Merge branch 'master' into issue1800

inventory/byo/hosts.aep.example

@@ -340,7 +340,34 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults
 # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot
 # be used with 1.0 and 3.0.
-# openshift_node_dnsmasq=False
+# openshift_use_dnsmasq=False
+
+# Global Proxy Configuration
+# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment
+# variables for docker and master services.
+#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT
+#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT
+#openshift_no_proxy='.hosts.example.com,some-host.com'
+#
+# Most environments don't require a proxy between openshift masters, nodes, and
+# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
+# If all of your hosts share a common domain you may wish to disable this and 
+# specify that domain above.
+#openshift_generate_no_proxy_hosts: True
+#
+# These options configure the BuildDefaults admission controller which injects
+# environment variables into Builds. These values will default to their
+# corresponding values above but you may set them independently. See BuildDefaults
+# documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html
+#openshift_builddefaults_http_proxy=openshift_http_proxy
+#openshift_builddefaults_https_proxy=openshift_https_proxy
+#openshift_builddefaults_no_proxy=openshift_noproxy
+#openshift_builddefaults_git_http_proxy=openshift_builddefaults_http_proxy
+#openshift_builddefaults_git_https_proxy=openshift_builddefaults_https_proxy
+# Or you may optionally define your own serialized as json
+#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}'
+
+
 
 # host group for masters
 [masters]

inventory/byo/hosts.origin.example

@@ -345,7 +345,33 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults
 # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot
 # be used with 1.0 and 3.0.
-# openshift_node_dnsmasq=False
+# openshift_use_dnsmasq=False
+
+# Global Proxy Configuration
+# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment
+# variables for docker and master services.
+#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT
+#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT
+#openshift_no_proxy='.hosts.example.com,some-host.com'
+#
+# Most environments don't require a proxy between openshift masters, nodes, and
+# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
+# If all of your hosts share a common domain you may wish to disable this and 
+# specify that domain above.
+#openshift_generate_no_proxy_hosts: True
+#
+# These options configure the BuildDefaults admission controller which injects
+# environment variables into Builds. These values will default to their
+# corresponding values above but you may set them independently. See BuildDefaults
+# documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html
+#openshift_builddefaults_http_proxy=openshift_http_proxy
+#openshift_builddefaults_https_proxy=openshift_https_proxy
+#openshift_builddefaults_no_proxy=openshift_noproxy
+#openshift_builddefaults_git_http_proxy=openshift_builddefaults_http_proxy
+#openshift_builddefaults_git_https_proxy=openshift_builddefaults_https_proxy
+# Or you may optionally define your own serialized as json
+#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}'
+
 
 # host group for masters
 [masters]

inventory/byo/hosts.ose.example

@@ -341,7 +341,32 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults
 # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot
 # be used with 1.0 and 3.0.
-# openshift_node_dnsmasq=False
+# openshift_use_dnsmasq=False
+
+# Global Proxy Configuration
+# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment
+# variables for docker and master services.
+#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT
+#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT
+#openshift_no_proxy='.hosts.example.com,some-host.com'
+#
+# Most environments don't require a proxy between openshift masters, nodes, and
+# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
+# If all of your hosts share a common domain you may wish to disable this and 
+# specify that domain above.
+#openshift_generate_no_proxy_hosts: True
+#
+# These options configure the BuildDefaults admission controller which injects
+# environment variables into Builds. These values will default to their
+# corresponding values above but you may set them independently. See BuildDefaults
+# documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html
+#openshift_builddefaults_http_proxy=openshift_http_proxy
+#openshift_builddefaults_https_proxy=openshift_https_proxy
+#openshift_builddefaults_no_proxy=openshift_noproxy
+#openshift_builddefaults_git_http_proxy=openshift_builddefaults_http_proxy
+#openshift_builddefaults_git_https_proxy=openshift_builddefaults_https_proxy
+# Or you may optionally define your own serialized as json
+#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}'
 
 # host group for masters
 [masters]

openshift-ansible.spec

@@ -214,7 +214,7 @@ Atomic OpenShift Utilities includes
 - Fix router selector fact migration and match multiple selectors when counting
   nodes. (abutcher@redhat.com)
 - Fixing the spec for PR 1734 (bleanhar@redhat.com)
-- Add openshift_node_dnsmasq (sdodson@redhat.com)
+- Add openshift_use_dnsmasq (sdodson@redhat.com)
 - Promote portal_net to openshift.common, add kube_svc_ip (sdodson@redhat.com)
 - Add example inventories to docs, install docs by default (sdodson@redhat.com)
 - Fix use of JSON inventory vars with raw booleans. (dgoodwin@redhat.com)

playbooks/common/openshift-master/config.yml

@@ -42,6 +42,12 @@
   - set_fact:
       openshift_hosted_metrics_deploy: "{{ lookup('oo_option', 'openshift_hosted_metrics_deploy') | default(false, true) }}"
     when: openshift_hosted_metrics_deploy is not defined
+  - set_fact:
+      openshift_hosted_metrics_duration: "{{ lookup('oo_option', 'openshift_hosted_metrics_duration') | default(7) }}"
+    when: openshift_hosted_metrics_duration is not defined
+  - set_fact:
+      openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default(10) }}"
+    when: openshift_hosted_metrics_resolution is not defined
     
   roles:
   - openshift_facts

roles/docker/tasks/main.yml

@@ -69,6 +69,21 @@
     reg_flag: --insecure-registry
   notify:
   - restart docker
+  
+- name: Set Proxy Settings
+  lineinfile:
+    dest: /etc/sysconfig/docker
+    regexp: '^{{ item.reg_conf_var }}=.*$'
+    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'"
+  with_items:
+    - reg_conf_var: HTTP_PROXY
+      reg_fact_val: "{{ docker_http_proxy | default('') }}"
+    - reg_conf_var: HTTPS_PROXY
+      reg_fact_val: "{{ docker_https_proxy | default('') }}"
+    - reg_conf_var: NO_PROXY
+      reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}"
+  notify:
+    - restart docker
 
 - name: Set various docker options
   lineinfile:

roles/nuage_master/files/serviceaccount.sh

@@ -1,63 +0,0 @@
-#!/bin/bash
-# Parse CLI options
-for i in "$@"; do
-    case $i in
-        --master-cert-dir=*)
-            MASTER_DIR="${i#*=}"
-            CA_CERT=${MASTER_DIR}/ca.crt
-            CA_KEY=${MASTER_DIR}/ca.key
-            CA_SERIAL=${MASTER_DIR}/ca.serial.txt
-            ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig
-        ;;
-        --server=*)
-            SERVER="${i#*=}"
-        ;;
-        --output-cert-dir=*)
-            OUTDIR="${i#*=}"
-            CONFIG_FILE=${OUTDIR}/nuage.kubeconfig
-        ;;
-    esac
-done
-
-# If any are missing, print the usage and exit
-if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then
-    echo "Invalid syntax: $@"
-    echo "Usage:"
-    echo "  $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/"
-    echo "--master-cert-dir:  Directory where the master's configuration is held"
-    echo "--server:           Address of Kubernetes API server (default port is 8443)"
-    echo "--output-cert-dir:  Directory to put artifacts in"
-    echo ""
-    echo "All options are required"
-    exit 1
-fi
-
-# Login as admin so that we can create the service account
-oc login -u system:admin --config=$ADMIN_FILE || exit 1
-oc project default --config=$ADMIN_FILE
-
-ACCOUNT_CONFIG='
-{
-  "apiVersion": "v1",
-  "kind": "ServiceAccount",
-  "metadata": {
-    "name": "nuage"
-  }
-}
-'
-
-# Create the account with the included info
-echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f -
-
-# Add the cluser-reader role, which allows this service account read access to
-# everything in the cluster except secrets
-oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE
-
-# Generate certificates and a kubeconfig for the service account
-oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage'
-
-# Verify the finalized kubeconfig
-if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then
-    echo "Service account creation failed!"
-    exit 1
-fi

roles/nuage_master/tasks/main.yaml

@@ -11,9 +11,7 @@
   sudo: true
   yum: name={{ nuage_openshift_rpm }} state=present
 
-- name: Run the service account creation script
-  sudo: true
-  script: serviceaccount.sh --server={{ openshift.master.api_url }} --output-cert-dir={{ cert_output_dir }} --master-cert-dir={{ openshift_master_config_dir }}
+- include: serviceaccount.yml
 
 - name: Download the certs and keys
   sudo: true

roles/nuage_master/tasks/serviceaccount.yml

@@ -0,0 +1,51 @@
+---
+- name: Create temporary directory for admin kubeconfig
+  command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig
+  register: nuage_tmp_conf_mktemp
+  changed_when: False
+
+- set_fact:
+    nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}"
+
+- name: Copy Configuration to temporary conf
+  command: >
+    cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}}
+  changed_when: false
+
+- name: Create Admin Service Account
+  shell: >
+    echo {{ nuage_service_account_config | to_json | quote }} |
+    {{ openshift.common.client_binary }} create
+    -n default 
+    --config={{nuage_tmp_conf}}
+    -f -
+  register: osnuage_create_service_account
+  failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0"
+  changed_when: osnuage_create_service_account.rc == 0
+
+- name: Configure role/user permissions
+  command: >
+    {{ openshift.common.admin_binary }} {{item}}
+    --config={{nuage_tmp_conf}}
+  with_items: "{{nuage_tasks}}"
+  register: osnuage_perm_task
+  failed_when: "'already exists' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
+  changed_when: osnuage_perm_task.rc == 0
+
+- name: Generate the node client config
+  command: >
+    {{ openshift.common.admin_binary }} create-api-client-config
+      --certificate-authority={{ openshift_master_ca_cert }}
+      --client-dir={{ cert_output_dir }}
+      --master={{ openshift.master.api_url }}
+      --public-master={{ openshift.master.api_url }}
+      --signer-cert={{ openshift_master_ca_cert }}
+      --signer-key={{ openshift_master_ca_key }}
+      --signer-serial={{ openshift_master_ca_serial }}
+      --basename='nuage'
+      --user={{ nuage_service_account }}
+
+- name: Clean temporary configuration file
+  command: >
+    rm -f {{nuage_tmp_conf}}
+  changed_when: false

roles/nuage_master/vars/main.yaml

@@ -1,4 +1,7 @@
 openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
+openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
+openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
+openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
 ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
 admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig"
 cert_output_dir: /usr/share/nuage-openshift-monitor
@@ -15,6 +18,17 @@ nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonSe
 nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt" 
 
 nuage_master_crt_dir : /usr/share/nuage-openshift-monitor
+nuage_service_account: system:serviceaccount:default:nuage
+
+nuage_service_account_config:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: nuage 
+
+nuage_tasks:
+    - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }} 
+
 nuage_master_cspadminpasswd: ''
-nuage_master_adminsusername: 'admin'
+nuage_master_adminusername: 'admin'
 nuage_master_adminuserpasswd: 'admin'

roles/openshift_builddefaults/meta/main.yml

@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  author: Scott Dodson
+  description: OpenShift Build Defaults configuration
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 1.9
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- role: openshift_facts

roles/openshift_builddefaults/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Set builddefaults
+  openshift_facts:
+    role: builddefaults
+    # TODO: add ability to define builddefaults env vars sort of like this
+    # may need to move the config generation to a filter however.
+    # openshift_env: "{{ hostvars[inventory_hostname]
+    #                    | oo_merge_dicts(hostvars)
+    #                    | oo_openshift_env }}"
+    # openshift_env_structures:
+    # - 'openshift.builddefaults.env.*'
+    local_facts:
+      http_proxy: "{{ openshift_builddefaults_http_proxy | default(None) }}"
+      https_proxy: "{{ openshift_builddefaults_https_proxy | default(None) }}"
+      no_proxy: "{{ openshift_builddefaults_no_proxy | default(None) }}"
+      git_http_proxy: "{{ openshift_builddefaults_git_http_proxy | default(None) }}"
+      git_https_proxy: "{{ openshift_builddefaults_git_https_proxy | default(None) }}"
+      
+- name: Set builddefaults config structure
+  openshift_facts:
+    role: builddefaults
+    local_facts:
+      config: "{{ openshift_builddefaults_json | default(builddefaults_yaml) }}"
+        

roles/openshift_builddefaults/vars/main.yml

@@ -0,0 +1,15 @@
+---
+builddefaults_yaml:
+  BuildDefaults:
+    configuration:
+      apiVersion: v1
+      kind: BuildDefaultsConfig
+      gitHTTPProxy: "{{ openshift.builddefaults.git_http_proxy | default('', true) }}"
+      gitHTTPSProxy: "{{ openshift.builddefaults.git_https_proxy | default('', true) }}"
+      env:
+      - name: HTTP_PROXY
+        value: "{{ openshift.builddefaults.http_proxy | default('', true) }}"
+      - name: HTTPS_PROXY
+        value: "{{ openshift.builddefaults.https_proxy | default('', true) }}"
+      - name: NO_PROXY
+        value: "{{ openshift.builddefaults.no_proxy | default('', true) | join(',') }}"

roles/openshift_cluster_metrics/tasks/main.yml

@@ -28,7 +28,6 @@
     cluster-reader
     system:serviceaccount:default:heapster
   register: oex_cluster_header_role
-  register: oex_cluster_header_role
   failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0"
   changed_when: false
 

roles/openshift_docker_facts/tasks/main.yml

@@ -27,6 +27,9 @@
     docker_log_options: "{{ openshift.docker.log_options | default(omit) }}"
     docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub
                                | default(omit) }}"
+    docker_http_proxy: "{{ openshift.common.http_proxy | default(omit) }}"
+    docker_https_proxy: "{{ openshift.common.https_proxy | default(omit) }}"
+    docker_no_proxy: "{{ openshift.common.no_proxy | default(omit) }}"
 
 - set_fact:
     docker_options: >

roles/openshift_etcd_facts/meta/main.yml

@@ -12,4 +12,4 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- role: openshift_common
+- role: openshift_facts

roles/openshift_facts/library/openshift_facts.py

@@ -1327,6 +1327,23 @@ def get_local_facts_from_file(filename):
 
     return local_facts
 
+def sort_unique(alist):
+    """ Sorts and de-dupes a list
+
+        Args:
+            list: a list
+        Returns:
+            list: a sorted de-duped list
+    """
+
+    alist.sort()
+    out = list()
+    for i in alist:
+        if i not in out:
+            out.append(i)
+
+    return out
+
 def safe_get_bool(fact):
     """ Get a boolean fact safely.
 
@@ -1337,6 +1354,58 @@ def safe_get_bool(fact):
     """
     return bool(strtobool(str(fact)))
 
+def set_proxy_facts(facts):
+    """ Set global proxy facts and promote defaults from http_proxy, https_proxy,
+        no_proxy to the more specific builddefaults and builddefaults_git vars.
+           1. http_proxy, https_proxy, no_proxy
+           2. builddefaults_*
+           3. builddefaults_git_*
+
+        Args:
+            facts(dict): existing facts
+        Returns:
+            facts(dict): Updated facts with missing values
+    """
+    if 'common' in facts:
+        common = facts['common']
+        if 'http_proxy' in common or 'https_proxy' in common:
+            if 'generate_no_proxy_hosts' in common and \
+                    common['generate_no_proxy_hosts']:
+                if 'no_proxy' in common and \
+                    isinstance(common['no_proxy'], basestring):
+                    common['no_proxy'] = common['no_proxy'].split(",")
+                else:
+                    common['no_proxy'] = []
+                if 'no_proxy_internal_hostnames' in common:
+                    common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(','))
+                common['no_proxy'].append('.' + common['dns_domain'])
+                common['no_proxy'].append(common['hostname'])
+                common['no_proxy'] = sort_unique(common['no_proxy'])
+        facts['common'] = common
+
+    if 'builddefaults' in facts:
+        facts['master']['admission_plugin_config'] = dict()
+        builddefaults = facts['builddefaults']
+        common = facts['common']
+        if 'http_proxy' not in builddefaults and 'http_proxy' in common:
+            builddefaults['http_proxy'] = common['http_proxy']
+        if 'https_proxy' not in builddefaults and 'https_proxy' in common:
+            builddefaults['https_proxy'] = common['https_proxy']
+        if 'no_proxy' not in builddefaults and 'no_proxy' in common:
+            builddefaults['no_proxy'] = common['no_proxy']
+        if 'git_http_proxy' not in builddefaults and 'http_proxy' in builddefaults:
+            builddefaults['git_http_proxy'] = builddefaults['http_proxy']
+        if 'git_https_proxy' not in builddefaults and 'https_proxy' in builddefaults:
+            builddefaults['git_https_proxy'] = builddefaults['https_proxy']
+        if 'admission_plugin_config' not in builddefaults:
+            builddefaults['admission_plugin_config'] = dict()
+        if 'config' in builddefaults and ('http_proxy' in builddefaults or \
+                'https_proxy' in builddefaults):
+            facts['master']['admission_plugin_config'].update(builddefaults['config'])
+        facts['builddefaults'] = builddefaults
+
+    return facts
+
 # pylint: disable=too-many-statements
 def set_container_facts_if_unset(facts):
     """ Set containerized facts.
@@ -1470,7 +1539,8 @@ class OpenShiftFacts(object):
         Raises:
             OpenShiftFactsUnsupportedRoleError:
     """
-    known_roles = ['cloudprovider',
+    known_roles = ['builddefaults',
+                   'cloudprovider',
                    'common',
                    'docker',
                    'etcd',
@@ -1558,6 +1628,7 @@ class OpenShiftFacts(object):
         facts = set_manageiq_facts_if_unset(facts)
         facts = set_aggregate_facts(facts)
         facts = set_etcd_facts_if_unset(facts)
+        facts = set_proxy_facts(facts)
         if not safe_get_bool(facts['common']['is_containerized']):
             facts = set_installed_variant_rpm_facts(facts)
         return dict(openshift=facts)
@@ -1644,6 +1715,8 @@ class OpenShiftFacts(object):
             defaults['hosted'] = dict(
                 metrics=dict(
                     deploy=False,
+                    duration=7,
+                    resolution=10,
                     storage=dict(
                         kind=None,
                         volume=dict(

roles/openshift_facts/tasks/main.yml

@@ -33,3 +33,18 @@
       is_containerized: "{{ l_is_containerized | default(None) }}"
       public_hostname: "{{ openshift_public_hostname | default(None) }}"
       public_ip: "{{ openshift_public_ip | default(None) }}"
+
+# had to be done outside of the above because hostname isn't yet set
+- name: Gather hostnames for proxy configuration
+  openshift_facts:
+    role: common
+    local_facts:
+      http_proxy: "{{ openshift_http_proxy | default(None) }}"
+      https_proxy: "{{ openshift_https_proxy | default(None) }}"
+      no_proxy: "{{ openshift_no_proxy | default(None) }}"
+      generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}"
+      no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] 
+                                                   | union(groups['oo_masters_to_config']) 
+                                                   | union(groups['oo_etcd_to_config'] | default([]))) 
+                                               | oo_collect('openshift.common.hostname') | default([]) | join (',')
+                                               }}"

roles/openshift_master/meta/main.yml

@@ -15,5 +15,6 @@ dependencies:
 - role: openshift_docker
 - role: openshift_cli
 - role: openshift_cloud_provider
+- role: openshift_builddefaults
 - role: openshift_master_facts
 - role: openshift_hosted_facts

roles/openshift_master/templates/atomic-openshift-master.j2

@@ -10,8 +10,14 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
 {% endif %}
 
 # Proxy configuration
-# Origin uses standard HTTP_PROXY environment variables. Be sure to set
-# NO_PROXY for your master
-#NO_PROXY=master.example.com
-#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
-#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
+# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
+{% if 'http_proxy' in openshift.common or 'https_proxy' in openshift.common %}
+HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.master.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+{% else %}
+#HTTP_PROXY=http://user:pass@proxy.example.com
+#HTTPS_PROXY=http://user:pass@proxy.example.com
+#NO_PROXY='.hosts.example.com'
+{% endif %}
+

roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2

@@ -10,8 +10,13 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
 {% endif %}
 
 # Proxy configuration
-# Origin uses standard HTTP_PROXY environment variables. Be sure to set
-# NO_PROXY for your master
-#NO_PROXY=master.example.com
-#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
-#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
+# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
+{% if 'http_proxy' or 'https_proxy' in openshift.common %}
+HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.master.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+{% else %}
+#HTTP_PROXY=http://user:pass@proxy.example.com
+#HTTPS_PROXY=http://user:pass@proxy.example.com
+#NO_PROXY='.hosts.example.com'
+{% endif %}

roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2

@@ -10,8 +10,13 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
 {% endif %}
 
 # Proxy configuration
-# Origin uses standard HTTP_PROXY environment variables. Be sure to set
-# NO_PROXY for your master
-#NO_PROXY=master.example.com
-#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
-#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
+# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
+{% if 'http_proxy' or 'https_proxy' in openshift.common %}
+HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.master.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+{% else %}
+#HTTP_PROXY=http://user:pass@proxy.example.com
+#HTTPS_PROXY=http://user:pass@proxy.example.com
+#NO_PROXY='.hosts.example.com'
+{% endif %}

roles/openshift_master_facts/vars/main.yml

@@ -0,0 +1,14 @@
+builddefaults_yaml:
+  BuildDefaults:
+    configuration:
+      apiVersion: v1
+      kind: BuildDefaultsConfig
+      gitHTTPProxy: "{{ openshift.master.builddefaults_git_http_proxy | default(omit, true) }}"
+      gitHTTPSProxy: "{{ openshift.master.builddefaults_git_https_proxy | default(omit, true) }}"
+      env:
+      - name: HTTP_PROXY
+        value: "{{ openshift.master.builddefaults_http_proxy | default(omit, true) }}"
+      - name: HTTPS_PROXY
+        value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}"
+      - name: NO_PROXY
+        value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}"

roles/openshift_metrics/README.md

@@ -19,6 +19,8 @@ From this role:
 | openshift_hosted_metrics_storage_volume_name    | metrics               | Metrics volume within openshift_hosted_metrics_volume_dir   |
 | openshift_hosted_metrics_storage_volume_size    | 10Gi                  | Metrics volume size                                         |
 | openshift_hosted_metrics_storage_nfs_options    | *(rw,root_squash)     | NFS options for configured exports.                         |
+| openshift_hosted_metrics_duration               | 7                     | Metrics query duration                                      |
+| openshift_hosted_metrics_resolution             | 10                    | Metrics resolution                                          |
 
 
 From openshift_common:

roles/openshift_metrics/tasks/main.yaml

@@ -20,6 +20,7 @@
     {{ openshift.common.client_binary }}
     secrets new metrics-deployer
     nothing=/dev/null
+    --config={{hawkular_tmp_conf}}
     -n openshift-infra
   register: deployer_create_secret
   failed_when: "'already exists' not in deployer_create_secret.stderr and deployer_create_secret.rc !=0"
@@ -43,8 +44,9 @@
   shell: >
    {{ openshift.common.client_binary }} process -f \
    /usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \
-    HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }} | \
-    {{ openshift.common.client_binary }} create -n openshift-infra -f - 
+    HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }} USE_PERSISTENT_STORAGE={{ hawkular_persistence }} \
+    METRIC_DURATION={{ openshift.hosted.metrics.duration }} METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} |
+    {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f -
   register: oex_heapster_services
   failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0"
   changed_when: false
@@ -52,4 +54,4 @@
 - name: Clean temporary config file
   command: >
     rm -rf {{hawkular_tmp_conf}}
-  changed_when: false
+  changed_when: false