Docker role refactor

- refactors the docker role to push generic config into docker role and wrap
  openshift specific variables into an openshift_docker role and it's
  dependent openshift_docker_facts role
- adds support for setting --confirm-def-push flag (Resolves
  https://github.com/openshift/openshift-ansible/issues/1014)
- moves docker related facts from common/node roles to a new docker role
- renames cli_docker_* role varialbes to openshift_docker-* (maintaining
  backward compatibility)
- update role dependencies to pull in openshift_docker conditionally based on
  is_containerized
- remove playbooks/common/openshift-docker since the docker role is now
  conditionally included

inventory/byo/hosts.aep.example

@@ -62,18 +62,20 @@ deployment_type=atomic-enterprise
 # Add additional, insecure, and blocked registries to global docker configuration
 # For enterprise deployment types we ensure that registry.access.redhat.com is
 # included if you do not include it
-#cli_docker_additional_registries=registry.example.com
-#cli_docker_insecure_registries=registry.example.com
-#cli_docker_blocked_registries=registry.hacker.com
+#openshift_docker_additional_registries=registry.example.com
+#openshift_docker_insecure_registries=registry.example.com
+#openshift_docker_blocked_registries=registry.hacker.com
+# Disable pushing to dockerhub
+#openshift_docker_disable_push_dockerhub=True
 # Items added, as is, to end of /etc/sysconfig/docker OPTIONS
 #openshift_docker_options="-l warn --ipv6=false"
 # Deprecated methods to set --log-driver and --log-opts flags, use openshift_docker_options instead
-#cli_docker_log_driver=json
-#cli_docker_log_options="tag=mailer"
+#openshift_docker_log_driver=json
+#openshift_docker_log_options="tag=mailer"
 
 # Alternate image format string. If you're not modifying the format string and
 # only need to inject your own registry you may want to consider
-# cli_docker_additional_registries instead
+# openshift_docker_additional_registries instead
 #oreg_url=example.com/aep3/aep-${component}:${version}
 
 # Additional yum repos to install

inventory/byo/hosts.origin.example

@@ -63,18 +63,20 @@ deployment_type=origin
 # Add additional, insecure, and blocked registries to global docker configuration
 # For enterprise deployment types we ensure that registry.access.redhat.com is
 # included if you do not include it
-#cli_docker_additional_registries=registry.example.com
-#cli_docker_insecure_registries=registry.example.com
-#cli_docker_blocked_registries=registry.hacker.com
+#openshift_docker_additional_registries=registry.example.com
+#openshift_docker_insecure_registries=registry.example.com
+#openshift_docker_blocked_registries=registry.hacker.com
+# Disable pushing to dockerhub
+#openshift_docker_disable_push_dockerhub=True
 # Items added, as is, to end of /etc/sysconfig/docker OPTIONS
 #openshift_docker_options="-l warn --ipv6=false"
 # Deprecated methods to set --log-driver and --log-opts flags, use openshift_docker_options instead
-#cli_docker_log_driver=json
-#cli_docker_log_options="tag=mailer"
+#openshift_docker_log_driver=json
+#openshift_docker_log_options="tag=mailer"
 
 # Alternate image format string. If you're not modifying the format string and
 # only need to inject your own registry you may want to consider
-# cli_docker_additional_registries instead
+# openshift_docker_additional_registries instead
 #oreg_url=example.com/openshift3/ose-${component}:${version}
 
 # Origin copr repo

inventory/byo/hosts.ose.example

@@ -62,19 +62,21 @@ deployment_type=openshift-enterprise
 # Add additional, insecure, and blocked registries to global docker configuration
 # For enterprise deployment types we ensure that registry.access.redhat.com is
 # included if you do not include it
-#cli_docker_additional_registries=registry.example.com
-#cli_docker_insecure_registries=registry.example.com
-#cli_docker_blocked_registries=registry.hacker.com
+#openshift_docker_additional_registries=registry.example.com
+#openshift_docker_insecure_registries=registry.example.com
+#openshift_docker_blocked_registries=registry.hacker.com
+# Disable pushing to dockerhub
+#openshift_docker_disable_push_dockerhub=True
 # Items added, as is, to end of /etc/sysconfig/docker OPTIONS
 #openshift_docker_options="-l warn --ipv6=false"
 # Deprecated methods to set --log-driver and --log-opts flags, use openshift_docker_options instead
-#cli_docker_log_driver=json
-#cli_docker_log_options="tag=mailer"
+#openshift_docker_log_driver=json
+#openshift_docker_log_options="tag=mailer"
 
 
 # Alternate image format string. If you're not modifying the format string and
 # only need to inject your own registry you may want to consider
-# cli_docker_additional_registries instead
+# openshift_docker_additional_registries instead
 #oreg_url=example.com/openshift3/ose-${component}:${version}
 
 # Additional yum repos to install

playbooks/byo/openshift-cluster/cluster_hosts.yml

@@ -14,4 +14,6 @@ g_new_node_hosts: "{{ groups.new_nodes | default([]) }}"
 g_nfs_hosts:   "{{ groups.nfs | default([]) }}"
 
 g_all_hosts:    "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts)
-                    | union(g_lb_hosts) | default([]) }}"
+                    | union(g_lb_hosts) | union(g_nfs_hosts)
+                    | union(g_new_node_hosts)| union(g_new_master_hosts)
+                    | default([]) }}"

playbooks/common/openshift-cluster/config.yml

@@ -3,7 +3,27 @@
 
 - include: validate_hostnames.yml
 
-- include: ../openshift-docker/config.yml
+- name: Set oo_options
+  hosts: oo_hosts_to_config
+  tasks:
+  - set_fact:
+      openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}"
+    when: openshift_docker_additional_registries is not defined
+  - set_fact:
+      openshift_docker_insecure_registries: "{{ lookup('oo_option',  'docker_insecure_registries') }}"
+    when: openshift_docker_insecure_registries is not defined
+  - set_fact:
+      openshift_docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') }}"
+    when: openshift_docker_blocked_registries is not defined
+  - set_fact:
+      openshift_docker_options: "{{ lookup('oo_option', 'docker_options') }}"
+    when: openshift_docker_options is not defined
+  - set_fact:
+      openshift_docker_log_driver: "{{ lookup('oo_option', 'docker_log_driver') }}"
+    when: openshift_docker_log_driver is not defined
+  - set_fact:
+      openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}"
+    when: openshift_docker_log_options is not defined
 
 - include: ../openshift-etcd/config.yml
 

playbooks/common/openshift-cluster/evaluate_groups.yml

@@ -29,6 +29,14 @@
       msg: The nfs group must be limited to one host
     when: (groups[g_nfs_hosts] | default([])) | length > 1
 
+  - name: Evaluate oo_all_hosts
+    add_host:
+      name: "{{ item }}"
+      groups: oo_all_hosts
+      ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
+      ansible_sudo: "{{ g_sudo | default(omit) }}"
+    with_items: "{{ g_all_hosts | default([]) }}"
+
   - name: Evaluate oo_masters
     add_host:
       name: "{{ item }}"

playbooks/common/openshift-docker/config.yml

@@ -1,9 +0,0 @@
-- name: Configure docker hosts
-  hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config
-  vars:
-    docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}"
-    docker_insecure_registries: "{{ lookup('oo_option',  'docker_insecure_registries') | oo_split }}"
-    docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}"
-  roles:
-  - openshift_facts
-  - openshift_docker

playbooks/common/openshift-docker/filter_plugins

@@ -1 +0,0 @@
-../../../filter_plugins

playbooks/common/openshift-docker/lookup_plugins

@@ -1 +0,0 @@
-../../../lookup_plugins

playbooks/common/openshift-docker/roles

@@ -1 +0,0 @@
-../../../roles

playbooks/common/openshift-etcd/config.yml

@@ -89,8 +89,8 @@
       dest: "{{ etcd_cert_config_dir }}"
     when: etcd_server_certs_missing
   roles:
-  - etcd
-  - role: nickhammond.logrotate
+  - openshift_etcd
+  - nickhammond.logrotate
 
 # Configure the remaining etcd hosts, skipping the first one we dealt with above.
 - name: Configure remaining etcd hosts

playbooks/common/openshift-master/config.yml

@@ -1,6 +1,9 @@
 ---
 - name: Set master facts and determine if external etcd certs need to be generated
   hosts: oo_masters_to_config
+  vars:
+    t_oo_option_master_debug_level: "{{ lookup('oo_option', 'openshift_master_debug_level') }}"
+
   pre_tasks:
   - name: Check for RPM generated config marker file .config_managed
     stat:
@@ -30,9 +33,8 @@
                                        | default(none, true) }}"
 
   - set_fact:
-      openshift_master_debug_level: "{{ lookup('oo_option', 'openshift_master_debug_level') | default(openshift.common.debug_level, true) }}"
-    when: openshift_master_debug_level is not defined
-
+      openshift_master_debug_level: "{{ t_oo_option_master_debug_level }}"
+    when: openshift_master_debug_level is not defined and t_oo_option_master_debug_level != ""
   roles:
   - openshift_facts
   post_tasks:

playbooks/common/openshift-node/config.yml

@@ -1,10 +1,12 @@
 ---
 - name: Gather and set facts for node hosts
   hosts: oo_nodes_to_config
+  vars:
+    t_oo_option_node_debug_level: "{{ lookup('oo_option', 'openshift_node_debug_level') }}"
   pre_tasks:
   - set_fact:
-      openshift_node_debug_level: "{{ lookup('oo_option', 'openshift_node_debug_level') | default(openshift.common.debug_level, true) }}"
-    when: openshift_node_debug_level is not defined
+      openshift_node_debug_level: "{{ t_oo_option_node_debug_level }}"
+    when: openshift_node_debug_level is not defined and t_oo_option_node_debug_level != ""
   roles:
   - openshift_facts
   tasks:

roles/docker/tasks/main.yml

@@ -16,3 +16,39 @@
 
 - include: udev_workaround.yml
   when: docker_udev_workaround | default(False) | bool
+
+- stat: path=/etc/sysconfig/docker
+  register: docker_check
+
+- name: Set registry params
+  lineinfile:
+    dest: /etc/sysconfig/docker
+    regexp: '^{{ item.reg_conf_var }}=.*$'
+    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
+  when: item.reg_fact_val is defined and docker_check.stat.isreg
+  with_items:
+  - reg_conf_var: ADD_REGISTRY
+    reg_fact_val: "{{ docker_additional_registries }}"
+    reg_flag: --add-registry
+  - reg_conf_var: BLOCK_REGISTRY
+    reg_fact_val: "{{ docker_blocked_registries }}"
+    reg_flag: --block-registry
+  - reg_conf_var: INSECURE_REGISTRY
+    reg_fact_val: "{{ docker_insecure_registries }}"
+    reg_flag: --insecure-registry
+  notify:
+  - restart docker
+
+- name: Set various docker options
+  lineinfile:
+    dest: /etc/sysconfig/docker
+    regexp: '^OPTIONS=.*$'
+    line: "OPTIONS='\
+      {% if ansible_selinux and ansible_selinux.status == '''enabled''' %} --selinux-enabled{% endif %}\
+      {% if docker_log_driver is defined  %} --log-driver {{ docker_log_driver }}{% endif %}\
+      {% if docker_log_options is defined %} {{ docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\
+      {% if docker_options is defined %} {{ docker_options }}{% endif %}\
+      {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'"
+  when: docker_check.stat.isreg
+  notify:
+    - restart docker

roles/openshift_cli/meta/main.yml

@@ -12,5 +12,6 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- { role: openshift_common }
-- { role: docker }
+- role: openshift_docker
+  when: openshift.common.is_containerized | bool
+- role: openshift_common

roles/openshift_cli/tasks/main.yml

@@ -4,7 +4,7 @@
     local_facts:
       deployment_type: "{{ openshift_deployment_type }}"
       cli_image: "{{ osm_image | default(None) }}"
-      
+
 - name: Install clients
   action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-clients state=present"
   when: not openshift.common.is_containerized | bool
@@ -13,16 +13,16 @@
   command: >
     docker pull {{ openshift.common.cli_image }}:{{ openshift_version }}
   when: openshift.common.is_containerized | bool
-  
+
 - name: Create /usr/local/bin/openshift cli wrapper
   template:
     src: openshift.j2
     dest: /usr/local/bin/openshift
     mode: 0755
   when: openshift.common.is_containerized | bool
-  
+
 - name: Create client symlinks
-  file: 
+  file:
     path: "{{ item }}"
     state: link
     src: /usr/local/bin/openshift

roles/openshift_docker/handlers/main.yml

@@ -1,6 +0,0 @@
----
-
-- name: restart openshift_docker
-  service:
-    name: docker
-    state: restarted

roles/openshift_docker/meta/main.yml

@@ -12,5 +12,5 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- { role: openshift_common }
-- { role: docker }
+- role: openshift_docker_facts
+- role: docker

roles/openshift_docker/tasks/main.yml

@@ -1,55 +0,0 @@
----
-- name: Set docker facts
-  openshift_facts:
-    role: "{{ item.role }}"
-    local_facts: "{{ item.local_facts }}"
-  with_items:
-  - role: common
-    local_facts:
-      deployment_type: "{{ openshift_deployment_type }}"
-      docker_additional_registries: "{{ docker_additional_registries }}"
-      docker_insecure_registries: "{{ docker_insecure_registries }}"
-      docker_blocked_registries: "{{ docker_blocked_registries }}"
-      docker_options: "{{ openshift_docker_options | default('',True) }}"
-  - role: node
-    local_facts:
-      portal_net: "{{ openshift_master_portal_net | default(None) }}"
-      docker_log_driver:  "{{ lookup( 'oo_option' , 'docker_log_driver'  )  | default('',True) }}"
-      docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' )  | default('',True) }}"
-
-- stat: path=/etc/sysconfig/docker
-  register: docker_check
-
-- name: Set registry params
-  lineinfile:
-    dest: /etc/sysconfig/docker
-    regexp: '^{{ item.reg_conf_var }}=.*$'
-    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
-  when: "'docker_additional_registries' in openshift.common and docker_check.stat.isreg"
-  with_items:
-  - reg_conf_var: ADD_REGISTRY
-    reg_fact_val: "{{ openshift.common.docker_additional_registries }}"
-    reg_flag: --add-registry
-  - reg_conf_var: BLOCK_REGISTRY
-    reg_fact_val: "{{ openshift.common.docker_blocked_registries }}"
-    reg_flag: --block-registry
-  - reg_conf_var: INSECURE_REGISTRY
-    reg_fact_val: "{{ openshift.common.docker_insecure_registries }}"
-    reg_flag: --insecure-registry
-  notify:
-  - restart openshift_docker
-
-# TODO: Enable secure registry when code available in origin
-# TODO: perhaps move this to openshift_docker?
-- name: Secure Registry and Logs Options
-  lineinfile:
-    dest: /etc/sysconfig/docker
-    regexp: '^OPTIONS=.*$'
-    line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }}\
-      {% if ansible_selinux and ansible_selinux.status == '''enabled''' %} --selinux-enabled{% endif %}\
-      {% if openshift.node.docker_log_driver is defined  %} --log-driver {{ openshift.node.docker_log_driver }}{% endif %}\
-      {% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\
-      {% if openshift.common.docker_options is defined %} {{ openshift.common.docker_options }}{% endif %}'"
-  when: docker_check.stat.isreg
-  notify:
-    - restart openshift_docker

roles/openshift_docker_facts/meta/main.yml

@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  author: Jason DeTiberus
+  description: OpenShift Docker Facts
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 1.9
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- { role: openshift_facts }

roles/openshift_docker_facts/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: Set docker facts
+  openshift_facts:
+    role: "{{ item.role }}"
+    local_facts: "{{ item.local_facts }}"
+  with_items:
+  - role: common
+    local_facts:
+      deployment_type: "{{ openshift_deployment_type }}"
+  - role: docker
+    local_facts:
+      additional_registries: "{{ openshift_docker_additional_registries | default(None) }}"
+      blocked_registries: "{{ openshift_docker_blocked_registries | default(None) }}"
+      insecure_registries: "{{ openshift_docker_insecure_registries | default(None) }}"
+      log_driver:  "{{ openshift_docker_log_driver | default(None) }}"
+      log_options: "{{ openshift_docker_log_options | default(None) }}"
+      options: "{{ openshift_docker_options | default(None) }}"
+      disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}"
+  - role: node
+    local_facts:
+      portal_net: "{{ openshift_master_portal_net | default(None) }}"
+
+# TODO: append openshift.node.portal_net to docker_insecure_registries
+- set_fact:
+    docker_additional_registries: "{{ openshift.docker.additional_registries
+                                      | default(omit) }}"
+    docker_blocked_registries: "{{ openshift.docker.blocked_registries
+                                   | default(omit) }}"
+    docker_insecure_registries: "{{ openshift.docker.insecure_registries
+                                    | default(omit) }}"
+    docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}"
+    docker_log_options: "{{ openshift.docker.log_options | default(omit) }}"
+    docker_options: "{{ openshift.docker.options | default(omit) }}"
+    docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub
+                               | default(omit) }}"

roles/openshift_etcd/meta/main.yml

@@ -0,0 +1,18 @@
+---
+galaxy_info:
+  author: Jason DeTiberus
+  description: OpenShift etcd
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 1.9
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- role: openshift_facts
+- role: openshift_docker
+  when: openshift.common.is_containerized | bool
+- role: etcd

roles/openshift_facts/library/openshift_facts.py

@@ -27,6 +27,38 @@ from distutils.version import LooseVersion
 import struct
 import socket
 
+
+def migrate_docker_facts(facts):
+    """ Apply migrations for docker facts """
+    params = {
+        'common': (
+            'additional_registries',
+            'insecure_registries',
+            'blocked_registries',
+            'options'
+        ),
+        'node': (
+            'log_driver',
+            'log_options'
+        )
+    }
+    if 'docker' not in facts:
+        facts['docker'] = {}
+    for role in params.keys():
+        if role in facts:
+            for param in params[role]:
+                old_param = 'docker_' + param
+                if old_param in facts[role]:
+                    facts['docker'][param] = facts[role].pop(old_param)
+    return facts
+
+def migrate_local_facts(facts):
+    """ Apply migrations of local facts """
+    migrated_facts = copy.deepcopy(facts)
+    return migrate_docker_facts(migrated_facts)
+
+
+
 def first_ip(network):
     """ Return the first IPv4 address in network
 
@@ -657,18 +689,13 @@ def set_deployment_facts_if_unset(facts):
                 data_dir = '/var/lib/openshift'
             facts['common']['data_dir'] = data_dir
 
-        # remove duplicate and empty strings from registry lists
-        for cat in  ['additional', 'blocked', 'insecure']:
-            key = 'docker_{0}_registries'.format(cat)
-            if key in facts['common']:
-                facts['common'][key] = list(set(facts['common'][key]) - set(['']))
-
-
+    if 'docker' in facts:
+        deployment_type = facts['common']['deployment_type']
         if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']:
-            addtl_regs = facts['common'].get('docker_additional_registries', [])
+            addtl_regs = facts['docker'].get('additional_registries', [])
             ent_reg = 'registry.access.redhat.com'
             if ent_reg not in addtl_regs:
-                facts['common']['docker_additional_registries'] = addtl_regs + [ent_reg]
+                facts['docker']['additional_registries'] = addtl_regs + [ent_reg]
 
     for role in ('master', 'node'):
         if role in facts:
@@ -1221,7 +1248,7 @@ class OpenShiftFacts(object):
         Raises:
             OpenShiftFactsUnsupportedRoleError:
     """
-    known_roles = ['common', 'master', 'node', 'etcd', 'hosted']
+    known_roles = ['common', 'master', 'node', 'etcd', 'hosted', 'docker']
 
     # Disabling too-many-arguments, this should be cleaned up as a TODO item.
     # pylint: disable=too-many-arguments
@@ -1265,7 +1292,13 @@ class OpenShiftFacts(object):
                                             protected_facts_to_overwrite)
         roles = local_facts.keys()
 
-        defaults = self.get_defaults(roles)
+
+        if 'common' in local_facts and 'deployment_type' in local_facts['common']:
+            deployment_type = local_facts['common']['deployment_type']
+        else:
+            deployment_type = 'origin'
+
+        defaults = self.get_defaults(roles, deployment_type)
         provider_facts = self.init_provider_facts()
         facts = apply_provider_facts(defaults, provider_facts)
         facts = merge_facts(facts,
@@ -1292,7 +1325,7 @@ class OpenShiftFacts(object):
             facts = set_installed_variant_rpm_facts(facts)
         return dict(openshift=facts)
 
-    def get_defaults(self, roles):
+    def get_defaults(self, roles, deployment_type):
         """ Get default fact values
 
             Args:
@@ -1301,8 +1334,7 @@ class OpenShiftFacts(object):
             Returns:
                 dict: The generated default facts
         """
-        defaults = dict()
-
+        defaults = {}
         ip_addr = self.system_facts['default_ipv4']['address']
         exit_code, output, _ = module.run_command(['hostname', '-f'])
         hostname_f = output.strip() if exit_code == 0 else ''
@@ -1310,33 +1342,42 @@ class OpenShiftFacts(object):
                            self.system_facts['fqdn']]
         hostname = choose_hostname(hostname_values, ip_addr)
 
-        common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr,
-                      deployment_type='origin', hostname=hostname,
-                      public_hostname=hostname)
-        common['client_binary'] = 'oc'
-        common['admin_binary'] = 'oadm'
-        common['dns_domain'] = 'cluster.local'
-        common['install_examples'] = True
-        defaults['common'] = common
+        defaults['common'] = dict(use_openshift_sdn=True, ip=ip_addr,
+                                  public_ip=ip_addr,
+                                  deployment_type=deployment_type,
+                                  hostname=hostname,
+                                  public_hostname=hostname,
+                                  client_binary='oc', admin_binary='oadm',
+                                  dns_domain='cluster.local',
+                                  install_examples=True,
+                                  debug_level=2)
 
         if 'master' in roles:
-            master = dict(api_use_ssl=True, api_port='8443', controllers_port='8444',
-                          console_use_ssl=True, console_path='/console',
-                          console_port='8443', etcd_use_ssl=True, etcd_hosts='',
-                          etcd_port='4001', portal_net='172.30.0.0/16',
-                          embedded_etcd=True, embedded_kube=True,
-                          embedded_dns=True, dns_port='53',
-                          bind_addr='0.0.0.0', session_max_seconds=3600,
-                          session_name='ssn', session_secrets_file='',
-                          access_token_max_seconds=86400,
-                          auth_token_max_seconds=500,
-                          oauth_grant_method='auto')
-            defaults['master'] = master
+            defaults['master'] = dict(api_use_ssl=True, api_port='8443',
+                                      controllers_port='8444',
+                                      console_use_ssl=True,
+                                      console_path='/console',
+                                      console_port='8443', etcd_use_ssl=True,
+                                      etcd_hosts='', etcd_port='4001',
+                                      portal_net='172.30.0.0/16',
+                                      embedded_etcd=True, embedded_kube=True,
+                                      embedded_dns=True, dns_port='53',
+                                      bind_addr='0.0.0.0',
+                                      session_max_seconds=3600,
+                                      session_name='ssn',
+                                      session_secrets_file='',
+                                      access_token_max_seconds=86400,
+                                      auth_token_max_seconds=500,
+                                      oauth_grant_method='auto')
 
         if 'node' in roles:
-            node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16',
-                        iptables_sync_period='5s', set_node_ip=False)
-            defaults['node'] = node
+            defaults['node'] = dict(labels={}, annotations={},
+                                    portal_net='172.30.0.0/16',
+                                    iptables_sync_period='5s',
+                                    set_node_ip=False)
+
+        if 'docker' in roles:
+            defaults['docker'] = dict(disable_push_dockerhub=False)
 
         defaults['hosted'] = dict(
             registry=dict(
@@ -1356,6 +1397,7 @@ class OpenShiftFacts(object):
             )
         )
 
+
         return defaults
 
     def guess_host_provider(self):
@@ -1481,15 +1523,23 @@ class OpenShiftFacts(object):
 
         local_facts = get_local_facts_from_file(self.filename)
 
-        for arg in ['labels', 'annotations']:
-            if arg in facts_to_set and isinstance(facts_to_set[arg],
-                                                  basestring):
-                facts_to_set[arg] = module.from_json(facts_to_set[arg])
+        migrated_facts = migrate_local_facts(local_facts)
 
-        new_local_facts = merge_facts(local_facts,
+        new_local_facts = merge_facts(migrated_facts,
                                       facts_to_set,
                                       additive_facts_to_overwrite,
                                       protected_facts_to_overwrite)
+
+        if 'docker' in new_local_facts:
+            # remove duplicate and empty strings from registry lists
+            for cat in  ['additional', 'blocked', 'insecure']:
+                key = '{0}_registries'.format(cat)
+                if key in new_local_facts['docker']:
+                    val = new_local_facts['docker'][key]
+                    if isinstance(val, basestring):
+                        val = [x.strip() for x in val.split(',')]
+                    new_local_facts['docker'][key] = list(set(val) - set(['']))
+
         for facts in new_local_facts.values():
             keys_to_delete = []
             if isinstance(facts, dict):

roles/openshift_master/meta/main.yml

@@ -12,5 +12,4 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- { role: openshift_common }
-- { role: openshift_cli }
+- role: openshift_cli

roles/openshift_node/meta/main.yml

@@ -12,4 +12,5 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- { role: openshift_common }
+- role: openshift_common
+- role: openshift_docker