Revert "Bootstrap enhancements."

playbooks/aws/openshift-cluster/prerequisites.yml

@@ -4,3 +4,5 @@
 - include: provision_ssh_keypair.yml
 
 - include: provision_sec_group.yml
+  vars:
+    openshift_aws_node_group_type: compute

playbooks/aws/openshift-cluster/provision_sec_group.yml

@@ -6,7 +6,7 @@
   connection: local
   gather_facts: no
   tasks:
-  - name: create security groups
+  - name: create an instance and prepare for ami
     include_role:
       name: openshift_aws
       tasks_from: security_group.yml

playbooks/common/openshift-master/config.yml

@@ -212,13 +212,6 @@
       tasks_from: master
     when: openshift_use_kuryr | default(false) | bool
 
-  - name: Setup the compute and infra node config maps
-    include_role:
-      name: openshift_node_bootstrap_configmap
-      tasks_from: standard.yml
-    when: openshift_master_bootstrap_enabled | default(false) | bool
-    run_once: True
-
   post_tasks:
   - name: Create group for deployment type
     group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}

roles/openshift_aws/defaults/main.yml

@@ -4,6 +4,7 @@ openshift_aws_create_iam_cert: True
 openshift_aws_create_security_groups: True
 openshift_aws_create_launch_config: True
 openshift_aws_create_scale_group: True
+openshift_aws_node_group_type: master
 
 openshift_aws_wait_for_ssh: True
 
@@ -15,7 +16,7 @@ openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}"
 openshift_aws_iam_cert_name: "{{ openshift_aws_clusterid }}-master-external"
 openshift_aws_iam_cert_path: ''
 openshift_aws_iam_cert_key_path: ''
-openshift_aws_scale_group_basename: "{{ openshift_aws_clusterid }} openshift"
+openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift {{ openshift_aws_node_group_type }}"
 
 openshift_aws_iam_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms"
 openshift_aws_ami: ''
@@ -26,7 +27,7 @@ openshift_aws_ami_name: openshift-gi
 openshift_aws_base_ami_name: ami_base
 
 openshift_aws_launch_config_bootstrap_token: ''
-openshift_aws_launch_config_basename: "{{ openshift_aws_clusterid }}"
+openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}-{{ ansible_date_time.epoch }}"
 
 openshift_aws_users: []
 
@@ -46,19 +47,19 @@ openshift_aws_elb_health_check:
   unhealthy_threshold: 2
   healthy_threshold: 2
 
-openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}"
+openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}"
 openshift_aws_elb_name_dict:
   master:
-    external: "{{ openshift_aws_elb_basename }}-master-external"
-    internal: "{{ openshift_aws_elb_basename }}-master-internal"
+    external: "{{ openshift_aws_elb_basename }}-external"
+    internal: "{{ openshift_aws_elb_basename }}-internal"
   infra:
-    external: "{{ openshift_aws_elb_basename }}-infra"
+    external: "{{ openshift_aws_elb_basename }}"
 
 openshift_aws_elb_idle_timout: 400
 openshift_aws_elb_scheme: internet-facing
 openshift_aws_elb_cert_arn: ''
 
-openshift_aws_elb_dict:
+openshift_aws_elb_listeners:
   master:
     external:
     - protocol: tcp
@@ -111,15 +112,11 @@ openshift_aws_node_group_replace_instances: []
 openshift_aws_node_group_replace_all_instances: False
 openshift_aws_node_group_config_extra_labels: {}
 
-openshift_aws_ami_map:
-  master: "{{ openshift_aws_ami }}"
-  infra: "{{ openshift_aws_ami }}"
-  compute: "{{ openshift_aws_ami }}"
-
-openshift_aws_master_group_config:
-  # The 'master' key is always required here.
+openshift_aws_node_group_config:
+  tags: "{{ openshift_aws_node_group_config_tags }}"
   master:
     instance_type: m4.xlarge
+    ami: "{{ openshift_aws_ami }}"
     volumes: "{{ openshift_aws_node_group_config_master_volumes }}"
     health_check:
       period: 60
@@ -135,12 +132,10 @@ openshift_aws_master_group_config:
     wait_for_instances: True
     termination_policy: "{{ openshift_aws_node_group_termination_policy }}"
     replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}"
-    elbs: "{{ openshift_aws_elb_name_dict['master'].keys()| map('extract', openshift_aws_elb_name_dict['master']) | list }}"
-
-openshift_aws_node_group_config:
-  # The 'compute' key is always required here.
+    elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}"
   compute:
     instance_type: m4.xlarge
+    ami: "{{ openshift_aws_ami }}"
     volumes: "{{ openshift_aws_node_group_config_node_volumes }}"
     health_check:
       period: 60
@@ -155,9 +150,9 @@ openshift_aws_node_group_config:
       type: compute
     termination_policy: "{{ openshift_aws_node_group_termination_policy }}"
     replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}"
-  # The 'infra' key is always required here.
   infra:
     instance_type: m4.xlarge
+    ami: "{{ openshift_aws_ami }}"
     volumes: "{{ openshift_aws_node_group_config_node_volumes }}"
     health_check:
       period: 60
@@ -172,31 +167,22 @@ openshift_aws_node_group_config:
       type: infra
     termination_policy: "{{ openshift_aws_node_group_termination_policy }}"
     replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}"
-    elbs: "{{ openshift_aws_elb_name_dict['infra'].keys()| map('extract', openshift_aws_elb_name_dict['infra']) | list }}"
+    elbs: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type].keys()| map('extract', openshift_aws_elb_name_dict[openshift_aws_node_group_type]) | list }}"
 
-openshift_aws_elb_tags: "{{ openshift_aws_kube_tags }}"
+openshift_aws_elb_tags: "{{ openshift_aws_clusterid | build_instance_tags }}"
 openshift_aws_elb_az_load_balancing: False
 
-openshift_aws_kube_tags: "{{ openshift_aws_clusterid | build_instance_tags }}"
-
-openshift_aws_elb_security_groups: "{{ openshift_aws_launch_config_security_groups }}"
-
-openshift_aws_launch_config_security_groups:
-  compute:
-  - "{{ openshift_aws_clusterid }}"  # default sg
-  - "{{ openshift_aws_clusterid }}_compute"  # node type sg
-  - "{{ openshift_aws_clusterid }}_compute_k8s"  # node type sg k8s
-  infra:
-  - "{{ openshift_aws_clusterid }}"  # default sg
-  - "{{ openshift_aws_clusterid }}_infra"  # node type sg
-  - "{{ openshift_aws_clusterid }}_infra_k8s"  # node type sg k8s
-  master:
-  - "{{ openshift_aws_clusterid }}"  # default sg
-  - "{{ openshift_aws_clusterid }}_master"  # node type sg
-  - "{{ openshift_aws_clusterid }}_master_k8s"  # node type sg k8s
+openshift_aws_elb_security_groups:
+- "{{ openshift_aws_clusterid }}"  # default sg
+- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}"  # node type sg
+- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s"  # node type sg k8s
 
-openshift_aws_security_groups_tags: "{{ openshift_aws_kube_tags }}"
+openshift_aws_elb_instance_filter:
+  "tag:clusterid": "{{ openshift_aws_clusterid }}"
+  "tag:host-type": "{{ openshift_aws_node_group_type }}"
+  instance-state-name: running
 
+openshift_aws_security_groups_tags: "{{ openshift_aws_clusterid | build_instance_tags }}"
 openshift_aws_node_security_groups:
   default:
     name: "{{ openshift_aws_clusterid }}"
@@ -265,18 +251,3 @@ openshift_aws_vpc:
 openshift_aws_node_run_bootstrap_startup: True
 openshift_aws_node_user_data: ''
 openshift_aws_node_config_namespace: openshift-node
-
-# If creating extra node groups, you'll need to define all of the following
-
-# The format is the same as openshift_aws_node_group_config, but the top-level
-# key names should be different (ie, not == master or infra).
-# openshift_aws_node_group_config_extra: {}
-
-# This variable should look like openshift_aws_launch_config_security_groups
-# and contain a one-to-one mapping of top level keys that are defined in
-# openshift_aws_node_group_config_extra.
-# openshift_aws_launch_config_security_groups_extra: {}
-
-# openshift_aws_node_security_groups_extra: {}
-
-# openshift_aws_ami_map_extra: {}

roles/openshift_aws/tasks/build_node_group.yml

@@ -1,6 +1,4 @@
 ---
-# This task file expects l_nodes_to_build to be passed in.
-
 # When openshift_aws_use_custom_ami is '' then
 # we retrieve the latest build AMI.
 # Then set openshift_aws_ami to the ami.
@@ -23,12 +21,10 @@
     - "'results' in amiout"
     - amiout.results|length > 0
 
-# Need to set epoch time in one place to use for launch_config and scale_group
-- set_fact:
-    l_epoch_time: "{{ ansible_date_time.epoch }}"
-
 - when: openshift_aws_create_launch_config
+  name: "Create {{ openshift_aws_node_group_type }} launch config"
   include: launch_config.yml
 
 - when: openshift_aws_create_scale_group
+  name: "Create {{ openshift_aws_node_group_type }} node group"
   include: scale_group.yml

roles/openshift_aws/tasks/elb.yml

@@ -1,24 +1,45 @@
 ---
-- name: "dump the elb listeners for {{ l_elb_dict_item.key }}"
+- name: query vpc
+  ec2_vpc_net_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      'tag:Name': "{{ openshift_aws_vpc_name }}"
+  register: vpcout
+
+- name: debug
+  debug: var=vpcout
+
+- name: fetch the default subnet id
+  ec2_vpc_subnet_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      "tag:Name": "{{ openshift_aws_subnet_name }}"
+      vpc-id: "{{ vpcout.vpcs[0].id }}"
+  register: subnetout
+
+- name: dump the elb listeners
   debug:
-    msg: "{{ l_elb_dict_item.value }}"
+    msg: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction]
+                   if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type
+                   else openshift_aws_elb_listeners }}"
 
-- name: "Create ELB {{ l_elb_dict_item.key }}"
+- name: "Create ELB {{ l_openshift_aws_elb_name }}"
   ec2_elb_lb:
-    name: "{{ l_openshift_aws_elb_name_dict[l_elb_dict_item.key][item.key] }}"
+    name: "{{ l_openshift_aws_elb_name }}"
     state: present
     cross_az_load_balancing: "{{ openshift_aws_elb_az_load_balancing }}"
-    security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
+    security_group_names: "{{ openshift_aws_elb_security_groups }}"
     idle_timeout: "{{ openshift_aws_elb_idle_timout }}"
     region: "{{ openshift_aws_region }}"
     subnets:
     - "{{ subnetout.subnets[0].id }}"
     health_check: "{{ openshift_aws_elb_health_check }}"
-    listeners: "{{ item.value }}"
+    listeners: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction]
+                   if 'master' in openshift_aws_node_group_type  or 'infra' in openshift_aws_node_group_type
+                   else openshift_aws_elb_listeners }}"
     scheme: "{{ openshift_aws_elb_scheme }}"
     tags: "{{ openshift_aws_elb_tags }}"
   register: new_elb
-  with_dict: "{{ l_elb_dict_item.value }}"
 
 - debug:
     msg: "{{ item }}"

roles/openshift_aws/tasks/launch_config.yml

@@ -9,7 +9,31 @@
   when:
   - openshift_deployment_type is undefined
 
-- include: launch_config_create.yml
-  with_dict: "{{ l_nodes_to_build }}"
-  loop_control:
-    loop_var: launch_config_item
+- name: query vpc
+  ec2_vpc_net_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      'tag:Name': "{{ openshift_aws_vpc_name }}"
+  register: vpcout
+
+- name: fetch the security groups for launch config
+  ec2_group_facts:
+    filters:
+      group-name: "{{ openshift_aws_elb_security_groups }}"
+      vpc-id: "{{ vpcout.vpcs[0].id }}"
+    region: "{{ openshift_aws_region }}"
+  register: ec2sgs
+
+# Create the scale group config
+- name: Create the node scale group launch config
+  ec2_lc:
+    name: "{{ openshift_aws_launch_config_name }}"
+    region: "{{ openshift_aws_region }}"
+    image_id: "{{ openshift_aws_ami }}"
+    instance_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].instance_type }}"
+    security_groups: "{{ openshift_aws_launch_config_security_group_id  | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}"
+    user_data: "{{ lookup('template', 'user_data.j2') }}"
+    key_name: "{{ openshift_aws_ssh_key_name }}"
+    ebs_optimized: False
+    volumes: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].volumes }}"
+    assign_public_ip: True

roles/openshift_aws/tasks/launch_config_create.yml

@@ -1,22 +0,0 @@
----
-- name: fetch the security groups for launch config
-  ec2_group_facts:
-    filters:
-      group-name: "{{ l_launch_config_security_groups[launch_config_item.key] }}"
-      vpc-id: "{{ vpcout.vpcs[0].id }}"
-    region: "{{ openshift_aws_region }}"
-  register: ec2sgs
-
-# Create the scale group config
-- name: Create the node scale group launch config
-  ec2_lc:
-    name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}-{{ l_epoch_time }}"
-    region: "{{ openshift_aws_region }}"
-    image_id: "{{ l_aws_ami_map[launch_config_item.key] | default(openshift_aws_ami) }}"
-    instance_type: "{{ launch_config_item.value.instance_type }}"
-    security_groups: "{{ openshift_aws_launch_config_security_group_id  | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}"
-    user_data: "{{ lookup('template', 'user_data.j2') }}"
-    key_name: "{{ openshift_aws_ssh_key_name }}"
-    ebs_optimized: False
-    volumes: "{{ launch_config_item.value.volumes }}"
-    assign_public_ip: True

roles/openshift_aws/tasks/master_facts.yml

@@ -3,7 +3,7 @@
   ec2_elb_facts:
     region: "{{ openshift_aws_region }}"
     names:
-    - "{{ openshift_aws_elb_name_dict['master']['internal'] }}"
+    - "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}"
   delegate_to: localhost
   register: elbs
 

roles/openshift_aws/tasks/provision.yml

@@ -7,30 +7,47 @@
   name: create s3 bucket for registry
   include: s3.yml
 
-- include: vpc_and_subnet_id.yml
+- when: openshift_aws_create_security_groups
+  block:
+  - name: "Create {{ openshift_aws_node_group_type }} security groups"
+    include: security_group.yml
 
-- name: create elbs
+  - name: "Create {{ openshift_aws_node_group_type }} security groups"
+    include: security_group.yml
+    vars:
+      openshift_aws_node_group_type: infra
+
+- name: create our master internal load balancer
+  include: elb.yml
+  vars:
+    openshift_aws_elb_direction: internal
+    openshift_aws_elb_scheme: internal
+    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['internal'] }}"
+
+- name: create our master external load balancer
   include: elb.yml
-  with_dict: "{{ openshift_aws_elb_dict }}"
   vars:
-    l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}"
-    l_openshift_aws_elb_name_dict: "{{ openshift_aws_elb_name_dict }}"
-  loop_control:
-    loop_var: l_elb_dict_item
+    openshift_aws_elb_direction: external
+    openshift_aws_elb_scheme: internet-facing
+    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict[openshift_aws_node_group_type]['external'] }}"
+
+- name: create our infra node external load balancer
+  include: elb.yml
+  vars:
+    l_openshift_aws_elb_name: "{{ openshift_aws_elb_name_dict['infra']['external'] }}"
+    openshift_aws_elb_direction: external
+    openshift_aws_elb_scheme: internet-facing
+    openshift_aws_node_group_type: infra
 
 - name: include scale group creation for master
   include: build_node_group.yml
-  vars:
-    l_nodes_to_build: "{{ openshift_aws_master_group_config }}"
-    l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}"
-    l_aws_ami_map: "{{ openshift_aws_ami_map }}"
 
 - name: fetch newly created instances
   ec2_remote_facts:
     region: "{{ openshift_aws_region }}"
     filters:
       "tag:clusterid": "{{ openshift_aws_clusterid }}"
-      "tag:host-type": "master"
+      "tag:host-type": "{{ openshift_aws_node_group_type }}"
       instance-state-name: running
   register: instancesout
   retries: 20

roles/openshift_aws/tasks/provision_instance.yml

@@ -3,7 +3,20 @@
   set_fact:
     openshift_node_bootstrap: True
 
-- include: vpc_and_subnet_id.yml
+- name: query vpc
+  ec2_vpc_net_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      'tag:Name': "{{ openshift_aws_vpc_name }}"
+  register: vpcout
+
+- name: fetch the default subnet id
+  ec2_vpc_subnet_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      "tag:Name": "{{ openshift_aws_subnet_name }}"
+      vpc-id: "{{ vpcout.vpcs[0].id }}"
+  register: subnetout
 
 - name: create instance for ami creation
   ec2:

roles/openshift_aws/tasks/provision_nodes.yml

@@ -25,23 +25,19 @@
   set_fact:
     openshift_aws_launch_config_bootstrap_token: "{{ bootstrap['content'] | b64decode }}"
 
-- include: vpc_and_subnet_id.yml
-
-- name: include build compute and infra node groups
+- name: include build node group for infra
   include: build_node_group.yml
   vars:
-    l_nodes_to_build: "{{ openshift_aws_node_group_config }}"
-    l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}"
-    l_aws_ami_map: "{{ openshift_aws_ami_map }}"
+    openshift_aws_node_group_type: infra
+    openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift infra"
+    openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-infra-{{ ansible_date_time.epoch }}"
 
-- name: include build node group for extra nodes
+- name: include build node group for compute
   include: build_node_group.yml
-  when: openshift_aws_node_group_config_extra is defined
   vars:
-    l_nodes_to_build: "{{ openshift_aws_node_group_config_extra | default({}) }}"
-    l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups_extra }}"
-    l_aws_ami_map: "{{ openshift_aws_ami_map_extra }}"
-
+    openshift_aws_node_group_type: compute
+    openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift compute"
+    openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-compute-{{ ansible_date_time.epoch }}"
 
 - when: openshift_aws_wait_for_ssh | bool
   block:

roles/openshift_aws/tasks/scale_group.yml

@@ -1,4 +1,11 @@
 ---
+- name: query vpc
+  ec2_vpc_net_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      'tag:Name': "{{ openshift_aws_vpc_name }}"
+  register: vpcout
+
 - name: fetch the subnet to use in scale group
   ec2_vpc_subnet_facts:
     region: "{{ openshift_aws_region }}"
@@ -9,20 +16,19 @@
 
 - name: Create the scale group
   ec2_asg:
-    name: "{{ openshift_aws_scale_group_basename }} {{ item.key }}"
-    launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}-{{ l_epoch_time }}"
-    health_check_period: "{{ item.value.health_check.period }}"
-    health_check_type: "{{ item.value.health_check.type }}"
-    min_size: "{{ item.value.min_size }}"
-    max_size: "{{ item.value.max_size }}"
-    desired_capacity: "{{ item.value.desired_size }}"
+    name: "{{ openshift_aws_scale_group_name }}"
+    launch_config_name: "{{ openshift_aws_launch_config_name }}"
+    health_check_period: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.period }}"
+    health_check_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.type }}"
+    min_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].min_size }}"
+    max_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].max_size }}"
+    desired_capacity: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].desired_size }}"
     region: "{{ openshift_aws_region }}"
-    termination_policies: "{{ item.value.termination_policy if 'termination_policy' in  item.value else omit }}"
-    load_balancers: "{{ item.value.elbs if 'elbs' in item.value else omit }}"
-    wait_for_instances: "{{ item.value.wait_for_instances | default(False)}}"
+    termination_policies: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].termination_policy if 'termination_policy' in  openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}"
+    load_balancers: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].elbs if 'elbs' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}"
+    wait_for_instances: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].wait_for_instances | default(False)}}"
     vpc_zone_identifier: "{{ subnetout.subnets[0].id }}"
     replace_instances: "{{ openshift_aws_node_group_replace_instances if openshift_aws_node_group_replace_instances != [] else omit }}"
-    replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (item.value.replace_all_instances | default(omit)) }}"
+    replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (openshift_aws_node_group_config[openshift_aws_node_group_type].replace_all_instances | default(omit)) }}"
     tags:
-    - "{{ openshift_aws_node_group_config_tags | combine(item.value.tags) }}"
-  with_dict: "{{ l_nodes_to_build }}"
+    - "{{ openshift_aws_node_group_config.tags | combine(openshift_aws_node_group_config[openshift_aws_node_group_type].tags) }}"

roles/openshift_aws/tasks/security_group.yml

@@ -6,11 +6,39 @@
       "tag:Name": "{{ openshift_aws_clusterid }}"
   register: vpcout
 
-- include: security_group_create.yml
-  vars:
-    l_security_groups: "{{ openshift_aws_node_security_groups }}"
+- name: Create default security group for cluster
+  ec2_group:
+    name: "{{ openshift_aws_node_security_groups.default.name }}"
+    description: "{{ openshift_aws_node_security_groups.default.desc }}"
+    region: "{{ openshift_aws_region }}"
+    vpc_id: "{{ vpcout.vpcs[0].id }}"
+    rules: "{{ openshift_aws_node_security_groups.default.rules | default(omit, True)}}"
+  register: sg_default_created
+
+- name: create the node group sgs
+  ec2_group:
+    name: "{{ item.name}}"
+    description: "{{ item.desc }}"
+    rules: "{{ item.rules if 'rules' in item else [] }}"
+    region: "{{ openshift_aws_region }}"
+    vpc_id: "{{ vpcout.vpcs[0].id }}"
+  register: sg_create
+  with_items:
+  - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}"
 
-- include: security_group_create.yml
-  when: openshift_aws_node_security_groups_extra is defined
-  vars:
-    l_security_groups: "{{ openshift_aws_node_security_groups_extra | default({}) }}"
+- name: create the k8s sgs for the node group
+  ec2_group:
+    name: "{{ item.name }}_k8s"
+    description: "{{ item.desc }} for k8s"
+    region: "{{ openshift_aws_region }}"
+    vpc_id: "{{ vpcout.vpcs[0].id }}"
+  register: k8s_sg_create
+  with_items:
+  - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}"
+
+- name: tag sg groups with proper tags
+  ec2_tag:
+    tags: "{{ openshift_aws_security_groups_tags }}"
+    resource: "{{ item.group_id }}"
+    region: "{{ openshift_aws_region }}"
+  with_items: "{{ k8s_sg_create.results }}"

roles/openshift_aws/tasks/security_group_create.yml

@@ -1,25 +0,0 @@
----
-- name: create the node group sgs
-  ec2_group:
-    name: "{{ item.value.name}}"
-    description: "{{ item.value.desc }}"
-    rules: "{{ item.value.rules if 'rules' in item.value else [] }}"
-    region: "{{ openshift_aws_region }}"
-    vpc_id: "{{ vpcout.vpcs[0].id }}"
-  with_dict: "{{ l_security_groups }}"
-
-- name: create the k8s sgs for the node group
-  ec2_group:
-    name: "{{ item.value.name }}_k8s"
-    description: "{{ item.value.desc }} for k8s"
-    region: "{{ openshift_aws_region }}"
-    vpc_id: "{{ vpcout.vpcs[0].id }}"
-  with_dict: "{{ l_security_groups }}"
-  register: k8s_sg_create
-
-- name: tag sg groups with proper tags
-  ec2_tag:
-    tags: "{{ openshift_aws_security_groups_tags }}"
-    resource: "{{ item.group_id }}"
-    region: "{{ openshift_aws_region }}"
-  with_items: "{{ k8s_sg_create.results }}"

roles/openshift_aws/tasks/vpc_and_subnet_id.yml

@@ -1,18 +0,0 @@
----
-- name: query vpc
-  ec2_vpc_net_facts:
-    region: "{{ openshift_aws_region }}"
-    filters:
-      'tag:Name': "{{ openshift_aws_vpc_name }}"
-  register: vpcout
-
-- name: debug
-  debug: var=vpcout
-
-- name: fetch the default subnet id
-  ec2_vpc_subnet_facts:
-    region: "{{ openshift_aws_region }}"
-    filters:
-      "tag:Name": "{{ openshift_aws_subnet_name }}"
-      vpc-id: "{{ vpcout.vpcs[0].id }}"
-  register: subnetout

roles/openshift_aws/templates/user_data.j2

@@ -7,8 +7,8 @@ write_files:
   owner: 'root:root'
   permissions: '0640'
   content: |
-    openshift_group_type: {{ launch_config_item.key }}
-{%   if launch_config_item.key != 'master' %}
+    openshift_group_type: {{ openshift_aws_node_group_type }}
+{%   if openshift_aws_node_group_type != 'master' %}
 - path: /etc/origin/node/bootstrap.kubeconfig
   owner: 'root:root'
   permissions: '0640'
@@ -19,7 +19,7 @@ runcmd:
 {%     if openshift_aws_node_run_bootstrap_startup %}
 - [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml]
 {%     endif %}
-{%     if launch_config_item.key != 'master' %}
+{%     if openshift_aws_node_group_type != 'master' %}
 - [ systemctl, enable, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node]
 - [ systemctl, start, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node]
 {%     endif %}

roles/openshift_master/defaults/main.yml

@@ -26,6 +26,7 @@ default_r_openshift_master_os_firewall_allow:
   cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
 r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"
 
+
 # oreg_url is defined by user input
 oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
 oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker"
@@ -59,7 +60,7 @@ r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_p
 openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}"
 openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}"
 
-openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}"
+openshift_master_config_dir_default: "{{ (openshift.common.config_base | default('/etc/origin/master')) ~ '/master' }}"
 openshift_master_config_dir: "{{ openshift_master_config_dir_default }}"
 openshift_master_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}"
 
@@ -70,6 +71,8 @@ openshift_master_node_config_kubeletargs_mem: 512M
 
 openshift_master_bootstrap_enabled: False
 
+openshift_master_client_binary: "{{ openshift.common.client_binary if openshift is defined else 'oc' }}"
+
 openshift_master_config_imageconfig_format: "{{ openshift.node.registry_url }}"
 
 # these are for the default settings in a generated node-config.yaml
@@ -141,5 +144,3 @@ openshift_master_node_configs:
 - "{{ openshift_master_node_config_compute }}"
 
 openshift_master_bootstrap_namespace: openshift-node
-openshift_master_csr_sa: node-bootstrapper
-openshift_master_csr_namespace: openshift-infra

roles/openshift_master/tasks/bootstrap.yml

@@ -2,8 +2,7 @@
 # TODO: create a module for this command.
 # oc_serviceaccounts_kubeconfig
 - name: create service account kubeconfig with csr rights
-  command: >
-    oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }}
+  command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
   register: kubeconfig_out
   until: kubeconfig_out.rc == 0
   retries: 24
@@ -13,3 +12,67 @@
   copy:
     content: "{{ kubeconfig_out.stdout }}"
     dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"
+
+- name: create a temp dir for this work
+  command: mktemp -d /tmp/openshift_node_config-XXXXXX
+  register: mktempout
+  run_once: true
+
+# This generate is so that we do not have to maintain
+# our own copy of the template.  This is generated by
+# the product and the following settings will be
+# generated by the master
+- name: generate a node-config dynamically
+  command: >
+    {{ openshift_master_client_binary }} adm create-node-config
+    --node-dir={{ mktempout.stdout }}/
+    --node=CONFIGMAP
+    --hostnames=test
+    --dns-ip=0.0.0.0
+    --certificate-authority={{ openshift_master_config_dir }}/ca.crt
+    --signer-cert={{ openshift_master_config_dir }}/ca.crt
+    --signer-key={{ openshift_master_config_dir }}/ca.key
+    --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt
+    --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt
+  register: configgen
+  run_once: true
+
+- name: remove the default settings
+  yedit:
+    state: "{{ item.state | default('present') }}"
+    src: "{{ mktempout.stdout }}/node-config.yaml"
+    key: "{{ item.key }}"
+    value: "{{ item.value | default(omit) }}"
+  with_items: "{{ openshift_master_node_config_default_edits }}"
+  run_once: true
+
+- name: copy the generated config into each group
+  copy:
+    src: "{{ mktempout.stdout }}/node-config.yaml"
+    remote_src: true
+    dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
+  with_items: "{{ openshift_master_node_configs }}"
+  run_once: true
+
+- name: "specialize the generated configs for node-config-{{ item.type }}"
+  yedit:
+    src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
+    edits: "{{ item.edits }}"
+  with_items: "{{ openshift_master_node_configs }}"
+  run_once: true
+
+- name: create node-config.yaml configmap
+  oc_configmap:
+    name: "node-config-{{ item.type }}"
+    namespace: "{{ openshift_master_bootstrap_namespace }}"
+    from_file:
+      node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
+  with_items: "{{ openshift_master_node_configs }}"
+  run_once: true
+
+- name: remove templated files
+  file:
+    dest: "{{ mktempout.stdout }}/"
+    state: absent
+  with_items: "{{ openshift_master_node_configs }}"
+  run_once: true

roles/openshift_master/tasks/bootstrap_settings.yml

@@ -1,14 +0,0 @@
----
-- name: modify controller args
-  yedit:
-    src: /etc/origin/master/master-config.yaml
-    edits:
-    - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
-      value:
-      - /etc/origin/master/ca.crt
-    - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
-      value:
-      - /etc/origin/master/ca.key
-  notify:
-  - restart master controllers
-  when: openshift_master_bootstrap_enabled | default(False)

roles/openshift_master/tasks/main.yml

@@ -218,7 +218,18 @@
   - restart master api
   - restart master controllers
 
-- include: bootstrap_settings.yml
+- name: modify controller args
+  yedit:
+    src: /etc/origin/master/master-config.yaml
+    edits:
+    - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
+      value:
+      - /etc/origin/master/ca.crt
+    - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
+      value:
+      - /etc/origin/master/ca.key
+  notify:
+  - restart master controllers
   when: openshift_master_bootstrap_enabled | default(False)
 
 - include: set_loopback_context.yml

roles/openshift_node_bootstrap_configmap/defaults/main.yml

@@ -1,15 +0,0 @@
----
-openshift_node_bootstrap_configmap_custom_labels: []
-openshift_node_bootstrap_configmap_edits: []
-openshift_node_bootstrap_configmap_name: node-config-compute
-openshift_node_bootstrap_configmap_namespace: openshift-node
-openshift_node_bootstrap_configmap_default_labels:
-- type=compute
-
-openshift_imageconfig_format: "{{ openshift.node.registry_url if openshift is defined and 'node' in openshift else oreg_url  }}"
-openshift_node_bootstrap_configmap_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}"
-openshift_node_bootstrap_configmap_network_plugin_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}"
-openshift_node_bootstrap_configmap_network_plugin: "{{ openshift_node_bootstrap_configmap_network_plugin_default }}"
-openshift_node_bootstrap_configmap_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}"
-openshift_node_bootstrap_configmap_node_data_dir: "{{ openshift_node_bootstrap_configmap_node_data_dir_default }}"
-openshift_node_bootstrap_configmap_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) }}"

roles/openshift_node_bootstrap_configmap/meta/main.yml

@@ -1,4 +0,0 @@
----
-dependencies:
-- role: lib_openshift
-- role: lib_utils

roles/openshift_node_bootstrap_configmap/tasks/create_config.yml

@@ -1,32 +0,0 @@
----
-- name: create a temp dir for this work
-  command: mktemp -d /tmp/openshift_node_config-XXXXXX
-  register: mktempout
-  run_once: true
-
-- name: create node config template
-  template:
-    src: node-config.yaml.j2
-    dest: "{{ mktempout.stdout }}/node-config.yaml"
-
-- name: "specialize the generated configs for {{ openshift_node_bootstrap_configmap_name }}"
-  yedit:
-    content:
-    src: "{{ mktempout.stdout }}/node-config.yaml"
-    edits: "{{ openshift_node_bootstrap_configmap_edits }}"
-  when: openshift_node_bootstrap_configmap_edits|length > 0
-  run_once: true
-
-- name: create node-config.yaml configmap
-  oc_configmap:
-    name: "{{ openshift_node_bootstrap_configmap_name }}"
-    namespace: "{{ openshift_node_bootstrap_configmap_namespace }}"
-    from_file:
-      node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml"
-  run_once: true
-
-- name: remove templated files
-  file:
-    dest: "{{ mktempout.stdout }}/"
-    state: absent
-  run_once: true

roles/openshift_node_bootstrap_configmap/tasks/standard.yml

@@ -1,12 +0,0 @@
----
-- name: Build an infra node configmap
-  include: create_config.yml
-  vars:
-    openshift_node_bootstrap_configmap_name: node-config-infra
-  static: true
-
-- name: Build an infra node configmap
-  include: create_config.yml
-  vars:
-    openshift_node_bootstrap_configmap_name: node-config-compute
-  static: true

roles/openshift_node_bootstrap_configmap/templates/node-config.yaml.j2

@@ -1,53 +0,0 @@
-allowDisabledDocker: false
-apiVersion: v1
-authConfig:
-  authenticationCacheSize: 1000
-  authenticationCacheTTL: 5m
-  authorizationCacheSize: 1000
-  authorizationCacheTTL: 5m
-dnsBindAddress: "127.0.0.1:53"
-dnsDomain: cluster.local
-dnsIP: 0.0.0.0
-dnsNameservers: null
-dnsRecursiveResolvConf: /etc/origin/node/resolv.conf
-dockerConfig:
-  dockerShimRootDirectory: /var/lib/dockershim
-  dockerShimSocket: /var/run/dockershim.sock
-  execHandlerName: native
-enableUnidling: true
-imageConfig:
-  format: "{{ openshift_imageconfig_format }}"
-  latest: false
-iptablesSyncPeriod: 30s
-kind: NodeConfig
-kubeletArguments:
-  cloud-config:
-  - /etc/origin/cloudprovider/{{ openshift_node_bootstrap_configmap_cloud_provider }}.conf
-  cloud-provider:
-  - {{ openshift_node_bootstrap_configmap_cloud_provider }}
-  node-labels: {{ openshift_node_bootstrap_configmap_default_labels | union(openshift_node_bootstrap_configmap_custom_labels) | list | to_json }}
-masterClientConnectionOverrides:
-  acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
-  burst: 40
-  contentType: application/vnd.kubernetes.protobuf
-  qps: 20
-masterKubeConfig: node.kubeconfig
-networkConfig:
-  mtu: "{{ openshift_node_bootstrap_configmap_network_mtu }}"
-  networkPluginName: {{ openshift_node_bootstrap_configmap_network_plugin }}
-nodeIP: ""
-podManifestConfig: null
-servingInfo:
-  bindAddress: 0.0.0.0:10250
-  bindNetwork: tcp4
-  certFile: server.crt
-  clientCA: node-client-ca.crt
-  keyFile: server.key
-  namedCertificates: null
-volumeConfig:
-  localQuota:
-    perFSGroup: null
-volumeDirectory: {{ openshift_node_bootstrap_configmap_node_data_dir }}/openshift.local.volumes
-enable-controller-attach-detach:
-- 'true'
-networkPluginName: {{ openshift_node_bootstrap_configmap_network_plugin }}