize host firewall
-  hosts: oo_all_hosts
-  tasks:
-  - name: Install and configure the proper firewall settings
-    include_role:
-      name: os_firewall

playbooks/common/openshift-etcd/config.yml

@@ -3,6 +3,7 @@
   hosts: oo_etcd_to_config
   any_errors_fatal: true
   roles:
+  - role: os_firewall
   - role: openshift_etcd
     etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
     etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"

playbooks/common/openshift-etcd/scaleup.yml

@@ -28,6 +28,8 @@
     delay: 10
     until: etcd_add_check.rc == 0
   roles:
+  - role: os_firewall
+    when: etcd_add_check.rc == 0
   - role: openshift_etcd
     when: etcd_add_check.rc == 0
     etcd_peers: "{{ groups.oo_etcd_to_config | union(groups.oo_new_etcd_to_config)| default([], true) }}"

playbooks/common/openshift-loadbalancer/config.yml

@@ -14,4 +14,5 @@
                                           + openshift_loadbalancer_additional_backends | default([]) }}"
     openshift_image_tag: "{{ hostvars[groups.oo_first_master.0].openshift_image_tag }}"
   roles:
+  - role: os_firewall
   - role: openshift_loadbalancer

playbooks/common/openshift-master/config.yml

@@ -180,6 +180,7 @@
                                                 | oo_collect('openshift.common.ip') | default([]) | join(',')
                                                 }}"
   roles:
+  - role: os_firewall
   - role: openshift_master
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
     openshift_master_etcd_hosts: "{{ hostvars

playbooks/common/openshift-master/scaleup.yml

@@ -1,11 +1,4 @@
 ---
-- include: ../openshift-cluster/evaluate_groups.yml
-
-- name: Gather facts
-  hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config
-  roles:
-  - openshift_facts
-
 - name: Update master count
   hosts: oo_masters:!oo_masters_to_config
   serial: 1
@@ -50,16 +43,6 @@
     delay: 1
     changed_when: false
 
-- name: Configure docker hosts
-  hosts: oo_masters_to_config:oo_nodes_to_config
-  vars:
-    docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}"
-    docker_insecure_registries: "{{ lookup('oo_option',  'docker_insecure_registries') | oo_split }}"
-    docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}"
-  roles:
-  - openshift_facts
-  - openshift_docker
-
 - name: Disable excluders
   hosts: oo_masters_to_config
   tags:

playbooks/common/openshift-node/config.yml

@@ -32,6 +32,7 @@
                                                 }}"
 
   roles:
+  - role: os_firewall
   - role: openshift_node
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
 
@@ -47,6 +48,7 @@
                                                 | oo_collect('openshift.common.hostname') | default([]) | join (',')
                                                 }}"
   roles:
+  - role: os_firewall
   - role: openshift_node
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
 

playbooks/common/openshift-node/scaleup.yml

@@ -1,32 +1,4 @@
 ---
-- include: ../openshift-cluster/evaluate_groups.yml
-
-- name: Gather facts
-  hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config
-  roles:
-  - openshift_facts
-
-- name: Gather and set facts for first master
-  hosts: oo_first_master
-  vars:
-    openshift_master_count: "{{ groups.oo_masters | length }}"
-  pre_tasks:
-  - set_fact:
-      openshift_master_default_subdomain: "{{ lookup('oo_option', 'openshift_master_default_subdomain') | default(None, true) }}"
-    when: openshift_master_default_subdomain is not defined
-  roles:
-  - openshift_master_facts
-
-- name: Configure docker hosts
-  hosts: oo_nodes_to_config
-  vars:
-    docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}"
-    docker_insecure_registries: "{{ lookup('oo_option',  'docker_insecure_registries') | oo_split }}"
-    docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}"
-  roles:
-  - openshift_facts
-  - openshift_docker
-
 - name: Disable excluders
   hosts: oo_nodes_to_config
   tags: