Merge remote-tracking branch 'upstream/master' into upgrade

.tito/packages/openshift-ansible

@@ -1 +1 @@
-3.0.2-1 ./
+3.0.6-1 ./

.tito/packages/openshift-ansible-bin

@@ -0,0 +1 @@
+0.0.21-1 bin/

.tito/packages/openshift-ansible-inventory

@@ -0,0 +1 @@
+0.0.11-1 inventory/

.tito/releasers.conf

@@ -0,0 +1,13 @@
+[brew]
+releaser = tito.release.DistGitReleaser
+branches = libra-rhel-7
+
+[ose-3.0]
+releaser = tito.release.DistGitReleaser
+branches = rhose-3.0-rhel-7
+srpm_disttag = .el7ose
+
+[aos-3.1]
+releaser = tito.release.DistGitReleaser
+branches = rhaos-3.1-rhel-7
+srpm_disttag = .el7aos

README_AEP.md

@@ -76,39 +76,30 @@ ansible_ssh_user=root
 # If ansible_ssh_user is not root, ansible_sudo must be set to true
 #ansible_sudo=true
 
-# To deploy origin, change deployment_type to origin
-deployment_type=enterprise
+# See DEPLOYMENT_TYPES.md
+deployment_type=atomic-enterprise
 
-# Pre-release registry URL
-oreg_url=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3/ose-${component}:${version}
+# Pre-release registry URL; note that in the future these images 
+# may have an atomicenterprise/aep- prefix or so.
+oreg_url=rcm-img-docker01.build.eng.bos.redhat.com:5001/openshift3/ose-${component}:${version}
 
 # Pre-release additional repo
-openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel',
-'baseurl':
-'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os',
-'enabled': 1, 'gpgcheck': 0}]
-
-# Origin copr repo
-#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name':
-'OpenShift Origin COPR', 'baseurl':
-'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/',
-'enabled': 1, 'gpgcheck': 1, gpgkey:
-'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
+openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/AtomicOpenShift/3.1/2015-10-27.1', 'enabled': 1, 'gpgcheck': 0}]
 
 # host group for masters
 [masters]
-ose3-master.example.com
+aep3-master.example.com
 
 # host group for nodes
 [nodes]
-ose3-node[1:2].example.com
+aep3-node[1:2].example.com
 ```
 
 The hostnames above should resolve both from the hosts themselves and
 the host where ansible is running (if different).
 
 ## Running the ansible playbooks
-From the atomic-enterprise-ansible checkout run:
+From the openshift-ansible checkout run:
 ```sh
 ansible-playbook playbooks/byo/config.yml
 ```
@@ -120,16 +111,18 @@ inventory file use the -i option for ansible-playbook.
 On the master host:
 ```sh
 oadm router --create=true \
-  --credentials=/etc/openshift/master/openshift-router.kubeconfig \
-  --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3/ose-${component}:${version}'
+  --service-account=router \
+  --credentials=/etc/origin/master/openshift-router.kubeconfig \
+  --images='rcm-img-docker01.build.eng.bos.redhat.com:5001/openshift3/ose-${component}:${version}'
 ```
 
 #### Create the default docker-registry
 On the master host:
 ```sh
 oadm registry --create=true \
-  --credentials=/etc/openshift/master/openshift-registry.kubeconfig \
-  --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3/ose-${component}:${version}' \
+  --service-account=registry \
+  --credentials=/etc/origin/master/openshift-registry.kubeconfig \
+  --images='rcm-img-docker01.build.eng.bos.redhat.com:5001/openshift3/ose-${component}:${version}' \
   --mount-host=/var/lib/openshift/docker-registry
 ```
 

bin/openshift-ansible-bin.spec

@@ -1,122 +0,0 @@
-Summary:       OpenShift Ansible Scripts for working with metadata hosts
-Name:          openshift-ansible-bin
-Version:       0.0.19
-Release:       1%{?dist}
-License:       ASL 2.0
-URL:           https://github.com/openshift/openshift-ansible
-Source0:       %{name}-%{version}.tar.gz
-Requires:      python2, openshift-ansible-inventory
-BuildRequires: python2-devel
-BuildArch:     noarch
-
-%description
-Scripts to make it nicer when working with hosts that are defined only by metadata.
-
-%prep
-%setup -q
-
-%build
-
-%install
-mkdir -p %{buildroot}%{_bindir}
-mkdir -p %{buildroot}%{python_sitelib}/openshift_ansible
-mkdir -p %{buildroot}/etc/bash_completion.d
-mkdir -p %{buildroot}/etc/openshift_ansible
-
-cp -p ossh oscp opssh opscp ohi %{buildroot}%{_bindir}
-cp -pP openshift_ansible/* %{buildroot}%{python_sitelib}/openshift_ansible
-
-# Make it so we can load multi_ec2.py as a library.
-rm %{buildroot}%{python_sitelib}/openshift_ansible/multi_ec2.py*
-ln -sf /usr/share/ansible/inventory/multi_ec2.py %{buildroot}%{python_sitelib}/openshift_ansible/multi_ec2.py
-ln -sf /usr/share/ansible/inventory/multi_ec2.pyc %{buildroot}%{python_sitelib}/openshift_ansible/multi_ec2.pyc
-
-cp -p ossh_bash_completion %{buildroot}/etc/bash_completion.d
-
-cp -p openshift_ansible.conf.example %{buildroot}/etc/openshift_ansible/openshift_ansible.conf
-
-%files
-%{_bindir}/*
-%{python_sitelib}/openshift_ansible/
-/etc/bash_completion.d/*
-%config(noreplace) /etc/openshift_ansible/
-
-%changelog
-* Thu Aug 20 2015 Kenny Woodson <kwoodson@redhat.com> 0.0.19-1
-- Updated to show private ips when doing a list (kwoodson@redhat.com)
-- Updated to read config first and default to users home dir
-  (kwoodson@redhat.com)
-- Prevent Ansible from serializing tasks (lhuard@amadeus.com)
-- Infra node support (whearn@redhat.com)
-- Playbook updates for clustered etcd (jdetiber@redhat.com)
-- bin/cluster supports boto credentials as well as env variables
-  (jdetiber@redhat.com)
-- Merge pull request #291 from lhuard1A/profile
-  (twiest@users.noreply.github.com)
-- Add a generic mechanism for passing options (lhuard@amadeus.com)
-- Infrastructure - Validate AWS environment before calling playbooks
-  (jhonce@redhat.com)
-- Add a --profile option to spot which task takes more time
-  (lhuard@amadeus.com)
-- changed Openshift to OpenShift (twiest@redhat.com)
-
-* Tue Jun 09 2015 Kenny Woodson <kwoodson@redhat.com> 0.0.18-1
-- Implement OpenStack provider (lhuard@amadeus.com)
-- * Update defaults and examples to track core concepts guide
-  (jhonce@redhat.com)
-- Issue 119 - Add support for ~/.openshift-ansible (jhonce@redhat.com)
-- Infrastructure - Add service action to bin/cluster (jhonce@redhat.com)
-
-* Fri May 15 2015 Thomas Wiest <twiest@redhat.com> 0.0.17-1
-- fixed the openshift-ansible-bin build (twiest@redhat.com)
-
-* Fri May 15 2015 Thomas Wiest <twiest@redhat.com> 0.0.14-1
-- Command line tools import multi_ec2 as lib (kwoodson@redhat.com)
-- Adding cache location for multi ec2 (kwoodson@redhat.com)
-* Thu May 07 2015 Thomas Wiest <twiest@redhat.com> 0.0.13-1
-- added '-e all' to ohi and fixed pylint errors. (twiest@redhat.com)
-
-* Tue May 05 2015 Thomas Wiest <twiest@redhat.com> 0.0.12-1
-- fixed opssh and opscp to allow just environment or just host-type.
-  (twiest@redhat.com)
-
-* Mon May 04 2015 Thomas Wiest <twiest@redhat.com> 0.0.11-1
-- changed opssh to a bash script using ohi to make it easier to maintain, and
-  to expose all of the pssh features directly. (twiest@redhat.com)
-- Added --user option to ohi to pre-pend the username in the hostlist output.
-  (twiest@redhat.com)
-- Added utils.py that contains a normalize_dnsname function good for sorting
-  dns names to a human readable list. (twiest@redhat.com)
-
-* Thu Apr 30 2015 Thomas Wiest <twiest@redhat.com> 0.0.10-1
-- added --list-host-types option to opscp (twiest@redhat.com)
-
-* Thu Apr 30 2015 Thomas Wiest <twiest@redhat.com> 0.0.9-1
-- added opscp (twiest@redhat.com)
-* Mon Apr 13 2015 Thomas Wiest <twiest@redhat.com> 0.0.8-1
-- fixed bug in opssh where it wouldn't actually run pssh (twiest@redhat.com)
-
-* Mon Apr 13 2015 Thomas Wiest <twiest@redhat.com> 0.0.7-1
-- added the ability to run opssh and ohi on all hosts in an environment, as
-  well as all hosts of the same host-type regardless of environment
-  (twiest@redhat.com)
-- added ohi (twiest@redhat.com)
-* Thu Apr 09 2015 Thomas Wiest <twiest@redhat.com> 0.0.6-1
-- fixed bug where opssh would throw an exception if pssh returned a non-zero
-  exit code (twiest@redhat.com)
-
-* Wed Apr 08 2015 Thomas Wiest <twiest@redhat.com> 0.0.5-1
-- fixed the opssh default output behavior to be consistent with pssh. Also
-  fixed a bug in how directories are named for --outdir and --errdir.
-  (twiest@redhat.com)
-* Tue Mar 31 2015 Thomas Wiest <twiest@redhat.com> 0.0.4-1
-- Fixed when tag was missing and added opssh completion (kwoodson@redhat.com)
-
-* Mon Mar 30 2015 Thomas Wiest <twiest@redhat.com> 0.0.3-1
-- created a python package named openshift_ansible (twiest@redhat.com)
-
-* Mon Mar 30 2015 Thomas Wiest <twiest@redhat.com> 0.0.2-1
-- added config file support to opssh, ossh, and oscp (twiest@redhat.com)
-* Tue Mar 24 2015 Thomas Wiest <twiest@redhat.com> 0.0.1-1
-- new package built with tito
-

inventory/byo/hosts.example

@@ -41,6 +41,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # Allow all auth
 #openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
 
+# Project Configuration
+#osm_project_request_message=''
+#osm_project_request_template=''
+#osm_mcs_allocator_range='s0:/2'
+#osm_mcs_labels_per_project=5
+#osm_uid_allocator_range='1000000000-1999999999/10000'
+
 # Configure Fluentd
 #use_fluentd=true
 
@@ -75,10 +82,20 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # default project node selector
 #osm_default_node_selector='region=primary'
 
+# default storage plugin dependencies to install, by default the ceph and
+# glusterfs plugin dependencies will be installed, if available.
+#osn_storage_plugin_deps=['ceph','glusterfs']
+
 # default selectors for router and registry services
 # openshift_router_selector='region=infra'
 # openshift_registry_selector='region=infra'
 
+# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
+# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
+
+# Disable the OpenShift SDN plugin
+# openshift_use_openshift_sdn=False
+
 # set RPM version for debugging purposes
 #openshift_pkg_version=-3.0.0.0
 

inventory/multi_ec2.py

@@ -239,22 +239,34 @@ class MultiEc2(object):
     def apply_account_config(self, acc_config):
         ''' Apply account config settings
         '''
-        if not acc_config.has_key('hostvars') and not acc_config.has_key('all_group'):
-            return
-
         results = self.all_ec2_results[acc_config['name']]
-       # Update each hostvar with the newly desired key: value
-        for host_property, value in acc_config['hostvars'].items():
+
+        # Update each hostvar with the newly desired key: value from extra_*
+        for _extra in ['extra_groups', 'extra_vars']:
+            for new_var, value in acc_config.get(_extra, {}).items():
+                # Verify the account results look sane
+                # by checking for these keys ('_meta' and 'hostvars' exist)
+                if results.has_key('_meta') and results['_meta'].has_key('hostvars'):
+                    for data in results['_meta']['hostvars'].values():
+                        data[str(new_var)] = str(value)
+
+                # Add this group
+                if _extra == 'extra_groups' and results.has_key(acc_config['all_group']):
+                    results["%s_%s" % (new_var, value)] = \
+                     copy.copy(results[acc_config['all_group']])
+
+        # Clone groups goes here
+        for to_name, from_name in acc_config.get('clone_groups', {}).items():
+            if results.has_key(from_name):
+                results[to_name] = copy.copy(results[from_name])
+
+        # Clone vars goes here
+        for to_name, from_name in acc_config.get('clone_vars', {}).items():
             # Verify the account results look sane
             # by checking for these keys ('_meta' and 'hostvars' exist)
             if results.has_key('_meta') and results['_meta'].has_key('hostvars'):
                 for data in results['_meta']['hostvars'].values():
-                    data[str(host_property)] = str(value)
-
-            # Add this group
-            if results.has_key(acc_config['all_group']):
-                results["%s_%s" % (host_property, value)] = \
-                  copy.copy(results[acc_config['all_group']])
+                    data[str(to_name)] = data.get(str(from_name), 'nil')
 
         # store the results back into all_ec2_results
         self.all_ec2_results[acc_config['name']] = results

inventory/multi_ec2.yaml.example

@@ -18,7 +18,7 @@ accounts:
       AWS_ACCESS_KEY_ID: XXXXXXXXXXXXXXXXXXXX
       AWS_SECRET_ACCESS_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
     all_group: ec2
-    hostvars:
+    extra_vars:
       cloud: aws
       account: aws1
 

inventory/openshift-ansible-inventory.spec

@@ -1,108 +0,0 @@
-Summary:       OpenShift Ansible Inventories
-Name:          openshift-ansible-inventory
-Version:       0.0.9
-Release:       1%{?dist}
-License:       ASL 2.0
-URL:           https://github.com/openshift/openshift-ansible
-Source0:       %{name}-%{version}.tar.gz
-Requires:      python2
-BuildRequires: python2-devel
-BuildArch:     noarch
-
-%description
-Ansible Inventories used with the openshift-ansible scripts and playbooks.
-
-%prep
-%setup -q
-
-%build
-
-%install
-mkdir -p %{buildroot}/etc/ansible
-mkdir -p %{buildroot}/usr/share/ansible/inventory
-mkdir -p %{buildroot}/usr/share/ansible/inventory/aws
-mkdir -p %{buildroot}/usr/share/ansible/inventory/gce
-
-cp -p multi_ec2.py %{buildroot}/usr/share/ansible/inventory
-cp -p multi_ec2.yaml.example %{buildroot}/etc/ansible/multi_ec2.yaml
-cp -p aws/hosts/ec2.py %{buildroot}/usr/share/ansible/inventory/aws
-cp -p gce/hosts/gce.py %{buildroot}/usr/share/ansible/inventory/gce
-
-%files
-%config(noreplace) /etc/ansible/*
-%dir /usr/share/ansible/inventory
-/usr/share/ansible/inventory/multi_ec2.py*
-/usr/share/ansible/inventory/aws/ec2.py*
-/usr/share/ansible/inventory/gce/gce.py*
-
-%changelog
-* Thu Aug 20 2015 Kenny Woodson <kwoodson@redhat.com> 0.0.9-1
-- Merge pull request #408 from sdodson/docker-buildvm (bleanhar@redhat.com)
-- Merge pull request #428 from jtslear/issue-383
-  (twiest@users.noreply.github.com)
-- Merge pull request #407 from aveshagarwal/ae-ansible-merge-auth
-  (bleanhar@redhat.com)
-- Enable htpasswd by default in the example hosts file. (avagarwa@redhat.com)
-- Add support for setting default node selector (jdetiber@redhat.com)
-- Merge pull request #429 from spinolacastro/custom_cors (bleanhar@redhat.com)
-- Updated to read config first and default to users home dir
-  (kwoodson@redhat.com)
-- Fix Custom Cors (spinolacastro@gmail.com)
-- Revert "namespace the byo inventory so the group names aren't so generic"
-  (sdodson@redhat.com)
-- Removes hardcoded python2 (jtslear@gmail.com)
-- namespace the byo inventory so the group names aren't so generic
-  (admiller@redhat.com)
-- docker-buildvm-rhose is dead (sdodson@redhat.com)
-- Add support for setting routingConfig:subdomain (jdetiber@redhat.com)
-- Initial HA master (jdetiber@redhat.com)
-- Make it clear that the byo inventory file is just an example
-  (jdetiber@redhat.com)
-- Playbook updates for clustered etcd (jdetiber@redhat.com)
-- Update for RC2 changes (sdodson@redhat.com)
-- Templatize configs and 0.5.2 changes (jdetiber@redhat.com)
-
-* Tue Jun 09 2015 Kenny Woodson <kwoodson@redhat.com> 0.0.8-1
-- Added more verbosity when error happens.  Also fixed a bug.
-  (kwoodson@redhat.com)
-- Implement OpenStack provider (lhuard@amadeus.com)
-- * rename openshift_registry_url oreg_url * rename option_images to
-  _{oreg|ortr}_images (jhonce@redhat.com)
-- Fix the remaining pylint warnings (lhuard@amadeus.com)
-- Fix some of the pylint warnings (lhuard@amadeus.com)
-- [libvirt cluster] Use net-dhcp-leases to find VMs’ IPs (lhuard@amadeus.com)
-- fixed the openshift-ansible-bin build (twiest@redhat.com)
-
-* Fri May 15 2015 Kenny Woodson <kwoodson@redhat.com> 0.0.7-1
-- Making multi_ec2 into a library (kwoodson@redhat.com)
-
-* Wed May 13 2015 Thomas Wiest <twiest@redhat.com> 0.0.6-1
-- Added support for grouping and a bug fix. (kwoodson@redhat.com)
-
-* Tue May 12 2015 Thomas Wiest <twiest@redhat.com> 0.0.5-1
-- removed ec2.ini from the openshift-ansible-inventory.spec file so that we're
-  not dictating what the ec2.ini file should look like. (twiest@redhat.com)
-- Added capability to pass in ec2.ini file. (kwoodson@redhat.com)
-
-* Thu May 07 2015 Thomas Wiest <twiest@redhat.com> 0.0.4-1
-- Fixed a bug due to renaming of variables. (kwoodson@redhat.com)
-
-* Thu May 07 2015 Thomas Wiest <twiest@redhat.com> 0.0.3-1
-- fixed build problems with openshift-ansible-inventory.spec
-  (twiest@redhat.com)
-- Allow option in multi_ec2 to set cache location. (kwoodson@redhat.com)
-- Add ansible_connection=local to localhost in inventory (jdetiber@redhat.com)
-- Adding refresh-cache option and cleanup for pylint. Also updated for
-  aws/hosts/ being added. (kwoodson@redhat.com)
-
-* Thu Mar 26 2015 Thomas Wiest <twiest@redhat.com> 0.0.2-1
-- added the ability to have a config file in /etc/openshift_ansible to
-  multi_ec2.py. (twiest@redhat.com)
-- Merge pull request #97 from jwhonce/wip/cluster (jhonce@redhat.com)
-- gce inventory/playbook updates for node registration changes
-  (jdetiber@redhat.com)
-- Various fixes (jdetiber@redhat.com)
-
-* Tue Mar 24 2015 Thomas Wiest <twiest@redhat.com> 0.0.1-1
-- new package built with tito
-

openshift-ansible.spec

@@ -5,7 +5,7 @@
 }
 
 Name:           openshift-ansible
-Version:        3.0.2
+Version:        3.0.6
 Release:        1%{?dist}
 Summary:        Openshift and Atomic Enterprise Ansible
 License:        ASL 2.0
@@ -138,7 +138,29 @@ Ansible Inventories used with the openshift-ansible scripts and playbooks.
 %config(noreplace) /etc/ansible/*
 %dir %{_datadir}/ansible/inventory
 %{_datadir}/ansible/inventory/multi_ec2.py*
+
+%package inventory-aws
+Summary:       Openshift and Atomic Enterprise Ansible Inventories for AWS
+Requires:      %{name}-inventory
+Requires:      python-boto
+BuildArch:     noarch
+
+%description inventory-aws
+Ansible Inventories for AWS used with the openshift-ansible scripts and playbooks.
+
+%files inventory-aws
 %{_datadir}/ansible/inventory/aws/ec2.py*
+
+%package inventory-gce
+Summary:       Openshift and Atomic Enterprise Ansible Inventories for GCE
+Requires:      %{name}-inventory
+Requires:      python-libcloud >= 0.13
+BuildArch:     noarch
+
+%description inventory-gce
+Ansible Inventories for GCE used with the openshift-ansible scripts and playbooks.
+
+%files inventory-gce
 %{_datadir}/ansible/inventory/gce/gce.py*
 
 
@@ -227,6 +249,69 @@ Atomic OpenShift Utilities includes
 
 
 %changelog
+* Fri Oct 30 2015 Kenny Woodson <kwoodson@redhat.com> 3.0.6-1
+- Adding python-boto and python-libcloud to openshift-ansible-inventory
+  dependency (kwoodson@redhat.com)
+- Use more specific enterprise version for version_greater_than_3_1_or_1_1.
+  (abutcher@redhat.com)
+- Conditionalizing the support for the v1beta3 api (bleanhar@redhat.com)
+
+* Thu Oct 29 2015 Kenny Woodson <kwoodson@redhat.com> 3.0.5-1
+- Updating multi_ec2 to support extra_vars and extra_groups
+  (kwoodson@redhat.com)
+- Removing the template and doing to_nice_yaml instead (kwoodson@redhat.com)
+- README_AEP.md: update instructions for creating router and registry
+  (jlebon@redhat.com)
+- README_AEP: Various fixes (walters@verbum.org)
+- Fixing for extra_vars rename. (kwoodson@redhat.com)
+- make storage_plugin_deps conditional on deployment_type (jdetiber@redhat.com)
+- remove debugging pauses (jdetiber@redhat.com)
+- make storage plugin dependency installation more flexible
+  (jdetiber@redhat.com)
+- Install storage plugin dependencies (jdetiber@redhat.com)
+
+* Wed Oct 28 2015 Kenny Woodson <kwoodson@redhat.com> 3.0.4-1
+- Removing spec files. (kwoodson@redhat.com)
+- Updated example (kwoodson@redhat.com)
+- Automatic commit of package [openshift-ansible-inventory] release [0.0.11-1].
+  (kwoodson@redhat.com)
+- Automatic commit of package [openshift-ansible-bin] release [0.0.21-1].
+  (kwoodson@redhat.com)
+- Automatic commit of package [openshift-ansible-inventory] release [0.0.10-1].
+  (kwoodson@redhat.com)
+- Automatic commit of package [openshift-ansible-bin] release [0.0.20-1].
+  (kwoodson@redhat.com)
+- Adding tito releasers configuration (bleanhar@redhat.com)
+- Bug fixes for the uninstall playbook (bleanhar@redhat.com)
+- Adding clone vars and groups. Renamed hostvars to extra_vars.
+  (kwoodson@redhat.com)
+- Start tracking docker info execution time (jdiaz@redhat.com)
+- The uninstall playbook should remove the kubeconfig for non-root installs
+  (bleanhar@redhat.com)
+- Adding uninstall support for Atomic Host (bleanhar@redhat.com)
+- add examples for SDN configuration (jdetiber@redhat.com)
+
+* Tue Oct 27 2015 Troy Dawson <tdawson@redhat.com> 3.0.3-1
+- Pylint fixes and ignores for incoming oo-install code. (dgoodwin@redhat.com)
+- Pylint fixes (abutcher@redhat.com)
+- Adding zabbix type and fixing zabbix agent vars (kwoodson@redhat.com)
+- Add atomic-openshift-utils add atomic-openshift-utils to openshift-
+  ansible.spec file (tdawson@redhat.com)
+- Fix quotes (spinolacastro@gmail.com)
+- Use standard library for version comparison. (abutcher@redhat.com)
+- added docker info to the end of docker loop to direct lvm playbook.
+  (twiest@redhat.com)
+- Add missing quotes (spinolacastro@gmail.com)
+- Adding Docker Log Options capabilities (epo@jemba.net)
+- Move version greater_than_fact into openshift_facts (abutcher@redhat.com)
+- Don't include proxy client cert when <3.1 or <1.1 (abutcher@redhat.com)
+- Add proxy client certs to master config. (abutcher@redhat.com)
+- Update imagestreams and quickstarts from origin (sdodson@redhat.com)
+- Get default values from openshift_facts (spinolacastro@gmail.com)
+- Cleanup (spinolacastro@gmail.com)
+- Add missing inventory example (spinolacastro@gmail.com)
+- Custom Project Config (spinolacastro@gmail.com)
+
 * Mon Oct 19 2015 Troy Dawson <tdawson@redhat.com> 3.0.2-1
 - Initial Package
 

playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml

@@ -97,8 +97,19 @@
 
   - debug: var=setup_output
 
+  - name: extend the vg
+    command: lvextend -l 90%VG /dev/docker_vg/docker-pool
+    register: extend_output
+
+  - debug: var=extend_output
+
   - name: start docker
-    command: systemctl start docker.service
-    register: dockerstart
+    service:
+      name: docker
+      state: restarted
+
+  - name: docker info
+    command: docker info
+    register: dockerinfo
 
-  - debug: var=dockerstart
+  - debug: var=dockerinfo

playbooks/adhoc/uninstall.yml

@@ -1,6 +1,6 @@
 # This deletes *ALL* Origin, Atomic Enterprise Platform and OpenShift
 # Enterprise content installed by ansible.  This includes:
-# 
+#
 #    configuration
 #    containers
 #    example templates and imagestreams
@@ -13,6 +13,20 @@
   sudo: yes
 
   tasks:
+    - name: Detecting Operating System
+      shell: ls /run/ostree-booted
+      ignore_errors: yes
+      failed_when: false
+      register: ostree_output
+
+    - set_fact:
+        is_atomic: "{{ ostree_output.rc == 0 }}"
+
+    - name: Remove br0 interface
+      shell: ovs-vsctl del-br br0
+      changed_when: False
+      failed_when: False
+
     - service: name={{ item }} state=stopped
       with_items:
         - atomic-enterprise-master
@@ -33,6 +47,7 @@
         - origin-node
 
     - yum: name={{ item }} state=absent
+      when: not is_atomic | bool
       with_items:
         - atomic-enterprise
         - atomic-enterprise-master
@@ -59,6 +74,15 @@
         - tuned-profiles-openshift-node
         - tuned-profiles-origin-node
 
+    - name: Remove linux interfaces
+      shell: ip link del "{{ item }}"
+      changed_when: False
+      failed_when: False
+      with_items:
+        - lbr0
+        - vlinuxbr
+        - vovsbr
+
     - shell: systemctl reset-failed
       changed_when: False
 
@@ -127,6 +151,7 @@
         - /etc/sysconfig/origin-master
         - /etc/sysconfig/origin-node
         - /root/.kube
+        - "~{{ ansible_ssh_user }}/.kube"
         - /usr/share/openshift/examples
         - /var/lib/atomic-enterprise
         - /var/lib/etcd

playbooks/adhoc/upgrades/upgrade.yml

@@ -40,6 +40,16 @@
   - name: Generate etcd backup
     command: etcdctl backup --data-dir={{ openshift.master.etcd_data_dir }} --backup-dir={{ openshift.common.data_dir }}/etcd-backup-{{ timestamp }}
 
+- name: Upgrade base package on masters
+  hosts: masters
+  roles:
+  - openshift_facts
+  vars:
+    openshift_version: "{{ openshift_pkg_version | default('') }}"
+  tasks:
+    - name: Upgrade base package
+      yum: pkg={{ openshift.common.service_type }}{{ openshift_version  }} state=latest
+
 - name: Re-Run cluster configuration to apply latest configuration changes
   include: ../../common/openshift-cluster/config.yml
   vars:

playbooks/common/openshift-master/config.yml

@@ -137,6 +137,7 @@
       openshift_master_certs_no_etcd:
       - admin.crt
       - master.kubelet-client.crt
+      - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
       - master.server.crt
       - openshift-master.crt
       - openshift-registry.crt
@@ -144,6 +145,7 @@
       - etcd.server.crt
       openshift_master_certs_etcd:
       - master.etcd-client.crt
+
   - set_fact:
       openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}"
 
@@ -153,9 +155,9 @@
     with_items: openshift_master_certs
     register: g_master_cert_stat_result
   - set_fact:
-      master_certs_missing: "{{ g_master_cert_stat_result.results
+      master_certs_missing: "{{ False in (g_master_cert_stat_result.results
                                 | map(attribute='stat.exists')
-                                | list | intersect([false])}}"
+                                | list ) }}"
       master_cert_subdir: master-{{ openshift.common.hostname }}
       master_cert_config_dir: "{{ openshift.common.config_base }}/master"
 
@@ -187,6 +189,7 @@
     args:
       creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
     with_items: masters_needing_certs
+
   - name: Retrieve the master cert tarball from the master
     fetch:
       src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"

roles/lib_zabbix/library/zbx_item.py

@@ -107,6 +107,39 @@ def get_multiplier(inval):
 
     return rval, 0
 
+def get_zabbix_type(ztype):
+    '''
+    Determine which type of discoverrule this is
+    '''
+    _types = {'agent': 0,
+              'SNMPv1': 1,
+              'trapper': 2,
+              'simple': 3,
+              'SNMPv2': 4,
+              'internal': 5,
+              'SNMPv3': 6,
+              'active': 7,
+              'aggregate': 8,
+              'web': 9,
+              'external': 10,
+              'database monitor': 11,
+              'ipmi': 12,
+              'ssh': 13,
+              'telnet': 14,
+              'calculated': 15,
+              'JMX': 16,
+              'SNMP trap': 17,
+             }
+
+    for typ in _types.keys():
+        if ztype in typ or ztype == typ:
+            _vtype = _types[typ]
+            break
+    else:
+        _vtype = 2
+
+    return _vtype
+
 # The branches are needed for CRUD and error handling
 # pylint: disable=too-many-branches
 def main():
@@ -123,7 +156,7 @@ def main():
             name=dict(default=None, type='str'),
             key=dict(default=None, type='str'),
             template_name=dict(default=None, type='str'),
-            zabbix_type=dict(default=2, type='int'),
+            zabbix_type=dict(default='trapper', type='str'),
             value_type=dict(default='int', type='str'),
             interval=dict(default=60, type='int'),
             delta=dict(default=0, type='int'),
@@ -184,7 +217,7 @@ def main():
         params = {'name': module.params.get('name', module.params['key']),
                   'key_': module.params['key'],
                   'hostid': templateid[0],
-                  'type': module.params['zabbix_type'],
+                  'type': get_zabbix_type(module.params['zabbix_type']),
                   'value_type': get_value_type(module.params['value_type']),
                   'applications': get_app_ids(module.params['applications'], app_name_ids),
                   'formula': formula,

roles/lib_zabbix/tasks/create_template.yml

@@ -38,7 +38,7 @@
     units: "{{ item.units | default('', True) }}"
     template_name: "{{ template.name }}"
     applications: "{{ item.applications }}"
-    zabbix_type: "{{ item.zabbix_type | default(2, True) }}"
+    zabbix_type: "{{ item.zabbix_type | default('trapper') }}"
     interval: "{{ item.interval | default(60, True) }}"
     delta: "{{ item.delta | default(0, True) }}"
   with_items: template.zitems

roles/openshift_ansible_inventory/tasks/main.yml

@@ -3,8 +3,9 @@
     name: openshift-ansible-inventory
     state: present
 
-- template:
-    src: multi_ec2.yaml.j2
+- name:
+  copy:
+    content: "{{ oo_inventory_accounts | to_nice_yaml }}"
     dest: /etc/ansible/multi_ec2.yaml
     group: "{{ oo_inventory_group }}"
     owner: "{{ oo_inventory_owner }}"
@@ -39,5 +40,5 @@
     owner: root
     group: libra_ops
     recurse: yes
-    mode: '2750'
+    mode: '2770'
   when: oo_inventory_cache_location is defined

roles/openshift_ansible_inventory/templates/multi_ec2.yaml.j2

@@ -1,26 +0,0 @@
-# multi ec2 inventory configs
-cache_max_age: {{ oo_inventory_cache_max_age }}
-cache_location: {{ oo_inventory_cache_location | default('~/.ansible/tmp/multi_ec2_inventory.cache') }}
-accounts:
-{% for account in oo_inventory_accounts %}
-  - name: {{ account.name }}
-    provider: {{ account.provider }}
-    provider_config:
-{%  for section, items in account.provider_config.items() %}
-      {{ section }}:
-{%    for property, value in items.items() %}
-        {{ property }}: {{ value }}
-{%    endfor %}
-{% endfor %}
-    env_vars:
-      AWS_ACCESS_KEY_ID: {{ account.env_vars.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: {{ account.env_vars.AWS_SECRET_ACCESS_KEY }}
-{% if account.all_group is defined and account.hostvars is defined%}
-    all_group: {{ account.all_group }}
-    hostvars:
-{%    for property, value in account.hostvars.items() %}
-      {{ property }}: {{ value }}
-{%    endfor %}
-{% endif %}
-
-{% endfor %}

roles/openshift_examples/files/examples/image-streams/image-streams-centos7.json

@@ -23,7 +23,8 @@
               "iconClass": "icon-ruby",
               "tags": "builder,ruby",
               "supports": "ruby:2.0,ruby",
-              "version": "2.0"
+              "version": "2.0",
+              "sampleRepo": "https://github.com/openshift/ruby-ex.git"
             },
             "from": {
               "Kind": "ImageStreamTag",
@@ -53,7 +54,8 @@
               "iconClass": "icon-nodejs",
               "tags": "builder,nodejs",
               "supports":"nodejs:0.10,nodejs:0.1,nodejs",
-              "version": "0.10"
+              "version": "0.10",
+              "sampleRepo": "https://github.com/openshift/nodejs-ex.git"
             },
             "from": {
               "Kind": "ImageStreamTag",
@@ -83,7 +85,8 @@
               "iconClass": "icon-perl",
               "tags": "builder,perl",
               "supports":"perl:5.16,perl",
-              "version": "5.16"
+              "version": "5.16",
+              "sampleRepo": "https://github.com/openshift/dancer-ex.git"
             },
             "from": {
               "Kind": "ImageStreamTag",
@@ -113,7 +116,8 @@
               "iconClass": "icon-php",
               "tags": "builder,php",
               "supports":"php:5.5,php",
-              "version": "5.5"
+              "version": "5.5",
+              "sampleRepo": "https://github.com/openshift/cakephp-ex.git"
             },
             "from": {
               "Kind": "ImageStreamTag",
@@ -143,7 +147,8 @@
               "iconClass": "icon-python",
               "tags": "builder,python",
               "supports":"python:3.3,python",
-              "version": "3.3"
+              "version": "3.3",
+              "sampleRepo": "https://github.com/openshift/django-ex.git"
             },
             "from": {
               "Kind": "ImageStreamTag",
@@ -173,7 +178,8 @@
               "iconClass": "icon-wildfly",
               "tags": "builder,wildfly,java",
               "supports":"wildfly:8.1,jee,java",
-              "version": "8.1"
+              "version": "8.1",
+              "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git"
             },
             "from": {
               "Kind": "ImageStreamTag",

roles/openshift_examples/files/examples/image-streams/image-streams-rhel7.json

@@ -23,7 +23,8 @@
               "iconClass": "icon-ruby",
               "tags": "builder,ruby",
               "supports": "ruby:2.0,ruby",
-              "version": "2.0"
+              "version": "2.0",
+              "sampleRepo": "https://github.com/openshift/ruby-ex.git"
             },
             "from": {
               "Kind": "ImageStreamTag",
@@ -53,7 +54,8 @@
               "iconClass": "icon-nodejs",
               "tags": "builder,nodejs",
               "supports":"nodejs:0.10,nodejs:0.1,nodejs",
-              "version": "0.10"
+              "version": "0.10",
+              "sampleRepo": "https://github.com/openshift/nodejs-ex.git"
             },
             "from": {
               "Kind": "ImageStreamTag",
@@ -83,7 +85,8 @@
               "iconClass": "icon-perl",
               "tags": "builder,perl",
               "supports":"perl:5.16,perl",
-              "version": "5.16"
+              "version": "5.16",
+              "sampleRepo": "https://github.com/openshift/dancer-ex.git"
             },
             "from": {
               "Kind": "ImageStreamTag",
@@ -113,7 +116,8 @@
               "iconClass": "icon-php",
               "tags": "builder,php",
               "supports":"php:5.5,php",
-              "version": "5.5"
+              "version": "5.5",
+              "sampleRepo": "https://github.com/openshift/cakephp-ex.git"              
             },
             "from": {
               "Kind": "ImageStreamTag",
@@ -143,7 +147,8 @@
               "iconClass": "icon-python",
               "tags": "builder,python",
               "supports":"python:3.3,python",
-              "version": "3.3"
+              "version": "3.3",
+              "sampleRepo": "https://github.com/openshift/django-ex.git"
             },
             "from": {
               "Kind": "ImageStreamTag",

roles/openshift_examples/files/examples/quickstart-templates/cakephp-mysql.json

@@ -201,6 +201,10 @@
                   {
                     "name": "CAKEPHP_SECURITY_CIPHER_SEED",
                     "value": "${CAKEPHP_SECURITY_CIPHER_SEED}"
+                  },
+                  {
+                    "name": "OPCACHE_REVALIDATE_FREQ",
+                    "value": "${OPCACHE_REVALIDATE_FREQ}"
                   }
                 ]
               }
@@ -364,6 +368,11 @@
       "description": "Security cipher seed for session hash",
       "generate": "expression",
       "from": "[0-9]{30}"
+    },
+    {
+      "name": "OPCACHE_REVALIDATE_FREQ",
+      "description": "The How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.",
+      "value": "2"
     }
   ]
 }

roles/openshift_examples/files/examples/quickstart-templates/cakephp.json

@@ -190,6 +190,10 @@
                   {
                     "name": "CAKEPHP_SECURITY_CIPHER_SEED",
                     "value": "${CAKEPHP_SECURITY_CIPHER_SEED}"
+                  },
+                  {
+                    "name": "OPCACHE_REVALIDATE_FREQ",
+                    "value": "${OPCACHE_REVALIDATE_FREQ}"
                   }
                 ]
               }
@@ -261,6 +265,11 @@
       "description": "Security cipher seed for session hash",
       "generate": "expression",
       "from": "[0-9]{30}"
+    },
+    {
+      "name": "OPCACHE_REVALIDATE_FREQ",
+      "description": "The How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.",
+      "value": "2"
     }
   ]
 }

roles/openshift_examples/files/examples/quickstart-templates/dancer-mysql.json

@@ -175,6 +175,10 @@
                   {
                     "name": "SECRET_KEY_BASE",
                     "value": "${SECRET_KEY_BASE}"
+                  },
+                  {
+                    "name": "PERL_APACHE2_RELOAD",
+                    "value": "${PERL_APACHE2_RELOAD}"
                   }
                 ]
               }
@@ -330,6 +334,11 @@
       "value": "openshift/mysql-55-centos7"      
     },
     {
+      "name": "PERL_APACHE2_RELOAD",
+      "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules",
+      "value": ""
+    },
+    {
       "name": "SECRET_KEY_BASE",
       "description": "Your secret key for verifying the integrity of signed cookies",
       "generate": "expression",

roles/openshift_examples/files/examples/quickstart-templates/dancer.json

@@ -157,6 +157,12 @@
                   {
                     "containerPort": 8080
                   }
+                ],
+                "env": [
+                  {
+                    "name": "PERL_APACHE2_RELOAD",
+                    "value": "${PERL_APACHE2_RELOAD}"
+                  }
                 ]
               }
             ]
@@ -195,6 +201,11 @@
       "description": "Your secret key for verifying the integrity of signed cookies",
       "generate": "expression",
       "from": "[a-z0-9]{127}"
+    },
+    {
+      "name": "PERL_APACHE2_RELOAD",
+      "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules",
+      "value": ""
     }
   ]
 }

roles/openshift_examples/files/examples/quickstart-templates/nodejs-mongodb.json

@@ -102,6 +102,12 @@
             "github": {
               "secret": "${GITHUB_WEBHOOK_SECRET}"
             }
+          },
+          {
+            "type": "Generic",
+            "generic": {
+              "secret": "${GENERIC_WEBHOOK_SECRET}"
+            }
           }
         ]
       }
@@ -298,6 +304,12 @@
       "from": "[a-zA-Z0-9]{40}"
     },
     {
+      "name": "GENERIC_WEBHOOK_SECRET",
+      "description": "A secret string used to configure the Generic webhook",
+      "generate": "expression",
+      "from": "[a-zA-Z0-9]{40}"
+    },
+    {
       "name": "DATABASE_SERVICE_NAME",
       "description": "Database service name",
       "value": "mongodb"
@@ -328,7 +340,7 @@
     {
       "name": "MONGODB_IMAGE",
       "description": "Image to use for mongodb",
-      "value": "openshift/mongodb-24-centos7"      
+      "value": "openshift/mongodb-24-centos7"
     }
   ]
 }

roles/openshift_examples/files/examples/quickstart-templates/nodejs.json

@@ -102,6 +102,12 @@
             "github": {
               "secret": "${GITHUB_WEBHOOK_SECRET}"
             }
+          },
+          {
+            "type": "Generic",
+            "generic": {
+              "secret": "${GENERIC_WEBHOOK_SECRET}"
+            }
           }
         ]
       }
@@ -213,6 +219,12 @@
       "from": "[a-zA-Z0-9]{40}"
     },
     {
+      "name": "GENERIC_WEBHOOK_SECRET",
+      "description": "A secret string used to configure the Generic webhook",
+      "generate": "expression",
+      "from": "[a-zA-Z0-9]{40}"
+    },
+    {
       "name": "DATABASE_SERVICE_NAME",
       "description": "Database service name"
     },

roles/openshift_facts/library/openshift_facts.py

@@ -21,6 +21,7 @@ import ConfigParser
 import copy
 import os
 from distutils.util import strtobool
+from distutils.version import LooseVersion
 
 
 def hostname_valid(hostname):
@@ -362,6 +363,33 @@ def set_metrics_facts_if_unset(facts):
             facts['common']['use_cluster_metrics'] = use_cluster_metrics
     return facts
 
+def set_project_cfg_facts_if_unset(facts):
+    """ Set Project Configuration facts if not already present in facts dict
+            dict:
+        Args:
+            facts (dict): existing facts
+        Returns:
+            dict: the facts dict updated with the generated Project Configuration
+            facts if they were not already present
+
+    """
+
+    config = {
+        'default_node_selector': '',
+        'project_request_message': '',
+        'project_request_template': '',
+        'mcs_allocator_range': 's0:/2',
+        'mcs_labels_per_project': 5,
+        'uid_allocator_range': '1000000000-1999999999/10000'
+    }
+
+    if 'master' in facts:
+        for key, value in config.items():
+            if key not in facts['master']:
+                facts['master'][key] = value
+
+    return facts
+
 def set_identity_providers_if_unset(facts):
     """ Set identity_providers fact if not already present in facts dict
 
@@ -478,7 +506,7 @@ def set_aggregate_facts(facts):
 def set_deployment_facts_if_unset(facts):
     """ Set Facts that vary based on deployment_type. This currently
         includes common.service_type, common.config_base, master.registry_url,
-        node.registry_url
+        node.registry_url, node.storage_plugin_deps
 
         Args:
             facts (dict): existing facts
@@ -486,8 +514,9 @@ def set_deployment_facts_if_unset(facts):
             dict: the facts dict updated with the generated deployment_type
             facts
     """
-    # Perhaps re-factor this as a map?
-    # pylint: disable=too-many-branches
+    # disabled to avoid breaking up facts related to deployment type into
+    # multiple methods for now.
+    # pylint: disable=too-many-statements, too-many-branches
     if 'common' in facts:
         deployment_type = facts['common']['deployment_type']
         if 'service_type' not in facts['common']:
@@ -507,7 +536,15 @@ def set_deployment_facts_if_unset(facts):
             if deployment_type in ['enterprise', 'online']:
                 data_dir = '/var/lib/openshift'
             facts['common']['data_dir'] = data_dir
-        facts['common']['version'] = get_openshift_version()
+        facts['common']['version'] = version = get_openshift_version()
+        if version is not None:
+            if deployment_type == 'origin':
+                version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('1.0.6')
+            else:
+                version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('3.0.2.900')
+        else:
+            version_gt_3_1_or_1_1 = True
+        facts['common']['version_greater_than_3_1_or_1_1'] = version_gt_3_1_or_1_1
 
     for role in ('master', 'node'):
         if role in facts:
@@ -520,6 +557,25 @@ def set_deployment_facts_if_unset(facts):
                     registry_url = 'aep3/aep-${component}:${version}'
                 facts[role]['registry_url'] = registry_url
 
+    if 'master' in facts:
+        deployment_type = facts['common']['deployment_type']
+        openshift_features = ['Builder', 'S2IBuilder', 'WebConsole']
+        if 'disabled_features' in facts['master']:
+            if deployment_type == 'atomic-enterprise':
+                curr_disabled_features = set(facts['master']['disabled_features'])
+                facts['master']['disabled_features'] = list(curr_disabled_features.union(openshift_features))
+        else:
+            if deployment_type == 'atomic-enterprise':
+                facts['master']['disabled_features'] = openshift_features
+
+    if 'node' in facts:
+        deployment_type = facts['common']['deployment_type']
+        if 'storage_plugin_deps' not in facts['node']:
+            if deployment_type in ['openshift-enterprise', 'atomic-enterprise']:
+                facts['node']['storage_plugin_deps'] = ['ceph', 'glusterfs']
+            else:
+                facts['node']['storage_plugin_deps'] = []
+
     return facts
 
 
@@ -638,7 +694,7 @@ def get_openshift_version():
         Returns:
             version: the current openshift version
     """
-    version = ''
+    version = None
 
     if os.path.isfile('/usr/bin/openshift'):
         _, output, _ = module.run_command(['/usr/bin/openshift', 'version'])
@@ -813,6 +869,7 @@ class OpenShiftFacts(object):
         facts = merge_facts(facts, local_facts)
         facts['current_config'] = get_current_config(facts)
         facts = set_url_facts_if_unset(facts)
+        facts = set_project_cfg_facts_if_unset(facts)
         facts = set_fluentd_facts_if_unset(facts)
         facts = set_node_schedulability(facts)
         facts = set_master_selectors(facts)

roles/openshift_master/tasks/main.yml

@@ -52,11 +52,17 @@
       default_subdomain: "{{ osm_default_subdomain | default(None) }}"
       custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}"
       default_node_selector: "{{ osm_default_node_selector | default(None) }}"
+      project_request_message: "{{ osm_project_request_message | default(None) }}"
+      project_request_template: "{{ osm_project_request_template | default(None) }}"
+      mcs_allocator_range: "{{ osm_mcs_allocator_range | default(None) }}"
+      mcs_labels_per_project: "{{ osm_mcs_labels_per_project | default(None) }}"
+      uid_allocator_range: "{{ osm_uid_allocator_range | default(None) }}"
       router_selector: "{{ openshift_router_selector | default(None) }}"
       registry_selector: "{{ openshift_registry_selector | default(None) }}"
       api_server_args: "{{ osm_api_server_args | default(None) }}"
       controller_args: "{{ osm_controller_args | default(None) }}"
       infra_nodes: "{{ num_infra | default(None) }}"
+      disabled_features: "{{ osm_disabled_features | default(None) }}"
 
 - name: Install Master package
   yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version  }} state=present

roles/openshift_master/templates/master.yaml.v1.j2

@@ -1,5 +1,7 @@
 apiLevels:
+{% if openshift.common.deployment_type == "enterprise" %}
 - v1beta3
+{% endif %}
 - v1
 apiVersion: v1
 assetConfig:
@@ -20,6 +22,9 @@ corsAllowedOrigins:
 {% for custom_origin in openshift.master.custom_cors_origins | default("") %}
   - {{ custom_origin }}
 {% endfor %}
+{% if 'disabled_features' in openshift.master %}
+disabledFeatures: {{ openshift.master.disabled_features | to_json }}
+{% endif %}
 {% if openshift.master.embedded_dns | bool %}
 dnsConfig:
   bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}
@@ -66,7 +71,9 @@ kubeletClientInfo:
 {% if openshift.master.embedded_kube | bool %}
 kubernetesMasterConfig:
   apiLevels:
+{% if openshift.common.deployment_type == "enterprise" %}
   - v1beta3
+{% endif %}
   - v1
   apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }}
   controllerArguments: {{ controller_args if controller_args is defined else 'null' }}
@@ -74,6 +81,9 @@ kubernetesMasterConfig:
   masterCount: 1
   masterIP: ""
   podEvictionTimeout: ""
+  proxyClientInfo:
+    certFile: master.proxy-client.crt
+    keyFile: master.proxy-client.key
   schedulerConfigFile: {{ openshift_master_scheduler_conf }}
   servicesNodePortRange: ""
   servicesSubnet: {{ openshift.master.portal_net }}
@@ -97,15 +107,14 @@ policyConfig:
   bootstrapPolicyFile: {{ openshift_master_policy }}
   openshiftInfrastructureNamespace: openshift-infra
   openshiftSharedResourcesNamespace: openshift
-{# TODO: Allow users to override projectConfig items #}
 projectConfig:
-  defaultNodeSelector: "{{ openshift.master.default_node_selector | default("") }}"
-  projectRequestMessage: ""
-  projectRequestTemplate: ""
+  defaultNodeSelector: "{{ openshift.master.default_node_selector }}"
+  projectRequestMessage: "{{ openshift.master.project_request_message }}"
+  projectRequestTemplate: "{{ openshift.master.project_request_template }}"
   securityAllocator:
-    mcsAllocatorRange: s0:/2
-    mcsLabelsPerProject: 5
-    uidAllocatorRange: 1000000000-1999999999/10000
+    mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}"
+    mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }}
+    uidAllocatorRange: "{{ openshift.master.uid_allocator_range  }}"
 routingConfig:
   subdomain:  "{{ openshift.master.default_subdomain | default("") }}"
 serviceAccountConfig:

roles/openshift_master_ca/tasks/main.yml

@@ -18,5 +18,4 @@
       --master={{ openshift.master.api_url }}
       --public-master={{ openshift.master.public_api_url }}
       --cert-dir={{ openshift_master_config_dir }} --overwrite=false
-  args:
-    creates: "{{ openshift_master_config_dir }}/master.server.key"
+  when: master_certs_missing

roles/openshift_master_certificates/tasks/main.yml

@@ -20,6 +20,8 @@
     - admin.kubeconfig
     - master.kubelet-client.crt
     - master.kubelet-client.key
+    - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
+    - "{{ 'master.proxy-client.key' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
     - openshift-master.crt
     - openshift-master.key
     - openshift-master.kubeconfig
@@ -41,6 +43,5 @@
       --public-master={{ item.openshift.master.public_api_url }}
       --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
       --overwrite=false
-  args:
-    creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt"
+  when: master_certs_missing
   with_items: masters_needing_certs

roles/openshift_node/tasks/main.yml

@@ -30,6 +30,9 @@
       kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
       sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
       schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
+      docker_log_driver:  "{{ lookup( 'oo_option' , 'docker_log_driver'  )  | default('',True) }}"
+      docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' )  | default('',True) }}"
+      storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}"
 
 # We have to add tuned-profiles in the same transaction otherwise we run into depsolving
 # problems because the rpms don't pin the version properly.
@@ -68,12 +71,14 @@
   register: docker_check
 
   # TODO: Enable secure registry when code available in origin
-- name: Secure Registry
+- name: Secure Registry and Logs Options
   lineinfile:
     dest: /etc/sysconfig/docker
     regexp: '^OPTIONS=.*$'
     line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \
-{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'"
+{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \
+{% if openshift.node.docker_log_driver is defined  %} --log-driver {{ openshift.node.docker_log_driver }}  {% endif %} \
+{% if openshift.node.docker_log_options is defined %}   {{ openshift.node.docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}  {% endif %} '"
   when: docker_check.stat.isreg
   notify:
     - restart docker
@@ -120,9 +125,8 @@
   notify:
     - restart docker
 
-- name: Allow NFS access for VMs
-  seboolean: name=virt_use_nfs state=yes persistent=yes
-  when: ansible_selinux and ansible_selinux.status == "enabled"
+- name: Additional storage plugin configuration
+  include: storage_plugins/main.yml
 
 - name: Start and enable node
   service: name={{ openshift.common.service_type }}-node enabled=yes state=started

roles/openshift_node/tasks/storage_plugins/ceph.yml

@@ -0,0 +1,5 @@
+---
+- name: Install Ceph storage plugin dependencies
+  yum:
+    pkg: ceph-common
+    state: installed

roles/openshift_node/tasks/storage_plugins/glusterfs.yml

@@ -0,0 +1,12 @@
+---
+- name: Install GlusterFS storage plugin dependencies
+  yum:
+    pkg: glusterfs-fuse
+    state: installed
+
+- name: Set seboolean to allow gluster storage plugin access from containers
+  seboolean:
+    name: virt_use_fusefs
+    state: yes
+    persistent: yes
+  when: ansible_selinux and ansible_selinux.status == "enabled"

roles/openshift_node/tasks/storage_plugins/main.yml

@@ -0,0 +1,13 @@
+---
+# The NFS storage plugin is always enabled since it doesn't require any
+# additional package dependencies
+- name: NFS storage plugin configuration
+  include: nfs.yml
+
+- name: GlusterFS storage plugin configuration
+  include: glusterfs.yml
+  when: "'glusterfs' in openshift.node.storage_plugin_deps"
+
+- name: Ceph storage plugin configuration
+  include: ceph.yml
+  when: "'ceph' in openshift.node.storage_plugin_deps"

roles/openshift_node/tasks/storage_plugins/nfs.yml

@@ -0,0 +1,7 @@
+---
+- name: Set seboolean to allow nfs storage plugin access from containers
+  seboolean:
+    name: virt_use_nfs
+    state: yes
+    persistent: yes
+  when: ansible_selinux and ansible_selinux.status == "enabled"

roles/os_zabbix/tasks/main.yml

@@ -15,6 +15,7 @@
 - include_vars: template_ops_tools.yml
 - include_vars: template_app_zabbix_server.yml
 - include_vars: template_app_zabbix_agent.yml
+- include_vars: template_performance_copilot.yml
 
 - name: Include Template Heartbeat
   include: ../../lib_zabbix/tasks/create_template.yml
@@ -79,3 +80,11 @@
     server: "{{ ozb_server }}"
     user: "{{ ozb_user }}"
     password: "{{ ozb_password }}"
+
+- name: Include Template Performance Copilot
+  include: ../../lib_zabbix/tasks/create_template.yml
+  vars:
+    template: "{{ g_template_performance_copilot }}"
+    server: "{{ ozb_server }}"
+    user: "{{ ozb_user }}"
+    password: "{{ ozb_password }}"

roles/os_zabbix/vars/template_app_zabbix_agent.yml

@@ -6,14 +6,14 @@ g_template_app_zabbix_agent:
      applications:
      - Zabbix agent
      value_type: character
-     zabbix_type: 0
+     zabbix_type: agent
 
    - key: agent.ping
      applications:
      - Zabbix agent
      description: The agent always returns 1 for this item. It could be used in combination with nodata() for availability check.
      value_type: int
-     zabbix_type: 0
+     zabbix_type: agent
 
    ztriggers:
    - name: '[Reboot] Zabbix agent on {HOST.NAME} is unreachable for 15 minutes'

roles/os_zabbix/vars/template_app_zabbix_server.yml

@@ -8,7 +8,7 @@ g_template_app_zabbix_server:
      description: A simple count of the number of partition creates output by the housekeeper script.
      units: ''
      value_type: int
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: housekeeper_drops
      applications:
@@ -16,7 +16,7 @@ g_template_app_zabbix_server:
      description: A simple count of the number of partition drops output by the housekeeper script.
      units: ''
      value_type: int
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: housekeeper_errors
      applications:
@@ -24,7 +24,7 @@ g_template_app_zabbix_server:
      description: A simple count of the number of errors output by the housekeeper script.
      units: ''
      value_type: int
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: housekeeper_total
      applications:
@@ -33,7 +33,7 @@ g_template_app_zabbix_server:
        script.
      units: ''
      value_type: int
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,alerter,avg,busy]
      applications:
@@ -41,7 +41,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,configuration syncer,avg,busy]
      applications:
@@ -49,7 +49,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,db watchdog,avg,busy]
      applications:
@@ -57,7 +57,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,discoverer,avg,busy]
      applications:
@@ -65,7 +65,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,escalator,avg,busy]
      applications:
@@ -73,7 +73,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,history syncer,avg,busy]
      applications:
@@ -81,7 +81,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,housekeeper,avg,busy]
      applications:
@@ -89,7 +89,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,http poller,avg,busy]
      applications:
@@ -97,7 +97,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,icmp pinger,avg,busy]
      applications:
@@ -105,7 +105,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,ipmi poller,avg,busy]
      applications:
@@ -113,7 +113,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,java poller,avg,busy]
      applications:
@@ -121,7 +121,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,node watcher,avg,busy]
      applications:
@@ -129,7 +129,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,poller,avg,busy]
      applications:
@@ -137,7 +137,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,proxy poller,avg,busy]
      applications:
@@ -145,7 +145,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,self-monitoring,avg,busy]
      applications:
@@ -153,7 +153,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,snmp trapper,avg,busy]
      applications:
@@ -161,7 +161,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,timer,avg,busy]
      applications:
@@ -169,7 +169,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,trapper,avg,busy]
      applications:
@@ -177,7 +177,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[process,unreachable poller,avg,busy]
      applications:
@@ -185,7 +185,7 @@ g_template_app_zabbix_server:
      description: ''
      units: '%'
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[queue,10m]
      applications:
@@ -193,7 +193,7 @@ g_template_app_zabbix_server:
      description: ''
      units: ''
      value_type: int
-     zabbix_type: 5
+     zabbix_type: internal
      interval: 600
 
    - key: zabbix[queue]
@@ -202,7 +202,7 @@ g_template_app_zabbix_server:
      description: ''
      units: ''
      value_type: int
-     zabbix_type: 5
+     zabbix_type: internal
      interval: 600
 
    - key: zabbix[rcache,buffer,pfree]
@@ -211,7 +211,7 @@ g_template_app_zabbix_server:
      description: ''
      units: ''
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[wcache,history,pfree]
      applications:
@@ -219,7 +219,7 @@ g_template_app_zabbix_server:
      description: ''
      units: ''
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[wcache,text,pfree]
      applications:
@@ -227,7 +227,7 @@ g_template_app_zabbix_server:
      description: ''
      units: ''
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[wcache,trend,pfree]
      applications:
@@ -235,7 +235,7 @@ g_template_app_zabbix_server:
      description: ''
      units: ''
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
 
    - key: zabbix[wcache,values]
      applications:
@@ -243,7 +243,7 @@ g_template_app_zabbix_server:
      description: ''
      units: ''
      value_type: float
-     zabbix_type: 5
+     zabbix_type: internal
      delta: 1 # speed per second
 
    ztriggers:

roles/os_zabbix/vars/template_docker.yml

@@ -7,6 +7,11 @@ g_template_docker:
     - Docker Daemon
     value_type: int
 
+  - key: docker.info_elapsed_ms
+    applications:
+    - Docker Daemon
+    value_type: int
+
   - key: docker.storage.is_loopback
     applications:
     - Docker Storage

roles/os_zabbix/vars/template_os_linux.yml

@@ -246,15 +246,15 @@ g_template_os_linux:
 
     #  CPU Utilization #
   - name: 'CPU idle less than 5% on {HOST.NAME}'
-    expression: '{Template OS Linux:kernel.all.cpu.idle.last()}<5 and {Template OS Linux:kernel.all.cpu.idle.last(#2)}<5'
+    expression: '{Template OS Linux:kernel.all.cpu.idle.max(#5)}<5'
     url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_cpu_idle.asciidoc'
     priority: average
     description: 'CPU is less than 5% idle'
 
   - name: 'CPU idle less than 10% on {HOST.NAME}'
-    expression: '{Template OS Linux:kernel.all.cpu.idle.last()}<10 and {Template OS Linux:kernel.all.cpu.idle.last(#2)}<10'
+    expression: '{Template OS Linux:kernel.all.cpu.idle.max(#5)}<10'
     url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_cpu_idle.asciidoc'
-    priority: warn
+    priority: average
     description: 'CPU is less than 10% idle'
     dependencies:
     - 'CPU idle less than 5% on {HOST.NAME}'

roles/os_zabbix/vars/template_performance_copilot.yml

@@ -0,0 +1,14 @@
+---
+g_template_performance_copilot:
+  name: Template Performance Copilot
+  zitems:
+  - key: pcp.ping
+    applications:
+    - Performance Copilot
+    value_type: int
+
+  ztriggers:
+  - name: 'pcp.ping failed on {HOST.NAME}'
+    expression: '{Template Performance Copilot:pcp.ping.max(#3)}<1'
+    url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_pcp_ping.asciidoc'
+    priority: average