11 files changed, 83 insertions, 23 deletions

diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml
index be2f8b5f4..0f563adb7 100644
--- a/playbooks/common/openshift-cluster/initialize_facts.yml
+++ b/playbooks/common/openshift-cluster/initialize_facts.yml
@@ -145,7 +145,19 @@
         https_proxy: "{{ openshift_https_proxy | default(None) }}"
         no_proxy: "{{ openshift_no_proxy | default(None) }}"
         generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}"
-        no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}"
+
+  - name: Set fact of no_proxy_internal_hostnames
+    openshift_facts:
+      role: common
+      local_facts:
+        no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
+                                             | union(groups['oo_masters_to_config'])
+                                             | union(groups['oo_etcd_to_config'] | default([])))
+                                         | oo_collect('openshift.common.hostname') | default([]) | join (',')
+                                         }}"
+    when:
+    - openshift_http_proxy is defined or openshift_https_proxy is defined
+    - openshift_generate_no_proxy_hosts | default(True) | bool
 
   - name: initialize_facts set_fact repoquery command
     set_fact:
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml
index 45022cd61..6a5bc24f7 100644
--- a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml
@@ -9,16 +9,29 @@
       local_facts:
         ha: "{{ groups.oo_masters_to_config | length > 1 }}"
 
-  - name: Ensure HA Master is running
-    service:
-      name: "{{ openshift.common.service_type }}-master-api"
-      state: started
-      enabled: yes
-    when: openshift.common.is_containerized | bool
+  - when: openshift.common.is_containerized | bool
+    block:
+    - set_fact:
+        master_services:
+        - "{{ openshift.common.service_type }}-master"
 
-  - name: Ensure HA Master is running
-    service:
-      name: "{{ openshift.common.service_type }}-master-controllers"
-      state: started
-      enabled: yes
-    when: openshift.common.is_containerized | bool
+    # In case of the non-ha to ha upgrade.
+    - name: Check if the {{ openshift.common.service_type }}-master-api.service exists
+      command: >
+        systemctl list-units {{ openshift.common.service_type }}-master-api.service --no-legend
+      register: master_api_service_status
+
+    - set_fact:
+        master_services:
+        - "{{ openshift.common.service_type }}-master-api"
+        - "{{ openshift.common.service_type }}-master-controllers"
+      when:
+      - master_api_service_status.stdout_lines | length > 0
+      - (openshift.common.service_type + '-master-api.service') in master_api_service_status.stdout_lines[0]
+
+    - name: Ensure Master is running
+      service:
+        name: "{{ item }}"
+        state: started
+        enabled: yes
+      with_items: "{{ master_services }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index c37a5f9ab..ea4e25f8f 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -199,7 +199,7 @@
       {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig
       policy reconcile-cluster-roles --additive-only=true --confirm -o name
     register: reconcile_cluster_role_result
-    when: not openshift.common.version_gte_3_7 | bool
+    when: openshift_version | version_compare('3.7','<')
     changed_when:
     - reconcile_cluster_role_result.stdout != ''
     - reconcile_cluster_role_result.rc == 0
@@ -214,7 +214,7 @@
       --exclude-groups=system:unauthenticated
       --exclude-users=system:anonymous
       --additive-only=true --confirm -o name
-    when: not openshift.common.version_gte_3_7 | bool
+    when: openshift_version | version_compare('3.7','<')
     register: reconcile_bindings_result
     changed_when:
     - reconcile_bindings_result.stdout != ''
@@ -229,9 +229,11 @@
     changed_when:
     - reconcile_jenkins_role_binding_result.stdout != ''
     - reconcile_jenkins_role_binding_result.rc == 0
-    when: (not openshift.common.version_gte_3_7 | bool) and (openshift.common.version_gte_3_4_or_1_4 | bool)
+    when:
+    - openshift_version | version_compare('3.7','<')
+    - openshift_version | version_compare('3.4','>=')
 
-  - when: (openshift.common.version_gte_3_6 | bool) and (not openshift.common.version_gte_3_7 | bool)
+  - when: openshift_upgrade_target | version_compare('3.7','<')
     block:
     - name: Retrieve shared-resource-viewer
       oc_obj:
@@ -250,7 +252,6 @@
       - "'annotations' in objout['results']['results'][0]['metadata']"
       - "'openshift.io/reconcile-protect' in objout['results']['results'][0]['metadata']['annotations']"
       - "objout['results']['results'][0]['metadata']['annotations']['openshift.io/reconcile-protect'] == 'true'"
-
     - copy:
         src: "{{ item }}"
         dest: "/tmp/{{ item }}"
@@ -268,6 +269,12 @@
         - "/tmp/{{ __master_shared_resource_viewer_file }}"
         delete_after: true
       when: __shared_resource_viewer_protected is not defined
+      register: result
+      retries: 3
+      delay: 5
+      until: result.rc == 0
+      ignore_errors: true
+
 
   - name: Reconcile Security Context Constraints
     command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml
index 52458e03c..db0c8f886 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml
@@ -8,3 +8,8 @@
     dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
     yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile'
     yaml_value: service-signer.key
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+    yaml_key: servingInfo.clientCA
+    yaml_value: ca.crt
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml
index c26e8f744..1d4d1919c 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml
@@ -13,3 +13,8 @@
     dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
     yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile'
     yaml_value: service-signer.key
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+    yaml_key: servingInfo.clientCA
+    yaml_value: ca.crt
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml
index bf3b94682..81f6dc8a4 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml
@@ -125,7 +125,7 @@
 
 # All controllers must be stopped at the same time then restarted
 - name: Cycle all controller services to force new leader election mode
-  hosts: oo_etcd_to_config
+  hosts: oo_masters_to_config
   gather_facts: no
   tasks:
   - name: Stop {{ openshift.common.service_type }}-master-controllers
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
index f76fc68d1..8e4f99c91 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
@@ -15,7 +15,7 @@
   - name: Confirm OpenShift authorization objects are in sync
     command: >
       {{ openshift.common.client_binary }} adm migrate authorization
-    when: not openshift.common.version_gte_3_7 | bool
+    when: openshift_version | version_compare('3.7','<')
     changed_when: false
     register: l_oc_result
     until: l_oc_result.rc == 0
diff --git a/playbooks/common/openshift-etcd/embedded2external.yml b/playbooks/common/openshift-etcd/embedded2external.yml
index 9264f3c32..b16b78c4f 100644
--- a/playbooks/common/openshift-etcd/embedded2external.yml
+++ b/playbooks/common/openshift-etcd/embedded2external.yml
@@ -158,7 +158,7 @@
       tasks_from: configure_external_etcd
     vars:
       etcd_peer_url_scheme: "https"
-      etcd_ip: "{{ openshift.common.ip }}"
+      etcd_ip: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.ip }}"
       etcd_peer_port: 2379
 
   # 9. start the master
diff --git a/playbooks/common/openshift-master/additional_config.yml b/playbooks/common/openshift-master/additional_config.yml
index 1b3eb268a..e1472ce38 100644
--- a/playbooks/common/openshift-master/additional_config.yml
+++ b/playbooks/common/openshift-master/additional_config.yml
@@ -25,7 +25,7 @@
   - role: openshift_hosted_templates
     registry_url: "{{ openshift.master.registry_url }}"
   - role: openshift_manageiq
-    when: openshift_use_manageiq | default(false) | bool
+    when: openshift_use_manageiq | default(true) | bool
   - role: cockpit
     when:
     - openshift.common.is_atomic
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 6e57f282e..b359919ba 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -206,6 +206,12 @@
     when: openshift_use_nuage | default(false) | bool
   - role: calico_master
     when: openshift_use_calico | default(false) | bool
+  tasks:
+  - include_role:
+      name: kuryr
+      tasks_from: master
+    when: openshift_use_kuryr | default(false) | bool
+
   post_tasks:
   - name: Create group for deployment type
     group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}
diff --git a/playbooks/common/openshift-node/additional_config.yml b/playbooks/common/openshift-node/additional_config.yml
index fe51ef833..ac757397b 100644
--- a/playbooks/common/openshift-node/additional_config.yml
+++ b/playbooks/common/openshift-node/additional_config.yml
@@ -19,10 +19,14 @@
   - group_by:
       key: oo_nodes_use_{{ (openshift_use_contiv | default(False)) | ternary('contiv','nothing') }}
     changed_when: False
+  # Create group for kuryr nodes
+  - group_by:
+      key: oo_nodes_use_{{ (openshift_use_kuryr | default(False)) | ternary('kuryr','nothing') }}
+    changed_when: False
 
 - include: etcd_client_config.yml
   vars:
-    openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv"
+    openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv:oo_nodes_use_kuryr"
 
 - name: Additional node config
   hosts: oo_nodes_use_flannel
@@ -50,3 +54,11 @@
   - role: contiv
     contiv_role: netplugin
     when: openshift_use_contiv | default(false) | bool
+
+- name: Configure Kuryr node
+  hosts: oo_nodes_use_kuryr
+  tasks:
+  - include_role:
+      name: kuryr
+      tasks_from: node
+    when: openshift_use_kuryr | default(false) | bool