5 files changed, 28 insertions, 15 deletions
diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md
index 3e5d7f860..29ae58556 100644
--- a/roles/openshift_hosted/README.md
+++ b/roles/openshift_hosted/README.md
@@ -39,7 +39,6 @@ variables also control configuration behavior:
 Dependencies
 ------------
 
-* openshift_common
 * openshift_hosted_facts
 
 Example Playbook
diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml
index c26df3afa..712a2a591 100644
--- a/roles/openshift_hosted/defaults/main.yml
+++ b/roles/openshift_hosted/defaults/main.yml
@@ -5,8 +5,8 @@ r_openshift_hosted_router_use_firewalld: "{{ os_firewall_use_firewalld | default
 r_openshift_hosted_registry_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
 r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
 
-openshift_hosted_router_wait: "{{ not openshift_master_bootstrap_enabled | default(True) }}"
-openshift_hosted_registry_wait: "{{ not openshift_master_bootstrap_enabled | default(True) }}"
+openshift_hosted_router_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}"
+openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}"
 
 registry_volume_claim: 'registry-claim'
 
@@ -47,3 +47,9 @@ r_openshift_hosted_registry_os_firewall_allow:
 - service: Docker Registry Port
   port: 5000/tcp
   cond: "{{ r_openshift_hosted_use_calico }}"
+
+# NOTE
+# r_openshift_hosted_use_calico_default may be defined external to this role.
+# openshift_use_calico, if defined, may affect other roles or play behavior.
+r_openshift_hosted_use_calico_default: "{{ openshift_use_calico | default(False) }}"
+r_openshift_hosted_use_calico: "{{ r_openshift_hosted_use_calico_default }}"
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index 3e424da12..48f53aef8 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -61,6 +61,14 @@
     openshift_hosted_registry_env_vars: "{{ openshift_hosted_registry_env_vars | combine({'OPENSHIFT_DEFAULT_REGISTRY':'docker-registry.default.svc:5000'}) }}"
   when: openshift_push_via_dns | default(false) | bool
 
+- name: Update registry proxy settings for dc/docker-registry
+  set_fact:
+    openshift_hosted_registry_env_vars: "{{ {'HTTPS_PROXY': (openshift.common.https_proxy | default('')),
+                                             'HTTP_PROXY':  (openshift.common.http_proxy  | default('')),
+                                             'NO_PROXY':    (openshift.common.no_proxy    | default(''))}
+                                           | combine(openshift_hosted_registry_env_vars) }}"
+  when: (openshift.common.https_proxy | default(False)) or (openshift.common.http_proxy | default('')) != ''
+
 - name: Create the registry service account
   oc_serviceaccount:
     name: "{{ openshift_hosted_registry_serviceaccount }}"
@@ -129,7 +137,7 @@
     edits: "{{ openshift_hosted_registry_edits }}"
     force: "{{ True|bool in openshift_hosted_registry_force }}"
 
-- when: openshift_hosted_registry_wait
+- when: openshift_hosted_registry_wait | bool
   block:
   - name: Ensure OpenShift registry correctly rolls out (best-effort today)
     command: |
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index a8a6f6fc8..434b679df 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -1,7 +1,7 @@
 ---
 - name: Configure facts for docker-registry
   set_fact:
-    openshift_hosted_registry_routecertificates: "{{ ('routecertificates' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routecertificates, {}) }}"
+    openshift_hosted_registry_routecertificates: "{{ ('routecertificates' in openshift.hosted.registry.keys()) | ternary(openshift_hosted_registry_routecertificates, {}) }}"
     openshift_hosted_registry_routehost: "{{ ('routehost' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routehost, False) }}"
     openshift_hosted_registry_routetermination: "{{ ('routetermination' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routetermination, 'passthrough') }}"
 
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index e57ed733e..2a42b5a7c 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -18,6 +18,15 @@
     openshift_hosted_router_selector: "{{ openshift.hosted.router.selector | default(None) }}"
     openshift_hosted_router_image: "{{ openshift.hosted.router.registryurl }}"
 
+- name: Get the certificate contents for router
+  copy:
+    backup: True
+    dest: "/etc/origin/master/{{ item | basename }}"
+    src: "{{ item }}"
+  with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') |
+                  oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}"
+  when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {}
+
 # This is for when we desire a cluster signed cert
 # The certificate is generated and placed in master_config_dir/
 - block:
@@ -43,15 +52,6 @@
   # End Block
   when: ( openshift_hosted_router_create_certificate | bool ) and openshift_hosted_router_certificate == {}
 
-- name: Get the certificate contents for router
-  copy:
-    backup: True
-    dest: "/etc/origin/master/{{ item | basename }}"
-    src: "{{ item }}"
-  with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') |
-                  oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}"
-  when: not openshift_hosted_router_create_certificate | bool
-
 - name: Create the router service account(s)
   oc_serviceaccount:
     name: "{{ item.serviceaccount }}"
@@ -94,7 +94,7 @@
     stats_port: "{{ item.stats_port }}"
   with_items: "{{ openshift_hosted_routers }}"
 
-- when: openshift_hosted_router_wait
+- when: openshift_hosted_router_wait | bool
   block:
   - name: Ensure OpenShift router correctly rolls out (best-effort today)
     command: |