Merge pull request #3434 from giuseppe/system-containers-module

System containers module

10 files changed, 448 insertions, 164 deletions

diff --git a/roles/etcd/tasks/system_container.yml b/roles/etcd/tasks/system_container.yml
index 241180e2c..3b80164cc 100644
--- a/roles/etcd/tasks/system_container.yml
+++ b/roles/etcd/tasks/system_container.yml
@@ -1,17 +1,16 @@
 ---
+- name: Load lib_openshift modules
+  include_role:
+    name: lib_openshift
+
 - name: Pull etcd system container
   command: atomic pull --storage=ostree {{ openshift.etcd.etcd_image }}
   register: pull_result
   changed_when: "'Pulling layer' in pull_result.stdout"
 
-- name: Check etcd system container package
-  command: >
-    atomic containers list --no-trunc -a -f container=etcd
-  register: result
-
 - name: Set initial Etcd cluster
   set_fact:
-    etcd_initial_cluster: >
+    etcd_initial_cluster: >-
       {% for host in etcd_peers | default([]) -%}
       {% if loop.last -%}
       {{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }}
@@ -20,44 +19,23 @@
       {%- endif -%}
       {% endfor -%}
 
-- name: Update Etcd system container package
-  command: >
-    atomic containers update
-    --set ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }}
-    --set ETCD_NAME={{ etcd_hostname }}
-    --set ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster | replace('\n', '') }}
-    --set ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }}
-    --set ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }}
-    --set ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }}
-    --set ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }}
-    --set ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }}
-    --set ETCD_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
-    --set ETCD_CERT_FILE={{ etcd_system_container_conf_dir }}/server.crt
-    --set ETCD_KEY_FILE={{ etcd_system_container_conf_dir }}/server.key
-    --set ETCD_PEER_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
-    --set ETCD_PEER_CERT_FILE={{ etcd_system_container_conf_dir }}/peer.crt
-    --set ETCD_PEER_KEY_FILE={{ etcd_system_container_conf_dir }}/peer.key
-    etcd
-  when:
-  - ("etcd" in result.stdout)
-
-- name: Install Etcd system container package
-  command: >
-    atomic install --system --name=etcd
-    --set ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }}
-    --set ETCD_NAME={{ etcd_hostname }}
-    --set ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster | replace('\n', '') }}
-    --set ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }}
-    --set ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }}
-    --set ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }}
-    --set ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }}
-    --set ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }}
-    --set ETCD_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
-    --set ETCD_CERT_FILE={{ etcd_system_container_conf_dir }}/server.crt
-    --set ETCD_KEY_FILE={{ etcd_system_container_conf_dir }}/server.key
-    --set ETCD_PEER_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
-    --set ETCD_PEER_CERT_FILE={{ etcd_system_container_conf_dir }}/peer.crt
-    --set ETCD_PEER_KEY_FILE={{ etcd_system_container_conf_dir }}/peer.key
-    {{ openshift.etcd.etcd_image }}
-  when:
-  - ("etcd" not in result.stdout)
+- name: Install or Update Etcd system container package
+  oc_atomic_container:
+    name: etcd
+    image: "{{ openshift.etcd.etcd_image }}"
+    state: latest
+    values:
+      - ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }}
+      - ETCD_NAME={{ etcd_hostname }}
+      - ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster }}
+      - ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }}
+      - ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }}
+      - ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }}
+      - ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }}
+      - ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }}
+      - ETCD_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
+      - ETCD_CERT_FILE={{ etcd_system_container_conf_dir }}/server.crt
+      - ETCD_KEY_FILE={{ etcd_system_container_conf_dir }}/server.key
+      - ETCD_PEER_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt
+      - ETCD_PEER_CERT_FILE={{ etcd_system_container_conf_dir }}/peer.crt
+      - ETCD_PEER_KEY_FILE={{ etcd_system_container_conf_dir }}/peer.key
diff --git a/roles/lib_openshift/library/oc_atomic_container.py b/roles/lib_openshift/library/oc_atomic_container.py
new file mode 100644
index 000000000..d2620b4cc
--- /dev/null
+++ b/roles/lib_openshift/library/oc_atomic_container.py
@@ -0,0 +1,203 @@
+#!/usr/bin/env python
+# pylint: disable=missing-docstring
+# flake8: noqa: T001
+#     ___ ___ _  _ ___ ___    _ _____ ___ ___
+#    / __| __| \| | __| _ \  /_\_   _| __|   \
+#   | (_ | _|| .` | _||   / / _ \| | | _|| |) |
+#    \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____
+#   |   \ / _ \  | \| |/ _ \_   _| | __|   \_ _|_   _|
+#   | |) | (_) | | .` | (_) || |   | _|| |) | |  | |
+#   |___/ \___/  |_|\_|\___/ |_|   |___|___/___| |_|
+#
+# Copyright 2016 Red Hat, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# -*- -*- -*- Begin included fragment: doc/atomic_container -*- -*- -*-
+
+DOCUMENTATION = '''
+---
+module: oc_atomic_container
+short_description: Manage the container images on the atomic host platform
+description:
+    - Manage the container images on the atomic host platform
+    - Allows to execute the commands on the container images
+requirements:
+  - atomic
+  - "python >= 2.6"
+options:
+    name:
+        description:
+          - Name of the container
+        required: True
+        default: null
+    image:
+        description:
+          - The image to use to install the container
+        required: True
+        default: null
+    state:
+        description:
+          - State of the container
+        required: True
+        choices: ["latest", "absent", "latest", "rollback"]
+        default: "latest"
+    values:
+        description:
+          - Values for the installation of the container
+        required: False
+        default: None
+'''
+
+# -*- -*- -*- End included fragment: doc/atomic_container -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ansible/oc_atomic_container.py -*- -*- -*-
+
+# pylint: disable=wrong-import-position,too-many-branches,invalid-name
+import json
+from ansible.module_utils.basic import AnsibleModule
+
+
+def _install(module, container, image, values_list):
+    ''' install a container using atomic CLI.  values_list is the list of --set arguments.
+    container is the name given to the container.  image is the image to use for the installation. '''
+    args = ['atomic', 'install', "--system", '--name=%s' % container] + values_list + [image]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        return rc, out, err, False
+    else:
+        changed = "Extracting" in out
+        return rc, out, err, changed
+
+def _uninstall(module, name):
+    ''' uninstall an atomic container by its name. '''
+    args = ['atomic', 'uninstall', name]
+    rc, out, err = module.run_command(args, check_rc=False)
+    return rc, out, err, False
+
+
+def do_install(module, container, image, values_list):
+    ''' install a container and exit the module. '''
+    rc, out, err, changed = _install(module, container, image, values_list)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    else:
+        module.exit_json(msg=out, changed=changed)
+
+
+def do_uninstall(module, name):
+    ''' uninstall a container and exit the module. '''
+    rc, out, err, changed = _uninstall(module, name)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    module.exit_json(msg=out, changed=changed)
+
+
+def do_update(module, container, old_image, image, values_list):
+    ''' update a container and exit the module.  If the container uses a different
+    image than the current installed one, then first uninstall the old one '''
+
+    # the image we want is different than the installed one
+    if old_image != image:
+        rc, out, err, _ = _uninstall(module, container)
+        if rc != 0:
+            module.fail_json(rc=rc, msg=err)
+        return do_install(module, container, image, values_list)
+
+    # if the image didn't change, use "atomic containers update"
+    args = ['atomic', 'containers', 'update'] + values_list + [container]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    else:
+        changed = "Extracting" in out
+        module.exit_json(msg=out, changed=changed)
+
+
+def do_rollback(module, name):
+    ''' move to the previous deployment of the container, if present, and exit the module. '''
+    args = ['atomic', 'containers', 'rollback', name]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    else:
+        changed = "Rolling back" in out
+        module.exit_json(msg=out, changed=changed)
+
+
+def core(module):
+    ''' entrypoint for the module. '''
+    name = module.params['name']
+    image = module.params['image']
+    values = module.params['values']
+    state = module.params['state']
+
+    module.run_command_environ_update = dict(LANG='C', LC_ALL='C', LC_MESSAGES='C')
+    out = {}
+    err = {}
+    rc = 0
+
+    values_list = ["--set=%s" % x for x in values] if values else []
+
+    args = ['atomic', 'containers', 'list', '--json', '--all', '-f', 'container=%s' % name]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+        return
+
+    containers = json.loads(out)
+    present = len(containers) > 0
+    old_image = containers[0]["image_name"] if present else None
+
+    if state == 'present' and present:
+        module.exit_json(msg=out, changed=False)
+    elif (state in ['latest', 'present']) and not present:
+        do_install(module, name, image, values_list)
+    elif state == 'latest':
+        do_update(module, name, old_image, image, values_list)
+    elif state == 'absent':
+        if not present:
+            module.exit_json(msg="", changed=False)
+        else:
+            do_uninstall(module, name)
+    elif state == 'rollback':
+        do_rollback(module, name)
+
+
+def main():
+    module = AnsibleModule(
+        argument_spec=dict(
+            name=dict(default=None, required=True),
+            image=dict(default=None, required=True),
+            state=dict(default='latest', choices=['present', 'absent', 'latest', 'rollback']),
+            values=dict(type='list', default=[]),
+            ),
+        )
+
+    # Verify that the platform supports atomic command
+    rc, _, err = module.run_command('atomic -v', check_rc=False)
+    if rc != 0:
+        module.fail_json(msg="Error in running atomic command", err=err)
+
+    try:
+        core(module)
+    except Exception as e:  # pylint: disable=broad-except
+        module.fail_json(msg=str(e))
+
+
+if __name__ == '__main__':
+    main()
+
+# -*- -*- -*- End included fragment: ansible/oc_atomic_container.py -*- -*- -*-
diff --git a/roles/lib_openshift/src/ansible/oc_atomic_container.py b/roles/lib_openshift/src/ansible/oc_atomic_container.py
new file mode 100644
index 000000000..20d75cb63
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_atomic_container.py
@@ -0,0 +1,137 @@
+# pylint: skip-file
+# flake8: noqa
+
+# pylint: disable=wrong-import-position,too-many-branches,invalid-name
+import json
+from ansible.module_utils.basic import AnsibleModule
+
+
+def _install(module, container, image, values_list):
+    ''' install a container using atomic CLI.  values_list is the list of --set arguments.
+    container is the name given to the container.  image is the image to use for the installation. '''
+    args = ['atomic', 'install', "--system", '--name=%s' % container] + values_list + [image]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        return rc, out, err, False
+    else:
+        changed = "Extracting" in out
+        return rc, out, err, changed
+
+def _uninstall(module, name):
+    ''' uninstall an atomic container by its name. '''
+    args = ['atomic', 'uninstall', name]
+    rc, out, err = module.run_command(args, check_rc=False)
+    return rc, out, err, False
+
+
+def do_install(module, container, image, values_list):
+    ''' install a container and exit the module. '''
+    rc, out, err, changed = _install(module, container, image, values_list)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    else:
+        module.exit_json(msg=out, changed=changed)
+
+
+def do_uninstall(module, name):
+    ''' uninstall a container and exit the module. '''
+    rc, out, err, changed = _uninstall(module, name)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    module.exit_json(msg=out, changed=changed)
+
+
+def do_update(module, container, old_image, image, values_list):
+    ''' update a container and exit the module.  If the container uses a different
+    image than the current installed one, then first uninstall the old one '''
+
+    # the image we want is different than the installed one
+    if old_image != image:
+        rc, out, err, _ = _uninstall(module, container)
+        if rc != 0:
+            module.fail_json(rc=rc, msg=err)
+        return do_install(module, container, image, values_list)
+
+    # if the image didn't change, use "atomic containers update"
+    args = ['atomic', 'containers', 'update'] + values_list + [container]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    else:
+        changed = "Extracting" in out
+        module.exit_json(msg=out, changed=changed)
+
+
+def do_rollback(module, name):
+    ''' move to the previous deployment of the container, if present, and exit the module. '''
+    args = ['atomic', 'containers', 'rollback', name]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    else:
+        changed = "Rolling back" in out
+        module.exit_json(msg=out, changed=changed)
+
+
+def core(module):
+    ''' entrypoint for the module. '''
+    name = module.params['name']
+    image = module.params['image']
+    values = module.params['values']
+    state = module.params['state']
+
+    module.run_command_environ_update = dict(LANG='C', LC_ALL='C', LC_MESSAGES='C')
+    out = {}
+    err = {}
+    rc = 0
+
+    values_list = ["--set=%s" % x for x in values] if values else []
+
+    args = ['atomic', 'containers', 'list', '--json', '--all', '-f', 'container=%s' % name]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+        return
+
+    containers = json.loads(out)
+    present = len(containers) > 0
+    old_image = containers[0]["image_name"] if present else None
+
+    if state == 'present' and present:
+        module.exit_json(msg=out, changed=False)
+    elif (state in ['latest', 'present']) and not present:
+        do_install(module, name, image, values_list)
+    elif state == 'latest':
+        do_update(module, name, old_image, image, values_list)
+    elif state == 'absent':
+        if not present:
+            module.exit_json(msg="", changed=False)
+        else:
+            do_uninstall(module, name)
+    elif state == 'rollback':
+        do_rollback(module, name)
+
+
+def main():
+    module = AnsibleModule(
+        argument_spec=dict(
+            name=dict(default=None, required=True),
+            image=dict(default=None, required=True),
+            state=dict(default='latest', choices=['present', 'absent', 'latest', 'rollback']),
+            values=dict(type='list', default=[]),
+            ),
+        )
+
+    # Verify that the platform supports atomic command
+    rc, _, err = module.run_command('atomic -v', check_rc=False)
+    if rc != 0:
+        module.fail_json(msg="Error in running atomic command", err=err)
+
+    try:
+        core(module)
+    except Exception as e:  # pylint: disable=broad-except
+        module.fail_json(msg=str(e))
+
+
+if __name__ == '__main__':
+    main()
diff --git a/roles/lib_openshift/src/doc/atomic_container b/roles/lib_openshift/src/doc/atomic_container
new file mode 100644
index 000000000..53fc40f36
--- /dev/null
+++ b/roles/lib_openshift/src/doc/atomic_container
@@ -0,0 +1,36 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oc_atomic_container
+short_description: Manage the container images on the atomic host platform
+description:
+    - Manage the container images on the atomic host platform
+    - Allows to execute the commands on the container images
+requirements:
+  - atomic
+  - "python >= 2.6"
+options:
+    name:
+        description:
+          - Name of the container
+        required: True
+        default: null
+    image:
+        description:
+          - The image to use to install the container
+        required: True
+        default: null
+    state:
+        description:
+          - State of the container
+        required: True
+        choices: ["latest", "absent", "latest", "rollback"]
+        default: "latest"
+    values:
+        description:
+          - Values for the installation of the container
+        required: False
+        default: None
+'''
diff --git a/roles/lib_openshift/src/sources.yml b/roles/lib_openshift/src/sources.yml
index 6585b1258..a48fdf0c2 100644
--- a/roles/lib_openshift/src/sources.yml
+++ b/roles/lib_openshift/src/sources.yml
@@ -49,6 +49,12 @@ oc_adm_router.py:
 - class/oc_adm_router.py
 - ansible/oc_adm_router.py
 
+oc_atomic_container.py:
+- doc/generated
+- doc/license
+- doc/atomic_container
+- ansible/oc_atomic_container.py
+
 oc_edit.py:
 - doc/generated
 - doc/license
diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml
index a0e1ac75e..1b3e0dba1 100644
--- a/roles/openshift_master/tasks/system_container.yml
+++ b/roles/openshift_master/tasks/system_container.yml
@@ -1,4 +1,8 @@
 ---
+- name: Load lib_openshift modules
+  include_role:
+    name: lib_openshift
+
 - name: Pre-pull master system container image
   command: >
     atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}
@@ -10,68 +14,31 @@
     atomic containers list --no-trunc -a -f container={{ openshift.common.service_type }}-master
   register: result
 
-- name: Update Master system container package
-  command: >
-    atomic containers update {{ openshift.common.service_type }}-master
-  register: update_result
-  changed_when: "'Extracting' in update_result.stdout"
-  when:
-    - ("master" in result.stdout)
-    - l_is_same_version
-    - not l_is_ha
-
-- name: Uninstall Master system container package
-  command: >
-    atomic uninstall {{ openshift.common.service_type }}-master
-  failed_when: False
-  when:
-    - ("master" in result.stdout)
-    - not l_is_same_version
-    - not l_is_ha
-
-- name: Install Master system container package
-  command: >
-    atomic install --system --name={{ openshift.common.service_type }}-master {{ openshift.common.system_images_registry }}/{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}
+- name: Install or Update master system container
+  oc_atomic_container:
+    name: "{{ openshift.common.service_type }}-master"
+    image: "{{ openshift.common.system_images_registry }}/{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+    state: latest
   when:
-    - not l_is_same_version or ("master" not in result.stdout) | bool
     - not l_is_ha
-  notify:
-    - restart master
 
 # HA
-- name: Update Master HA system container package
-  command: >
-    atomic containers update {{ openshift.common.service_type }}-master-{{ item }}
-  register: update_result
-  changed_when: "'Extracting' in update_result.stdout"
-  with_items:
-    - api
-    - controllers
-  when:
-    - ("master" in result.stdout)
-    - l_is_same_version
-    - l_is_ha
-
-- name: Uninstall Master HA system container package
-  command: >
-    atomic uninstall {{ openshift.common.service_type }}-master-{{ item }}
-  failed_when: False
-  with_items:
-    - api
-    - controllers
+- name: Install or Update HA api master system container
+  oc_atomic_container:
+    name: "{{ openshift.common.service_type }}-master-api"
+    image: "{{ openshift.common.system_images_registry }}/{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+    state: latest
+    values:
+      - COMMAND=api
   when:
-    - ("master" in result.stdout)
-    - not l_is_same_version
     - l_is_ha
 
-- name: Install Master HA system container package
-  command: >
-    atomic install --system --set COMMAND={{ item }} --name={{ openshift.common.service_type }}-master-{{ item }} {{ openshift.common.system_images_registry }}/{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}
-  with_items:
-    - api
-    - controllers
+- name: Install or Update HA controller master system container
+  oc_atomic_container:
+    name: "{{ openshift.common.service_type }}-master-controllers"
+    image: "{{ openshift.common.system_images_registry }}/{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+    state: latest
+    values:
+      - COMMAND=controllers
   when:
-    - not l_is_same_version or ("master" not in result.stdout) | bool
     - l_is_ha
-  notify:
-    - restart master
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index 1e157097d..c5ba20409 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -20,4 +20,3 @@ openshift_master_valid_grant_methods:
 - deny
 
 l_is_ha: "{{ openshift.master.ha is defined and openshift.master.ha | bool }}"
-l_is_same_version: "{{ (openshift.common.version is defined) and (openshift.common.version == openshift_version) | bool }}"
diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml
index 3ae5c7600..abe139418 100644
--- a/roles/openshift_node/tasks/node_system_container.yml
+++ b/roles/openshift_node/tasks/node_system_container.yml
@@ -1,36 +1,16 @@
 ---
+- name: Load lib_openshift modules
+  include_role:
+    name: lib_openshift
+
 - name: Pre-pull node system container image
   command: >
     atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}
   register: pull_result
   changed_when: "'Pulling layer' in pull_result.stdout"
 
-- name: Check Node system container package
-  command: >
-    atomic containers list --no-trunc -a -f container={{ openshift.common.service_type }}-node
-  register: result
-
-- name: Update Node system container package
-  command: >
-    atomic containers update {{ openshift.common.service_type }}-node
-  register: update_result
-  changed_when: "'Extracting' in update_result.stdout"
-  when:
-  - l_is_same_version
-  - ("node" in result.stdout)
-
-- name: Uninstall Node system container package
-  command: >
-    atomic uninstall {{ openshift.common.service_type }}-node
-  failed_when: False
-  when:
-  - not l_is_same_version
-  - ("node" in result.stdout)
-
-- name: Install Node system container package
-  command: >
-    atomic install --system --name={{ openshift.common.service_type }}-node {{ openshift.common.system_images_registry }}/{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}
-  register: install_node_result
-  changed_when: "'Extracting' in pull_result.stdout"
-  when:
-  - not l_is_same_version or ("node" not in result.stdout) | bool
+- name: Install or Update node system container
+  oc_atomic_container:
+    name: "{{ openshift.common.service_type }}-node"
+    image: "{{ openshift.common.system_images_registry }}/{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}"
+    state: latest
diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml
index 6114230d0..b76ce8797 100644
--- a/roles/openshift_node/tasks/openvswitch_system_container.yml
+++ b/roles/openshift_node/tasks/openvswitch_system_container.yml
@@ -1,36 +1,16 @@
 ---
+- name: Load lib_openshift modules
+  include_role:
+    name: lib_openshift
+
 - name: Pre-pull OpenVSwitch system container image
   command: >
     atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}
   register: pull_result
   changed_when: "'Pulling layer' in pull_result.stdout"
 
-- name: Check OpenvSwitch system container package
-  command: >
-    atomic containers list --no-trunc -a -f container=openvswitch
-  register: result
-
-- name: Update OpenvSwitch system container package
-  command: >
-    atomic containers update openvswitch
-  register: update_result
-  changed_when: "'Extracting' in update_result.stdout"
-  when:
-  - l_is_same_version
-  - ("openvswitch" in result.stdout) | bool
-
-- name: Uninstall OpenvSwitch system container package
-  command: >
-    atomic uninstall openvswitch
-  failed_when: False
-  when:
-  - not l_is_same_version
-  - ("openvswitch" in result.stdout) | bool
-
-- name: Install OpenvSwitch system container package
-  command: >
-    atomic install --system --name=openvswitch {{ openshift.common.system_images_registry }}/{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}
-  when:
-  - not l_is_same_version or ("openvswitch" not in result.stdout) | bool
-  notify:
-  - restart docker
+- name: Install or Update OpenVSwitch system container
+  oc_atomic_container:
+    name: openvswitch
+    image: "{{ openshift.common.system_images_registry }}/{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}"
+    state: latest
diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml
deleted file mode 100644
index 0c2abf3b9..000000000
--- a/roles/openshift_node/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-l_is_same_version: "{{ (openshift.common.version is defined) and (openshift.common.version == openshift_version) | bool }}"