8 files changed, 40 insertions, 27 deletions

diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index 4fabf9c5c..249d1d122 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.6.45-1 ./
+3.6.49-1 ./
diff --git a/README.md b/README.md
index 42e629484..1cf8d1156 100644
--- a/README.md
+++ b/README.md
@@ -54,7 +54,7 @@ you are not running a stable release.
     ***
 
     Requirements:
-    - Ansible >= 2.2.0
+    - Ansible >= 2.2.2.0
     - Jinja >= 2.7
     - pyOpenSSL
     - python-lxml
diff --git a/callback_plugins/aa_version_requirement.py b/callback_plugins/aa_version_requirement.py
index f31445381..20bdd9056 100644
--- a/callback_plugins/aa_version_requirement.py
+++ b/callback_plugins/aa_version_requirement.py
@@ -7,7 +7,6 @@ The plugin is named with leading `aa_` to ensure this plugin is loaded
 first (alphanumerically) by Ansible.
 """
 import sys
-from subprocess import check_output
 from ansible import __version__
 
 if __version__ < '2.0':
@@ -30,13 +29,8 @@ else:
 
 
 # Set to minimum required Ansible version
-REQUIRED_VERSION = '2.2.0.0'
-DESCRIPTION = "Supported versions: %s or newer (except 2.2.1.0)" % REQUIRED_VERSION
-FAIL_ON_2_2_1_0 = "There are known issues with Ansible version 2.2.1.0 which " \
-                  "are impacting OpenShift-Ansible. Please use Ansible " \
-                  "version 2.2.0.0 or a version greater than 2.2.1.0. " \
-                  "See this issue for more details: " \
-                  "https://github.com/openshift/openshift-ansible/issues/3111"
+REQUIRED_VERSION = '2.2.2.0'
+DESCRIPTION = "Supported versions: %s or newer" % REQUIRED_VERSION
 
 
 def version_requirement(version):
@@ -64,13 +58,3 @@ class CallbackModule(CallbackBase):
                 'FATAL: Current Ansible version (%s) is not supported. %s'
                 % (__version__, DESCRIPTION), color='red')
             sys.exit(1)
-
-        if __version__ == '2.2.1.0':
-            rpm_ver = str(check_output(["rpm", "-qa", "ansible"]))
-            patched_ansible = '2.2.1.0-2'
-
-            if patched_ansible not in rpm_ver:
-                display(
-                    'FATAL: Current Ansible version (%s) is not supported. %s'
-                    % (__version__, FAIL_ON_2_2_1_0), color='red')
-                sys.exit(1)
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index f70971537..d31c35f69 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -571,10 +571,17 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # network blocks should be private and should not conflict with network blocks
 # in your infrastructure that pods may require access to. Can not be changed
 # after deployment.
+#
+# WARNING : Do not pick subnets that overlap with the default Docker bridge subnet of
+# 172.17.0.0/16.  Your installation will fail and/or your configuration change will
+# cause the Pod SDN or Cluster SDN to fail.
+#
+# WORKAROUND : If you must use an overlapping subnet, you can configure a non conflicting
+# docker0 CIDR range by adding '--bip=192.168.2.1/24' to DOCKER_NETWORK_OPTIONS
+# environment variable located in /etc/sysconfig/docker-network.
 #osm_cluster_network_cidr=10.128.0.0/14
 #openshift_portal_net=172.30.0.0/16
 
-
 # ExternalIPNetworkCIDRs controls what values are acceptable for the
 # service external IP field. If empty, no externalIP may be set. It
 # may contain a list of CIDRs which are checked for access. If a CIDR
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index f5e0de1b0..80cc65f06 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -572,10 +572,17 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # network blocks should be private and should not conflict with network blocks
 # in your infrastructure that pods may require access to. Can not be changed
 # after deployment.
+#
+# WARNING : Do not pick subnets that overlap with the default Docker bridge subnet of
+# 172.17.0.0/16.  Your installation will fail and/or your configuration change will
+# cause the Pod SDN or Cluster SDN to fail.
+#
+# WORKAROUND : If you must use an overlapping subnet, you can configure a non conflicting
+# docker0 CIDR range by adding '--bip=192.168.2.1/24' to DOCKER_NETWORK_OPTIONS
+# environment variable located in /etc/sysconfig/docker-network.
 #osm_cluster_network_cidr=10.128.0.0/14
 #openshift_portal_net=172.30.0.0/16
 
-
 # ExternalIPNetworkCIDRs controls what values are acceptable for the
 # service external IP field. If empty, no externalIP may be set. It
 # may contain a list of CIDRs which are checked for access. If a CIDR
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index 7c556d8df..00954bd38 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -9,7 +9,7 @@
 %global __requires_exclude ^/usr/bin/ansible-playbook$
 
 Name:           openshift-ansible
-Version:        3.6.45
+Version:        3.6.49
 Release:        1%{?dist}
 Summary:        Openshift and Atomic Enterprise Ansible
 License:        ASL 2.0
@@ -17,7 +17,7 @@ URL:            https://github.com/openshift/openshift-ansible
 Source0:        https://github.com/openshift/openshift-ansible/archive/%{commit}/%{name}-%{version}.tar.gz
 BuildArch:      noarch
 
-Requires:      ansible >= 2.2.0.0-1
+Requires:      ansible >= 2.2.2.0
 Requires:      python2
 Requires:      python-six
 Requires:      tar
@@ -273,6 +273,20 @@ Atomic OpenShift Utilities includes
 
 
 %changelog
+* Mon May 01 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.49-1
+- Warn users about conflicts with docker0 CIDR range (lpsantil@gmail.com)
+- Bump ansible rpm dependency to 2.2.2.0 (sdodson@redhat.com)
+
+* Mon May 01 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.48-1
+- 
+
+* Mon May 01 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.47-1
+- 
+
+* Mon May 01 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.46-1
+- Contrib: Hook to verify modules match assembled fragments
+  (tbielawa@redhat.com)
+
 * Mon May 01 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.45-1
 - 
 
diff --git a/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py b/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py
index c204b5341..0242f5b43 100644
--- a/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py
+++ b/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py
@@ -135,7 +135,7 @@ platforms missing the Python OpenSSL library.
                 continue
 
             elif l.startswith('Subject:'):
-                # O=system:nodes, CN=system:node:m01.example.com
+                # O = system:nodes, CN = system:node:m01.example.com
                 self.subject = FakeOpenSSLCertificateSubjects(l.partition(': ')[-1])
 
     def get_serial_number(self):
@@ -202,7 +202,7 @@ object"""
         """
         self.subjects = []
         for s in subject_string.split(', '):
-            name, _, value = s.partition('=')
+            name, _, value = s.partition(' = ')
             self.subjects.append((name, value))
 
     def get_components(self):
diff --git a/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py b/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py
index ccdd48fa8..8a521a765 100644
--- a/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py
+++ b/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py
@@ -17,7 +17,8 @@ from openshift_cert_expiry import FakeOpenSSLCertificate  # noqa: E402
 
 @pytest.fixture(scope='module')
 def fake_valid_cert(valid_cert):
-    cmd = ['openssl', 'x509', '-in', str(valid_cert['cert_file']), '-text']
+    cmd = ['openssl', 'x509', '-in', str(valid_cert['cert_file']), '-text',
+           '-nameopt', 'oneline']
     cert = subprocess.check_output(cmd)
     return FakeOpenSSLCertificate(cert.decode('utf8'))