13 files changed, 119 insertions, 41 deletions

diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index bf76a3913..35f5ec66f 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.9.0-0.39.0 ./
+3.9.0-0.40.0 ./
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index 1ec707543..81bf730f7 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -10,7 +10,7 @@
 
 Name:           openshift-ansible
 Version:        3.9.0
-Release:        0.39.0%{?dist}
+Release:        0.40.0%{?dist}
 Summary:        Openshift and Atomic Enterprise Ansible
 License:        ASL 2.0
 URL:            https://github.com/openshift/openshift-ansible
@@ -201,6 +201,14 @@ Atomic OpenShift Utilities includes
 
 
 %changelog
+* Wed Feb 07 2018 Justin Pierce <jupierce@redhat.com> 3.9.0-0.40.0
+- health checks: tolerate ovs 2.9 (lmeyer@redhat.com)
+- Fix docker rpm upgrade install task wording (mgugino@redhat.com)
+- Initial support for 3.10 (sdodson@redhat.com)
+- add deprovisioning for ELB (and IAM certs) (jdiaz@redhat.com)
+- [6632] fix indentation of terminationGracePeriodSeconds var
+  (jsanda@redhat.com)
+
 * Tue Feb 06 2018 Justin Pierce <jupierce@redhat.com> 3.9.0-0.39.0
 - Update code to not fail when rc != 0 (kwoodson@redhat.com)
 - Upgrades: pass openshift_manage_node_is_master to master nodes during upgrade
diff --git a/playbooks/aws/openshift-cluster/uninstall_elb.yml b/playbooks/aws/openshift-cluster/uninstall_elb.yml
new file mode 100644
index 000000000..c1b724f0c
--- /dev/null
+++ b/playbooks/aws/openshift-cluster/uninstall_elb.yml
@@ -0,0 +1,9 @@
+---
+- name: Delete elb
+  hosts: localhost
+  connection: local
+  tasks:
+  - name: deprovision elb
+    include_role:
+      name: openshift_aws
+      tasks_from: uninstall_elb.yml
diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml
index d8257cf31..3eb7b73b3 100644
--- a/roles/openshift_aws/tasks/elb.yml
+++ b/roles/openshift_aws/tasks/elb.yml
@@ -2,26 +2,8 @@
 - name: "dump the elb listeners for {{ l_elb_dict_item.key }}"
   debug:
     msg: "{{ l_elb_dict_item.value }}"
+    verbosity: 1
 
-- name: "Create ELB {{ l_elb_dict_item.key }}"
-  ec2_elb_lb:
-    name: "{{ item.value.name }}"
-    state: present
-    cross_az_load_balancing: "{{ item.value.cross_az_load_balancing }}"
-    security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
-    idle_timeout: "{{ item.value.idle_timout }}"
-    region: "{{ openshift_aws_region }}"
-    subnets:
-    - "{{ subnetout.subnets[0].id }}"
-    health_check: "{{ item.value.health_check }}"
-    listeners: "{{ item.value.listeners }}"
-    scheme: "{{ (item.key == 'internal') | ternary('internal','internet-facing') }}"
-    tags: "{{ item.value.tags }}"
-    wait: True
-  register: new_elb
+- name: Create ELB(s)
+  include_tasks: elb_single.yml
   with_dict: "{{ l_elb_dict_item.value }}"
-
-- debug:
-    msg: "{{ item }}"
-  with_items:
-  - "{{ new_elb }}"
diff --git a/roles/openshift_aws/tasks/elb_single.yml b/roles/openshift_aws/tasks/elb_single.yml
new file mode 100644
index 000000000..864757549
--- /dev/null
+++ b/roles/openshift_aws/tasks/elb_single.yml
@@ -0,0 +1,34 @@
+---
+- name: "dump the elb listeners for {{ item.key }}"
+  debug:
+    msg: "{{ item.value }}"
+    verbosity: 1
+
+- name: "Create ELB {{ item.value.name }}"
+  ec2_elb_lb:
+    name: "{{ item.value.name }}"
+    state: present
+    cross_az_load_balancing: "{{ item.value.cross_az_load_balancing }}"
+    security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}"
+    idle_timeout: "{{ item.value.idle_timout }}"
+    region: "{{ openshift_aws_region }}"
+    subnets:
+    - "{{ subnetout.subnets[0].id }}"
+    health_check: "{{ item.value.health_check }}"
+    listeners: "{{ item.value.listeners }}"
+    scheme: "{{ (item.key == 'internal') | ternary('internal','internet-facing') }}"
+    tags: "{{ item.value.tags }}"
+    wait: True
+  register: new_elb
+  retries: 20
+  delay: 5
+  until: new_elb | succeeded
+  ignore_errors: yes
+
+- fail:
+    msg: "couldn't create ELB {{ item.value.name }}"
+  when: not new_elb | succeeded
+
+- debug:
+    msg: "{{ new_elb }}"
+    verbosity: 1
diff --git a/roles/openshift_aws/tasks/iam_cert.yml b/roles/openshift_aws/tasks/iam_cert.yml
index f74a62b8b..42d7d951c 100644
--- a/roles/openshift_aws/tasks/iam_cert.yml
+++ b/roles/openshift_aws/tasks/iam_cert.yml
@@ -18,7 +18,9 @@
   - openshift_aws_iam_cert_key_path != ''
   - openshift_aws_elb_cert_arn == ''
 
-- debug: msg="{{ elb_cert_chain }}"
+- debug:
+    msg: "{{ elb_cert_chain }}"
+    verbosity: 1
 
 - name: set_fact openshift_aws_elb_cert_arn
   set_fact:
@@ -28,8 +30,3 @@
   - openshift_aws_iam_cert_path != ''
   - openshift_aws_iam_cert_key_path != ''
   - openshift_aws_elb_cert_arn == ''
-
-- name: wait for cert to propagate
-  pause:
-    seconds: 5
-  when: elb_cert_chain.changed
diff --git a/roles/openshift_aws/tasks/uninstall_elb.yml b/roles/openshift_aws/tasks/uninstall_elb.yml
new file mode 100644
index 000000000..147e9a905
--- /dev/null
+++ b/roles/openshift_aws/tasks/uninstall_elb.yml
@@ -0,0 +1,11 @@
+---
+- name: delete elbs
+  ec2_elb_lb:
+    name: "{{ item }}"
+    region: "{{ openshift_aws_region }}"
+    state: absent
+  with_items: "{{ openshift_aws_elb_dict | json_query('*.*.name') | sum(start = []) }}"
+
+- when: openshift_aws_create_iam_cert | bool
+  name: delete the iam_cert for elb certificate
+  include_tasks: uninstall_iam_cert.yml
diff --git a/roles/openshift_aws/tasks/uninstall_iam_cert.yml b/roles/openshift_aws/tasks/uninstall_iam_cert.yml
new file mode 100644
index 000000000..7b47673ee
--- /dev/null
+++ b/roles/openshift_aws/tasks/uninstall_iam_cert.yml
@@ -0,0 +1,25 @@
+---
+- when:
+  - openshift_aws_create_iam_cert | bool
+  - openshift_aws_iam_cert_path != ''
+  - openshift_aws_iam_cert_key_path != ''
+  - openshift_aws_elb_cert_arn == ''
+  block:
+  - name: delete AWS IAM certificates
+    iam_cert23:
+      state: absent
+      name: "{{ openshift_aws_iam_cert_name }}"
+    register: elb_cert_chain
+    retries: 20
+    delay: 10
+    until: elb_cert_chain | succeeded
+    ignore_errors: yes
+
+  - debug:
+      var: elb_cert_chain
+      verbosity: 1
+
+  - name: check for iam cert error
+    fail:
+      msg: "Couldn't delete IAM cert {{ openshift_aws_iam_cert_name }}"
+    when: not elb_cert_chain | succeeded
diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml
index 1b754f863..c2c345faf 100644
--- a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml
+++ b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml
@@ -7,7 +7,9 @@
   register: vpcout
 
 - name: debug vcpout
-  debug: var=vpcout
+  debug:
+    var: vpcout
+    verbosity: 1
 
 - name: fetch the default subnet id
   ec2_vpc_subnet_facts:
@@ -18,4 +20,6 @@
   register: subnetout
 
 - name: debug subnetout
-  debug: var=subnetout
+  debug:
+    var: subnetout
+    verbosity: 1
diff --git a/roles/openshift_health_checker/openshift_checks/ovs_version.py b/roles/openshift_health_checker/openshift_checks/ovs_version.py
index 58a2692bd..fa398e5a9 100644
--- a/roles/openshift_health_checker/openshift_checks/ovs_version.py
+++ b/roles/openshift_health_checker/openshift_checks/ovs_version.py
@@ -18,10 +18,11 @@ class OvsVersion(NotContainerizedMixin, OpenShiftCheck):
     openshift_to_ovs_version = {
         (3, 4): "2.4",
         (3, 5): ["2.6", "2.7"],
-        (3, 6): ["2.6", "2.7", "2.8"],
-        (3, 7): ["2.6", "2.7", "2.8"],
-        (3, 8): ["2.6", "2.7", "2.8"],
-        (3, 9): ["2.6", "2.7", "2.8"],
+        (3, 6): ["2.6", "2.7", "2.8", "2.9"],
+        (3, 7): ["2.6", "2.7", "2.8", "2.9"],
+        (3, 8): ["2.6", "2.7", "2.8", "2.9"],
+        (3, 9): ["2.6", "2.7", "2.8", "2.9"],
+        (3, 10): ["2.7", "2.8", "2.9"],
     }
 
     def is_active(self):
diff --git a/roles/openshift_health_checker/openshift_checks/package_version.py b/roles/openshift_health_checker/openshift_checks/package_version.py
index 28aee8b35..68022deca 100644
--- a/roles/openshift_health_checker/openshift_checks/package_version.py
+++ b/roles/openshift_health_checker/openshift_checks/package_version.py
@@ -14,10 +14,11 @@ class PackageVersion(NotContainerizedMixin, OpenShiftCheck):
     openshift_to_ovs_version = {
         (3, 4): "2.4",
         (3, 5): ["2.6", "2.7"],
-        (3, 6): ["2.6", "2.7", "2.8"],
-        (3, 7): ["2.6", "2.7", "2.8"],
-        (3, 8): ["2.6", "2.7", "2.8"],
-        (3, 9): ["2.6", "2.7", "2.8"],
+        (3, 6): ["2.6", "2.7", "2.8", "2.9"],
+        (3, 7): ["2.6", "2.7", "2.8", "2.9"],
+        (3, 8): ["2.6", "2.7", "2.8", "2.9"],
+        (3, 9): ["2.6", "2.7", "2.8", "2.9"],
+        (3, 10): ["2.7", "2.8", "2.9"],
     }
 
     openshift_to_docker_version = {
diff --git a/roles/openshift_health_checker/test/ovs_version_test.py b/roles/openshift_health_checker/test/ovs_version_test.py
index 80c7a0541..14fc6a4ec 100644
--- a/roles/openshift_health_checker/test/ovs_version_test.py
+++ b/roles/openshift_health_checker/test/ovs_version_test.py
@@ -47,7 +47,13 @@ def test_ovs_package_version(openshift_release, expected_ovs_version):
 
         return return_value
 
-    result = OvsVersion(execute_module, task_vars).run()
+    check = OvsVersion(execute_module, task_vars)
+    check.openshift_to_ovs_version = {
+        (3, 4): "2.4",
+        (3, 5): ["2.6", "2.7"],
+        (3, 6): ["2.6", "2.7", "2.8"],
+    }
+    result = check.run()
     assert result is return_value
 
 
diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
index 11476bf75..3a536630f 100644
--- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
@@ -122,7 +122,7 @@ spec:
             exec:
               command:
               - "/opt/apache-cassandra/bin/cassandra-poststart.sh"
-        terminationGracePeriodSeconds: 1800
+      terminationGracePeriodSeconds: 1800
       volumes:
       - name: cassandra-data
 {%      if openshift_metrics_cassandra_storage_type == 'emptydir' %}