18 files changed, 70 insertions, 23 deletions

diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml
index 9fc15ee8b..953357392 100644
--- a/roles/cockpit-ui/tasks/main.yml
+++ b/roles/cockpit-ui/tasks/main.yml
@@ -50,13 +50,10 @@
   register: registry_console_cockpit_kube_url
   changed_when: false
 
-- set_fact:
-    cockpit_image_prefix: "{{ '-p IMAGE_PREFIX=' ~ openshift_cockpit_deployer_prefix | default('') }}"
-
 - name: Deploy registry-console
   command: >
     {{ openshift.common.client_binary }} new-app --template=registry-console
-    {{ cockpit_image_prefix }}
+    {% if openshift_cockpit_deployer_prefix is defined  %}-p IMAGE_PREFIX="{{ openshift_cockpit_deployer_prefix }}"{% endif %}
     -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}"
     -p REGISTRY_HOST="{{ docker_registry_route.stdout }}"
     -p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}"
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index ba4136327..2bc6a8678 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -34,16 +34,17 @@
   command: systemctl show etcd.service
   register: etcd_show
   changed_when: false
+  failed_when: false
 
 - name: Disable system etcd when containerized
-  when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
+  when: etcd_is_containerized | bool and etcd_show.rc == 0 and 'LoadState=not-found' not in etcd_show.stdout
   service:
     name: etcd
     state: stopped
     enabled: no
 
 - name: Mask system etcd when containerized
-  when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
+  when: etcd_is_containerized | bool and etcd_show.rc == 0 and 'LoadState=not-found' not in etcd_show.stdout
   command: systemctl mask etcd
 
 - name: Reload systemd units
diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd_client_certificates/tasks/main.yml
index 275aa0a63..93f4fd53c 100644
--- a/roles/etcd_client_certificates/tasks/main.yml
+++ b/roles/etcd_client_certificates/tasks/main.yml
@@ -93,6 +93,9 @@
       -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} .
   args:
     creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
+    # Disables the following warning:
+    # Consider using unarchive module rather than running tar
+    warn: no
   when: etcd_client_certs_missing | bool
   delegate_to: "{{ etcd_ca_host }}"
 
diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml
index 718515023..d66a0a7bf 100644
--- a/roles/etcd_server_certificates/tasks/main.yml
+++ b/roles/etcd_server_certificates/tasks/main.yml
@@ -114,6 +114,9 @@
       -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} .
   args:
     creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
+    # Disables the following warning:
+    # Consider using unarchive module rather than running tar
+    warn: no
   when: etcd_server_certs_missing | bool
   delegate_to: "{{ etcd_ca_host }}"
 
diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2
index ce452db24..313ee02b4 100644
--- a/roles/openshift_cloud_provider/templates/openstack.conf.j2
+++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2
@@ -2,6 +2,11 @@
 auth-url = {{ openshift_cloudprovider_openstack_auth_url }}
 username = {{ openshift_cloudprovider_openstack_username }}
 password = {{ openshift_cloudprovider_openstack_password }}
+{% if openshift_cloudprovider_openstack_domain_id is defined %}
+domain-id = {{ openshift_cloudprovider_openstack_domain_id }}
+{% elif openshift_cloudprovider_openstack_domain_name is defined %}
+domain-name = {{ openshift_cloudprovider_openstack_domain_name }}
+{% endif %}
 {% if openshift_cloudprovider_openstack_tenant_id is defined %}
 tenant-id = {{ openshift_cloudprovider_openstack_tenant_id }}
 {% else %}
diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml
index 058ad8888..82536e8af 100644
--- a/roles/openshift_examples/tasks/main.yml
+++ b/roles/openshift_examples/tasks/main.yml
@@ -19,6 +19,10 @@
 
 - name: Create tar of OpenShift examples
   local_action: command tar -C "{{ role_path }}/files/examples/{{ content_version }}/" -cvf "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar" .
+  args:
+    # Disables the following warning:
+    # Consider using unarchive module rather than running tar
+    warn: no
   become: False
   register: copy_examples_tar
 
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 621306e67..d36926e08 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -149,6 +149,7 @@ def hostname_valid(hostname):
     if (not hostname or
             hostname.startswith('localhost') or
             hostname.endswith('localdomain') or
+            hostname.endswith('novalocal') or
             len(hostname.split('.')) < 2):
         return False
 
@@ -918,6 +919,14 @@ def set_sdn_facts_if_unset(facts, system_facts):
 
     return facts
 
+def set_nodename(facts):
+    if 'node' in facts and 'common' in facts:
+        if 'cloudprovider' in facts and facts['cloudprovider']['kind'] == 'openstack':
+            facts['node']['nodename'] = facts['provider']['metadata']['hostname'].replace('.novalocal', '')
+        else:
+            facts['node']['nodename'] = facts['common']['hostname'].lower()
+    return facts
+
 def migrate_oauth_template_facts(facts):
     """
     Migrate an old oauth template fact to a newer format if it's present.
@@ -1220,7 +1229,7 @@ def apply_provider_facts(facts, provider_facts):
 
         facts['common'][h_var] = choose_hostname(
             [provider_facts['network'].get(h_var)],
-            facts['common'][ip_var]
+            facts['common'][h_var]
         )
 
     facts['provider'] = provider_facts
@@ -1701,6 +1710,7 @@ class OpenShiftFacts(object):
         facts = set_proxy_facts(facts)
         if not safe_get_bool(facts['common']['is_containerized']):
             facts = set_installed_variant_rpm_facts(facts)
+        facts = set_nodename(facts)
         return dict(openshift=facts)
 
     def get_defaults(self, roles, deployment_type, deployment_subtype):
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index f45ade751..d1cc5b274 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -14,7 +14,7 @@
 
 - name: Wait for Node Registration
   command: >
-    {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.common.hostname | lower }}
+    {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.node.nodename }}
     --config={{ openshift_manage_node_kubeconfig }}
     -n default
   register: omd_get_node
@@ -26,19 +26,19 @@
 
 - name: Set node schedulability
   command: >
-    {{ openshift.common.admin_binary }} manage-node {{ hostvars[item].openshift.common.hostname | lower }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }}
+    {{ openshift.common.admin_binary }} manage-node {{ hostvars[item].openshift.node.nodename }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }}
     --config={{ openshift_manage_node_kubeconfig }}
     -n default
   with_items: "{{ openshift_nodes }}"
-  when: hostvars[item].openshift.common.hostname is defined
+  when: hostvars[item].openshift.node.nodename is defined
 
 - name: Label nodes
   command: >
-    {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.common.hostname | lower }} {{ hostvars[item].openshift.node.labels | oo_combine_dict  }}
+    {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.node.nodename }} {{ hostvars[item].openshift.node.labels | oo_combine_dict  }}
     --config={{ openshift_manage_node_kubeconfig }}
     -n default
   with_items: "{{ openshift_nodes }}"
-  when: hostvars[item].openshift.common.hostname is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {}
+  when: hostvars[item].openshift.node.nodename is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {}
 
 - name: Delete temp directory
   file:
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index edb7369de..913f3b0ae 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -24,6 +24,10 @@
     --cacert {{ openshift.common.config_base }}/master/ca.crt
     {% endif %}
     {{ openshift.master.api_url }}/healthz/ready
+  args:
+    # Disables the following warning:
+    # Consider using get_url or uri module rather than running curl
+    warn: no
   register: api_available_output
   until: api_available_output.stdout == 'ok'
   retries: 120
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index d8a4aa9bb..ce2f96723 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -178,13 +178,14 @@
   command: systemctl show {{ openshift.common.service_type }}-master.service
   register: master_svc_show
   changed_when: false
+  failed_when: false
 
 - name: Stop and disable non-HA master when running HA
   service:
     name: "{{ openshift.common.service_type }}-master"
     enabled: no
     state: stopped
-  when: openshift_master_ha | bool and 'LoadState=not-found' not in master_svc_show.stdout
+  when: openshift_master_ha | bool and master_svc_show.rc == 0 and 'LoadState=not-found' not in master_svc_show.stdout
 
 - set_fact:
     master_service_status_changed: "{{ start_result | changed }}"
diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml
index edb7369de..913f3b0ae 100644
--- a/roles/openshift_metrics/handlers/main.yml
+++ b/roles/openshift_metrics/handlers/main.yml
@@ -24,6 +24,10 @@
     --cacert {{ openshift.common.config_base }}/master/ca.crt
     {% endif %}
     {{ openshift.master.api_url }}/healthz/ready
+  args:
+    # Disables the following warning:
+    # Consider using get_url or uri module rather than running curl
+    warn: no
   register: api_available_output
   until: api_available_output.stdout == 'ok'
   retries: 120
diff --git a/roles/openshift_named_certificates/tasks/main.yml b/roles/openshift_named_certificates/tasks/main.yml
index 7f20cf401..1bcf9ef67 100644
--- a/roles/openshift_named_certificates/tasks/main.yml
+++ b/roles/openshift_named_certificates/tasks/main.yml
@@ -28,19 +28,19 @@
 - name: Land named certificates
   copy:
     src: "{{ item.certfile }}"
-    dest: "{{ named_certs_dir }}"
+    dest: "{{ named_certs_dir }}/{{ item.certfile | basename }}"
   with_items: "{{ named_certificates }}"
 
 - name: Land named certificate keys
   copy:
     src: "{{ item.keyfile }}"
-    dest: "{{ named_certs_dir }}"
+    dest: "{{ named_certs_dir }}/{{ item.keyfile | basename }}"
     mode: 0600
   with_items: "{{ named_certificates }}"
 
 - name: Land named CA certificates
   copy:
     src: "{{ item }}"
-    dest: "{{ named_certs_dir }}"
+    dest: "{{ named_certs_dir }}/{{ item | basename }}"
     mode: 0600
   with_items: "{{ named_certificates | oo_collect('cafile') }}"
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 995169dd6..be07bd2d3 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -93,9 +93,9 @@
     create: true
   with_items:
     - regex: '^AWS_ACCESS_KEY_ID='
-      line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }}"
+      line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key | default('') }}"
     - regex: '^AWS_SECRET_ACCESS_KEY='
-      line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }}"
+      line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key | default('') }}"
   when: "openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined"
   notify:
   - restart node
@@ -134,6 +134,10 @@
   command: >
     curl --silent --cacert {{ openshift.common.config_base }}/node/ca.crt
     {{ openshift_node_master_api_url }}/healthz/ready
+  args:
+    # Disables the following warning:
+    # Consider using get_url or uri module rather than running curl
+    warn: no
   register: api_available_output
   until: api_available_output.stdout == 'ok'
   retries: 120
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index 98ef1ffd4..a2192a4d0 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -56,12 +56,12 @@
     create: true
   with_items:
     - regex: '^HTTP_PROXY='
-      line: "HTTP_PROXY={{ openshift.common.http_proxy }}"
+      line: "HTTP_PROXY={{ openshift.common.http_proxy | default('') }}"
     - regex: '^HTTPS_PROXY='
-      line: "HTTPS_PROXY={{ openshift.common.https_proxy }}"
+      line: "HTTPS_PROXY={{ openshift.common.https_proxy | default('') }}"
     - regex: '^NO_PROXY='
-      line: "NO_PROXY={{ openshift.common.no_proxy | join(',') }},{{ openshift.common.portal_net }},{{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }}"
-  when: "{{ openshift.common.http_proxy is defined and openshift.common.http_proxy != '' }}"
+      line: "NO_PROXY={{ openshift.common.no_proxy | default([]) | join(',') }},{{ openshift.common.portal_net }},{{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }}"
+  when: ('http_proxy' in openshift.common and openshift.common.http_proxy != '')
   notify:
   - restart node
 
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 68d153052..9bcaf4d84 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -33,7 +33,7 @@ networkConfig:
 {% if openshift.node.set_node_ip | bool %}
 nodeIP: {{ openshift.common.ip }}
 {% endif %}
-nodeName: {{ openshift.common.hostname | lower }}
+nodeName: {{ openshift.node.nodename }}
 podManifestConfig:
 servingInfo:
   bindAddress: 0.0.0.0:10250
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index fef7caab8..a729b4d6c 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -91,6 +91,9 @@
     -C {{ openshift_node_generated_config_dir }} .
   args:
     creates: "{{ openshift_node_generated_config_dir }}.tgz"
+    # Disables the following warning:
+    # Consider using unarchive module rather than running tar
+    warn: no
   when: node_certs_missing | bool
   delegate_to: "{{ openshift_ca_host }}"
 
diff --git a/roles/openshift_repos/handlers/main.yml b/roles/openshift_repos/handlers/main.yml
index 198fc7d6e..cdb0d8a48 100644
--- a/roles/openshift_repos/handlers/main.yml
+++ b/roles/openshift_repos/handlers/main.yml
@@ -1,3 +1,7 @@
 ---
 - name: refresh cache
   command: "{{ ansible_pkg_mgr }} clean all"
+  args:
+    # Disables the following warning:
+    # Consider using yum module rather than running yum
+    warn: no
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 774916798..470d4f4f9 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -1,6 +1,10 @@
 ---
 - name: Check if firewalld is installed
   command: rpm -q firewalld
+  args:
+    # Disables the following warning:
+    # Consider using yum, dnf or zypper module rather than running rpm
+    warn: no
   register: pkg_check
   failed_when: pkg_check.rc > 1
   changed_when: no