2 files changed, 12 insertions, 6 deletions

diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml
index 38ce92e92..daf84e242 100644
--- a/playbooks/adhoc/s3_registry/s3_registry.yml
+++ b/playbooks/adhoc/s3_registry/s3_registry.yml
@@ -15,6 +15,9 @@
     aws_secret_key: "{{ lookup('env', 'S3_SECRET_ACCESS_KEY') }}"
     aws_bucket_name: "{{ aws_bucket | default(clusterid ~ '-docker') }}"
     aws_bucket_region: "{{ aws_region | default(lookup('env', 'S3_REGION') | default('us-east-1', true)) }}"
+    aws_create_bucket: "{{ aws_create | default(True) }}"
+    aws_tmp_path: "{{ aws_tmp_pathfile | default('/root/config.yml')}}"
+    aws_delete_tmp_file: "{{ aws_delete_tmp | default(True) }}"
 
   tasks:
 
@@ -30,6 +33,7 @@
     command: oc scale --replicas=0 dc/docker-registry
 
   - name: Create S3 bucket
+    when: aws_create_bucket | bool
     local_action:
       module: s3 bucket="{{ aws_bucket_name }}" mode=create
 
@@ -70,4 +74,5 @@
     command: oc scale --replicas=1 dc/docker-registry
 
   - name: Delete temporary config file
-    file: path=/root/config.yml state=absent
+    file: path={{ aws_tmp_path }} state=absent
+    when: aws_delete_tmp_file | bool
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index ac1612634..af774aa32 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -346,16 +346,16 @@ resources:
           port_range_max: 22
           remote_ip_prefix: { get_param: ssh_incoming }
         - direction: ingress
-          protocol: udp
-          port_range_min: 4789
-          port_range_max: 4789
-          remote_mode: remote_group_id
-        - direction: ingress
           protocol: tcp
           port_range_min: 10250
           port_range_max: 10250
           remote_mode: remote_group_id
           remote_group_id: { get_resource: master-secgrp }
+        - direction: ingress
+          protocol: udp
+          port_range_min: 4789
+          port_range_max: 4789
+          remote_mode: remote_group_id
 
   infra-secgrp:
     type: OS::Neutron::SecurityGroup
@@ -473,6 +473,7 @@ resources:
           subnet:      { get_resource: subnet }
           secgrp:
             - { get_resource: master-secgrp }
+            - { get_resource: node-secgrp }
           floating_network: { get_param: external_net }
           net_name:
             str_replace: