16 files changed, 68 insertions, 42 deletions

diff --git a/README_libvirt.md b/README_libvirt.md
index c523d83fb..1661681a0 100644
--- a/README_libvirt.md
+++ b/README_libvirt.md
@@ -15,7 +15,7 @@ Install dependencies
 3.	Install [ebtables](http://ebtables.netfilter.org/)
 4.	Install [qemu and qemu-system-x86](http://wiki.qemu.org/Main_Page)
 5.	Install [libvirt-python and libvirt](http://libvirt.org/)
-6.	Install [genisoimage](http://cdrkit.org/)
+6.	Install [genisoimage](http://cdrkit.org/) or [mkisofs](http://cdrtools.sourceforge.net/private/cdrecord.html)
 7.	Enable and start the libvirt daemon, e.g:
 	-	`systemctl enable libvirtd`
 	-	`systemctl start libvirtd`
@@ -23,6 +23,7 @@ Install dependencies
 9.	Check that your `$HOME` is accessible to the qemu user²
 10.	Configure dns resolution on the host³
 11.	Install libselinux-python
+12.	Ensure you have an SSH private and public keypair at `~/.ssh/id_rsa` and `~/.ssh/id_rsa.pub`⁴
 
 #### ¹ Depending on your distribution, libvirt access may be denied by default or may require a password at each access.
 
@@ -103,6 +104,11 @@ sudo vi /etc/NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf
 server=/example.com/192.168.55.1
 ```
 
+#### ⁴ Private and public keypair in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
+
+This playbook uses SSH keys to communicate with the libvirt-driven virtual machines.  At this time the names of those keys are fixed and cannot be changed.
+
+
 Test The Setup
 --------------
 
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index c6d0e69eb..36a90a870 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -194,10 +194,10 @@ def oo_select_keys_from_list(data, keys):
     """
 
     if not isinstance(data, list):
-        raise errors.AnsibleFilterError("|failed expects to filter on a list")
+        raise errors.AnsibleFilterError("|oo_select_keys_from_list failed expects to filter on a list")
 
     if not isinstance(keys, list):
-        raise errors.AnsibleFilterError("|failed expects first param is a list")
+        raise errors.AnsibleFilterError("|oo_select_keys_from_list failed expects first param is a list")
 
     # Gather up the values for the list of keys passed in
     retval = [oo_select_keys(item, keys) for item in data]
@@ -213,10 +213,10 @@ def oo_select_keys(data, keys):
     """
 
     if not isinstance(data, Mapping):
-        raise errors.AnsibleFilterError("|failed expects to filter on a dict or object")
+        raise errors.AnsibleFilterError("|oo_select_keys failed expects to filter on a dict or object")
 
     if not isinstance(keys, list):
-        raise errors.AnsibleFilterError("|failed expects first param is a list")
+        raise errors.AnsibleFilterError("|oo_select_keys failed expects first param is a list")
 
     # Gather up the values for the list of keys passed in
     retval = [data[key] for key in keys if key in data]
diff --git a/inventory/byo/hosts.byo.glusterfs.external.example b/inventory/byo/hosts.byo.glusterfs.external.example
index 628d3a3f7..5a284ce97 100644
--- a/inventory/byo/hosts.byo.glusterfs.external.example
+++ b/inventory/byo/hosts.byo.glusterfs.external.example
@@ -31,13 +31,13 @@ openshift_storage_glusterfs_is_native=False
 openshift_storage_glusterfs_heketi_url=172.0.0.1
 
 [masters]
-master  node=True storage=True master=True
+master
 
 [nodes]
-master  node=True storage=True master=True openshift_schedulable=False
-node0   node=True openshift_schedulable=True
-node1   node=True openshift_schedulable=True
-node2   node=True openshift_schedulable=True
+master  openshift_schedulable=False
+node0   openshift_schedulable=True
+node1   openshift_schedulable=True
+node2   openshift_schedulable=True
 
 # Specify the glusterfs group, which contains the nodes of the external
 # GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" 
diff --git a/inventory/byo/hosts.byo.glusterfs.mixed.example b/inventory/byo/hosts.byo.glusterfs.mixed.example
index fd47cb9d5..d16df6470 100644
--- a/inventory/byo/hosts.byo.glusterfs.mixed.example
+++ b/inventory/byo/hosts.byo.glusterfs.mixed.example
@@ -34,13 +34,13 @@ openshift_storage_glusterfs_heketi_is_native=True
 openshift_storage_glusterfs_heketi_executor=ssh
 openshift_storage_glusterfs_heketi_ssh_keyfile=/root/id_rsa
 [masters]
-master  node=True storage=True master=True
+master
 
 [nodes]
-master  node=True storage=True master=True openshift_schedulable=False
-node0   node=True openshift_schedulable=True
-node1   node=True openshift_schedulable=True
-node2   node=True openshift_schedulable=True
+master  openshift_schedulable=False
+node0   openshift_schedulable=True
+node1   openshift_schedulable=True
+node2   openshift_schedulable=True
 
 # Specify the glusterfs group, which contains the nodes of the external
 # GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" 
diff --git a/inventory/byo/hosts.byo.glusterfs.native.example b/inventory/byo/hosts.byo.glusterfs.native.example
index a3e2570c9..c1a1f6f84 100644
--- a/inventory/byo/hosts.byo.glusterfs.native.example
+++ b/inventory/byo/hosts.byo.glusterfs.native.example
@@ -24,15 +24,15 @@ ansible_ssh_user=root
 openshift_deployment_type=origin
 
 [masters]
-master  node=True storage=True master=True
+master
 
 [nodes]
-master  node=True storage=True master=True openshift_schedulable=False
+master  openshift_schedulable=False
 # A hosted registry, by default, will only be deployed on nodes labeled
 # "region=infra".
-node0   node=True openshift_schedulable=True
-node1   node=True openshift_schedulable=True
-node2   node=True openshift_schedulable=True
+node0   openshift_schedulable=True
+node1   openshift_schedulable=True
+node2   openshift_schedulable=True
 
 # Specify the glusterfs group, which contains the nodes that will host
 # GlusterFS storage pods. At a minimum, each node must have a
diff --git a/inventory/byo/hosts.byo.glusterfs.registry-only.example b/inventory/byo/hosts.byo.glusterfs.registry-only.example
index 999518abe..31a85ee42 100644
--- a/inventory/byo/hosts.byo.glusterfs.registry-only.example
+++ b/inventory/byo/hosts.byo.glusterfs.registry-only.example
@@ -30,15 +30,15 @@ openshift_deployment_type=origin
 openshift_hosted_registry_storage_kind=glusterfs
 
 [masters]
-master  node=True storage=True master=True
+master
 
 [nodes]
-master  node=True storage=True master=True openshift_schedulable=False
+master  openshift_schedulable=False
 # A hosted registry, by default, will only be deployed on nodes labeled
 # "region=infra".
-node0   node=True openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
-node1   node=True openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
-node2   node=True openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
+node0   openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
+node1   openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
+node2   openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
 
 # Specify the glusterfs group, which contains the nodes that will host
 # GlusterFS storage pods. At a minimum, each node must have a
diff --git a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example
index 1df79301a..54bd89ddc 100644
--- a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example
+++ b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example
@@ -31,20 +31,20 @@ openshift_deployment_type=origin
 openshift_hosted_registry_storage_kind=glusterfs
 
 [masters]
-master  node=True storage=True master=True
+master
 
 [nodes]
-master  node=True storage=True master=True openshift_schedulable=False
+master  openshift_schedulable=False
 # It is recommended to not use a single cluster for both general and registry
 # storage, so two three-node clusters will be required.
-node0   node=True openshift_schedulable=True
-node1   node=True openshift_schedulable=True
-node2   node=True openshift_schedulable=True
+node0   openshift_schedulable=True
+node1   openshift_schedulable=True
+node2   openshift_schedulable=True
 # A hosted registry, by default, will only be deployed on nodes labeled
 # "region=infra".
-node3   node=True openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
-node4   node=True openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
-node5   node=True openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
+node3   openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
+node4   openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
+node5   openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
 
 # Specify the glusterfs group, which contains the nodes that will host
 # GlusterFS storage pods. At a minimum, each node must have a
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 7d3a371e3..5de03951c 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -127,6 +127,9 @@
                                                     | union(groups['oo_etcd_to_config'] | default([])))
                                                 | oo_collect('openshift.common.hostname') | default([]) | join (',')
                                                 }}"
+    openshift_no_proxy_etcd_host_ips: "{{ hostvars | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
+                                                | oo_collect('openshift.common.ip') | default([]) | join(',')
+                                                }}"
   roles:
   - role: openshift_master
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
index ccd29be29..4df86effa 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
@@ -49,11 +49,15 @@
     - '{{ instances }}'
     - [ user-data, meta-data ]
 
+- name: Check for genisoimage
+  command: which genisoimage
+  register: which_genisoimage
+
 - name: Create the cloud-init config drive
-  command: 'genisoimage -output {{ libvirt_storage_pool_path }}/{{ item }}_cloud-init.iso -volid cidata -joliet -rock user-data meta-data'
+  command: "{{ 'genisoimage' if which_genisoimage.rc == 0 else 'mkisofs' }} -output {{ libvirt_storage_pool_path }}/{{ item }}_cloud-init.iso -volid cidata -joliet -rock user-data meta-data"
   args:
-    chdir: '{{ libvirt_storage_pool_path }}/{{ item }}_configdrive/'
-    creates: '{{ libvirt_storage_pool_path }}/{{ item }}_cloud-init.iso'
+    chdir: "{{ libvirt_storage_pool_path }}/{{ item }}_configdrive/"
+    creates: "{{ libvirt_storage_pool_path }}/{{ item }}_cloud-init.iso"
   with_items: '{{ instances }}'
 
 - name: Refresh the libvirt storage pool for openshift
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index f0661209f..8c2f392ee 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -14,7 +14,8 @@
     name: etcd_common
   vars:
     r_etcd_common_action: drop_etcdctl
-  when: openshift_etcd_etcdctl_profile | default(true) | bool
+  when:
+  - openshift_etcd_etcdctl_profile | default(true) | bool
 
 - block:
   - name: Pull etcd container
diff --git a/roles/openshift_excluder/tasks/unexclude.yml b/roles/openshift_excluder/tasks/unexclude.yml
index a5ce8d5c7..a68165bde 100644
--- a/roles/openshift_excluder/tasks/unexclude.yml
+++ b/roles/openshift_excluder/tasks/unexclude.yml
@@ -9,7 +9,7 @@
   register: docker_excluder_stat
 
 - name: disable docker excluder
-  command: "{{ r_openshift_excluder_service_type }}-docker-excluder unexclude"
+  command: "/sbin/{{ r_openshift_excluder_service_type }}-docker-excluder unexclude"
   when:
   - unexclude_docker_excluder | default(false) | bool
   - docker_excluder_stat.stat.exists
@@ -20,7 +20,7 @@
   register: openshift_excluder_stat
 
 - name: disable openshift excluder
-  command: "{{ r_openshift_excluder_service_type }}-excluder unexclude"
+  command: "/sbin/{{ r_openshift_excluder_service_type }}-excluder unexclude"
   when:
   - unexclude_openshift_excluder | default(false) | bool
   - openshift_excluder_stat.stat.exists
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 4712ca3a8..49cc51b48 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1647,6 +1647,13 @@ def set_proxy_facts(facts):
                 common['no_proxy'] = common['no_proxy'].split(",")
             elif 'no_proxy' not in common:
                 common['no_proxy'] = []
+
+            # See https://bugzilla.redhat.com/show_bug.cgi?id=1466783
+            # masters behind a proxy need to connect to etcd via IP
+            if 'no_proxy_etcd_host_ips' in common:
+                if isinstance(common['no_proxy_etcd_host_ips'], string_types):
+                    common['no_proxy'].extend(common['no_proxy_etcd_host_ips'].split(','))
+
             if 'generate_no_proxy_hosts' in common and safe_get_bool(common['generate_no_proxy_hosts']):
                 if 'no_proxy_internal_hostnames' in common:
                     common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(','))
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 9b7125240..c643c6c46 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -140,6 +140,12 @@
     - set_fact:
         openshift_push_via_dns: "{{ (openshift_use_dnsmasq | default(true) and openshift.common.version_gte_3_6) or (already_set.stdout | match('OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000')) }}"
 
+- name: Set fact of all etcd host IPs
+  openshift_facts:
+    role: common
+    local_facts:
+      no_proxy_etcd_host_ips: "{{ openshift_no_proxy_etcd_host_ips }}"
+
 - name: Install the systemd units
   include: systemd_units.yml
 
diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
index 8d7ee00ed..31129a6ac 100644
--- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
@@ -26,7 +26,6 @@
 
 - name: generate htpasswd file for hawkular metrics
   local_action: htpasswd path="{{ local_tmp.stdout }}/hawkular-metrics.htpasswd" name=hawkular password="{{ hawkular_metrics_pwd.content | b64decode }}"
-  no_log: true
   become: false
 
 - name: copy local generated passwords to target
diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2
index 1dbe58439..e12a52c15 100644
--- a/roles/openshift_node/templates/node.service.j2
+++ b/roles/openshift_node/templates/node.service.j2
@@ -24,8 +24,8 @@ WorkingDirectory=/var/lib/origin/
 SyslogIdentifier={{ openshift.common.service_type }}-node
 Restart=always
 RestartSec=5s
+TimeoutStartSec=300
 OOMScoreAdjust=-999
-KillMode=process
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/openshift_node_upgrade/templates/node.service.j2 b/roles/openshift_node_upgrade/templates/node.service.j2
index 1dbe58439..e12a52c15 100644
--- a/roles/openshift_node_upgrade/templates/node.service.j2
+++ b/roles/openshift_node_upgrade/templates/node.service.j2
@@ -24,8 +24,8 @@ WorkingDirectory=/var/lib/origin/
 SyslogIdentifier={{ openshift.common.service_type }}-node
 Restart=always
 RestartSec=5s
+TimeoutStartSec=300
 OOMScoreAdjust=-999
-KillMode=process
 
 [Install]
 WantedBy=multi-user.target