7 files changed, 76 insertions, 24 deletions

diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md
index 34b548b9b..5c2f61202 100644
--- a/playbooks/provisioning/openstack/README.md
+++ b/playbooks/provisioning/openstack/README.md
@@ -4,10 +4,10 @@ This repository contains playbooks and Heat templates to provision
 OpenStack resources (servers, networking, volumes, security groups,
 etc.). The result is an environment ready for openshift-ansible.
 
-
 ## Dependencies for localhost (ansible control/admin node)
 
 * [Ansible 2.3](https://pypi.python.org/pypi/ansible)
+* [Ansible-galaxy](https://pypi.python.org/pypi/ansible-galaxy-local-deps)
 * [jinja2](http://jinja.pocoo.org/docs/2.9/)
 * [shade](https://pypi.python.org/pypi/shade)
 * python-dns / [dnspython](https://pypi.python.org/pypi/dnspython)
@@ -19,6 +19,23 @@ There are no additional dependencies for the cluster nodes. Required
 configuration steps are done by Heat given a specific user data config
 that normally should not be changed.
 
+## Required galaxy modules
+
+In order to pull in external dependencies for DNS configuration steps,
+the following commads need to be executed:
+
+    ansible-galaxy install \
+      -r openshift-ansible-contrib/playbooks/provisioning/openstack/galaxy-requirements.yaml \
+      -p openshift-ansible-contrib/roles
+
+Alternatively you can install directly from github:
+
+    ansible-galaxy install git+https://github.com/redhat-cop/infra-ansible,master \
+      -p openshift-ansible-contrib/roles
+
+Note, this assumes we're in the directory that contains the clonned
+openshift-ansible-contrib repo in its root path.
+
 ## What does it do
 
 * Create Nova servers with floating IP addresses attached
@@ -164,11 +181,8 @@ file, this is how you stat the provisioning process:
 
 Once it succeeds, you can install openshift by running:
 
-    ansible-playbook --become --user openshift --private-key ~/.ssh/openshift -i inventory/ openshift-ansible/playbooks/byo/openshift-node/network_manager.yml
     ansible-playbook --become --user openshift --private-key ~/.ssh/openshift -i inventory/ openshift-ansible/playbooks/byo/config.yml
 
-Note, the `network_manager.yml` step is mandatory and is required for persisting
-the hosts' DNS configs.
 
 ## License
 
diff --git a/playbooks/provisioning/openstack/galaxy-requirements.yaml b/playbooks/provisioning/openstack/galaxy-requirements.yaml
new file mode 100644
index 000000000..93dd14ec2
--- /dev/null
+++ b/playbooks/provisioning/openstack/galaxy-requirements.yaml
@@ -0,0 +1,6 @@
+---
+# This is the Ansible Galaxy requirements file to pull in the correct roles
+
+# From 'infra-ansible'
+- src: https://github.com/redhat-cop/infra-ansible
+  version: master
diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml
index 412ccd221..53db5061c 100644
--- a/playbooks/provisioning/openstack/post-provision-openstack.yml
+++ b/playbooks/provisioning/openstack/post-provision-openstack.yml
@@ -14,7 +14,7 @@
   become: true
   roles:
   - role: subscription-manager
-    when: hostvars.localhost.rhsm_register
+    when: hostvars.localhost.rhsm_register|default(False)
     tags: 'subscription-manager'
 
 - name: Determine which DNS server(s) to use for our generated records
@@ -33,7 +33,7 @@
   - name: "Generate dns-server views"
     include: openstack_dns_views.yml
   roles:
-  - role: dns-server
+  - role: infra-ansible/roles/dns-server
 
 - name: Build and process DNS Records
   hosts: localhost
@@ -44,7 +44,7 @@
   - name: "Generate dns records"
     include: openstack_dns_records.yml
   roles:
-  - role: dns
+  - role: infra-ansible/roles/dns
 
 - name: Switch the stack subnet to the configured private DNS server
   hosts: localhost
@@ -59,12 +59,14 @@
 
 - name: OpenShift Pre-Requisites
   hosts: OSEv3
-  gather_facts: False
+  gather_facts: true
   become: true
-  tasks:
+  pre_tasks:
   - name: "Include DNS configuration to ensure proper name resolution"
     lineinfile:
       state: present
       dest: /etc/sysconfig/network
       regexp: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}"
       line: "IP4_NAMESERVERS={{ hostvars['localhost'].private_dns_server }}"
+  roles:
+  - node-network-manager
diff --git a/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml
index 72a03132b..70e4d8cb1 100644
--- a/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml
+++ b/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml
@@ -1,6 +1,8 @@
 ---
-openshift_deployment_type: openshift-enterprise
-openshift_release: v3.5
+openshift_deployment_type: origin
+openshift_release: 1.5.1
+#openshift_deployment_type: openshift-enterprise
+#openshift_release: v3.5
 openshift_master_default_subdomain: "apps.{{ env_id }}.{{ public_dns_domain }}"
 
 # NOTE(shadower): do not remove this line, otherwise the default node labels
@@ -9,6 +11,11 @@ openshift_node_labels: "{{ openstack.metadata.node_labels }}"
 
 osm_default_node_selector: 'region=primary'
 
+# NOTE(shadower): the hostname check seems to always fail because the
+# host's floating IP address doesn't match the address received from
+# inside the host.
+openshift_override_hostname_check: true
+
 # For POCs or demo environments that are using smaller instances than
 # the official recommended values for RAM and DISK, uncomment the line below.
 #openshift_disable_check: disk_availability,memory_availability
diff --git a/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml b/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml
index 7c9033828..f1cdff86a 100644
--- a/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml
+++ b/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml
@@ -4,7 +4,7 @@ public_dns_domain: "example.com"
 public_dns_nameservers: []
 
 openstack_ssh_public_key: "openshift"
-openstack_default_image_name: "rhel73"
+openstack_default_image_name: "centos7"
 openstack_default_flavor: "m1.medium"
 openstack_external_network_name: "public"
 
@@ -20,6 +20,8 @@ docker_volume_size: "15"
 openstack_subnet_prefix: "192.168.99"
 
 # # Red Hat subscription
+rhsm_register: False
+
 # # Using Red Hat Satellite:
 #rhsm_register: True
 #rhsm_satellite: 'sat-6.example.com'
@@ -56,5 +58,5 @@ openstack_subnet_prefix: "192.168.99"
 # hardcoded to `openshift`.
 ansible_user: openshift
 
-# # Use a single security group for a cluster
-openstack_flat_secgrp: false
+# # Use a single security group for a cluster (default: false)
+#openstack_flat_secgrp: false
diff --git a/roles/node-network-manager/tasks/main.yml b/roles/node-network-manager/tasks/main.yml
new file mode 100644
index 000000000..6a17855e7
--- /dev/null
+++ b/roles/node-network-manager/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: install NetworkManager
+  package:
+    name: NetworkManager
+    state: present
+
+- name: configure NetworkManager
+  lineinfile:
+    dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}"
+    regexp: '^{{ item }}='
+    line: '{{ item }}=yes'
+    state: present
+    create: yes
+  with_items:
+  - 'USE_PEERDNS'
+  - 'NM_CONTROLLED'
+
+- name: enable and start NetworkManager
+  service:
+    name: NetworkManager
+    state: restarted
+    enabled: yes
diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2
index 8bf76b57c..992f6257b 100644
--- a/roles/openstack-stack/templates/heat_stack.yaml.j2
+++ b/roles/openstack-stack/templates/heat_stack.yaml.j2
@@ -160,7 +160,7 @@ resources:
           protocol: icmp
           remote_ip_prefix: {{ ssh_ingress_cidr }}
 
-{% if openstack_flat_secgrp|bool %}
+{% if openstack_flat_secgrp|default(False)|bool %}
   flat-secgrp:
     type: OS::Neutron::SecurityGroup
     properties:
@@ -432,7 +432,7 @@ resources:
           port_range_min: 53
           port_range_max: 53
           remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
-{% if num_masters is greaterthan 1 %}
+{% if num_masters > 1 %}
   lb-secgrp:
     type: OS::Neutron::SecurityGroup
     properties:
@@ -444,7 +444,7 @@ resources:
         port_range_min: {{ openshift_master_api_port | default(8443) }}
         port_range_max: {{ openshift_master_api_port | default(8443) }}
         remote_ip_prefix: {{ lb_ingress_cidr }}
-  {% if openshift_master_console_port is defined and openshift_master_console_port is not equalto openshift_master_api_port %}
+  {% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %}
       - direction: ingress
         protocol: tcp
         port_range_min: {{ openshift_master_console_port | default(8443) }}
@@ -481,7 +481,7 @@ resources:
           net:         { get_resource: net }
           subnet:      { get_resource: subnet }
           secgrp:
-            - { get_resource: {% if openstack_flat_secgrp|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} }
+            - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} }
             - { get_resource: common-secgrp }
           floating_network: {{ external_network }}
           net_name:
@@ -493,7 +493,7 @@ resources:
     depends_on:
       - interface
 
-{% if num_masters is greaterthan 1 %}
+{% if num_masters > 1 %}
   loadbalancer:
     type: OS::Heat::ResourceGroup
     properties:
@@ -563,12 +563,12 @@ resources:
           net:         { get_resource: net }
           subnet:      { get_resource: subnet }
           secgrp:
-{% if openstack_flat_secgrp|bool %}
+{% if openstack_flat_secgrp|default(False)|bool %}
             - { get_resource: flat-secgrp }
 {% else %}
             - { get_resource: master-secgrp }
             - { get_resource: node-secgrp }
-{% if num_etcd is equalto 0 %}
+{% if num_etcd == 0 %}
             - { get_resource: etcd-secgrp }
 {% endif %}
 {% endif %}
@@ -617,7 +617,7 @@ resources:
           net:         { get_resource: net }
           subnet:      { get_resource: subnet }
           secgrp:
-            - { get_resource: {% if openstack_flat_secgrp|bool %}flat-secgrp{% else %}node-secgrp{% endif %} }
+            - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} }
             - { get_resource: common-secgrp }
           floating_network: {{ external_network }}
           net_name:
@@ -662,7 +662,7 @@ resources:
           subnet:      { get_resource: subnet }
           secgrp:
 # TODO(bogdando) filter only required node rules into infra-secgrp
-{% if openstack_flat_secgrp|bool %}
+{% if openstack_flat_secgrp|default(False)|bool %}
             - { get_resource: flat-secgrp }
 {% else %}
             - { get_resource: node-secgrp }
@@ -718,4 +718,3 @@ resources:
           volume_size: {{ dns_volume_size }}
     depends_on:
       - interface
-