16 files changed, 60 insertions, 75 deletions

diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index 274fd8603..e36dfa7b9 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -9,6 +9,8 @@ openshift_docker_additional_registries: []
 openshift_docker_blocked_registries: []
 openshift_docker_insecure_registries: []
 
+openshift_docker_ent_reg: 'registry.access.redhat.com'
+
 # The l2_docker_* variables convert csv strings to lists, if
 # necessary.  These variables should be used in place of their respective
 # openshift_docker_* counterparts to ensure the properly formatted lists are
diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml
index 0c5621259..3e81d5c8e 100644
--- a/roles/docker/tasks/package_docker.yml
+++ b/roles/docker/tasks/package_docker.yml
@@ -50,6 +50,14 @@
       src: custom.conf.j2
   when: not os_firewall_use_firewalld | default(False) | bool
 
+- name: Add enterprise registry, if necessary
+  set_fact:
+    l2_docker_additional_registries: "{{ l2_docker_additional_registries + [openshift_docker_ent_reg] }}"
+  when:
+  - openshift.common.deployment_type == 'openshift-enterprise'
+  - openshift_docker_ent_reg != ''
+  - openshift_docker_ent_reg not in l2_docker_additional_registries
+
 - stat: path=/etc/sysconfig/docker
   register: docker_check
 
@@ -65,7 +73,7 @@
   notify:
   - restart docker
 
-- name: Place additional/blocked/insecure registies in /etc/containers/registries.conf
+- name: Place additional/blocked/insecure registries in /etc/containers/registries.conf
   template:
     dest: "{{ containers_registries_conf_path }}"
     src: registries.conf
diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml
index 5b02b72be..66ce475e1 100644
--- a/roles/docker/tasks/systemcontainer_crio.yml
+++ b/roles/docker/tasks/systemcontainer_crio.yml
@@ -1,17 +1,17 @@
 ---
 # TODO: Much of this file is shared with container engine tasks
 - set_fact:
-    l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(openshift.docker.insecure_registries)) }}"
-  when: openshift.docker.insecure_registries
+    l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}"
+  when: l2_docker_insecure_registries
 - set_fact:
-    l_crio_registries: "{{ openshift.docker.additional_registries + ['docker.io'] }}"
-  when: openshift.docker.additional_registries
+    l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}"
+  when: l2_docker_additional_registries
 - set_fact:
     l_crio_registries: "{{ ['docker.io'] }}"
-  when: not openshift.docker.additional_registries
+  when: not l2_docker_additional_registries
 - set_fact:
     l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}"
-  when: openshift.docker.additional_registries
+  when: l2_docker_additional_registries
 
 - name: Ensure container-selinux is installed
   package:
diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml
index 146e5f430..8b43393cb 100644
--- a/roles/docker/tasks/systemcontainer_docker.yml
+++ b/roles/docker/tasks/systemcontainer_docker.yml
@@ -148,10 +148,10 @@
 # Set local versions of facts that must be in json format for container-daemon.json
 # NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson
 - set_fact:
-    l_docker_insecure_registries: "{{ docker_insecure_registries | default([]) | to_json }}"
+    l_docker_insecure_registries: "{{ l2_docker_insecure_registries | default([]) | to_json }}"
     l_docker_log_options: "{{ docker_log_options | default({}) | to_json }}"
-    l_docker_additional_registries: "{{ docker_additional_registries | default([]) | to_json }}"
-    l_docker_blocked_registries: "{{ docker_blocked_registries | default([]) | to_json }}"
+    l_docker_additional_registries: "{{ l2_docker_additional_registries | default([]) | to_json }}"
+    l_docker_blocked_registries: "{{ l2_docker_blocked_registries | default([]) | to_json }}"
     l_docker_selinux_enabled: "{{ docker_selinux_enabled | default(true) | to_json }}"
 
 # Configure container-engine using the container-daemon.json file
diff --git a/roles/docker/templates/registries.conf b/roles/docker/templates/registries.conf
index c55dbd84f..d379b2be0 100644
--- a/roles/docker/templates/registries.conf
+++ b/roles/docker/templates/registries.conf
@@ -6,7 +6,7 @@
 
 # The default location for this configuration file is /etc/containers/registries.conf.
 
-# The only valid categories are: 'registries', 'insecure_registies',
+# The only valid categories are: 'registries', 'insecure_registries',
 # and 'block_registries'.
 
 
diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml
index 334150f63..5a3e50678 100644
--- a/roles/openshift_docker_facts/tasks/main.yml
+++ b/roles/openshift_docker_facts/tasks/main.yml
@@ -6,9 +6,6 @@
   with_items:
   - role: docker
     local_facts:
-      additional_registries: "{{ openshift_docker_additional_registries | default(None) }}"
-      blocked_registries: "{{ openshift_docker_blocked_registries | default(None) }}"
-      insecure_registries: "{{ openshift_docker_insecure_registries | default(None) }}"
       selinux_enabled: "{{ openshift_docker_selinux_enabled | default(None) }}"
       log_driver: "{{ openshift_docker_log_driver | default(None) }}"
       log_options: "{{ openshift_docker_log_options | default(None) }}"
@@ -23,12 +20,6 @@
       sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
 
 - set_fact:
-    docker_additional_registries: "{{ openshift.docker.additional_registries
-                                      | default(omit) }}"
-    docker_blocked_registries: "{{ openshift.docker.blocked_registries
-                                   | default(omit) }}"
-    docker_insecure_registries: "{{ openshift.docker.insecure_registries
-                                    | default(omit) }}"
     docker_selinux_enabled: "{{ openshift.docker.selinux_enabled | default(omit) }}"
     docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}"
     docker_log_options: "{{ openshift.docker.log_options | default(omit) }}"
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index fa390766e..215ff4b72 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -55,9 +55,6 @@ def migrate_docker_facts(facts):
     """ Apply migrations for docker facts """
     params = {
         'common': (
-            'additional_registries',
-            'insecure_registries',
-            'blocked_registries',
             'options'
         ),
         'node': (
@@ -768,14 +765,6 @@ def set_deployment_facts_if_unset(facts):
                 service_type = 'origin'
             facts['common']['service_type'] = service_type
 
-    if 'docker' in facts:
-        deployment_type = facts['common']['deployment_type']
-        if deployment_type == 'openshift-enterprise':
-            addtl_regs = facts['docker'].get('additional_registries', [])
-            ent_reg = 'registry.access.redhat.com'
-            if ent_reg not in addtl_regs:
-                facts['docker']['additional_registries'] = addtl_regs + [ent_reg]
-
     for role in ('master', 'node'):
         if role in facts:
             deployment_type = facts['common']['deployment_type']
@@ -2250,19 +2239,6 @@ class OpenShiftFacts(object):
                                       protected_facts_to_overwrite)
 
         if 'docker' in new_local_facts:
-            # remove duplicate and empty strings from registry lists, preserving order
-            for cat in ['additional', 'blocked', 'insecure']:
-                key = '{0}_registries'.format(cat)
-                if key in new_local_facts['docker']:
-                    val = new_local_facts['docker'][key]
-                    if isinstance(val, string_types):
-                        val = [x.strip() for x in val.split(',')]
-                    seen = set()
-                    new_local_facts['docker'][key] = list()
-                    for registry in val:
-                        if registry not in seen and registry != '':
-                            seen.add(registry)
-                            new_local_facts['docker'][key].append(registry)
             # Convert legacy log_options comma sep string to a list if present:
             if 'log_options' in new_local_facts['docker'] and \
                     isinstance(new_local_facts['docker']['log_options'], string_types):
diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
index 98372d979..93a5973d4 100644
--- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
+++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
@@ -153,7 +153,7 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck):
 
     def known_docker_registries(self):
         """Build a list of docker registries available according to inventory vars."""
-        regs = list(self.get_var("openshift.docker.additional_registries", default=[]))
+        regs = list(self.get_var("openshift_docker_additional_registries", default=[]))
 
         deployment_type = self.get_var("openshift_deployment_type")
         if deployment_type == "origin" and "docker.io" not in regs:
diff --git a/roles/openshift_health_checker/test/docker_image_availability_test.py b/roles/openshift_health_checker/test/docker_image_availability_test.py
index 952fa9aa6..c523ffd5c 100644
--- a/roles/openshift_health_checker/test/docker_image_availability_test.py
+++ b/roles/openshift_health_checker/test/docker_image_availability_test.py
@@ -72,7 +72,7 @@ def test_all_images_available_remotely(task_vars, available_locally):
             return {'images': [], 'failed': available_locally}
         return {}
 
-    task_vars['openshift']['docker']['additional_registries'] = ["docker.io", "registry.access.redhat.com"]
+    task_vars['openshift_docker_additional_registries'] = ["docker.io", "registry.access.redhat.com"]
     task_vars['openshift_image_tag'] = 'v3.4'
     check = DockerImageAvailability(execute_module, task_vars)
     check._module_retry_interval = 0
@@ -90,7 +90,7 @@ def test_all_images_unavailable(task_vars):
 
         return {}  # docker_image_facts failure
 
-    task_vars['openshift']['docker']['additional_registries'] = ["docker.io"]
+    task_vars['openshift_docker_additional_registries'] = ["docker.io"]
     task_vars['openshift_deployment_type'] = "openshift-enterprise"
     task_vars['openshift_image_tag'] = 'latest'
     check = DockerImageAvailability(execute_module, task_vars)
@@ -121,9 +121,9 @@ def test_no_known_registries():
                 service_type='origin',
                 is_containerized=False,
                 is_atomic=False,
-            ),
-            docker=dict(additional_registries=["docker.io"]),
+            )
         ),
+        openshift_docker_additional_registries=["docker.io"],
         openshift_deployment_type="openshift-enterprise",
         openshift_image_tag='latest',
         group_names=['nodes', 'masters'],
@@ -154,7 +154,7 @@ def test_skopeo_update_failure(task_vars, message, extra_words):
 
         return {}
 
-    task_vars['openshift']['docker']['additional_registries'] = ["unknown.io"]
+    task_vars['openshift_docker_additional_registries'] = ["unknown.io"]
     task_vars['openshift_deployment_type'] = "openshift-enterprise"
     check = DockerImageAvailability(execute_module, task_vars)
     check._module_retry_interval = 0
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md
index 45477f60d..829c78728 100644
--- a/roles/openshift_logging/README.md
+++ b/roles/openshift_logging/README.md
@@ -169,7 +169,7 @@ Elasticsearch OPS too, if using an OPS cluster:
   send the raw logs to mux for processing.  We do not currently recommend using
   this mode, and ansible will warn you about this.
 - `openshift_logging_mux_hostname`: Default is "mux." +
-  `openshift_master_default_subdomain`.  This is the hostname *external*_
+  `openshift_master_default_subdomain`.  This is the hostname *external*
   clients will use to connect to mux, and will be used in the TLS server cert
   subject.
 - `openshift_logging_mux_port`: 24284
@@ -201,24 +201,24 @@ Elasticsearch OPS too, if using an OPS cluster:
   Defaults to '65534'.
 
 ### remote syslog forwarding
-`openshift_logging_fluentd_remote_syslog`: Set `true` to enable remote syslog forwarding, defaults to `false`
-`openshift_logging_fluentd_remote_syslog_host`: Required, hostname or IP of remote syslog server
-`openshift_logging_fluentd_remote_syslog_port`: Port of remote syslog server, defaults to `514`
-`openshift_logging_fluentd_remote_syslog_severity`: Syslog severity level, defaults to `debug`
-`openshift_logging_fluentd_remote_syslog_facility`: Syslog facility, defaults to `local0`
-`openshift_logging_fluentd_remote_syslog_remove_tag_prefix`: Remove the prefix from the tag, defaults to `''` (empty)
-`openshift_logging_fluentd_remote_syslog_tag_key`: If string specified, use this field from the record to set the key field on the syslog message
-`openshift_logging_fluentd_remote_syslog_use_record`: Set `true` to use the severity and facility from the record, defaults to `false`
-`openshift_logging_fluentd_remote_syslog_payload_key`: If string is specified, use this field from the record as the payload on the syslog message
-
-The corresponding openshift_logging_mux_ parameters are below.
-
-`openshift_logging_mux_remote_syslog`: Set `true` to enable remote syslog forwarding, defaults to `false`
-`openshift_logging_mux_remote_syslog_host`: Required, hostname or IP of remote syslog server
-`openshift_logging_mux_remote_syslog_port`: Port of remote syslog server, defaults to `514`
-`openshift_logging_mux_remote_syslog_severity`: Syslog severity level, defaults to `debug`
-`openshift_logging_mux_remote_syslog_facility`: Syslog facility, defaults to `local0`
-`openshift_logging_mux_remote_syslog_remove_tag_prefix`: Remove the prefix from the tag, defaults to `''` (empty)
-`openshift_logging_mux_remote_syslog_tag_key`: If string specified, use this field from the record to set the key field on the syslog message
-`openshift_logging_mux_remote_syslog_use_record`: Set `true` to use the severity and facility from the record, defaults to `false`
-`openshift_logging_mux_remote_syslog_payload_key`: If string is specified, use this field from the record as the payload on the syslog message
+- `openshift_logging_fluentd_remote_syslog`: Set `true` to enable remote syslog forwarding, defaults to `false`
+- `openshift_logging_fluentd_remote_syslog_host`: Required, hostname or IP of remote syslog server
+- `openshift_logging_fluentd_remote_syslog_port`: Port of remote syslog server, defaults to `514`
+- `openshift_logging_fluentd_remote_syslog_severity`: Syslog severity level, defaults to `debug`
+- `openshift_logging_fluentd_remote_syslog_facility`: Syslog facility, defaults to `local0`
+- `openshift_logging_fluentd_remote_syslog_remove_tag_prefix`: Remove the prefix from the tag, defaults to `''` (empty)
+- `openshift_logging_fluentd_remote_syslog_tag_key`: If string specified, use this field from the record to set the key field on the syslog message
+- `openshift_logging_fluentd_remote_syslog_use_record`: Set `true` to use the severity and facility from the record, defaults to `false`
+- `openshift_logging_fluentd_remote_syslog_payload_key`: If string is specified, use this field from the record as the payload on the syslog message
+
+The corresponding openshift\_logging\_mux\_* parameters are below.
+
+- `openshift_logging_mux_remote_syslog`: Set `true` to enable remote syslog forwarding, defaults to `false`
+- `openshift_logging_mux_remote_syslog_host`: Required, hostname or IP of remote syslog server
+- `openshift_logging_mux_remote_syslog_port`: Port of remote syslog server, defaults to `514`
+- `openshift_logging_mux_remote_syslog_severity`: Syslog severity level, defaults to `debug`
+- `openshift_logging_mux_remote_syslog_facility`: Syslog facility, defaults to `local0`
+- `openshift_logging_mux_remote_syslog_remove_tag_prefix`: Remove the prefix from the tag, defaults to `''` (empty)
+- `openshift_logging_mux_remote_syslog_tag_key`: If string specified, use this field from the record to set the key field on the syslog message
+- `openshift_logging_mux_remote_syslog_use_record`: Set `true` to use the severity and facility from the record, defaults to `false`
+- `openshift_logging_mux_remote_syslog_payload_key`: If string is specified, use this field from the record as the payload on the syslog message
diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md
index 86fa57b50..2dcc56e3f 100644
--- a/roles/openshift_master/README.md
+++ b/roles/openshift_master/README.md
@@ -1,4 +1,4 @@
-OpenShift/Atomic Enterprise Master
+OpenShift Master
 ==================================
 
 Master service installation
diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml
index ed0182ba8..084b734ee 100644
--- a/roles/openshift_metrics/defaults/main.yaml
+++ b/roles/openshift_metrics/defaults/main.yaml
@@ -61,3 +61,6 @@ openshift_metrics_cassandra_pvc_access: "{{ openshift_metrics_storage_access_mod
 openshift_metrics_hawkular_user_write_access: False
 
 openshift_metrics_heapster_allowed_users: system:master-proxy
+
+openshift_metrics_cassandra_enable_prometheus_endpoint: True
+openshift_metrics_hawkular_enable_prometheus_endpoint: True
diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
index fc82f49b1..6f341bcfb 100644
--- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
@@ -56,6 +56,8 @@ spec:
           value: "/cassandra_data"
         - name: JVM_OPTS
           value: "-Dcassandra.commitlog.ignorereplayerrors=true"
+        - name: ENABLE_PROMETHEUS_ENDPOINT
+          value: "{{ openshift_metrics_cassandra_enable_prometheus_endpoint }}"
         - name: TRUSTSTORE_NODES_AUTHORITIES
           value: "/hawkular-cassandra-certs/tls.peer.truststore.crt"
         - name: TRUSTSTORE_CLIENT_AUTHORITIES
diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
index 9a9363075..59f7fb44a 100644
--- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
@@ -55,6 +55,7 @@ spec:
         - "-Dcom.datastax.driver.FORCE_NIO=true"
         - "-DKUBERNETES_MASTER_URL={{openshift_metrics_master_url}}"
         - "-DUSER_WRITE_ACCESS={{openshift_metrics_hawkular_user_write_access}}"
+        - "-Dhawkular.metrics.jmx-reporting-enabled"
         env:
         - name: POD_NAMESPACE
           valueFrom:
@@ -66,6 +67,8 @@ spec:
           value: "{{ 17 | oo_random_word }}"
         - name: TRUSTSTORE_AUTHORITIES
           value: "/hawkular-metrics-certs/tls.truststore.crt"
+        - name: ENABLE_PROMETHEUS_ENDPOINT
+          value: "{{ openshift_metrics_hawkular_enable_prometheus_endpoint }}"
         - name: OPENSHIFT_KUBE_PING_NAMESPACE
           valueFrom:
             fieldRef:
diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md
index 32670b18e..67f697924 100644
--- a/roles/openshift_node/README.md
+++ b/roles/openshift_node/README.md
@@ -1,4 +1,4 @@
-OpenShift/Atomic Enterprise Node
+OpenShift Node
 ================================
 
 Node service installation
diff --git a/roles/openshift_node_upgrade/README.md b/roles/openshift_node_upgrade/README.md
index 5ad994df9..c7c0ff34a 100644
--- a/roles/openshift_node_upgrade/README.md
+++ b/roles/openshift_node_upgrade/README.md
@@ -1,4 +1,4 @@
-OpenShift/Atomic Enterprise Node upgrade
+OpenShift Node upgrade
 =========
 
 Role responsible for a single node upgrade.