Merge branch 'master' into upgrade33

inventory/byo/hosts.origin.example

@@ -106,11 +106,11 @@ openshift_release=v1.2
 #oreg_url=example.com/openshift3/ose-${component}:${version}
 
 # Origin copr repo
-#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
+#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
 
 # Origin Fedora copr repo
 # Use this if you are installing on Fedora
-#openshift_additional_repos=[{'id': 'fedora-openshift-origin-copr', 'name': 'OpenShift Origin COPR for Fedora', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg'}]
+#openshift_additional_repos=[{'id': 'fedora-openshift-origin-copr', 'name': 'OpenShift Origin COPR for Fedora', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg'}]
 
 # htpasswd auth
 openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
@@ -405,7 +405,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults
 # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot
 # be used with 1.0 and 3.0.
-# openshift_use_dnsmasq=False
+#openshift_use_dnsmasq=False
+# Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf
+# This is useful for POC environments where DNS may not actually be available yet.
+#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf
 
 # Global Proxy Configuration
 # These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment

inventory/byo/hosts.ose.example

@@ -400,7 +400,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults
 # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot
 # be used with 1.0 and 3.0.
-# openshift_use_dnsmasq=False
+#openshift_use_dnsmasq=False
+# Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf
+# This is useful for POC environments where DNS may not actually be available yet.
+#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf
 
 # Global Proxy Configuration
 # These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment

playbooks/common/openshift-cluster/initialize_facts.yml

@@ -1,6 +1,7 @@
 ---
 - name: Initialize host facts
   hosts: oo_all_hosts
+  any_errors_fatal: true
   roles:
   - openshift_facts
   tasks:

playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh

@@ -1,22 +1,22 @@
 #!/bin/bash
 
 # Stop any running containers
-running_container_count=`docker ps -q | wc -l`
-if test $running_container_count -gt 0
+running_container_ids=`docker ps -q`
+if test -n "$running_container_ids"
 then
-    docker stop $(docker ps -q)
+    docker stop $running_container_ids
 fi
 
 # Delete all containers
-container_count=`docker ps -a -q | wc -l`
-if test $container_count -gt 0
+container_ids=`docker ps -a -q`
+if test -n "$container_ids"
 then
-    docker rm -f -v $(docker ps -a -q)
+    docker rm -f -v $container_ids
 fi
 
 # Delete all images (forcefully)
-image_count=`docker images -q | wc -l`
-if test $image_count -gt 0
+image_ids=`docker images -q`
+if test -n "$image_ids"
 then
     # Taken from: https://gist.github.com/brianclements/f72b2de8e307c7b56689#gistcomment-1443144
     docker rmi $(docker images | grep "$2/\|/$2 \| $2 \|$2 \|$2-\|$2_" | awk '{print $1 ":" $2}') 2>/dev/null || echo "No images matching \"$2\" left to purge."

playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh

@@ -1,7 +1,11 @@
 #!/bin/bash
-
-installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ')
-available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ')
+if [ `which dnf 2> /dev/null` ]; then
+  installed=$(dnf repoquery --installed --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null)
+  installed=$(dnf repoquery --available --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null)
+else
+  installed=$(repoquery --plugins --pkgnarrow=installed --qf '%{version}-%{release}' "${@}" 2> /dev/null)
+  available=$(repoquery --plugins --pkgnarrow=available --qf '%{version}-%{release}' "${@}" 2> /dev/null)
+fi
 
 echo "---"
 echo "curr_version: ${installed}"

playbooks/common/openshift-etcd/config.yml

@@ -1,6 +1,7 @@
 ---
 - name: Set etcd facts needed for generating certs
   hosts: oo_etcd_to_config
+  any_errors_fatal: true
   roles:
   - openshift_facts
   tasks:

roles/docker/vars/main.yml

@@ -1,3 +1,2 @@
 ---
-repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}"
 udevw_udevd_dir: /etc/systemd/system/systemd-udevd.service.d

roles/openshift_docker_facts/vars/main.yml

@@ -1,2 +1,2 @@
 ---
-repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}"
+repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"

roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json

@@ -7,8 +7,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "ruby",
-        "creationTimestamp": null
+        "name": "ruby"
       },
       "spec": {
         "tags": [
@@ -23,7 +22,7 @@
             },
             "from": {
               "kind": "ImageStreamTag",
-              "name": "2.2"
+              "name": "2.3"
             }
           },
           {
@@ -55,6 +54,21 @@
               "kind": "DockerImage",
               "name": "centos/ruby-22-centos7:latest"
             }
+          },
+          {
+            "name": "2.3",
+            "annotations": {
+              "description": "Build and run Ruby 2.3 applications",
+              "iconClass": "icon-ruby",
+              "tags": "builder,ruby",
+              "supports": "ruby:2.3,ruby",
+              "version": "2.3",
+              "sampleRepo": "https://github.com/openshift/ruby-ex.git"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "centos/ruby-23-centos7:latest"
+            }
           }
         ]
       }
@@ -63,8 +77,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "nodejs",
-        "creationTimestamp": null
+        "name": "nodejs"
       },
       "spec": {
         "tags": [
@@ -104,8 +117,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "perl",
-        "creationTimestamp": null
+        "name": "perl"
       },
       "spec": {
         "tags": [
@@ -161,8 +173,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "php",
-        "creationTimestamp": null
+        "name": "php"
       },
       "spec": {
         "tags": [
@@ -217,8 +228,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "python",
-        "creationTimestamp": null
+        "name": "python"
       },
       "spec": {
         "tags": [
@@ -233,7 +243,7 @@
             },
             "from": {
               "kind": "ImageStreamTag",
-              "name": "3.4"
+              "name": "3.5"
             }
           },
           {
@@ -280,6 +290,21 @@
               "kind": "DockerImage",
               "name": "centos/python-34-centos7:latest"
             }
+          },
+          {
+            "name": "3.5",
+            "annotations": {
+              "description": "Build and run Python 3.5 applications",
+              "iconClass": "icon-python",
+              "tags": "builder,python",
+              "supports":"python:3.5,python",
+              "version": "3.5",
+              "sampleRepo": "https://github.com/openshift/django-ex.git"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "centos/python-35-centos7:latest"
+            }
           }
         ]
       }
@@ -288,8 +313,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "wildfly",
-        "creationTimestamp": null
+        "name": "wildfly"
       },
       "spec": {
         "tags": [
@@ -359,8 +383,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "mysql",
-        "creationTimestamp": null
+        "name": "mysql"
       },
       "spec": {
         "tags": [
@@ -409,8 +432,43 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "postgresql",
-        "creationTimestamp": null
+        "name": "mariadb"
+      },
+      "spec": {
+        "tags": [
+          {
+            "name": "latest",
+            "annotations": {
+              "description": "Provides a MariaDB database",
+              "iconClass": "icon-mariadb",
+              "tags": "mariadb"
+            },
+            "from": {
+              "kind": "ImageStreamTag",
+              "name": "10.1"
+            }
+          },
+          {
+            "name": "10.1",
+            "annotations": {
+              "description": "Provides a MariaDB v10.1 database",
+              "iconClass": "icon-mariadb",
+              "tags": "mariadb",
+              "version": "10.1"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "centos/mariadb-101-centos7:latest"
+            }
+          }
+        ]
+      }
+    },
+    {
+      "kind": "ImageStream",
+      "apiVersion": "v1",
+      "metadata": {
+        "name": "postgresql"
       },
       "spec": {
         "tags": [
@@ -423,7 +481,7 @@
             },
             "from": {
               "kind": "ImageStreamTag",
-              "name": "9.4"
+              "name": "9.5"
             }
           },
           {
@@ -451,6 +509,19 @@
               "kind": "DockerImage",
               "name": "centos/postgresql-94-centos7:latest"
             }
+          },
+          {
+            "name": "9.5",
+            "annotations": {
+              "description": "Provides a PostgreSQL v9.5 database",
+              "iconClass": "icon-postgresql",
+              "tags": "postgresql",
+              "version": "9.5"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "centos/postgresql-95-centos7:latest"
+            }
           }
         ]
       }
@@ -459,8 +530,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "mongodb",
-        "creationTimestamp": null
+        "name": "mongodb"
       },
       "spec": {
         "tags": [
@@ -473,7 +543,7 @@
             },
             "from": {
               "kind": "ImageStreamTag",
-              "name": "2.6"
+              "name": "3.2"
             }
           },
           {
@@ -501,6 +571,19 @@
               "kind": "DockerImage",
               "name": "centos/mongodb-26-centos7:latest"
             }
+          },
+          {
+            "name": "3.2",
+            "annotations": {
+              "description": "Provides a MongoDB v3.2 database",
+              "iconClass": "icon-mongodb",
+              "tags": "mongodb",
+              "version": "3.2"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "centos/mongodb-32-centos7:latest"
+            }
           }
         ]
       }
@@ -509,8 +592,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "jenkins",
-        "creationTimestamp": null
+        "name": "jenkins"
       },
       "spec": {
         "tags": [

roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-rhel7.json

@@ -7,8 +7,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "ruby",
-        "creationTimestamp": null
+        "name": "ruby"
       },
       "spec": {
         "tags": [
@@ -18,12 +17,12 @@
               "description": "Build and run Ruby applications",
               "iconClass": "icon-ruby",
               "tags": "builder,ruby",
-              "supports": "ruby,ruby",
+              "supports": "ruby",
               "sampleRepo": "https://github.com/openshift/ruby-ex.git"
             },
             "from": {
               "kind": "ImageStreamTag",
-              "name": "2.2"
+              "name": "2.3"
             }
           },
           {
@@ -55,6 +54,21 @@
               "kind": "DockerImage",
               "name": "registry.access.redhat.com/rhscl/ruby-22-rhel7:latest"
             }
+          },
+          {
+            "name": "2.3",
+            "annotations": {
+              "description": "Build and run Ruby 2.3 applications",
+              "iconClass": "icon-ruby",
+              "tags": "builder,ruby",
+              "supports": "ruby:2.3,ruby",
+              "version": "2.3",
+              "sampleRepo": "https://github.com/openshift/ruby-ex.git"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "registry.access.redhat.com/rhscl/ruby-23-rhel7:latest"
+            }
           }
         ]
       }
@@ -63,8 +77,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "nodejs",
-        "creationTimestamp": null
+        "name": "nodejs"
       },
       "spec": {
         "tags": [
@@ -79,7 +92,7 @@
             },
             "from": {
               "kind": "ImageStreamTag",
-              "name": "0.10"
+              "name": "4"
             }
           },
           {
@@ -96,6 +109,21 @@
               "kind": "DockerImage",
               "name": "registry.access.redhat.com/openshift3/nodejs-010-rhel7:latest"
             }
+          },
+          {
+            "name": "4",
+            "annotations": {
+              "description": "Build and run NodeJS 4.x applications",
+              "iconClass": "icon-nodejs",
+              "tags": "builder,nodejs",
+              "supports":"nodejs:4,nodejs",
+              "version": "4",
+              "sampleRepo": "https://github.com/openshift/nodejs-ex.git"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "registry.access.redhat.com/rhscl/nodejs-4-rhel7:latest"
+            }
           }
         ]
       }
@@ -104,8 +132,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "perl",
-        "creationTimestamp": null
+        "name": "perl"
       },
       "spec": {
         "tags": [
@@ -161,8 +188,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "php",
-        "creationTimestamp": null
+        "name": "php"
       },
       "spec": {
         "tags": [
@@ -217,8 +243,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "python",
-        "creationTimestamp": null
+        "name": "python"
       },
       "spec": {
         "tags": [
@@ -233,7 +258,7 @@
             },
             "from": {
               "kind": "ImageStreamTag",
-              "name": "3.4"
+              "name": "3.5"
             }
           },
           {
@@ -280,6 +305,21 @@
               "kind": "DockerImage",
               "name": "registry.access.redhat.com/rhscl/python-34-rhel7:latest"
             }
+          },
+          {
+            "name": "3.5",
+            "annotations": {
+              "description": "Build and run Python 3.5 applications",
+              "iconClass": "icon-python",
+              "tags": "builder,python",
+              "supports":"python:3.5,python",
+              "version": "3.5",
+              "sampleRepo": "https://github.com/openshift/django-ex.git"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "registry.access.redhat.com/rhscl/python-35-rhel7:latest"
+            }
           }
         ]
       }
@@ -288,8 +328,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "mysql",
-        "creationTimestamp": null
+        "name": "mysql"
       },
       "spec": {
         "tags": [
@@ -338,8 +377,43 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "postgresql",
-        "creationTimestamp": null
+        "name": "mariadb"
+      },
+      "spec": {
+        "tags": [
+          {
+            "name": "latest",
+            "annotations": {
+              "description": "Provides a MariaDB database",
+              "iconClass": "icon-mariadb",
+              "tags": "mariadb"
+            },
+            "from": {
+              "kind": "ImageStreamTag",
+              "name": "10.1"
+            }
+          },
+          {
+            "name": "10.1",
+            "annotations": {
+              "description": "Provides a MariaDB v10.1 database",
+              "iconClass": "icon-mariadb",
+              "tags": "mariadb",
+              "version": "10.1"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "registry.access.redhat.com/rhscl/mariadb-101-rhel7:latest"
+            }
+          }
+        ]
+      }
+    },
+    {
+      "kind": "ImageStream",
+      "apiVersion": "v1",
+      "metadata": {
+        "name": "postgresql"
       },
       "spec": {
         "tags": [
@@ -352,7 +426,7 @@
             },
             "from": {
               "kind": "ImageStreamTag",
-              "name": "9.4"
+              "name": "9.5"
             }
           },
           {
@@ -380,6 +454,19 @@
               "kind": "DockerImage",
               "name": "registry.access.redhat.com/rhscl/postgresql-94-rhel7:latest"
             }
+          },
+          {
+            "name": "9.5",
+            "annotations": {
+              "description": "Provides a PostgreSQL v9.5 database",
+              "iconClass": "icon-postgresql",
+              "tags": "postgresql",
+              "version": "9.5"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest"
+            }
           }
         ]
       }
@@ -388,8 +475,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "mongodb",
-        "creationTimestamp": null
+        "name": "mongodb"
       },
       "spec": {
         "tags": [
@@ -402,7 +488,7 @@
             },
             "from": {
               "kind": "ImageStreamTag",
-              "name": "2.6"
+              "name": "3.2"
             }
           },
           {
@@ -430,6 +516,19 @@
               "kind": "DockerImage",
               "name": "registry.access.redhat.com/rhscl/mongodb-26-rhel7:latest"
             }
+          },
+          {
+            "name": "3.2",
+            "annotations": {
+              "description": "Provides a MongoDB v3.2 database",
+              "iconClass": "icon-mongodb",
+              "tags": "mongodb",
+              "version": "3.2"
+            },
+            "from": {
+              "kind": "DockerImage",
+              "name": "registry.access.redhat.com/rhscl/mongodb-32-rhel7:latest"
+            }
           }
         ]
       }
@@ -438,8 +537,7 @@
       "kind": "ImageStream",
       "apiVersion": "v1",
       "metadata": {
-        "name": "jenkins",
-        "creationTimestamp": null
+        "name": "jenkins"
       },
       "spec": {
         "tags": [

roles/openshift_node/tasks/storage_plugins/nfs.yml

@@ -9,3 +9,10 @@
     state: yes
     persistent: yes
   when: ansible_selinux and ansible_selinux.status == "enabled"
+
+- name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
+  seboolean:
+    name: virt_sandbox_use_nfs
+    state: yes
+    persistent: yes
+  when: ansible_selinux and ansible_selinux.status == "enabled"

roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh

@@ -47,11 +47,14 @@ EOF
     # zero out our upstream servers list and feed it into dnsmasq
     echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf
     for ns in ${IP4_NAMESERVERS}; do
-       echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf
+      if [[ ! -z $ns ]]; then
+        echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf
+      fi
     done
     systemctl restart dnsmasq
 
-    sed -i 's/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf
+    sed -i '0,/^nameserver/ s/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf
+
     if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then
       echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> /etc/resolv.conf
     fi

roles/openshift_node_dnsmasq/handlers/main.yml

@@ -1,5 +1,10 @@
 ---
 - name: restart NetworkManager
-  service: 
+  service:
     name: NetworkManager
     state: restarted
+
+- name: restart dnsmasq
+  service:
+    name: dnsmasq
+    state: restarted

roles/openshift_node_dnsmasq/tasks/main.yml

@@ -17,6 +17,17 @@
   template:
     src: origin-dns.conf.j2
     dest: /etc/dnsmasq.d/origin-dns.conf
+  notify: restart dnsmasq
+
+- name: Deploy additional dnsmasq.conf
+  template:
+   src: "{{ openshift_node_dnsmasq_additional_config_file }}"
+   dest: /etc/dnsmasq.d/openshift-ansible.conf
+   owner: root
+   group: root
+   mode: 0644
+  when: openshift_node_dnsmasq_additional_config_file is defined
+  notify: restart dnsmasq
 
 # Dynamic NetworkManager based dispatcher
 - include: ./network-manager.yml

roles/os_firewall/library/os_firewall_manage_iptables.py

@@ -37,14 +37,14 @@ class IpTablesSaveError(IpTablesError):
 
 
 class IpTablesCreateChainError(IpTablesError):
-    def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long
+    def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name
         super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code,
                                                        output)
         self.chain = chain
 
 
 class IpTablesCreateJumpRuleError(IpTablesError):
-    def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long
+    def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name
         super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code,
                                                           output)
         self.chain = chain
@@ -152,11 +152,11 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes
                             continue
                         last_rule_target = rule[1]
 
-                # Naively assume that if the last row is a REJECT rule, then
-                # we can add insert our rule right before it, otherwise we
+                # Naively assume that if the last row is a REJECT or DROP rule,
+                # then we can insert our rule right before it, otherwise we
                 # assume that we can just append the rule.
                 if (last_rule_num and last_rule_target
-                        and last_rule_target == 'REJECT'):
+                        and last_rule_target in ['REJECT', 'DROP']):
                     # insert rule
                     cmd = self.cmd + ['-I', self.jump_rule_chain,
                                       str(last_rule_num)]

roles/rhel_subscribe/tasks/enterprise.yml

@@ -7,7 +7,7 @@
   when: deployment_type == 'enterprise'
 
 - set_fact:
-    default_ose_version: '3.1'
+    default_ose_version: '3.2'
   when: deployment_type in ['atomic-enterprise', 'openshift-enterprise']
 
 - set_fact: