6 files changed, 71 insertions, 54 deletions
diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml
index cb1440283..b83b2c452 100644
--- a/roles/openshift_node/tasks/bootstrap.yml
+++ b/roles/openshift_node/tasks/bootstrap.yml
@@ -42,14 +42,25 @@
     path: /etc/origin/.config_managed
   register: rpmgenerated_config
 
-- name: Remove RPM generated config files if present
-  file:
-    path: "/etc/origin/{{ item }}"
-    state: absent
-  when:
-  - rpmgenerated_config.stat.exists
-  - openshift_deployment_type in ['openshift-enterprise', 'atomic-enterprise']
-  with_items:
-  - master
-  - node
-  - .config_managed
+- when: rpmgenerated_config.stat.exists
+  block:
+  - name: Remove RPM generated config files if present
+    file:
+      path: "/etc/origin/{{ item }}"
+      state: absent
+    with_items:
+    - master
+
+  # with_fileglob doesn't work correctly due to a few issues.
+  # Could change this to fileglob when it gets fixed.
+  - name: find all files in /etc/origin/node so we can remove them
+    find:
+      path: /etc/origin/node/
+    register: find_results
+
+  - name: Remove everything except the resolv.conf required for node
+    file:
+      path: "{{ item.path }}"
+      state: absent
+    when: "'resolv.conf' not in item.path or 'node-dnsmasq.conf' not in item.path"
+    with_items: "{{ find_results.files }}"
diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml
index 8210fd881..2759188f3 100644
--- a/roles/openshift_node/tasks/config.yml
+++ b/roles/openshift_node/tasks/config.yml
@@ -2,18 +2,6 @@
 - name: Install the systemd units
   include: systemd_units.yml
 
-- name: Check for tuned package
-  command: rpm -q tuned
-  args:
-    warn: no
-  register: tuned_installed
-  changed_when: false
-  failed_when: false
-
-- name: Set atomic-guest tuned profile
-  command: "tuned-adm profile atomic-guest"
-  when: tuned_installed.rc == 0 and openshift.common.is_atomic | bool
-
 - name: Start and enable openvswitch service
   systemd:
     name: openvswitch.service
@@ -22,7 +10,7 @@
     daemon_reload: yes
   when:
     - openshift.common.is_containerized | bool
-    - openshift.common.use_openshift_sdn | default(true) | bool
+    - openshift_node_use_openshift_sdn | default(true) | bool
   register: ovs_start_result
   until: not ovs_start_result | failed
   retries: 3
@@ -107,5 +95,9 @@
     msg: Node failed to start please inspect the logs and try again
   when: node_start_result | failed
 
+- name: Setup tuned
+  include: tuned.yml
+  static: yes
+
 - set_fact:
     node_service_status_changed: "{{ node_start_result | changed }}"
diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml
index 9bf4ed879..265bf2c46 100644
--- a/roles/openshift_node/tasks/install.yml
+++ b/roles/openshift_node/tasks/install.yml
@@ -1,11 +1,9 @@
 ---
-# We have to add tuned-profiles in the same transaction otherwise we run into depsolving
-# problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging.
 - when: not openshift.common.is_containerized | bool
   block:
   - name: Install Node package
     package:
-      name: "{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}"
+      name: "{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}"
       state: present
 
   - name: Install sdn-ovs package
@@ -13,7 +11,7 @@
       name: "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }}"
       state: present
     when:
-    - openshift.common.use_openshift_sdn | default(true) | bool
+    - openshift_node_use_openshift_sdn | bool
 
   - name: Install conntrack-tools package
     package:
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 60a25dcc6..ef79b6ac0 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -49,41 +49,32 @@
     state: restarted
   when: openshift_use_crio | default(false)
 
+- name: restart NetworkManager to ensure resolv.conf is present
+  systemd:
+    name: NetworkManager
+    enabled: yes
+    state: restarted
+  when: openshift_node_bootstrap | bool
+
 # The atomic-openshift-node service will set this parameter on
 # startup, but if the network service is restarted this setting is
 # lost. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1372388
-#
-# Use lineinfile w/ a handler for this task until
-# https://github.com/ansible/ansible/pull/24277 is included in an
-# ansible release and we can use the sysctl module.
-- name: Persist net.ipv4.ip_forward sysctl entry
-  lineinfile: dest=/etc/sysctl.conf regexp='^net.ipv4.ip_forward' line='net.ipv4.ip_forward=1'
-  notify:
-    - reload sysctl.conf
+- sysctl:
+    name: net.ipv4.ip_forward
+    value: 1
+    sysctl_file: "/etc/sysctl.d/99-openshift.conf"
+    reload: yes
 
 - name: include bootstrap node config
   include: bootstrap.yml
   when: openshift_node_bootstrap
 
+- include: registry_auth.yml
+
 - name: include standard node config
   include: config.yml
   when: not openshift_node_bootstrap
 
-- name: Check for credentials file for registry auth
-  stat:
-    path: "{{oreg_auth_credentials_path }}"
-  when:
-    - oreg_auth_user is defined
-  register: node_oreg_auth_credentials_stat
-
-- name: Create credentials for registry auth
-  command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}"
-  when:
-    - oreg_auth_user is defined
-    - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
-  notify:
-    - restart node
-
 - name: Configure AWS Cloud Provider Settings
   lineinfile:
     dest: /etc/sysconfig/{{ openshift.common.service_type }}-node
@@ -121,4 +112,4 @@
 ##### END Storage #####
 
 - include: config/workaround-bz1331590-ovs-oom-fix.yml
-  when: openshift.common.use_openshift_sdn | default(true) | bool
+  when: openshift_node_use_openshift_sdn | default(true) | bool
diff --git a/roles/openshift_node/tasks/registry_auth.yml b/roles/openshift_node/tasks/registry_auth.yml
new file mode 100644
index 000000000..f370bb260
--- /dev/null
+++ b/roles/openshift_node/tasks/registry_auth.yml
@@ -0,0 +1,25 @@
+---
+- name: Check for credentials file for registry auth
+  stat:
+    path: "{{ oreg_auth_credentials_path }}"
+  when: oreg_auth_user is defined
+  register: node_oreg_auth_credentials_stat
+
+# Container images may need the registry credentials
+- name: Setup ro mount of /root/.docker for containerized hosts
+  set_fact:
+    l_bind_docker_reg_auth: True
+  when:
+    - openshift.common.is_containerized | bool
+    - oreg_auth_user is defined
+    - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+  notify:
+    - restart node
+
+- name: Create credentials for registry auth
+  command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}"
+  when:
+    - oreg_auth_user is defined
+    - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+  notify:
+    - restart node
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index 4687400cd..6b4490f61 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -26,7 +26,7 @@
   - name: Install OpenvSwitch system containers
     include: openvswitch_system_container.yml
     when:
-    - openshift.common.use_openshift_sdn | default(true) | bool
+    - openshift_node_use_openshift_sdn | bool
     - openshift.common.is_openvswitch_system_container | bool
 
 - block:
@@ -39,7 +39,7 @@
   - include: config/install-ovs-docker-service-file.yml
   when:
   - openshift.common.is_containerized | bool
-  - openshift.common.use_openshift_sdn | default(true) | bool
+  - openshift_node_use_openshift_sdn | bool
   - not openshift.common.is_openvswitch_system_container | bool
 
 - include: config/configure-node-settings.yml