10 files changed, 222 insertions, 225 deletions

diff --git a/playbooks/init/base_packages.yml b/playbooks/init/base_packages.yml
new file mode 100644
index 000000000..addb4f44d
--- /dev/null
+++ b/playbooks/init/base_packages.yml
@@ -0,0 +1,42 @@
+---
+# l_base_packages_hosts may be passed in via prerequisites.yml during scaleup plays
+# and upgrade_control_plane.yml upgrade plays.
+
+- name: Install packages necessary for installer
+  hosts: "{{ l_base_packages_hosts | default('oo_all_hosts') }}"
+  any_errors_fatal: true
+  tasks:
+  - when:
+    - not openshift_is_atomic | bool
+    block:
+    - name: Ensure openshift-ansible installer package deps are installed
+      package:
+        name: "{{ item }}"
+        state: present
+      with_items:
+      - iproute
+      - "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}"
+      - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}"
+      - "{{ 'python-ipaddress' if ansible_distribution != 'Fedora' else '' }}"
+      - yum-utils
+      when: item != ''
+      register: result
+      until: result is succeeded
+
+    - name: Ensure various deps for running system containers are installed
+      package:
+        name: "{{ item }}"
+        state: present
+      with_items:
+      - atomic
+      - ostree
+      - runc
+      when:
+      - >
+        (openshift_use_system_containers | default(False)) | bool
+        or (openshift_use_etcd_system_container | default(False)) | bool
+        or (openshift_use_openvswitch_system_container | default(False)) | bool
+        or (openshift_use_node_system_container | default(False)) | bool
+        or (openshift_use_master_system_container | default(False)) | bool
+      register: result
+      until: result is succeeded
diff --git a/playbooks/init/basic_facts.yml b/playbooks/init/basic_facts.yml
new file mode 100644
index 000000000..a9bf06693
--- /dev/null
+++ b/playbooks/init/basic_facts.yml
@@ -0,0 +1,77 @@
+---
+- name: Ensure that all non-node hosts are accessible
+  hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nfs_to_config
+  any_errors_fatal: true
+  tasks:
+
+- name: Initialize basic host facts
+  # l_init_fact_hosts is passed in via play during control-plane-only
+  # upgrades and scale-up plays; otherwise oo_all_hosts is used.
+  hosts: "{{ l_init_fact_hosts | default('oo_all_hosts') }}"
+  roles:
+  - role: openshift_facts
+  tasks:
+  # TODO: Should this role be refactored into health_checks??
+  - name: Run openshift_sanitize_inventory to set variables
+    import_role:
+      name: openshift_sanitize_inventory
+
+  - name: Detecting Operating System from ostree_booted
+    stat:
+      path: /run/ostree-booted
+    register: ostree_booted
+
+  # TODO(michaelgugino) remove this line once CI is updated.
+  - name: set openshift_deployment_type if unset
+    set_fact:
+      openshift_deployment_type: "{{ deployment_type }}"
+    when:
+    - openshift_deployment_type is undefined
+    - deployment_type is defined
+
+  - name: initialize_facts set fact openshift_is_atomic and openshift_is_containerized
+    set_fact:
+      openshift_is_atomic: "{{ ostree_booted.stat.exists }}"
+      openshift_is_containerized: "{{ ostree_booted.stat.exists or (containerized | default(false) | bool) }}"
+
+  # TODO: Should this be moved into health checks??
+  # Seems as though any check that happens with a corresponding fail should move into health_checks
+  # Fail as early as possible if Atomic and old version of Docker
+  - when:
+    - openshift_is_atomic | bool
+    block:
+
+    # See https://access.redhat.com/articles/2317361
+    # and https://github.com/ansible/ansible/issues/15892
+    # NOTE: the "'s can not be removed at this level else the docker command will fail
+    # NOTE: When ansible >2.2.1.x is used this can be updated per
+    # https://github.com/openshift/openshift-ansible/pull/3475#discussion_r103525121
+    - name: Determine Atomic Host Docker Version
+      shell: 'CURLY="{"; docker version --format "$CURLY{json .Server.Version}}"'
+      register: l_atomic_docker_version
+
+    - name: assert atomic host docker version is 1.12 or later
+      assert:
+        that:
+        - l_atomic_docker_version.stdout | replace('"', '') is version_compare('1.12','>=')
+        msg: Installation on Atomic Host requires Docker 1.12 or later. Please upgrade and restart the Atomic Host.
+
+- name: Initialize special first-master variables
+  hosts: oo_first_master
+  roles:
+  - role: openshift_facts
+  tasks:
+  - set_fact:
+      # We need to setup openshift_client_binary here for special uses of delegate_to in
+      # later roles and plays.
+      first_master_client_binary: "{{  openshift_client_binary }}"
+      #Some roles may require this to be set for first master
+      openshift_client_binary: "{{ openshift_client_binary }}"
+
+- name: Disable web console if required
+  hosts: oo_masters_to_config
+  gather_facts: no
+  tasks:
+  - set_fact:
+      openshift_web_console_install: False
+    when: openshift_deployment_subtype == 'registry' or ( osm_disabled_features is defined and 'WebConsole' in osm_disabled_features )
diff --git a/playbooks/init/cluster_facts.yml b/playbooks/init/cluster_facts.yml
new file mode 100644
index 000000000..636679e32
--- /dev/null
+++ b/playbooks/init/cluster_facts.yml
@@ -0,0 +1,42 @@
+---
+- name: Initialize cluster facts
+  # l_init_fact_hosts is passed in via play during control-plane-only
+  # upgrades and scale-up plays; otherwise oo_all_hosts is used.
+  hosts: "{{ l_init_fact_hosts | default('oo_all_hosts') }}"
+  roles:
+  - role: openshift_facts
+  tasks:
+  - name: Gather Cluster facts
+    openshift_facts:
+      role: common
+      local_facts:
+        deployment_type: "{{ openshift_deployment_type }}"
+        deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}"
+        hostname: "{{ openshift_hostname | default(None) }}"
+        ip: "{{ openshift_ip | default(None) }}"
+        public_hostname: "{{ openshift_public_hostname | default(None) }}"
+        public_ip: "{{ openshift_public_ip | default(None) }}"
+        portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}"
+        http_proxy: "{{ openshift_http_proxy | default(None) }}"
+        https_proxy: "{{ openshift_https_proxy | default(None) }}"
+        no_proxy: "{{ openshift_no_proxy | default(None) }}"
+        generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}"
+
+  - name: Set fact of no_proxy_internal_hostnames
+    openshift_facts:
+      role: common
+      local_facts:
+        no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config']
+                                             | union(groups['oo_masters_to_config'])
+                                             | union(groups['oo_etcd_to_config'] | default([])))
+                                         | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',')
+                                         }}"
+    when:
+    - openshift_http_proxy is defined or openshift_https_proxy is defined
+    - openshift_generate_no_proxy_hosts | default(True) | bool
+
+  - name: Initialize openshift.node.sdn_mtu
+    openshift_facts:
+      role: node
+      local_facts:
+        sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
diff --git a/playbooks/init/evaluate_groups.yml b/playbooks/init/evaluate_groups.yml
index 8087f6ffc..81d7d63ca 100644
--- a/playbooks/init/evaluate_groups.yml
+++ b/playbooks/init/evaluate_groups.yml
@@ -2,7 +2,6 @@
 - name: Populate config host groups
   hosts: localhost
   connection: local
-  become: no
   gather_facts: no
   tasks:
   - name: Load group name mapping variables
@@ -46,9 +45,13 @@
   - name: Evaluate groups - Fail if no etcd hosts group is defined
     fail:
       msg: >
-        Running etcd as an embedded service is no longer supported.
+        Running etcd as an embedded service is no longer supported. If this is a
+        new install please define an 'etcd' group with either one, three or five
+        hosts. These hosts may be the same hosts as your masters. If this is an
+        upgrade please see https://docs.openshift.com/container-platform/latest/install_config/upgrading/migrating_embedded_etcd.html
+        for documentation on how to migrate from embedded to external etcd.
     when:
-    - g_etcd_hosts | default([]) | length not in [3,1]
+    - g_etcd_hosts | default([]) | length == 0
     - not (openshift_node_bootstrap | default(False))
 
   - name: Evaluate oo_all_hosts
diff --git a/playbooks/init/facts.yml b/playbooks/init/facts.yml
deleted file mode 100644
index ac4429b23..000000000
--- a/playbooks/init/facts.yml
+++ /dev/null
@@ -1,152 +0,0 @@
----
-- name: Ensure that all non-node hosts are accessible
-  hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nfs_to_config
-  any_errors_fatal: true
-  tasks:
-
-- name: Initialize host facts
-  hosts: oo_all_hosts
-  tasks:
-  - name: load openshift_facts module
-    import_role:
-      name: openshift_facts
-
-  # TODO: Should this role be refactored into health_checks??
-  - name: Run openshift_sanitize_inventory to set variables
-    include_role:
-      name: openshift_sanitize_inventory
-
-  - name: Detecting Operating System from ostree_booted
-    stat:
-      path: /run/ostree-booted
-    register: ostree_booted
-
-  - name: initialize_facts set fact openshift_is_atomic and openshift_is_containerized
-    set_fact:
-      openshift_is_atomic: "{{ ostree_booted.stat.exists }}"
-      openshift_is_containerized: "{{ ostree_booted.stat.exists or (containerized | default(false) | bool) }}"
-
-  # TODO: Should this be moved into health checks??
-  # Seems as though any check that happens with a corresponding fail should move into health_checks
-  - name: Validate python version - ans_dist is fedora and python is v3
-    fail:
-      msg: |
-        openshift-ansible requires Python 3 for {{ ansible_distribution }};
-        For information on enabling Python 3 with Ansible, see https://docs.ansible.com/ansible/python_3_support.html
-    when:
-    - ansible_distribution == 'Fedora'
-    - ansible_python['version']['major'] != 3
-
-  # TODO: Should this be moved into health checks??
-  # Seems as though any check that happens with a corresponding fail should move into health_checks
-  - name: Validate python version - ans_dist not Fedora and python must be v2
-    fail:
-      msg: "openshift-ansible requires Python 2 for {{ ansible_distribution }}"
-    when:
-    - ansible_distribution != 'Fedora'
-    - ansible_python['version']['major'] != 2
-
-  # TODO: Should this be moved into health checks??
-  # Seems as though any check that happens with a corresponding fail should move into health_checks
-  # Fail as early as possible if Atomic and old version of Docker
-  - when:
-    - openshift_is_atomic | bool
-    block:
-
-    # See https://access.redhat.com/articles/2317361
-    # and https://github.com/ansible/ansible/issues/15892
-    # NOTE: the "'s can not be removed at this level else the docker command will fail
-    # NOTE: When ansible >2.2.1.x is used this can be updated per
-    # https://github.com/openshift/openshift-ansible/pull/3475#discussion_r103525121
-    - name: Determine Atomic Host Docker Version
-      shell: 'CURLY="{"; docker version --format "$CURLY{json .Server.Version}}"'
-      register: l_atomic_docker_version
-
-    - name: assert atomic host docker version is 1.12 or later
-      assert:
-        that:
-        - l_atomic_docker_version.stdout | replace('"', '') is version_compare('1.12','>=')
-        msg: Installation on Atomic Host requires Docker 1.12 or later. Please upgrade and restart the Atomic Host.
-
-  - when:
-    - not openshift_is_atomic | bool
-    block:
-    - name: Ensure openshift-ansible installer package deps are installed
-      package:
-        name: "{{ item }}"
-        state: present
-      with_items:
-      - iproute
-      - "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}"
-      - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}"
-      - yum-utils
-      register: result
-      until: result is succeeded
-
-    - name: Ensure various deps for running system containers are installed
-      package:
-        name: "{{ item }}"
-        state: present
-      with_items:
-      - atomic
-      - ostree
-      - runc
-      when:
-      - >
-        (openshift_use_system_containers | default(False)) | bool
-        or (openshift_use_etcd_system_container | default(False)) | bool
-        or (openshift_use_openvswitch_system_container | default(False)) | bool
-        or (openshift_use_node_system_container | default(False)) | bool
-        or (openshift_use_master_system_container | default(False)) | bool
-      register: result
-      until: result is succeeded
-
-  - name: Gather Cluster facts
-    openshift_facts:
-      role: common
-      local_facts:
-        deployment_type: "{{ openshift_deployment_type }}"
-        deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}"
-        hostname: "{{ openshift_hostname | default(None) }}"
-        ip: "{{ openshift_ip | default(None) }}"
-        public_hostname: "{{ openshift_public_hostname | default(None) }}"
-        public_ip: "{{ openshift_public_ip | default(None) }}"
-        portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}"
-        http_proxy: "{{ openshift_http_proxy | default(None) }}"
-        https_proxy: "{{ openshift_https_proxy | default(None) }}"
-        no_proxy: "{{ openshift_no_proxy | default(None) }}"
-        generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}"
-
-  - name: Set fact of no_proxy_internal_hostnames
-    openshift_facts:
-      role: common
-      local_facts:
-        no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config']
-                                             | union(groups['oo_masters_to_config'])
-                                             | union(groups['oo_etcd_to_config'] | default([])))
-                                         | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',')
-                                         }}"
-    when:
-    - openshift_http_proxy is defined or openshift_https_proxy is defined
-    - openshift_generate_no_proxy_hosts | default(True) | bool
-
-  - name: Initialize openshift.node.sdn_mtu
-    openshift_facts:
-      role: node
-      local_facts:
-        sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
-
-  - name: initialize_facts set_fact repoquery command
-    set_fact:
-      repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"
-      repoquery_installed: "{{ 'dnf repoquery --latest-limit 1 -d 0 --disableexcludes=all --installed' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins --installed' }}"
-
-- name: Initialize special first-master variables
-  hosts: oo_first_master
-  roles:
-  - role: openshift_facts
-  tasks:
-  - set_fact:
-      # We need to setup openshift_client_binary here for special uses of delegate_to in
-      # later roles and plays.
-      first_master_client_binary: "{{  openshift_client_binary }}"
diff --git a/playbooks/init/main.yml b/playbooks/init/main.yml
index 06e8ba504..468d81fbe 100644
--- a/playbooks/init/main.yml
+++ b/playbooks/init/main.yml
@@ -1,4 +1,7 @@
 ---
+# skip_version and l_install_base_packages are passed in via prerequistes.yml.
+# skip_sanity_checks is passed in via openshift-node/private/image_prep.yml
+
 - name: Initialization Checkpoint Start
   hosts: all
   gather_facts: false
@@ -15,16 +18,19 @@
 
 - import_playbook: evaluate_groups.yml
 
-- import_playbook: facts.yml
+- import_playbook: basic_facts.yml
 
-- import_playbook: sanity_checks.yml
-  when: not (skip_sanity_checks | default(False))
+# base_packages needs to be setup for openshift_facts.py to run correctly.
+- import_playbook: base_packages.yml
+  when: l_install_base_packages | default(False) | bool
 
-- import_playbook: validate_hostnames.yml
-  when: not (skip_validate_hostnames | default(False))
+- import_playbook: cluster_facts.yml
 
 - import_playbook: version.yml
-  when: not (skip_verison | default(False))
+  when: not (skip_version | default(False))
+
+- import_playbook: sanity_checks.yml
+  when: not (skip_sanity_checks | default(False))
 
 - name: Initialization Checkpoint End
   hosts: all
diff --git a/playbooks/init/repos.yml b/playbooks/init/repos.yml
index 66786a41a..655a7e83a 100644
--- a/playbooks/init/repos.yml
+++ b/playbooks/init/repos.yml
@@ -1,16 +1,18 @@
 ---
+# l_scale_up_hosts may be passed in via prerequisites.yml during scaleup plays.
+
 - name: Setup yum repositories for all hosts
-  hosts: oo_all_hosts
+  hosts: "{{ l_scale_up_hosts | default('oo_all_hosts') }}"
   gather_facts: no
   tasks:
   - name: subscribe instances to Red Hat Subscription Manager
-    include_role:
+    import_role:
       name: rhel_subscribe
     when:
     - ansible_distribution == 'RedHat'
-    - deployment_type == 'openshift-enterprise'
+    - openshift_deployment_type == 'openshift-enterprise'
     - rhsub_user is defined
     - rhsub_pass is defined
   - name: initialize openshift repos
-    include_role:
+    import_role:
       name: openshift_repos
diff --git a/playbooks/init/sanity_checks.yml b/playbooks/init/sanity_checks.yml
index 26716a92d..fbbb3f8fb 100644
--- a/playbooks/init/sanity_checks.yml
+++ b/playbooks/init/sanity_checks.yml
@@ -1,51 +1,16 @@
 ---
+# l_sanity_check_hosts may be passed in during scale-up plays
 - name: Verify Requirements
-  hosts: oo_all_hosts
+  hosts: oo_first_master
+  roles:
+  - role: lib_utils
   tasks:
-  - fail:
-      msg: Flannel can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use flannel
-    when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_flannel | default(false) | bool
-
-  - fail:
-      msg: Nuage sdn can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use nuage
-    when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_nuage | default(false) | bool
-
-  - fail:
-      msg: Nuage sdn can not be used with flannel
-    when: openshift_use_flannel | default(false) | bool and openshift_use_nuage | default(false) | bool
-
-  - fail:
-      msg: Contiv can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use contiv
-    when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_contiv | default(false) | bool
-
-  - fail:
-      msg: Contiv can not be used with flannel
-    when: openshift_use_flannel | default(false) | bool and openshift_use_contiv | default(false) | bool
-
-  - fail:
-      msg: Contiv can not be used with nuage
-    when: openshift_use_nuage | default(false) | bool and openshift_use_contiv | default(false) | bool
-
-  - fail:
-      msg: Calico can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use Calico
-    when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_calico | default(false) | bool
-
-  - fail:
-      msg: The Calico playbook does not yet integrate with the Flannel playbook in Openshift. Set either openshift_use_calico or openshift_use_flannel, but not both.
-    when: openshift_use_calico | default(false) | bool and openshift_use_flannel | default(false) | bool
-
-  - fail:
-      msg: Calico can not be used with Nuage in Openshift. Set either openshift_use_calico or openshift_use_nuage, but not both
-    when: openshift_use_calico | default(false) | bool and openshift_use_nuage | default(false) | bool
-
-  - fail:
-      msg: Calico can not be used with Contiv in Openshift. Set either openshift_use_calico or openshift_use_contiv, but not both
-    when: openshift_use_calico | default(false) | bool and openshift_use_contiv | default(false) | bool
-
-  - fail:
-      msg: openshift_hostname must be 63 characters or less
-    when: openshift_hostname is defined and openshift_hostname | length > 63
-
-  - fail:
-      msg: openshift_public_hostname must be 63 characters or less
-    when: openshift_public_hostname is defined and openshift_public_hostname | length > 63
+  # sanity_checks is a custom action plugin defined in lib_utils.
+  # This module will loop through all the hostvars for each host
+  # specified in check_hosts.
+  # Since sanity_checks is an action_plugin, it executes on the control host.
+  # Thus, sanity_checks cannot gather new information about any hosts.
+  - name: Run variable sanity checks
+    sanity_checks:
+      check_hosts: "{{ l_sanity_check_hosts | default(groups['oo_all_hosts']) }}"
+    run_once: True
diff --git a/playbooks/init/validate_hostnames.yml b/playbooks/init/validate_hostnames.yml
index 86e0b2416..b49f7dd08 100644
--- a/playbooks/init/validate_hostnames.yml
+++ b/playbooks/init/validate_hostnames.yml
@@ -25,7 +25,7 @@
     when:
     - lookupip.stdout != '127.0.0.1'
     - lookupip.stdout not in ansible_all_ipv4_addresses
-    - openshift_hostname_check | default(true)
+    - openshift_hostname_check | default(true) | bool
 
   - name: Validate openshift_ip exists on node when defined
     fail:
@@ -40,4 +40,4 @@
     when:
     - openshift_ip is defined
     - openshift_ip not in ansible_all_ipv4_addresses
-    - openshift_ip_check | default(true)
+    - openshift_ip_check | default(true) | bool
diff --git a/playbooks/init/version.yml b/playbooks/init/version.yml
index 37a5284d5..962ee7220 100644
--- a/playbooks/init/version.yml
+++ b/playbooks/init/version.yml
@@ -2,20 +2,32 @@
 # NOTE: requires openshift_facts be run
 - name: Determine openshift_version to configure on first master
   hosts: oo_first_master
-  roles:
-  - openshift_version
+  tasks:
+  - include_role:
+      name: openshift_version
+      tasks_from: first_master.yml
+  - debug: msg="openshift_pkg_version set to {{ openshift_pkg_version | default('') }}"
 
 # NOTE: We set this even on etcd hosts as they may also later run as masters,
 # and we don't want to install wrong version of docker and have to downgrade
 # later.
 - name: Set openshift_version for etcd, node, and master hosts
-  hosts: oo_etcd_to_config:oo_nodes_to_config:oo_masters_to_config:!oo_first_master
+  hosts: "{{ l_openshift_version_set_hosts | default(l_default_version_set_hosts) }}"
   vars:
-    openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}"
-  pre_tasks:
+    l_default_version_set_hosts: "oo_etcd_to_config:oo_nodes_to_config:oo_masters_to_config:!oo_first_master"
+    l_first_master_openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}"
+    l_first_master_openshift_pkg_version: "{{ hostvars[groups.oo_first_master.0].openshift_pkg_version | default('') }}"
+    l_first_master_openshift_image_tag: "{{ hostvars[groups.oo_first_master.0].openshift_image_tag}}"
+  tasks:
   - set_fact:
-      openshift_pkg_version: -{{ openshift_version }}
-    when: openshift_pkg_version is not defined
-  - debug: msg="openshift_pkg_version set to {{ openshift_pkg_version }}"
-  roles:
-  - openshift_version
+      openshift_version: "{{ l_first_master_openshift_version }}"
+      openshift_pkg_version: "{{ l_first_master_openshift_pkg_version }}"
+      openshift_image_tag: "{{ l_first_master_openshift_image_tag }}"
+
+# NOTE: These steps should only be run against masters and nodes.
+- name: Ensure the requested version packages are available.
+  hosts: "{{ l_openshift_version_check_hosts | default('oo_nodes_to_config:oo_masters_to_config:!oo_first_master') }}"
+  tasks:
+  - include_role:
+      name: openshift_version
+      tasks_from: masters_and_nodes.yml