9 files changed, 38 insertions, 16 deletions

diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py
index c398c5551..9eb268388 100644
--- a/roles/lib_openshift/library/oc_adm_registry.py
+++ b/roles/lib_openshift/library/oc_adm_registry.py
@@ -2235,8 +2235,8 @@ class Registry(OpenShiftCLI):
         ''' prepared_registry property '''
         if not self.__prepared_registry:
             results = self.prepare_registry()
-            if not results:
-                raise RegistryException('Could not perform registry preparation.')
+            if not results or ('returncode' in results and results['returncode'] != 0):
+                raise RegistryException('Could not perform registry preparation. {}'.format(results))
             self.__prepared_registry = results
 
         return self.__prepared_registry
@@ -2301,8 +2301,8 @@ class Registry(OpenShiftCLI):
         # probably need to parse this
         # pylint thinks results is a string
         # pylint: disable=no-member
-        if results['returncode'] != 0 and 'items' in results['results']:
-            return results
+        if results['returncode'] != 0 and 'items' not in results['results']:
+            raise RegistryException('Could not perform registry preparation. {}'.format(results))
 
         service = None
         deploymentconfig = None
diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py
index c083cd179..25519c9c9 100644
--- a/roles/lib_openshift/src/class/oc_adm_registry.py
+++ b/roles/lib_openshift/src/class/oc_adm_registry.py
@@ -87,8 +87,8 @@ class Registry(OpenShiftCLI):
         ''' prepared_registry property '''
         if not self.__prepared_registry:
             results = self.prepare_registry()
-            if not results:
-                raise RegistryException('Could not perform registry preparation.')
+            if not results or ('returncode' in results and results['returncode'] != 0):
+                raise RegistryException('Could not perform registry preparation. {}'.format(results))
             self.__prepared_registry = results
 
         return self.__prepared_registry
@@ -153,8 +153,8 @@ class Registry(OpenShiftCLI):
         # probably need to parse this
         # pylint thinks results is a string
         # pylint: disable=no-member
-        if results['returncode'] != 0 and 'items' in results['results']:
-            return results
+        if results['returncode'] != 0 and 'items' not in results['results']:
+            raise RegistryException('Could not perform registry preparation. {}'.format(results))
 
         service = None
         deploymentconfig = None
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
index d211d30e8..fefd28bbd 100644
--- a/roles/nuage_master/tasks/main.yaml
+++ b/roles/nuage_master/tasks/main.yaml
@@ -22,6 +22,15 @@
     - nuage.key
     - nuage.kubeconfig
 
+- name: Copy the certificates and keys
+  become: yes
+  copy: src="/tmp/{{ item }}" dest="{{ cert_output_dir }}/{{ item }}"
+  with_items:
+    - ca.crt
+    - nuage.crt
+    - nuage.key
+    - nuage.kubeconfig
+
 - include: certificates.yml
 
 - name: Create nuage-openshift-monitor.yaml
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
index 16ea08244..eee448e2c 100644
--- a/roles/nuage_master/tasks/serviceaccount.yml
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -3,14 +3,20 @@
   command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig
   register: nuage_tmp_conf_mktemp
   changed_when: False
+  run_once: True
+  delegate_to: "{{ nuage_ca_master }}"
 
 - set_fact:
     nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}"
+  run_once: True
+  delegate_to: "{{ nuage_ca_master }}"
 
 - name: Copy Configuration to temporary conf
   command: >
     cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}}
   changed_when: false
+  run_once: True
+  delegate_to: "{{ nuage_ca_master }}"
 
 - name: Create Admin Service Account
   oc_serviceaccount:
@@ -18,6 +24,8 @@
     name: nuage
     namespace: default
     state: present
+  run_once: True
+  delegate_to: "{{ nuage_ca_master }}"
 
 - name: Configure role/user permissions
   command: >
@@ -27,6 +35,8 @@
   register: osnuage_perm_task
   failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
   changed_when: osnuage_perm_task.rc == 0
+  run_once: True
+  delegate_to: "{{ nuage_ca_master }}"
 
 - name: Generate the node client config
   command: >
@@ -40,8 +50,12 @@
       --signer-serial={{ openshift_master_ca_serial }}
       --basename='nuage'
       --user={{ nuage_service_account }}
+  delegate_to: "{{ nuage_ca_master }}"
+  run_once: True
 
 - name: Clean temporary configuration file
   command: >
     rm -f {{nuage_tmp_conf}}
   changed_when: false
+  delegate_to: "{{ nuage_ca_master }}"
+  run_once: True
diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml
index 0f8e7ae58..f396bcc6d 100644
--- a/roles/openshift_logging/tasks/generate_secrets.yaml
+++ b/roles/openshift_logging/tasks/generate_secrets.yaml
@@ -31,8 +31,6 @@
     - fluentd
   loop_control:
     loop_var: component
-  when: secret_name not in openshift_logging_facts.{{component}}.secrets or
-        secret_keys | difference(openshift_logging_facts.{{component}}.secrets["{{secret_name}}"]["keys"]) | length != 0
   check_mode: no
   changed_when: no
 
@@ -50,8 +48,6 @@
     kibana_key_file: "{{key_pairs | entry_from_named_pair('kibana_internal_key')| b64decode }}"
     kibana_cert_file: "{{key_pairs | entry_from_named_pair('kibana_internal_cert')| b64decode }}"
     server_tls_file: "{{key_pairs | entry_from_named_pair('server_tls')| b64decode }}"
-  when: secret_name not in openshift_logging_facts.kibana.secrets or
-        secret_keys | difference(openshift_logging_facts.kibana.secrets["{{secret_name}}"]["keys"]) | length != 0
   check_mode: no
   changed_when: no
 
@@ -66,8 +62,6 @@
     secret_name: logging-elasticsearch
     secret_keys: ["admin-cert", "searchguard.key", "admin-ca", "key", "truststore", "admin-key", "searchguard.truststore"]
   register: logging_es_secret
-  when: secret_name not in openshift_logging_facts.elasticsearch.secrets or
-        secret_keys | difference(openshift_logging_facts.elasticsearch.secrets["{{secret_name}}"]["keys"]) | length != 0
   check_mode: no
   changed_when: no
 
diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml
index 8066bb481..1b750bcbe 100644
--- a/roles/openshift_logging/tasks/install_elasticsearch.yaml
+++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml
@@ -7,6 +7,8 @@
 
 - set_fact: es_pvc_pool={{[]}}
 
+- set_fact: openshift_logging_es_pvc_prefix="{{ openshift_logging_es_pvc_prefix | default('logging-es') }}"
+
 - name: Generate PersistentVolumeClaims
   include: "{{ role_path}}/tasks/generate_pvcs.yaml"
   vars:
@@ -61,6 +63,8 @@
 - name: Getting current ES deployment size
   set_fact: openshift_logging_current_es_ops_size={{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | length }}
 
+- set_fact: openshift_logging_es_ops_pvc_prefix="{{ openshift_logging_es_ops_pvc_prefix | default('logging-es-ops') }}"
+
 - name: Validate Elasticsearch cluster size for Ops
   fail: msg="The openshift_logging_es_ops_cluster_size may not be scaled down more than 1 less (or 0) the number of Elasticsearch nodes already deployed"
   vars:
diff --git a/roles/openshift_logging/templates/pvc.j2 b/roles/openshift_logging/templates/pvc.j2
index f19a3a750..07d81afff 100644
--- a/roles/openshift_logging/templates/pvc.j2
+++ b/roles/openshift_logging/templates/pvc.j2
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{obj_name}}
+  name: "{{obj_name}}"
   labels:
     logging-infra: support
 {% if annotations is defined %}
diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2
index 8fbfa8b5d..885dd368d 100644
--- a/roles/openshift_metrics/templates/pvc.j2
+++ b/roles/openshift_metrics/templates/pvc.j2
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{obj_name}}
+  name: "{{obj_name}}"
 {% if labels is not defined %}
   labels:
     logging-infra: support
diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml
index 4a3724e3f..47aa76dd2 100644
--- a/roles/openshift_metrics/vars/main.yaml
+++ b/roles/openshift_metrics/vars/main.yaml
@@ -8,3 +8,4 @@ openshift_metrics_cassandra_storage_types:
 - emptydir
 - pv
 - dynamic
+- nfs