Refactor openshift_hosted plays and role

Currently, openshift_hosted role duplicates some logic
across separate task chains.  This commit cleans up
the openshift_hosted role and converts it to be
primarily used with include_role to give better
logic to the playbooks that utilize this role.

This commit also refactors the playbook that calls
various openshift_hosted roles into individual playbooks.
This allows more granularity for advanced users.

playbooks/common/openshift-cluster/cockpit-ui.yml

@@ -0,0 +1,6 @@
+---
+- name: Create Hosted Resources - cockpit-ui
+  hosts: oo_first_master
+  roles:
+  - role: cockpit-ui
+    when: ( openshift.common.version_gte_3_3_or_1_3  | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool)

playbooks/common/openshift-cluster/create_persistent_volumes.yml

@@ -0,0 +1,9 @@
+---
+- name: Create Hosted Resources - persistent volumes
+  hosts: oo_first_master
+  vars:
+    persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
+    persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
+  roles:
+  - role: openshift_persistent_volumes
+    when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0

playbooks/common/openshift-cluster/openshift_default_storage_class.yml

@@ -0,0 +1,6 @@
+---
+- name: Create Hosted Resources - openshift_default_storage_class
+  hosts: oo_first_master
+  roles:
+  - role: openshift_default_storage_class
+    when: openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')

playbooks/common/openshift-cluster/openshift_hosted.yml

@@ -1,57 +1,18 @@
 ---
-- name: Create persistent volumes
-  hosts: oo_first_master
-  tags:
-  - hosted
-  vars:
-    persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
-    persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
-  roles:
-  - role: openshift_persistent_volumes
-    when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0
-
-- name: Create Hosted Resources
-  hosts: oo_first_master
-  tags:
-  - hosted
-  pre_tasks:
-  - set_fact:
-      openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
-      openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
-    when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
-
-  roles:
-  - role: openshift_default_storage_class
-    when: openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')
-  - role: openshift_hosted
-  - role: openshift_metrics
-    when: openshift_metrics_install_metrics | default(false) | bool
-  - role: openshift_logging
-    when: openshift_logging_install_logging | default(false) | bool
-
-  - role: cockpit-ui
-    when: ( openshift.common.version_gte_3_3_or_1_3  | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool)
-
-  - role: openshift_prometheus
-    when: openshift_hosted_prometheus_deploy | default(false) | bool
-
-- name: Update master-config for publicLoggingURL
-  hosts: oo_masters_to_config:!oo_first_master
-  tags:
-  - hosted
-  pre_tasks:
-  - set_fact:
-      openshift_metrics_hawkular_hostname: "{{ g_metrics_hostname | default('hawkular-metrics.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
-  tasks:
-
-  - block:
-    - include_role:
-        name: openshift_logging
-        tasks_from: update_master_config
-    when: openshift_logging_install_logging | default(false) | bool
-
-  - block:
-    - include_role:
-        name: openshift_metrics
-        tasks_from: update_master_config
-    when: openshift_metrics_install_metrics | default(false) | bool
+- include: create_persistent_volumes.yml
+
+- include: openshift_default_storage_class.yml
+
+- include: openshift_hosted_create_projects.yml
+
+- include: openshift_hosted_router.yml
+
+- include: openshift_hosted_registry.yml
+
+- include: openshift_metrics.yml
+
+- include: openshift_logging.yml
+
+- include: cockpit-ui.yml
+
+- include: openshift_prometheus.yml

playbooks/common/openshift-cluster/openshift_hosted_create_projects.yml

@@ -0,0 +1,7 @@
+---
+- name: Create Hosted Resources - openshift projects
+  hosts: oo_first_master
+  tasks:
+  - include_role:
+      name: openshift_hosted
+      tasks_from: create_projects.yml

playbooks/common/openshift-cluster/openshift_hosted_registry.yml

@@ -0,0 +1,13 @@
+---
+- name: Create Hosted Resources - registry
+  hosts: oo_first_master
+  tasks:
+  - set_fact:
+      openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
+    when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
+  - include_role:
+      name: openshift_hosted
+      tasks_from: registry.yml
+    when:
+    - openshift_hosted_manage_registry | default(True) | bool
+    - openshift_hosted_registry_registryurl is defined

playbooks/common/openshift-cluster/openshift_hosted_router.yml

@@ -0,0 +1,13 @@
+---
+- name: Create Hosted Resources - router
+  hosts: oo_first_master
+  tasks:
+  - set_fact:
+      openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
+    when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
+  - include_role:
+      name: openshift_hosted
+      tasks_from: router.yml
+    when:
+    - openshift_hosted_manage_router | default(True) | bool
+    - openshift_hosted_router_registryurl is defined

playbooks/common/openshift-cluster/openshift_metrics.yml

@@ -2,7 +2,9 @@
 - name: OpenShift Metrics
   hosts: oo_first_master
   roles:
-  - openshift_metrics
+  - role: openshift_metrics
+    when: openshift_metrics_install_metrics | default(false) | bool
+
 
 - name: OpenShift Metrics
   hosts: oo_masters:!oo_first_master
@@ -12,3 +14,4 @@
     include_role:
       name: openshift_metrics
       tasks_from: update_master_config.yaml
+    when: openshift_metrics_install_metrics | default(false) | bool

playbooks/common/openshift-cluster/openshift_prometheus.yml

@@ -1,9 +1,6 @@
 ---
-- include: std_include.yml
-
-- name: OpenShift Prometheus
+- name: Create Hosted Resources - openshift_prometheus
   hosts: oo_first_master
   roles:
-  - openshift_prometheus
-  vars:
-    openshift_prometheus_state: present
+  - role: openshift_prometheus
+    when: openshift_hosted_prometheus_deploy | default(False) | bool

roles/cockpit-ui/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+openshift_config_base: "/etc/origin"
+openshift_master_config_dir: "{{ openshift.common.config_base | default(openshift_config_base) }}/master"

roles/cockpit-ui/tasks/main.yml

@@ -50,7 +50,9 @@
       -n default
     register: deploy_registry_console
     changed_when: "'already exists' not in deploy_registry_console.stderr"
-    failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0"
+    failed_when:
+    - "'already exists' not in deploy_registry_console.stderr"
+    - "deploy_registry_console.rc != 0"
 
   - name: Delete temp directory
     file:

roles/openshift_hosted/defaults/main.yml

@@ -1,14 +1,33 @@
 ---
+##########
+# Common #
+##########
+openshift_hosted_infra_selector: "region=infra"
+r_openshift_hosted_use_calico_default: "{{ openshift_use_calico | default(False) }}"
+r_openshift_hosted_use_calico: "{{ r_openshift_hosted_use_calico_default }}"
+
+openshift_default_projects:
+  default:
+    default_node_selector: ''
+  logging:
+    default_node_selector: ''
+  openshift-infra:
+    default_node_selector: ''
+
+# openshift_additional_projects shares the same format as openshift_default_projects
+openshift_additional_projects: {}
+
+openshift_config_base: "/etc/origin"
+openshift_master_config_dir: "{{ openshift.common.config_base | default(openshift_config_base) }}/master"
+openshift_cluster_domain: 'cluster.local'
+
+##########
+# Router #
+##########
 r_openshift_hosted_router_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
 r_openshift_hosted_router_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
 
-r_openshift_hosted_registry_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
-r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
-
 openshift_hosted_router_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}"
-openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}"
-
-registry_volume_claim: 'registry-claim'
 
 openshift_hosted_router_edits:
 - key: spec.strategy.rollingParams.intervalSeconds
@@ -36,20 +55,49 @@ openshift_hosted_routers:
   certificate: "{{ openshift_hosted_router_certificate | default({}) }}"
 
 openshift_hosted_router_certificate: {}
-openshift_hosted_registry_cert_expire_days: 730
 openshift_hosted_router_create_certificate: True
 
 r_openshift_hosted_router_os_firewall_deny: []
 r_openshift_hosted_router_os_firewall_allow: []
 
+############
+# Registry #
+############
+
+r_openshift_hosted_registry_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
+r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
+
+openshift_hosted_registry_name: docker-registry
+openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}"
+registry_volume_claim: 'registry-claim'
+openshift_hosted_registry_cert_expire_days: 730
+
 r_openshift_hosted_registry_os_firewall_deny: []
 r_openshift_hosted_registry_os_firewall_allow:
 - service: Docker Registry Port
   port: 5000/tcp
   cond: "{{ r_openshift_hosted_use_calico }}"
 
-# NOTE
-# r_openshift_hosted_use_calico_default may be defined external to this role.
-# openshift_use_calico, if defined, may affect other roles or play behavior.
-r_openshift_hosted_use_calico_default: "{{ openshift_use_calico | default(False) }}"
-r_openshift_hosted_use_calico: "{{ r_openshift_hosted_use_calico_default }}"
+openshift_hosted_registry_serviceaccount: registry
+openshift_hosted_registry_volumes: []
+openshift_hosted_registry_env_vars: {}
+
+# These edits are being specified only to prevent 'changed' on rerun
+openshift_hosted_registry_edits:
+- key: spec.strategy.rollingParams
+  value:
+    intervalSeconds: 1
+    maxSurge: "25%"
+    maxUnavailable: "25%"
+    timeoutSeconds: 600
+    updatePeriodSeconds: 1
+  action: put
+
+openshift_hosted_registry_force:
+- False
+
+openshift_push_via_dns: False
+
+# NOTE: settting openshift_docker_hosted_registry_insecure may affect other roles
+openshift_hosted_docker_registry_insecure_default: "{{ openshift_docker_hosted_registry_insecure | default(False) }}"
+openshift_hosted_docker_registry_insecure: "{{ openshift_hosted_docker_registry_insecure_default }}"

roles/openshift_hosted/meta/main.yml

@@ -12,7 +12,6 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- role: openshift_cli
 - role: openshift_hosted_facts
 - role: lib_openshift
 - role: lib_os_firewall

roles/openshift_hosted/tasks/create_projects.yml

@@ -0,0 +1,14 @@
+---
+- name: Create default projects
+  oc_project:
+    name: "{{ item.key }}"
+    node_selector:
+    - "{{ item.value.default_node_selector }}"
+  with_dict: "{{ openshift_default_projects }}"
+
+- name: Create additional projects
+  oc_project:
+    name: "{{ item.key }}"
+    node_selector:
+    - "{{ item.value.default_node_selector }}"
+  with_dict: "{{ openshift_additional_projects }}"

roles/openshift_hosted/tasks/router/firewall.yml

@@ -8,7 +8,7 @@
       protocol: "{{ item.port.split('/')[1] }}"
       port: "{{ item.port.split('/')[0] }}"
     when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_router_os_firewall_allow }}"
+    with_items: "{{ l_openshift_hosted_fw_allow }}"
 
   - name: Remove iptables rules
     os_firewall_manage_iptables:
@@ -17,9 +17,9 @@
       protocol: "{{ item.port.split('/')[1] }}"
       port: "{{ item.port.split('/')[0] }}"
     when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_router_os_firewall_deny }}"
+    with_items: "{{ l_openshift_hosted_fw_deny }}"
 
-- when: r_openshift_hosted_router_firewall_enabled | bool and r_openshift_hosted_router_use_firewalld | bool
+- when: l_openshift_hosted_firewall_enabled | bool and l_openshift_hosted_use_firewalld | bool
   block:
   - name: Add firewalld allow rules
     firewalld:
@@ -28,7 +28,7 @@
       immediate: true
       state: enabled
     when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_router_os_firewall_allow }}"
+    with_items: "{{ l_openshift_hosted_fw_allow }}"
 
   - name: Remove firewalld allow rules
     firewalld:
@@ -37,4 +37,4 @@
       immediate: true
       state: disabled
     when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_router_os_firewall_deny }}"
+    with_items: "{{ l_openshift_hosted_fw_deny }}"

roles/openshift_hosted/tasks/main.yml

@@ -1,13 +1,9 @@
 ---
-- name: Create projects
-  oc_project:
-    name: "{{ item.key }}"
-    node_selector:
-    - "{{ item.value.default_node_selector }}"
-  with_dict: "{{ openshift_projects }}"
-
-- include: router/router.yml
-  when: openshift_hosted_manage_router | default(true) | bool
-
-- include: registry/registry.yml
-  when: openshift_hosted_manage_registry | default(true) | bool
+# This role is intended to be used with include_role.
+# include_role:
+#   name:  openshift_hosted
+#   tasks_from: "{{ item }}"
+# with_items:
+#   - create_projects.yml
+#   - router.yml
+#   - registry.yml

roles/openshift_hosted/tasks/registry/registry.yml

@@ -1,7 +1,11 @@
 ---
 - name: setup firewall
   include: firewall.yml
-  static: yes
+  vars:
+    l_openshift_hosted_firewall_enabled: "{{ r_openshift_hosted_registry_firewall_enabled }}"
+    l_openshift_hosted_use_firewalld: "{{ r_openshift_hosted_registry_use_firewalld }}"
+    l_openshift_hosted_fw_allow: "{{ r_openshift_hosted_registry_os_firewall_allow }}"
+    l_openshift_hosted_fw_deny: "{{ r_openshift_hosted_registry_os_firewall_deny }}"
 
 - when: openshift.hosted.registry.replicas | default(none) is none
   block:
@@ -36,30 +40,14 @@
 - name: set openshift_hosted facts
   set_fact:
     openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}"
-    openshift_hosted_registry_name: docker-registry
-    openshift_hosted_registry_serviceaccount: registry
     openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
     openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}"
     openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
-    openshift_hosted_registry_volumes: []
-    openshift_hosted_registry_env_vars: {}
-    openshift_hosted_registry_edits:
-    # These edits are being specified only to prevent 'changed' on rerun
-    - key: spec.strategy.rollingParams
-      value:
-        intervalSeconds: 1
-        maxSurge: "25%"
-        maxUnavailable: "25%"
-        timeoutSeconds: 600
-        updatePeriodSeconds: 1
-      action: put
-    openshift_hosted_registry_force:
-    - False
 
 - name: Update registry environment variables when pushing via dns
   set_fact:
     openshift_hosted_registry_env_vars: "{{ openshift_hosted_registry_env_vars | combine({'OPENSHIFT_DEFAULT_REGISTRY':'docker-registry.default.svc:5000'}) }}"
-  when: openshift_push_via_dns | default(false) | bool
+  when: openshift_push_via_dns | bool
 
 - name: Update registry proxy settings for dc/docker-registry
   set_fact:
@@ -137,36 +125,17 @@
     edits: "{{ openshift_hosted_registry_edits }}"
     force: "{{ True|bool in openshift_hosted_registry_force }}"
 
-- when: openshift_hosted_registry_wait | bool
-  block:
-  - name: Ensure OpenShift registry correctly rolls out (best-effort today)
-    command: |
-      oc rollout status deploymentconfig {{ openshift_hosted_registry_name }} \
-                        --namespace {{ openshift_hosted_registry_namespace }} \
-                        --config {{ openshift.common.config_base }}/master/admin.kubeconfig
-    async: 600
-    poll: 15
-    failed_when: false
-
-  - name: Determine the latest version of the OpenShift registry deployment
-    command: |
-      {{ openshift.common.client_binary }} get deploymentconfig {{ openshift_hosted_registry_name }} \
-             --namespace {{ openshift_hosted_registry_namespace }} \
-             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-             -o jsonpath='{ .status.latestVersion }'
-    register: openshift_hosted_registry_latest_version
-
-  - name: Sanity-check that the OpenShift registry rolled out correctly
-    command: |
-      {{ openshift.common.client_binary }} get replicationcontroller {{ openshift_hosted_registry_name }}-{{ openshift_hosted_registry_latest_version.stdout }} \
-             --namespace {{ openshift_hosted_registry_namespace }} \
-             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-             -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
-    register: openshift_hosted_registry_rc_phase
-    until: "'Running' not in openshift_hosted_registry_rc_phase.stdout"
-    delay: 15
-    retries: 40
-    failed_when: "'Failed' in openshift_hosted_registry_rc_phase.stdout"
+- name: setup registry list
+  set_fact:
+    r_openshift_hosted_registry_list:
+    - name: "{{ openshift_hosted_registry_name }}"
+      namespace: "{{ openshift_hosted_registry_namespace }}"
+
+- name: Wait for pod (Registry)
+  include: wait_for_pod.yml
+  vars:
+    l_openshift_hosted_wait_for_pod: "{{ openshift_hosted_registry_wait }}"
+    l_openshift_hosted_wfp_items: "{{ r_openshift_hosted_registry_list }}"
 
 - include: storage/glusterfs.yml
   when:

roles/openshift_hosted/tasks/registry/firewall.yml

@@ -1,40 +0,0 @@
----
-- when: r_openshift_hosted_registry_firewall_enabled | bool and not r_openshift_hosted_registry_use_firewalld | bool
-  block:
-  - name: Add iptables allow rules
-    os_firewall_manage_iptables:
-      name: "{{ item.service }}"
-      action: add
-      protocol: "{{ item.port.split('/')[1] }}"
-      port: "{{ item.port.split('/')[0] }}"
-    when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_registry_os_firewall_allow }}"
-
-  - name: Remove iptables rules
-    os_firewall_manage_iptables:
-      name: "{{ item.service }}"
-      action: remove
-      protocol: "{{ item.port.split('/')[1] }}"
-      port: "{{ item.port.split('/')[0] }}"
-    when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_registry_os_firewall_deny }}"
-
-- when: r_openshift_hosted_registry_firewall_enabled | bool and r_openshift_hosted_registry_use_firewalld | bool
-  block:
-  - name: Add firewalld allow rules
-    firewalld:
-      port: "{{ item.port }}"
-      permanent: true
-      immediate: true
-      state: enabled
-    when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_registry_os_firewall_allow }}"
-
-  - name: Remove firewalld allow rules
-    firewalld:
-      port: "{{ item.port }}"
-      permanent: true
-      immediate: true
-      state: disabled
-    when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_registry_os_firewall_deny }}"

roles/openshift_hosted/tasks/router/router.yml

@@ -1,7 +1,11 @@
 ---
 - name: setup firewall
   include: firewall.yml
-  static: yes
+  vars:
+    l_openshift_hosted_firewall_enabled: "{{ r_openshift_hosted_router_firewall_enabled }}"
+    l_openshift_hosted_use_firewalld: "{{ r_openshift_hosted_router_use_firewalld }}"
+    l_openshift_hosted_fw_allow: "{{ r_openshift_hosted_router_os_firewall_allow }}"
+    l_openshift_hosted_fw_deny: "{{ r_openshift_hosted_router_os_firewall_deny }}"
 
 - name: Retrieve list of openshift nodes matching router selector
   oc_obj:
@@ -82,7 +86,7 @@
     replicas: "{{ item.replicas }}"
     namespace: "{{ item.namespace | default('default') }}"
     # This option is not yet implemented
-    # force_subdomain: "{{ openshift.hosted.router.force_subdomain | default(none) }}"
+    # force_subdomain: "{{ openshift_hosted_router_force_subdomain | default(none) }}"
     service_account: "{{ item.serviceaccount | default('router') }}"
     selector: "{{ item.selector | default(none) }}"
     images: "{{ item.images | default(omit) }}"
@@ -94,38 +98,8 @@
     stats_port: "{{ item.stats_port }}"
   with_items: "{{ openshift_hosted_routers }}"
 
-- when: openshift_hosted_router_wait | bool
-  block:
-  - name: Ensure OpenShift router correctly rolls out (best-effort today)
-    command: |
-      {{ openshift.common.client_binary }} rollout status deploymentconfig {{ item.name }} \
-                        --namespace {{ item.namespace | default('default') }} \
-                        --config {{ openshift.common.config_base }}/master/admin.kubeconfig
-    async: 600
-    poll: 15
-    with_items: "{{ openshift_hosted_routers }}"
-    failed_when: false
-
-  - name: Determine the latest version of the OpenShift router deployment
-    command: |
-      {{ openshift.common.client_binary }} get deploymentconfig {{ item.name }} \
-             --namespace {{ item.namespace }} \
-             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-             -o jsonpath='{ .status.latestVersion }'
-    register: openshift_hosted_routers_latest_version
-    with_items: "{{ openshift_hosted_routers }}"
-
-  - name: Poll for OpenShift router deployment success
-    command: |
-      {{ openshift.common.client_binary }} get replicationcontroller {{ item.0.name }}-{{ item.1.stdout }} \
-             --namespace {{ item.0.namespace }} \
-             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-             -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
-    register: openshift_hosted_router_rc_phase
-    until: "'Running' not in openshift_hosted_router_rc_phase.stdout"
-    delay: 15
-    retries: 40
-    failed_when: "'Failed' in openshift_hosted_router_rc_phase.stdout"
-    with_together:
-    - "{{ openshift_hosted_routers }}"
-    - "{{ openshift_hosted_routers_latest_version.results }}"
+- name: Wait for pod (Routers)
+  include: wait_for_pod.yml
+  vars:
+    l_openshift_hosted_wait_for_pod: "{{ openshift_hosted_router_wait }}"
+    l_openshift_hosted_wfp_items: "{{ openshift_hosted_routers }}"

roles/openshift_hosted/tasks/registry/secure.yml

@@ -38,11 +38,11 @@
     - "{{ docker_registry_service.results.clusterip }}"
     - "{{ docker_registry_route.results[0].spec.host }}"
     - "{{ openshift_hosted_registry_name }}.default.svc"
-    - "{{ openshift_hosted_registry_name }}.default.svc.{{ openshift.common.dns_domain }}"
+    - "{{ openshift_hosted_registry_name }}.default.svc.{{ openshift_cluster_domain }}"
     - "{{ openshift_hosted_registry_routehost }}"
     cert: "{{ docker_registry_cert_path }}"
     key: "{{ docker_registry_key_path }}"
-    expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool else omit }}"
+    expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift_deployment_type) | bool else omit }}"
   register: registry_self_cert
   when: docker_registry_self_signed
 

roles/openshift_hosted/tasks/registry/storage/s3.yml

@@ -3,7 +3,7 @@
   assert:
     that:
     - openshift.hosted.registry.storage.s3.bucket | default(none) is not none
-    - openshift.hosted.registry.storage.s3.region | default(none) is not none
+    - openshift.hosted.registry.storage.s3.bucket | default(none) is not none
     msg: |
       When using S3 storage, the following variables are required:
         openshift_hosted_registry_storage_s3_bucket

roles/openshift_hosted/tasks/wait_for_pod.yml

@@ -0,0 +1,36 @@
+---
+- when: l_openshift_hosted_wait_for_pod | default(False) | bool
+  block:
+  - name: Ensure OpenShift pod correctly rolls out (best-effort today)
+    command: |
+      {{ openshift.common.client_binary }} rollout status deploymentconfig {{ item.name }} \
+                        --namespace {{ item.namespace | default('default') }} \
+                        --config {{ openshift_master_config_dir }}/admin.kubeconfig
+    async: 600
+    poll: 15
+    with_items: "{{ l_openshift_hosted_wfp_items }}"
+    failed_when: false
+
+  - name: Determine the latest version of the OpenShift pod deployment
+    command: |
+      {{ openshift.common.client_binary }} get deploymentconfig {{ item.name }} \
+             --namespace {{ item.namespace }} \
+             --config {{ openshift_master_config_dir }}/admin.kubeconfig \
+             -o jsonpath='{ .status.latestVersion }'
+    register: l_openshift_hosted_wfp_latest_version
+    with_items: "{{ l_openshift_hosted_wfp_items }}"
+
+  - name: Poll for OpenShift pod deployment success
+    command: |
+      {{ openshift.common.client_binary }} get replicationcontroller {{ item.0.name }}-{{ item.1.stdout }} \
+             --namespace {{ item.0.namespace }} \
+             --config {{ openshift_master_config_dir }}/admin.kubeconfig \
+             -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
+    register: openshift_hosted_wfp_rc_phase
+    until: "'Running' not in openshift_hosted_wfp_rc_phase.stdout"
+    delay: 15
+    retries: 40
+    failed_when: "'Failed' in openshift_hosted_wfp_rc_phase.stdout"
+    with_together:
+    - "{{ l_openshift_hosted_wfp_items }}"
+    - "{{ l_openshift_hosted_wfp_latest_version.results }}"

roles/openshift_hosted/templates/registry_config.j2

@@ -70,10 +70,8 @@ auth:
   openshift:
     realm: openshift
 middleware:
-{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
   registry:
   - name: openshift
-{% endif %}
   repository:
   - name: openshift
     options:
@@ -87,7 +85,7 @@ middleware:
       baseurl: {{ openshift_hosted_registry_storage_s3_cloudfront_baseurl }}
       privatekey: /etc/origin/cloudfront.pem
       keypairid: {{ openshift_hosted_registry_storage_s3_cloudfront_keypairid }}
-{% elif openshift.common.version_gte_3_3_or_1_3 | bool %}
+{% else %}
   storage:
   - name: openshift
 {% endif -%}

roles/openshift_hosted/vars/main.yml

@@ -1,13 +1,2 @@
 ---
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
 registry_config_secret_name: registry-config
-
-openshift_default_projects:
-  default:
-    default_node_selector: ''
-  logging:
-    default_node_selector: ''
-  openshift-infra:
-    default_node_selector: ''
-
-openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts(openshift_default_projects) }}"