Merge pull request #3493 from kwoodson/registry_reencyrpt_route

Adding support for a route with reencrypt and certificates.

roles/lib_openshift/library/oadm_manage_node.py

@@ -1283,8 +1283,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1304,8 +1304,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_adm_ca_server_cert.py

@@ -1291,8 +1291,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1312,8 +1312,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_adm_registry.py

@@ -1387,8 +1387,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1408,8 +1408,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1985,6 +1985,7 @@ class Service(Yedit):
     port_path = "spec.ports"
     portal_ip = "spec.portalIP"
     cluster_ip = "spec.clusterIP"
+    selector_path = 'spec.selector'
     kind = 'Service'
 
     def __init__(self, content):
@@ -1995,6 +1996,10 @@ class Service(Yedit):
         ''' get a list of ports '''
         return self.get(Service.port_path) or []
 
+    def get_selector(self):
+        ''' get the service selector'''
+        return self.get(Service.selector_path) or {}
+
     def add_ports(self, inc_ports):
         ''' add a port object to the ports list '''
         if not isinstance(inc_ports, list):
@@ -2244,7 +2249,7 @@ class Registry(OpenShiftCLI):
             if result['returncode'] == 0 and part['kind'] == 'dc':
                 self.deploymentconfig = DeploymentConfig(result['results'][0])
             elif result['returncode'] == 0 and part['kind'] == 'svc':
-                self.service = Yedit(content=result['results'][0])
+                self.service = Service(result['results'][0])
 
             if result['returncode'] != 0:
                 rval = result['returncode']
@@ -2255,7 +2260,7 @@ class Registry(OpenShiftCLI):
     def exists(self):
         '''does the object exist?'''
         self.get()
-        if self.deploymentconfig or self.service:
+        if self.deploymentconfig and self.service:
             return True
 
         return False
@@ -2314,6 +2319,9 @@ class Registry(OpenShiftCLI):
         if self.portal_ip:
             service.put('spec.portalIP', self.portal_ip)
 
+        # the dry-run doesn't apply the selector correctly
+        service.put('spec.selector', self.service.get_selector())
+
         # need to create the service and the deploymentconfig
         service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict)
         deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict)
@@ -2328,8 +2336,20 @@ class Registry(OpenShiftCLI):
     def create(self):
         '''Create a registry'''
         results = []
-        for config_file in ['deployment_file', 'service_file']:
-            results.append(self._create(self.prepared_registry[config_file]))
+        self.needs_update()
+        # if the object is none, then we need to create it
+        # if the object needs an update, then we should call replace
+        # Handle the deploymentconfig
+        if self.deploymentconfig is None:
+            results.append(self._create(self.prepared_registry['deployment_file']))
+        elif self.prepared_registry['deployment_update']:
+            results.append(self._replace(self.prepared_registry['deployment_file']))
+
+        # Handle the service
+        if self.service is None:
+            results.append(self._create(self.prepared_registry['service_file']))
+        elif self.prepared_registry['service_update']:
+            results.append(self._replace(self.prepared_registry['service_file']))
 
         # Clean up returned results
         rval = 0
@@ -2341,7 +2361,7 @@ class Registry(OpenShiftCLI):
         return {'returncode': rval, 'results': results}
 
     def update(self):
-        '''run update for the registry.  This performs a delete and then create '''
+        '''run update for the registry.  This performs a replace if required'''
         # Store the current service IP
         if self.service:
             svcip = self.service.get('spec.clusterIP')
@@ -2415,14 +2435,12 @@ class Registry(OpenShiftCLI):
 
     def needs_update(self):
         ''' check to see if we need to update '''
-        if not self.service or not self.deploymentconfig:
-            return True
-
         exclude_list = ['clusterIP', 'portalIP', 'type', 'protocol']
-        if not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict,
-                                     self.service.yaml_dict,
-                                     exclude_list,
-                                     debug=self.verbose):
+        if self.service is None or \
+                not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict,
+                                          self.service.yaml_dict,
+                                          exclude_list,
+                                          debug=self.verbose):
             self.prepared_registry['service_update'] = True
 
         exclude_list = ['dnsPolicy',
@@ -2438,10 +2456,11 @@ class Registry(OpenShiftCLI):
                         'activeDeadlineSeconds', # added in 1.5 for timeouts
                        ]
 
-        if not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict,
-                                     self.deploymentconfig.yaml_dict,
-                                     exclude_list,
-                                     debug=self.verbose):
+        if self.deploymentconfig is None or \
+                not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict,
+                                          self.deploymentconfig.yaml_dict,
+                                          exclude_list,
+                                          debug=self.verbose):
             self.prepared_registry['deployment_update'] = True
 
         return self.prepared_registry['deployment_update'] or self.prepared_registry['service_update'] or False

roles/lib_openshift/library/oc_adm_router.py

@@ -1412,8 +1412,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1433,8 +1433,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1558,6 +1558,7 @@ class Service(Yedit):
     port_path = "spec.ports"
     portal_ip = "spec.portalIP"
     cluster_ip = "spec.clusterIP"
+    selector_path = 'spec.selector'
     kind = 'Service'
 
     def __init__(self, content):
@@ -1568,6 +1569,10 @@ class Service(Yedit):
         ''' get a list of ports '''
         return self.get(Service.port_path) or []
 
+    def get_selector(self):
+        ''' get the service selector'''
+        return self.get(Service.selector_path) or {}
+
     def add_ports(self, inc_ports):
         ''' add a port object to the ports list '''
         if not isinstance(inc_ports, list):
@@ -2606,6 +2611,21 @@ class Router(OpenShiftCLI):
         ''' setter for property rolebinding '''
         self._rolebinding = config
 
+    def get_object_by_kind(self, kind):
+        '''return the current object kind by name'''
+        if re.match("^(dc|deploymentconfig)$", kind, flags=re.IGNORECASE):
+            return self.deploymentconfig
+        elif re.match("^(svc|service)$", kind, flags=re.IGNORECASE):
+            return self.service
+        elif re.match("^(sa|serviceaccount)$", kind, flags=re.IGNORECASE):
+            return self.serviceaccount
+        elif re.match("secret", kind, flags=re.IGNORECASE):
+            return self.secret
+        elif re.match("clusterrolebinding", kind, flags=re.IGNORECASE):
+            return self.rolebinding
+
+        return None
+
     def get(self):
         ''' return the self.router_parts '''
         self.service = None
@@ -2756,13 +2776,19 @@ class Router(OpenShiftCLI):
            - clusterrolebinding
         '''
         results = []
+        self.needs_update()
 
         import time
         # pylint: disable=maybe-no-member
-        for _, oc_data in self.prepared_router.items():
+        for kind, oc_data in self.prepared_router.items():
             if oc_data['obj'] is not None:
                 time.sleep(1)
-                results.append(self._create(oc_data['path']))
+                if self.get_object_by_kind(kind) is None:
+                    results.append(self._create(oc_data['path']))
+
+                elif oc_data['update']:
+                    results.append(self._replace(oc_data['path']))
+
 
         rval = 0
         for result in results:
@@ -2790,17 +2816,15 @@ class Router(OpenShiftCLI):
     # pylint: disable=too-many-return-statements,too-many-branches
     def needs_update(self):
         ''' check to see if we need to update '''
-        if not self.deploymentconfig or not self.service or not self.serviceaccount or not self.secret:
-            return True
-
         # ServiceAccount:
         #   Need to determine changes from the pregenerated ones from the original
         #   Since these are auto generated, we can skip
         skip = ['secrets', 'imagePullSecrets']
-        if not Utils.check_def_equal(self.prepared_router['ServiceAccount']['obj'].yaml_dict,
-                                     self.serviceaccount.yaml_dict,
-                                     skip_keys=skip,
-                                     debug=self.verbose):
+        if self.serviceaccount is None or \
+                not Utils.check_def_equal(self.prepared_router['ServiceAccount']['obj'].yaml_dict,
+                                          self.serviceaccount.yaml_dict,
+                                          skip_keys=skip,
+                                          debug=self.verbose):
             self.prepared_router['ServiceAccount']['update'] = True
 
         # Secret:
@@ -2809,10 +2833,11 @@ class Router(OpenShiftCLI):
             if not self.secret:
                 self.prepared_router['Secret']['update'] = True
 
-            if not Utils.check_def_equal(self.prepared_router['Secret']['obj'].yaml_dict,
-                                         self.secret.yaml_dict,
-                                         skip_keys=skip,
-                                         debug=self.verbose):
+            if self.secret is None or \
+                    not Utils.check_def_equal(self.prepared_router['Secret']['obj'].yaml_dict,
+                                              self.secret.yaml_dict,
+                                              skip_keys=skip,
+                                              debug=self.verbose):
                 self.prepared_router['Secret']['update'] = True
 
         # Service:
@@ -2821,28 +2846,30 @@ class Router(OpenShiftCLI):
             port['protocol'] = 'TCP'
 
         skip = ['portalIP', 'clusterIP', 'sessionAffinity', 'type']
-        if not Utils.check_def_equal(self.prepared_router['Service']['obj'].yaml_dict,
-                                     self.service.yaml_dict,
-                                     skip_keys=skip,
-                                     debug=self.verbose):
+        if self.service is None or \
+                not Utils.check_def_equal(self.prepared_router['Service']['obj'].yaml_dict,
+                                          self.service.yaml_dict,
+                                          skip_keys=skip,
+                                          debug=self.verbose):
             self.prepared_router['Service']['update'] = True
 
         # DeploymentConfig:
         #   Router needs some exceptions.
         #   We do not want to check the autogenerated password for stats admin
-        if not self.config.config_options['stats_password']['value']:
-            for idx, env_var in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
-                        'spec.template.spec.containers[0].env') or []):
-                if env_var['name'] == 'STATS_PASSWORD':
-                    env_var['value'] = \
-                      self.deploymentconfig.get('spec.template.spec.containers[0].env[%s].value' % idx)
-                    break
+        if self.deploymentconfig is not None:
+            if not self.config.config_options['stats_password']['value']:
+                for idx, env_var in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
+                            'spec.template.spec.containers[0].env') or []):
+                    if env_var['name'] == 'STATS_PASSWORD':
+                        env_var['value'] = \
+                          self.deploymentconfig.get('spec.template.spec.containers[0].env[%s].value' % idx)
+                        break
 
-        # dry-run doesn't add the protocol to the ports section.  We will manually do that.
-        for idx, port in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
-                        'spec.template.spec.containers[0].ports') or []):
-            if not 'protocol' in port:
-                port['protocol'] = 'TCP'
+            # dry-run doesn't add the protocol to the ports section.  We will manually do that.
+            for idx, port in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
+                            'spec.template.spec.containers[0].ports') or []):
+                if not 'protocol' in port:
+                    port['protocol'] = 'TCP'
 
         # These are different when generating
         skip = ['dnsPolicy',
@@ -2853,10 +2880,11 @@ class Router(OpenShiftCLI):
                 'defaultMode',
                ]
 
-        if not Utils.check_def_equal(self.prepared_router['DeploymentConfig']['obj'].yaml_dict,
-                                     self.deploymentconfig.yaml_dict,
-                                     skip_keys=skip,
-                                     debug=self.verbose):
+        if self.deploymentconfig is None or \
+                not Utils.check_def_equal(self.prepared_router['DeploymentConfig']['obj'].yaml_dict,
+                                          self.deploymentconfig.yaml_dict,
+                                          skip_keys=skip,
+                                          debug=self.verbose):
             self.prepared_router['DeploymentConfig']['update'] = True
 
         # Check if any of the parts need updating, if so, return True

roles/lib_openshift/library/oc_edit.py

@@ -1311,8 +1311,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1332,8 +1332,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_env.py

@@ -1278,8 +1278,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1299,8 +1299,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_label.py

@@ -1287,8 +1287,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1308,8 +1308,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_obj.py

@@ -1290,8 +1290,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1311,8 +1311,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_process.py

@@ -1279,8 +1279,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1300,8 +1300,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_route.py

@@ -1321,8 +1321,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1342,8 +1342,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1594,8 +1594,10 @@ class OCRoute(OpenShiftCLI):
 
     def update(self):
         '''update the object'''
-        # need to update the tls information and the service name
-        return self._replace_content(self.kind, self.config.name, self.config.data)
+        return self._replace_content(self.kind,
+                                     self.config.name,
+                                     self.config.data,
+                                     force=(self.config.host != self.route.get_host()))
 
     def needs_update(self):
         ''' verify an update is needed '''

roles/lib_openshift/library/oc_scale.py

@@ -1265,8 +1265,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1286,8 +1286,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_sdnvalidator.py

@@ -1222,8 +1222,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1243,8 +1243,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_secret.py

@@ -1311,8 +1311,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1332,8 +1332,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_service.py

@@ -1317,8 +1317,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1338,8 +1338,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1463,6 +1463,7 @@ class Service(Yedit):
     port_path = "spec.ports"
     portal_ip = "spec.portalIP"
     cluster_ip = "spec.clusterIP"
+    selector_path = 'spec.selector'
     kind = 'Service'
 
     def __init__(self, content):
@@ -1473,6 +1474,10 @@ class Service(Yedit):
         ''' get a list of ports '''
         return self.get(Service.port_path) or []
 
+    def get_selector(self):
+        ''' get the service selector'''
+        return self.get(Service.selector_path) or {}
+
     def add_ports(self, inc_ports):
         ''' add a port object to the ports list '''
         if not isinstance(inc_ports, list):
@@ -1546,7 +1551,7 @@ class OCService(OpenShiftCLI):
                  kubeconfig='/etc/origin/master/admin.kubeconfig',
                  verbose=False):
         ''' Constructor for OCVolume '''
-        super(OCService, self).__init__(namespace, kubeconfig)
+        super(OCService, self).__init__(namespace, kubeconfig, verbose)
         self.namespace = namespace
         self.config = ServiceConfig(sname, namespace, ports, selector, labels,
                                     cluster_ip, portal_ip, session_affinity, service_type)
@@ -1617,7 +1622,9 @@ class OCService(OpenShiftCLI):
                            params['portalip'],
                            params['ports'],
                            params['session_affinity'],
-                           params['service_type'])
+                           params['service_type'],
+                           params['kubeconfig'],
+                           params['debug'])
 
         state = params['state']
 

roles/lib_openshift/library/oc_serviceaccount.py

@@ -1263,8 +1263,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1284,8 +1284,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_serviceaccount_secret.py

@@ -1263,8 +1263,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1284,8 +1284,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/library/oc_version.py

@@ -1235,8 +1235,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -1256,8 +1256,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/src/class/oc_adm_registry.py

@@ -109,7 +109,7 @@ class Registry(OpenShiftCLI):
             if result['returncode'] == 0 and part['kind'] == 'dc':
                 self.deploymentconfig = DeploymentConfig(result['results'][0])
             elif result['returncode'] == 0 and part['kind'] == 'svc':
-                self.service = Yedit(content=result['results'][0])
+                self.service = Service(result['results'][0])
 
             if result['returncode'] != 0:
                 rval = result['returncode']
@@ -120,7 +120,7 @@ class Registry(OpenShiftCLI):
     def exists(self):
         '''does the object exist?'''
         self.get()
-        if self.deploymentconfig or self.service:
+        if self.deploymentconfig and self.service:
             return True
 
         return False
@@ -179,6 +179,9 @@ class Registry(OpenShiftCLI):
         if self.portal_ip:
             service.put('spec.portalIP', self.portal_ip)
 
+        # the dry-run doesn't apply the selector correctly
+        service.put('spec.selector', self.service.get_selector())
+
         # need to create the service and the deploymentconfig
         service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict)
         deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict)
@@ -193,8 +196,20 @@ class Registry(OpenShiftCLI):
     def create(self):
         '''Create a registry'''
         results = []
-        for config_file in ['deployment_file', 'service_file']:
-            results.append(self._create(self.prepared_registry[config_file]))
+        self.needs_update()
+        # if the object is none, then we need to create it
+        # if the object needs an update, then we should call replace
+        # Handle the deploymentconfig
+        if self.deploymentconfig is None:
+            results.append(self._create(self.prepared_registry['deployment_file']))
+        elif self.prepared_registry['deployment_update']:
+            results.append(self._replace(self.prepared_registry['deployment_file']))
+
+        # Handle the service
+        if self.service is None:
+            results.append(self._create(self.prepared_registry['service_file']))
+        elif self.prepared_registry['service_update']:
+            results.append(self._replace(self.prepared_registry['service_file']))
 
         # Clean up returned results
         rval = 0
@@ -206,7 +221,7 @@ class Registry(OpenShiftCLI):
         return {'returncode': rval, 'results': results}
 
     def update(self):
-        '''run update for the registry.  This performs a delete and then create '''
+        '''run update for the registry.  This performs a replace if required'''
         # Store the current service IP
         if self.service:
             svcip = self.service.get('spec.clusterIP')
@@ -280,14 +295,12 @@ class Registry(OpenShiftCLI):
 
     def needs_update(self):
         ''' check to see if we need to update '''
-        if not self.service or not self.deploymentconfig:
-            return True
-
         exclude_list = ['clusterIP', 'portalIP', 'type', 'protocol']
-        if not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict,
-                                     self.service.yaml_dict,
-                                     exclude_list,
-                                     debug=self.verbose):
+        if self.service is None or \
+                not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict,
+                                          self.service.yaml_dict,
+                                          exclude_list,
+                                          debug=self.verbose):
             self.prepared_registry['service_update'] = True
 
         exclude_list = ['dnsPolicy',
@@ -303,10 +316,11 @@ class Registry(OpenShiftCLI):
                         'activeDeadlineSeconds', # added in 1.5 for timeouts
                        ]
 
-        if not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict,
-                                     self.deploymentconfig.yaml_dict,
-                                     exclude_list,
-                                     debug=self.verbose):
+        if self.deploymentconfig is None or \
+                not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict,
+                                          self.deploymentconfig.yaml_dict,
+                                          exclude_list,
+                                          debug=self.verbose):
             self.prepared_registry['deployment_update'] = True
 
         return self.prepared_registry['deployment_update'] or self.prepared_registry['service_update'] or False

roles/lib_openshift/src/class/oc_adm_router.py

@@ -113,6 +113,21 @@ class Router(OpenShiftCLI):
         ''' setter for property rolebinding '''
         self._rolebinding = config
 
+    def get_object_by_kind(self, kind):
+        '''return the current object kind by name'''
+        if re.match("^(dc|deploymentconfig)$", kind, flags=re.IGNORECASE):
+            return self.deploymentconfig
+        elif re.match("^(svc|service)$", kind, flags=re.IGNORECASE):
+            return self.service
+        elif re.match("^(sa|serviceaccount)$", kind, flags=re.IGNORECASE):
+            return self.serviceaccount
+        elif re.match("secret", kind, flags=re.IGNORECASE):
+            return self.secret
+        elif re.match("clusterrolebinding", kind, flags=re.IGNORECASE):
+            return self.rolebinding
+
+        return None
+
     def get(self):
         ''' return the self.router_parts '''
         self.service = None
@@ -263,13 +278,19 @@ class Router(OpenShiftCLI):
            - clusterrolebinding
         '''
         results = []
+        self.needs_update()
 
         import time
         # pylint: disable=maybe-no-member
-        for _, oc_data in self.prepared_router.items():
+        for kind, oc_data in self.prepared_router.items():
             if oc_data['obj'] is not None:
                 time.sleep(1)
-                results.append(self._create(oc_data['path']))
+                if self.get_object_by_kind(kind) is None:
+                    results.append(self._create(oc_data['path']))
+
+                elif oc_data['update']:
+                    results.append(self._replace(oc_data['path']))
+
 
         rval = 0
         for result in results:
@@ -297,17 +318,15 @@ class Router(OpenShiftCLI):
     # pylint: disable=too-many-return-statements,too-many-branches
     def needs_update(self):
         ''' check to see if we need to update '''
-        if not self.deploymentconfig or not self.service or not self.serviceaccount or not self.secret:
-            return True
-
         # ServiceAccount:
         #   Need to determine changes from the pregenerated ones from the original
         #   Since these are auto generated, we can skip
         skip = ['secrets', 'imagePullSecrets']
-        if not Utils.check_def_equal(self.prepared_router['ServiceAccount']['obj'].yaml_dict,
-                                     self.serviceaccount.yaml_dict,
-                                     skip_keys=skip,
-                                     debug=self.verbose):
+        if self.serviceaccount is None or \
+                not Utils.check_def_equal(self.prepared_router['ServiceAccount']['obj'].yaml_dict,
+                                          self.serviceaccount.yaml_dict,
+                                          skip_keys=skip,
+                                          debug=self.verbose):
             self.prepared_router['ServiceAccount']['update'] = True
 
         # Secret:
@@ -316,10 +335,11 @@ class Router(OpenShiftCLI):
             if not self.secret:
                 self.prepared_router['Secret']['update'] = True
 
-            if not Utils.check_def_equal(self.prepared_router['Secret']['obj'].yaml_dict,
-                                         self.secret.yaml_dict,
-                                         skip_keys=skip,
-                                         debug=self.verbose):
+            if self.secret is None or \
+                    not Utils.check_def_equal(self.prepared_router['Secret']['obj'].yaml_dict,
+                                              self.secret.yaml_dict,
+                                              skip_keys=skip,
+                                              debug=self.verbose):
                 self.prepared_router['Secret']['update'] = True
 
         # Service:
@@ -328,28 +348,30 @@ class Router(OpenShiftCLI):
             port['protocol'] = 'TCP'
 
         skip = ['portalIP', 'clusterIP', 'sessionAffinity', 'type']
-        if not Utils.check_def_equal(self.prepared_router['Service']['obj'].yaml_dict,
-                                     self.service.yaml_dict,
-                                     skip_keys=skip,
-                                     debug=self.verbose):
+        if self.service is None or \
+                not Utils.check_def_equal(self.prepared_router['Service']['obj'].yaml_dict,
+                                          self.service.yaml_dict,
+                                          skip_keys=skip,
+                                          debug=self.verbose):
             self.prepared_router['Service']['update'] = True
 
         # DeploymentConfig:
         #   Router needs some exceptions.
         #   We do not want to check the autogenerated password for stats admin
-        if not self.config.config_options['stats_password']['value']:
-            for idx, env_var in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
-                        'spec.template.spec.containers[0].env') or []):
-                if env_var['name'] == 'STATS_PASSWORD':
-                    env_var['value'] = \
-                      self.deploymentconfig.get('spec.template.spec.containers[0].env[%s].value' % idx)
-                    break
-
-        # dry-run doesn't add the protocol to the ports section.  We will manually do that.
-        for idx, port in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
-                        'spec.template.spec.containers[0].ports') or []):
-            if not 'protocol' in port:
-                port['protocol'] = 'TCP'
+        if self.deploymentconfig is not None:
+            if not self.config.config_options['stats_password']['value']:
+                for idx, env_var in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
+                            'spec.template.spec.containers[0].env') or []):
+                    if env_var['name'] == 'STATS_PASSWORD':
+                        env_var['value'] = \
+                          self.deploymentconfig.get('spec.template.spec.containers[0].env[%s].value' % idx)
+                        break
+
+            # dry-run doesn't add the protocol to the ports section.  We will manually do that.
+            for idx, port in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
+                            'spec.template.spec.containers[0].ports') or []):
+                if not 'protocol' in port:
+                    port['protocol'] = 'TCP'
 
         # These are different when generating
         skip = ['dnsPolicy',
@@ -360,10 +382,11 @@ class Router(OpenShiftCLI):
                 'defaultMode',
                ]
 
-        if not Utils.check_def_equal(self.prepared_router['DeploymentConfig']['obj'].yaml_dict,
-                                     self.deploymentconfig.yaml_dict,
-                                     skip_keys=skip,
-                                     debug=self.verbose):
+        if self.deploymentconfig is None or \
+                not Utils.check_def_equal(self.prepared_router['DeploymentConfig']['obj'].yaml_dict,
+                                          self.deploymentconfig.yaml_dict,
+                                          skip_keys=skip,
+                                          debug=self.verbose):
             self.prepared_router['DeploymentConfig']['update'] = True
 
         # Check if any of the parts need updating, if so, return True

roles/lib_openshift/src/class/oc_route.py

@@ -55,8 +55,10 @@ class OCRoute(OpenShiftCLI):
 
     def update(self):
         '''update the object'''
-        # need to update the tls information and the service name
-        return self._replace_content(self.kind, self.config.name, self.config.data)
+        return self._replace_content(self.kind,
+                                     self.config.name,
+                                     self.config.data,
+                                     force=(self.config.host != self.route.get_host()))
 
     def needs_update(self):
         ''' verify an update is needed '''

roles/lib_openshift/src/class/oc_service.py

@@ -22,7 +22,7 @@ class OCService(OpenShiftCLI):
                  kubeconfig='/etc/origin/master/admin.kubeconfig',
                  verbose=False):
         ''' Constructor for OCVolume '''
-        super(OCService, self).__init__(namespace, kubeconfig)
+        super(OCService, self).__init__(namespace, kubeconfig, verbose)
         self.namespace = namespace
         self.config = ServiceConfig(sname, namespace, ports, selector, labels,
                                     cluster_ip, portal_ip, session_affinity, service_type)
@@ -93,7 +93,9 @@ class OCService(OpenShiftCLI):
                            params['portalip'],
                            params['ports'],
                            params['session_affinity'],
-                           params['service_type'])
+                           params['service_type'],
+                           params['kubeconfig'],
+                           params['debug'])
 
         state = params['state']
 

roles/lib_openshift/src/lib/base.py

@@ -523,8 +523,8 @@ class Utils(object):
                     elif value != user_def[key]:
                         if debug:
                             print('value should be identical')
-                            print(value)
                             print(user_def[key])
+                            print(value)
                         return False
 
             # recurse on a dictionary
@@ -544,8 +544,8 @@ class Utils(object):
                 if api_values != user_values:
                     if debug:
                         print("keys are not equal in dict")
-                        print(api_values)
                         print(user_values)
+                        print(api_values)
                     return False
 
                 result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)

roles/lib_openshift/src/lib/service.py

@@ -67,6 +67,7 @@ class Service(Yedit):
     port_path = "spec.ports"
     portal_ip = "spec.portalIP"
     cluster_ip = "spec.clusterIP"
+    selector_path = 'spec.selector'
     kind = 'Service'
 
     def __init__(self, content):
@@ -77,6 +78,10 @@ class Service(Yedit):
         ''' get a list of ports '''
         return self.get(Service.port_path) or []
 
+    def get_selector(self):
+        ''' get the service selector'''
+        return self.get(Service.selector_path) or {}
+
     def add_ports(self, inc_ports):
         ''' add a port object to the ports list '''
         if not isinstance(inc_ports, list):

roles/openshift_hosted/tasks/registry/registry.yml

@@ -40,6 +40,9 @@
     openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
     openshift_hosted_registry_volumes: []
     openshift_hosted_registry_env_vars: {}
+    openshift_hosted_registry_routecertificates: "{{ ('routecertificates' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routecertificates, {}) }}"
+    openshift_hosted_registry_routehost: "{{ ('routehost' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routehost, False) }}"
+    openshift_hosted_registry_routetermination: "{{ ('routetermination' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routetermination, 'passthrough') }}"
     openshift_hosted_registry_edits:
     # These edits are being specified only to prevent 'changed' on rerun
     - key: spec.strategy.rollingParams

roles/openshift_hosted/tasks/registry/secure.yml

@@ -3,13 +3,41 @@
   set_fact:
     docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
 
+- name: Get the certificate contents for registry
+  copy:
+    backup: True
+    dest: "/etc/origin/master/named_certificates/{{ item.value | basename }}"
+    src: "{{ item.value }}"
+  when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value is not None
+  with_dict: "{{ openshift_hosted_registry_routecertificates }}"
+
+# When certificates are defined we will create the reencrypt
+# docker-registry route
+- name: Create a reencrypt route for docker-registry
+  oc_route:
+    name: docker-registry
+    namespace: "{{ openshift_hosted_registry_namespace }}"
+    service_name: docker-registry
+    tls_termination: "{{ openshift_hosted_registry_routetermination }}"
+    host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}"
+    cert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
+    key_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
+    cacert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
+    dest_cacert_path: /etc/origin/master/ca.crt
+  when:
+  - "'cafile' in openshift_hosted_registry_routecertificates"
+  - "'certfile' in openshift_hosted_registry_routecertificates"
+  - "'keyfile' in openshift_hosted_registry_routecertificates"
+
+# When routetermination is passthrough we will create the route
 - name: Create passthrough route for docker-registry
   oc_route:
     name: docker-registry
     namespace: "{{ openshift_hosted_registry_namespace }}"
     service_name: docker-registry
-    tls_termination: passthrough
-    host: "{{ docker_registry_route_hostname }}"
+    tls_termination: "{{ openshift_hosted_registry_routetermination }}"
+    host: "{{ openshift_hosted_registry_routehost | ternary(openshift_hosted_registry_routehost, docker_registry_route_hostname) }}"
+  when: openshift_hosted_registry_routetermination == 'passthrough'
 
 - name: Retrieve registry service IP
   oc_service: