create openshift_common role

- move common openshift logic into openshift_common
- set openshift_common as a dependency for openshift_node and openshift_master
- rename role variables to openshift_* to be more descriptive
- start recording local_facts on the openshift hosts
- clean up firewalld config to be a bit more dry
- Update firewall ports for https, make sure http rules are removed
- Replace references to ansible_eth0.ipv4.address with
  ansible_default_ipv4.address

playbooks/aws/openshift-master/config.yml

@@ -1,3 +1,4 @@
+---
 - name: "populate oo_hosts_to_config host group if needed"
   hosts: localhost
   gather_facts: no
@@ -16,11 +17,11 @@
   hosts: localhost
   gather_facts: no
   tasks:
-    - name: Setting oo_node_ips fact on localhost
+    - name: Setting openshift_node_ips fact on localhost
       set_fact:
-        oo_node_ips: "{{ hostvars
+        openshift_node_ips: "{{ hostvars
             | oo_select_keys(groups['tag_env-host-type_' + oo_env + '-openshift-node'])
-            | oo_collect(attribute='ansible_eth0.ipv4.address') }}"
+            | oo_collect(attribute='ansible_default_ipv4.address') }}"
       when: groups['tag_env-host-type_' + oo_env + '-openshift-node'] is defined
 
 - name: "Configure instances"
@@ -33,8 +34,9 @@
     - base_os
     - repos
     - {
-        role: openshift_master,
-        oo_node_ips: "{{ hostvars['localhost'].oo_node_ips | default(['']) }}",
-        oo_bind_ip: "{{ hostvars[inventory_hostname].ansible_eth0.ipv4.address | default(['']) }}"
+        role: openshift,
+        openshift_node_ips: "{{ hostvars['localhost'].openshift_node_ips | default(['']) }}",
+        openshift_env: "{{ oo_env }}"
+        # TODO: openshift_public_ip: set to aws instance public ip
       }
     - pods

playbooks/aws/openshift-node/config.yml

@@ -1,3 +1,4 @@
+---
 - name: "populate oo_hosts_to_config host group if needed"
   hosts: localhost
   gather_facts: no
@@ -16,11 +17,11 @@
   hosts: localhost
   gather_facts: no
   tasks:
-    - name: Setting oo_master_ips fact on localhost
+    - name: Setting openshift_master_ips fact on localhost
       set_fact:
-        oo_master_ips: "{{ hostvars
+        openshift_master_ips: "{{ hostvars
             | oo_select_keys(groups['tag_env-host-type_' + oo_env + '-openshift-master'])
-            | oo_collect(attribute='ansible_eth0.ipv4.address') }}"
+            | oo_collect(attribute='ansible_default_ipv4.address') }}"
       when: groups['tag_env-host-type_' + oo_env + '-openshift-master'] is defined
 
 - name: "Configure instances"
@@ -34,7 +35,9 @@
     - repos
     - docker
     - {
-        role: openshift_node,
-        oo_master_ips: "{{ hostvars['localhost'].oo_master_ips | default(['']) }}",
-        oo_bind_ip: "{{ hostvars[inventory_hostname].ansible_eth0.ipv4.address | default(['']) }}"
+        role: openshift-node,
+        openshift_master_ips: "{{ hostvars['localhost'].openshift_master_ips | default(['']) }}",
+        # TODO: add openshift_Master_public_ips
+        openshift_env: {{ "oo_env" }}
+        # TODO: openshift_public_ip: set to aws instance public ip
       }

playbooks/gce/openshift-master/config.yml

@@ -1,3 +1,4 @@
+---
 - name: "populate oo_hosts_to_config host group if needed"
   hosts: localhost
   gather_facts: no
@@ -16,11 +17,11 @@
   hosts: localhost
   gather_facts: no
   tasks:
-    - name: Setting oo_node_ips fact on localhost
+    - name: Setting openshift_node_ips fact on localhost
       set_fact:
-        oo_node_ips: "{{ hostvars
+        openshift_node_ips: "{{ hostvars
             | oo_select_keys(groups['tag_env-host-type-' + oo_env + '-openshift-node'])
-            | oo_collect(attribute='ansible_eth0.ipv4.address') }}"
+            | oo_collect(attribute='ansible_default_ipv4.address') }}"
       when: groups['tag_env-host-type-' + oo_env + '-openshift-node'] is defined
 
 - name: "Configure instances"
@@ -34,8 +35,8 @@
     - repos
     - {
         role: openshift_master,
-        oo_node_ips: "{{ hostvars['localhost'].oo_node_ips | default(['']) }}",
-        oo_bind_ip: "{{ hostvars[inventory_hostname].ansible_eth0.ipv4.address | default(['']) }}",
-        oo_public_ip: "{{ gce_public_ip }}"
+        openshift_node_ips: "{{ hostvars['localhost'].openshift_node_ips | default(['']) }}",
+        openshift_public_ip: "{{ gce_public_ip }}",
+        openshift_env: "{{ oo_env }}",
       }
     - pods

playbooks/gce/openshift-node/config.yml

@@ -1,7 +1,7 @@
+---
 - name: "populate oo_hosts_to_config host group if needed"
   hosts: localhost
   gather_facts: no
-
   tasks:
   - name: Evaluate oo_host_group_exp
     add_host: "name={{ item }} groups=oo_hosts_to_config"
@@ -17,15 +17,15 @@
   hosts: localhost
   gather_facts: no
   tasks:
-    - name: Setting oo_master_ips fact on localhost
+    - name: Setting openshift_master_ips fact on localhost
       set_fact:
-        oo_master_ips: "{{ hostvars
+        openshift_master_ips: "{{ hostvars
             | oo_select_keys(groups['tag_env-host-type-' + oo_env + '-openshift-master'])
-            | oo_collect(attribute='ansible_eth0.ipv4.address') }}"
+            | oo_collect(attribute='ansible_default_ipv4.address') }}"
       when: groups['tag_env-host-type-' + oo_env + '-openshift-master'] is defined
-    - name: Setting oo_master_public_ips fact on localhost
+    - name: Setting openshift_master_public_ips fact on localhost
       set_fact:
-        oo_master_public_ips: "{{ hostvars
+        openshift_master_public_ips: "{{ hostvars
             | oo_select_keys(groups['tag_env-host-type-' + oo_env + '-openshift-master'])
             | oo_collect(attribute='gce_public_ip') }}"
       when: groups['tag_env-host-type-' + oo_env + '-openshift-master'] is defined
@@ -42,8 +42,8 @@
     - docker
     - {
         role: openshift_node,
-        oo_master_ips: "{{ hostvars['localhost'].oo_master_ips | default(['']) }}",
-        oo_master_public_ips: "{{ hostvars['localhost'].oo_master_public_ips | default(['']) }}",
-        oo_bind_ip: "{{ hostvars[inventory_hostname].ansible_eth0.ipv4.address | default(['']) }}",
-        oo_public_ip: "{{ hostvars[inventory_hostname].ansible_ssh_host }}"
+        openshift_master_ips: "{{ hostvars['localhost'].openshift_master_ips | default(['']) }}",
+        openshift_master_public_ips: "{{ hostvars['localhost'].openshift_master_public_ips | default(['']) }}",
+        openshift_public_ip: "{{ gce_public_ip }}",
+        openshift_env: "{{ oo_env }}",
       }

roles/openshift_common/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/openshift_common/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+openshift_bind_ip: "{{ ansible_default_ipv4.address }}"
+openshift_debug_level: 0

roles/openshift_common/meta/main.yml

@@ -0,0 +1,13 @@
+galaxy_info:
+  author: Jason DeTiberus
+  description: OpenShift Common
+  company: Red Hat, Inc.
+  license: ASL 2.0
+  min_ansible_version: 1.7
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies: []

roles/openshift_common/tasks/firewall.yml

@@ -0,0 +1,34 @@
+---
+# TODO: Ansible 1.9 will eliminate the need for separate firewalld tasks for
+# enabling rules and making them permanent with the immediate flag
+- name: "Add firewalld allow rules"
+  firewalld:
+    port: "{{ item.port }}"
+    permanent: false
+    state: enabled
+  with_items: allow
+  when: allow is defined
+
+- name: "Persist firewalld allow rules"
+  firewalld:
+    port: "{{ item.port }}"
+    permanent: true
+    state: enabled
+  with_items: allow
+  when: allow is defined
+
+- name: "Remove firewalld allow rules"
+  firewalld:
+    port: "{{ item.port }}"
+    permanent: false
+    state: disabled
+  with_items: deny
+  when: deny is defined
+
+- name: "Persist removal of firewalld allow rules"
+  firewalld:
+    port: "{{ item.port }}"
+    permanent: true
+    state: disabled
+  with_items: deny
+  when: deny is defined

roles/openshift_common/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+# fixme: Once openshift stops resolving hostnames for node queries remove this...
+- name: Set hostname to IP Addr (WORKAROUND)
+  hostname: name={{ openshift_bind_ip }}
+
+- name: Configure local facts file
+  file: path=/etc/ansible/facts.d/ state=directory mode=0750
+
+- name: Set common OpenShift facts
+  include: set_facts.yml
+  facts:
+  - { section: common, option: env, value: "{{ openshift_env | default('default') }}" }
+  - { section: common, option: host_type, value: "{{ openshift_host_type }}" }
+  - { section: common, option: debug_level, value: "{{ openshift_debug_level }}" }

roles/openshift_common/tasks/set_facts.yml

@@ -0,0 +1,9 @@
+---
+- name: "Setting local_facts"
+  ini_file:
+    dest: /etc/ansible/facts.d/openshift.fact
+    mode: 0640
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+  with_items: facts

roles/openshift_common/vars/main.yml

@@ -0,0 +1,2 @@
+---
+openshift_master_credentials_dir: /var/lib/openshift/openshift.local.certificates/admin/

roles/openshift_master/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
-# defaults file for openshift_master
+openshift_master_manage_service_externally: false
+openshift_master_debug_level: "{{ openshift_debug_level | default(0) }}"

roles/openshift_master/handlers/main.yml

@@ -1,4 +1,4 @@
 ---
-# handlers file for openshift_master
 - name: restart openshift-master
   service: name=openshift-master state=restarted
+  when: not openshift_master_manage_service_externally

roles/openshift_master/meta/main.yml

@@ -1,124 +1,15 @@
 ---
 galaxy_info:
-  author: your name
-  description: 
-  company: your company (optional)
-  # Some suggested licenses:
-  # - BSD (default)
-  # - MIT
-  # - GPLv2
-  # - GPLv3
-  # - Apache
-  # - CC-BY
-  license: license (GPLv2, CC-BY, etc)
-  min_ansible_version: 1.2
-  #
-  # Below are all platforms currently available. Just uncomment
-  # the ones that apply to your role. If you don't see your 
-  # platform on this list, let us know and we'll get it added!
-  #
-  #platforms:
-  #- name: EL
-  #  versions:
-  #  - all
-  #  - 5
-  #  - 6
-  #  - 7
-  #- name: GenericUNIX
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Fedora
-  #  versions:
-  #  - all
-  #  - 16
-  #  - 17
-  #  - 18
-  #  - 19
-  #  - 20
-  #- name: opensuse
-  #  versions:
-  #  - all
-  #  - 12.1
-  #  - 12.2
-  #  - 12.3
-  #  - 13.1
-  #  - 13.2
-  #- name: Amazon
-  #  versions:
-  #  - all
-  #  - 2013.03
-  #  - 2013.09
-  #- name: GenericBSD
-  #  versions:
-  #  - all
-  #  - any
-  #- name: FreeBSD
-  #  versions:
-  #  - all
-  #  - 8.0
-  #  - 8.1
-  #  - 8.2
-  #  - 8.3
-  #  - 8.4
-  #  - 9.0
-  #  - 9.1
-  #  - 9.1
-  #  - 9.2
-  #- name: Ubuntu
-  #  versions:
-  #  - all
-  #  - lucid
-  #  - maverick
-  #  - natty
-  #  - oneiric
-  #  - precise
-  #  - quantal
-  #  - raring
-  #  - saucy
-  #  - trusty
-  #- name: SLES
-  #  versions:
-  #  - all
-  #  - 10SP3
-  #  - 10SP4
-  #  - 11
-  #  - 11SP1
-  #  - 11SP2
-  #  - 11SP3
-  #- name: GenericLinux
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Debian
-  #  versions:
-  #  - all
-  #  - etch
-  #  - lenny
-  #  - squeeze
-  #  - wheezy
-  #
-  # Below are all categories currently available. Just as with
-  # the platforms above, uncomment those that apply to your role.
-  #
-  #categories:
-  #- cloud
-  #- cloud:ec2
-  #- cloud:gce
-  #- cloud:rax
-  #- clustering
-  #- database
-  #- database:nosql
-  #- database:sql
-  #- development
-  #- monitoring
-  #- networking
-  #- packaging
-  #- system
-  #- web
-dependencies: []
-  # List your role dependencies here, one per line. Only
-  # dependencies available via galaxy should be listed here.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.
-  
+  author: Jhon Honce
+  description: OpenShift Master
+  company: Red Hat, Inc.
+  license: ASL 2.0
+  min_ansible_version: 1.7
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- { role: openshift_common }

roles/openshift_master/tasks/main.yml

@@ -1,37 +1,33 @@
 ---
-# tasks file for openshift_master
-- name: Install Origin
+- name: Install OpenShift Master package
   yum: pkg=openshift-master state=installed
 
-  # fixme: Once openshift stops resolving hostnames for node queries remove this...
-- name: Set hostname to IP Addr (WORKAROUND)
-  command: /usr/bin/hostname {{ oo_bind_ip }}
+- name: Set master OpenShift facts
+  include: "{{ role_path | dirname }}/openshift_common/tasks/set_facts.yml"
+  facts:
+  - { section: master, option: debug_level, value: "{{ openshift_master_debug_level }}" }
+  - { section: master, option: public_ip, value: "{{ openshift_public_ip }}" }
+  - { section: master, option: externally_managed, value: "{{ openshift_master_manage_service_externally }}" }
 
-- name: Configure OpenShift Master settings
+- name: Configure firewall for OpenShift Master
+  include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml"
+  allow:
+  - { service: etcd embedded, port: 4001/tcp}
+  - { service: etcd peer, port: 7001/tcp}
+  - { service: OpenShift api https, port: 8443/tcp}
+  - { service: OpenShift web console https, port: 8444/tcp}
+  deny:
+  - { service: OpenShift api http, port: 8080/tcp }
+
+- name: Configure OpenShift settings
   lineinfile:
     dest: /etc/sysconfig/openshift-master
-    regexp: "{{ item.regex }}"
-    line: "{{ item.line }}"
-  with_items:
-    - regex: '^OPTIONS='
-      line: "OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(',') }}  --loglevel=5\""
+    regexp: '^OPTIONS='
+    line: "OPTIONS=\"--public-master={{ openshift_public_ip }} --nodes={{ openshift_node_ips
+          | join(',') }}  --loglevel={{ openshift_master_debug_level }}\""
   notify:
-    - restart openshift-master
-
-# Open etcd embedded, etcd embedded peer, openshift api, and
-# openshift client ports
-- name: Open firewalld ports for openshift-master
-  firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled
-  with_nested:
-  - [ 4001/tcp, 7001/tcp, 8443/tcp, 8444/tcp ]
-  - [ true, false ]
-
-# Disable previously exposed ports that are no longer needed
-- name: Close firewalld ports for openshift-master that are no longer needed
-  firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled
-  with_nested:
-  - [ 8080/tcp ]
-  - [ true, false ]
+  - restart openshift-master
 
-- name: Enable OpenShift
+- name: Start and enable openshift-master
   service: name=openshift-master enabled=yes state=started
+  when: not openshift_master_manage_service_externally

roles/openshift_master/vars/main.yml

@@ -1,2 +1,2 @@
 ---
-# vars file for openshift_master
+openshift_host_type: master

roles/openshift_node/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
-# defaults file for openshift_node
+openshift_node_manage_service_externally: false
+openshift_node_debug_level: "{{ openshift_debug_level | default(0) }}"

roles/openshift_node/handlers/main.yml

@@ -1,4 +1,4 @@
 ---
-# handlers file for openshift_node
 - name: restart openshift-node
   service: name=openshift-node state=restarted
+  when: not openshift_node_manage_service_externally

roles/openshift_node/meta/main.yml

@@ -1,124 +1,15 @@
 ---
 galaxy_info:
-  author: your name
-  description: 
-  company: your company (optional)
-  # Some suggested licenses:
-  # - BSD (default)
-  # - MIT
-  # - GPLv2
-  # - GPLv3
-  # - Apache
-  # - CC-BY
-  license: license (GPLv2, CC-BY, etc)
-  min_ansible_version: 1.2
-  #
-  # Below are all platforms currently available. Just uncomment
-  # the ones that apply to your role. If you don't see your 
-  # platform on this list, let us know and we'll get it added!
-  #
-  #platforms:
-  #- name: EL
-  #  versions:
-  #  - all
-  #  - 5
-  #  - 6
-  #  - 7
-  #- name: GenericUNIX
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Fedora
-  #  versions:
-  #  - all
-  #  - 16
-  #  - 17
-  #  - 18
-  #  - 19
-  #  - 20
-  #- name: opensuse
-  #  versions:
-  #  - all
-  #  - 12.1
-  #  - 12.2
-  #  - 12.3
-  #  - 13.1
-  #  - 13.2
-  #- name: Amazon
-  #  versions:
-  #  - all
-  #  - 2013.03
-  #  - 2013.09
-  #- name: GenericBSD
-  #  versions:
-  #  - all
-  #  - any
-  #- name: FreeBSD
-  #  versions:
-  #  - all
-  #  - 8.0
-  #  - 8.1
-  #  - 8.2
-  #  - 8.3
-  #  - 8.4
-  #  - 9.0
-  #  - 9.1
-  #  - 9.1
-  #  - 9.2
-  #- name: Ubuntu
-  #  versions:
-  #  - all
-  #  - lucid
-  #  - maverick
-  #  - natty
-  #  - oneiric
-  #  - precise
-  #  - quantal
-  #  - raring
-  #  - saucy
-  #  - trusty
-  #- name: SLES
-  #  versions:
-  #  - all
-  #  - 10SP3
-  #  - 10SP4
-  #  - 11
-  #  - 11SP1
-  #  - 11SP2
-  #  - 11SP3
-  #- name: GenericLinux
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Debian
-  #  versions:
-  #  - all
-  #  - etch
-  #  - lenny
-  #  - squeeze
-  #  - wheezy
-  #
-  # Below are all categories currently available. Just as with
-  # the platforms above, uncomment those that apply to your role.
-  #
-  #categories:
-  #- cloud
-  #- cloud:ec2
-  #- cloud:gce
-  #- cloud:rax
-  #- clustering
-  #- database
-  #- database:nosql
-  #- database:sql
-  #- development
-  #- monitoring
-  #- networking
-  #- packaging
-  #- system
-  #- web
-dependencies: []
-  # List your role dependencies here, one per line. Only
-  # dependencies available via galaxy should be listed here.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.
-  
+  author: Jhon Honce
+  description: OpenShift Node
+  company: Red Hat, Inc.
+  license: ASL 2.0
+  min_ansible_version: 1.7
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- { role: openshift_common }

roles/openshift_node/tasks/main.yml

@@ -1,45 +1,43 @@
 ---
-
-# tasks file for openshift_node
-- name: Install OpenShift
+- name: Install OpenShift Node package
   yum: pkg=openshift-node state=installed
 
-  # fixme: Once openshift stops resolving hostnames for node queries remove this...
-- name: Set hostname to IP Addr (WORKAROUND)
-  hostname: name={{ oo_bind_ip }}
+- name: Set OpenShift node facts
+  include: "{{ role_path | dirname }}/openshift_common/tasks/set_facts.yml"
+  facts:
+  - { section: node, option: debug_level, value: "{{ openshift_node_debug_level }}" }
 
 - local_action: command /usr/bin/mktemp -d /tmp/openshift-ansible-XXXXXXX
   register: mktemp
 
 - name: Retrieve OpenShift Master credentials
-  local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh  -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' root@{{ oo_master_public_ips[0] }}:/var/lib/openshift/openshift.local.certificates/admin/ {{ mktemp.stdout }}
+  local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' root@{{ openshift_master_public_ips[0] }}:/var/lib/openshift/openshift.local.certificates/admin/ {{ mktemp.stdout }}
   ignore_errors: yes
 
 - file: path=/var/lib/openshift/openshift.local.certificates/admin state=directory
 
 - name: Store OpenShift Master credentials
-  local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh  -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' {{ mktemp.stdout }}/ root@{{ oo_public_ip }}:/var/lib/openshift/openshift.local.certificates/admin
+  local_action: command /usr/bin/rsync --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' {{ mktemp.stdout }}/ root@{{ openshift_public_ip }}:/var/lib/openshift/openshift.local.certificates/admin
   ignore_errors: yes
+  # fixme: Once the openshift_cluster playbook is published state should be started
+  # Always bounce service to pick up new credentials
+  notify: restart openshift-node
+
+- local_action: file name={{ mktemp.stdout }} state=absent
+
+- name: Configure firewall for OpenShift Node
+  include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml"
+  allow:
+  - { service: OpenShift kubelet, port: 10250/tcp }
 
 - name: Configure OpenShift Node settings
   lineinfile:
     dest: /etc/sysconfig/openshift-node
-    regexp: "{{ item.regex }}"
-    line: "{{ item.line }}"
-  with_items:
-    - { regex: '^OPTIONS=', line: 'OPTIONS=\"--master=https://{{ oo_master_ips[0] }}:8443  --loglevel=5\"' }
+    regexp: '^OPTIONS='
+    line: "OPTIONS=\"--master=http://{{ openshift_master_ips[0] }}:8080 --loglevel={{ openshift_node_debug_level }}\""
   notify:
-    - restart openshift-node
+  - restart openshift-node
 
-- name: Open firewalld port for OpenShift
-  firewalld: port=10250/tcp permanent=false state=enabled
-
-- name: Save firewalld port for OpenShift
-  firewalld: port=10250/tcp permanent=true state=enabled
-
-  # fixme: Once the openshift_cluster playbook is published state should be started
-  # Always bounce service to pick up new credentials
-- name: Enable OpenShift
-  service: name=openshift-node enabled=yes state=restarted
-
-- local_action: file name={{ mktemp.stdout }} state=absent
+- name: Start and enable openshift-node
+  service: name=openshift-node enabled=yes state=started
+  when: not openshift_node_manage_service_externally

roles/openshift_node/vars/main.yml

@@ -1,2 +1,2 @@
 ---
-# vars file for openshift_node
+openshift_host_type: node