20 files changed, 161 insertions, 173 deletions

diff --git a/roles/cockpit-ui/defaults/main.yml b/roles/cockpit-ui/defaults/main.yml
new file mode 100644
index 000000000..b1696f1b8
--- /dev/null
+++ b/roles/cockpit-ui/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+openshift_config_base: "/etc/origin"
+openshift_master_config_dir: "{{ openshift.common.config_base | default(openshift_config_base) }}/master"
diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml
index 0114498f8..244e2cc41 100644
--- a/roles/cockpit-ui/tasks/main.yml
+++ b/roles/cockpit-ui/tasks/main.yml
@@ -50,7 +50,9 @@
       -n default
     register: deploy_registry_console
     changed_when: "'already exists' not in deploy_registry_console.stderr"
-    failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0"
+    failed_when:
+    - "'already exists' not in deploy_registry_console.stderr"
+    - "deploy_registry_console.rc != 0"
 
   - name: Delete temp directory
     file:
diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml
index 712a2a591..c234c3740 100644
--- a/roles/openshift_hosted/defaults/main.yml
+++ b/roles/openshift_hosted/defaults/main.yml
@@ -1,14 +1,33 @@
 ---
+##########
+# Common #
+##########
+openshift_hosted_infra_selector: "region=infra"
+r_openshift_hosted_use_calico_default: "{{ openshift_use_calico | default(False) }}"
+r_openshift_hosted_use_calico: "{{ r_openshift_hosted_use_calico_default }}"
+
+openshift_default_projects:
+  default:
+    default_node_selector: ''
+  logging:
+    default_node_selector: ''
+  openshift-infra:
+    default_node_selector: ''
+
+# openshift_additional_projects shares the same format as openshift_default_projects
+openshift_additional_projects: {}
+
+openshift_config_base: "/etc/origin"
+openshift_master_config_dir: "{{ openshift.common.config_base | default(openshift_config_base) }}/master"
+openshift_cluster_domain: 'cluster.local'
+
+##########
+# Router #
+##########
 r_openshift_hosted_router_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
 r_openshift_hosted_router_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
 
-r_openshift_hosted_registry_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
-r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
-
 openshift_hosted_router_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}"
-openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}"
-
-registry_volume_claim: 'registry-claim'
 
 openshift_hosted_router_edits:
 - key: spec.strategy.rollingParams.intervalSeconds
@@ -36,20 +55,49 @@ openshift_hosted_routers:
   certificate: "{{ openshift_hosted_router_certificate | default({}) }}"
 
 openshift_hosted_router_certificate: {}
-openshift_hosted_registry_cert_expire_days: 730
 openshift_hosted_router_create_certificate: True
 
 r_openshift_hosted_router_os_firewall_deny: []
 r_openshift_hosted_router_os_firewall_allow: []
 
+############
+# Registry #
+############
+
+r_openshift_hosted_registry_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
+r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
+
+openshift_hosted_registry_name: docker-registry
+openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}"
+registry_volume_claim: 'registry-claim'
+openshift_hosted_registry_cert_expire_days: 730
+
 r_openshift_hosted_registry_os_firewall_deny: []
 r_openshift_hosted_registry_os_firewall_allow:
 - service: Docker Registry Port
   port: 5000/tcp
   cond: "{{ r_openshift_hosted_use_calico }}"
 
-# NOTE
-# r_openshift_hosted_use_calico_default may be defined external to this role.
-# openshift_use_calico, if defined, may affect other roles or play behavior.
-r_openshift_hosted_use_calico_default: "{{ openshift_use_calico | default(False) }}"
-r_openshift_hosted_use_calico: "{{ r_openshift_hosted_use_calico_default }}"
+openshift_hosted_registry_serviceaccount: registry
+openshift_hosted_registry_volumes: []
+openshift_hosted_registry_env_vars: {}
+
+# These edits are being specified only to prevent 'changed' on rerun
+openshift_hosted_registry_edits:
+- key: spec.strategy.rollingParams
+  value:
+    intervalSeconds: 1
+    maxSurge: "25%"
+    maxUnavailable: "25%"
+    timeoutSeconds: 600
+    updatePeriodSeconds: 1
+  action: put
+
+openshift_hosted_registry_force:
+- False
+
+openshift_push_via_dns: False
+
+# NOTE: settting openshift_docker_hosted_registry_insecure may affect other roles
+openshift_hosted_docker_registry_insecure_default: "{{ openshift_docker_hosted_registry_insecure | default(False) }}"
+openshift_hosted_docker_registry_insecure: "{{ openshift_hosted_docker_registry_insecure_default }}"
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index 28fd396d6..1d70ef7eb 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -12,7 +12,6 @@ galaxy_info:
   categories:
   - cloud
 dependencies:
-- role: openshift_cli
 - role: openshift_hosted_facts
 - role: lib_openshift
 - role: lib_os_firewall
diff --git a/roles/openshift_hosted/tasks/create_projects.yml b/roles/openshift_hosted/tasks/create_projects.yml
new file mode 100644
index 000000000..1b25d0c64
--- /dev/null
+++ b/roles/openshift_hosted/tasks/create_projects.yml
@@ -0,0 +1,14 @@
+---
+- name: Create default projects
+  oc_project:
+    name: "{{ item.key }}"
+    node_selector:
+    - "{{ item.value.default_node_selector }}"
+  with_dict: "{{ openshift_default_projects }}"
+
+- name: Create additional projects
+  oc_project:
+    name: "{{ item.key }}"
+    node_selector:
+    - "{{ item.value.default_node_selector }}"
+  with_dict: "{{ openshift_additional_projects }}"
diff --git a/roles/openshift_hosted/tasks/router/firewall.yml b/roles/openshift_hosted/tasks/firewall.yml
index ff90f3372..1eb2c92c8 100644
--- a/roles/openshift_hosted/tasks/router/firewall.yml
+++ b/roles/openshift_hosted/tasks/firewall.yml
@@ -8,7 +8,7 @@
       protocol: "{{ item.port.split('/')[1] }}"
       port: "{{ item.port.split('/')[0] }}"
     when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_router_os_firewall_allow }}"
+    with_items: "{{ l_openshift_hosted_fw_allow }}"
 
   - name: Remove iptables rules
     os_firewall_manage_iptables:
@@ -17,9 +17,9 @@
       protocol: "{{ item.port.split('/')[1] }}"
       port: "{{ item.port.split('/')[0] }}"
     when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_router_os_firewall_deny }}"
+    with_items: "{{ l_openshift_hosted_fw_deny }}"
 
-- when: r_openshift_hosted_router_firewall_enabled | bool and r_openshift_hosted_router_use_firewalld | bool
+- when: l_openshift_hosted_firewall_enabled | bool and l_openshift_hosted_use_firewalld | bool
   block:
   - name: Add firewalld allow rules
     firewalld:
@@ -28,7 +28,7 @@
       immediate: true
       state: enabled
     when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_router_os_firewall_allow }}"
+    with_items: "{{ l_openshift_hosted_fw_allow }}"
 
   - name: Remove firewalld allow rules
     firewalld:
@@ -37,4 +37,4 @@
       immediate: true
       state: disabled
     when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_router_os_firewall_deny }}"
+    with_items: "{{ l_openshift_hosted_fw_deny }}"
diff --git a/roles/openshift_hosted/tasks/main.yml b/roles/openshift_hosted/tasks/main.yml
index 6efe2f63c..d306adf42 100644
--- a/roles/openshift_hosted/tasks/main.yml
+++ b/roles/openshift_hosted/tasks/main.yml
@@ -1,13 +1,9 @@
 ---
-- name: Create projects
-  oc_project:
-    name: "{{ item.key }}"
-    node_selector:
-    - "{{ item.value.default_node_selector }}"
-  with_dict: "{{ openshift_projects }}"
-
-- include: router/router.yml
-  when: openshift_hosted_manage_router | default(true) | bool
-
-- include: registry/registry.yml
-  when: openshift_hosted_manage_registry | default(true) | bool
+# This role is intended to be used with include_role.
+# include_role:
+#   name:  openshift_hosted
+#   tasks_from: "{{ item }}"
+# with_items:
+#   - create_projects.yml
+#   - router.yml
+#   - registry.yml
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry.yml
index 48f53aef8..f1aa9c5a8 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry.yml
@@ -1,7 +1,11 @@
 ---
 - name: setup firewall
   include: firewall.yml
-  static: yes
+  vars:
+    l_openshift_hosted_firewall_enabled: "{{ r_openshift_hosted_registry_firewall_enabled }}"
+    l_openshift_hosted_use_firewalld: "{{ r_openshift_hosted_registry_use_firewalld }}"
+    l_openshift_hosted_fw_allow: "{{ r_openshift_hosted_registry_os_firewall_allow }}"
+    l_openshift_hosted_fw_deny: "{{ r_openshift_hosted_registry_os_firewall_deny }}"
 
 - when: openshift.hosted.registry.replicas | default(none) is none
   block:
@@ -36,30 +40,14 @@
 - name: set openshift_hosted facts
   set_fact:
     openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}"
-    openshift_hosted_registry_name: docker-registry
-    openshift_hosted_registry_serviceaccount: registry
     openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
     openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}"
     openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
-    openshift_hosted_registry_volumes: []
-    openshift_hosted_registry_env_vars: {}
-    openshift_hosted_registry_edits:
-    # These edits are being specified only to prevent 'changed' on rerun
-    - key: spec.strategy.rollingParams
-      value:
-        intervalSeconds: 1
-        maxSurge: "25%"
-        maxUnavailable: "25%"
-        timeoutSeconds: 600
-        updatePeriodSeconds: 1
-      action: put
-    openshift_hosted_registry_force:
-    - False
 
 - name: Update registry environment variables when pushing via dns
   set_fact:
     openshift_hosted_registry_env_vars: "{{ openshift_hosted_registry_env_vars | combine({'OPENSHIFT_DEFAULT_REGISTRY':'docker-registry.default.svc:5000'}) }}"
-  when: openshift_push_via_dns | default(false) | bool
+  when: openshift_push_via_dns | bool
 
 - name: Update registry proxy settings for dc/docker-registry
   set_fact:
@@ -137,36 +125,17 @@
     edits: "{{ openshift_hosted_registry_edits }}"
     force: "{{ True|bool in openshift_hosted_registry_force }}"
 
-- when: openshift_hosted_registry_wait | bool
-  block:
-  - name: Ensure OpenShift registry correctly rolls out (best-effort today)
-    command: |
-      oc rollout status deploymentconfig {{ openshift_hosted_registry_name }} \
-                        --namespace {{ openshift_hosted_registry_namespace }} \
-                        --config {{ openshift.common.config_base }}/master/admin.kubeconfig
-    async: 600
-    poll: 15
-    failed_when: false
-
-  - name: Determine the latest version of the OpenShift registry deployment
-    command: |
-      {{ openshift.common.client_binary }} get deploymentconfig {{ openshift_hosted_registry_name }} \
-             --namespace {{ openshift_hosted_registry_namespace }} \
-             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-             -o jsonpath='{ .status.latestVersion }'
-    register: openshift_hosted_registry_latest_version
-
-  - name: Sanity-check that the OpenShift registry rolled out correctly
-    command: |
-      {{ openshift.common.client_binary }} get replicationcontroller {{ openshift_hosted_registry_name }}-{{ openshift_hosted_registry_latest_version.stdout }} \
-             --namespace {{ openshift_hosted_registry_namespace }} \
-             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-             -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
-    register: openshift_hosted_registry_rc_phase
-    until: "'Running' not in openshift_hosted_registry_rc_phase.stdout"
-    delay: 15
-    retries: 40
-    failed_when: "'Failed' in openshift_hosted_registry_rc_phase.stdout"
+- name: setup registry list
+  set_fact:
+    r_openshift_hosted_registry_list:
+    - name: "{{ openshift_hosted_registry_name }}"
+      namespace: "{{ openshift_hosted_registry_namespace }}"
+
+- name: Wait for pod (Registry)
+  include: wait_for_pod.yml
+  vars:
+    l_openshift_hosted_wait_for_pod: "{{ openshift_hosted_registry_wait }}"
+    l_openshift_hosted_wfp_items: "{{ r_openshift_hosted_registry_list }}"
 
 - include: storage/glusterfs.yml
   when:
diff --git a/roles/openshift_hosted/tasks/registry/firewall.yml b/roles/openshift_hosted/tasks/registry/firewall.yml
deleted file mode 100644
index 775b7d6d7..000000000
--- a/roles/openshift_hosted/tasks/registry/firewall.yml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-- when: r_openshift_hosted_registry_firewall_enabled | bool and not r_openshift_hosted_registry_use_firewalld | bool
-  block:
-  - name: Add iptables allow rules
-    os_firewall_manage_iptables:
-      name: "{{ item.service }}"
-      action: add
-      protocol: "{{ item.port.split('/')[1] }}"
-      port: "{{ item.port.split('/')[0] }}"
-    when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_registry_os_firewall_allow }}"
-
-  - name: Remove iptables rules
-    os_firewall_manage_iptables:
-      name: "{{ item.service }}"
-      action: remove
-      protocol: "{{ item.port.split('/')[1] }}"
-      port: "{{ item.port.split('/')[0] }}"
-    when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_registry_os_firewall_deny }}"
-
-- when: r_openshift_hosted_registry_firewall_enabled | bool and r_openshift_hosted_registry_use_firewalld | bool
-  block:
-  - name: Add firewalld allow rules
-    firewalld:
-      port: "{{ item.port }}"
-      permanent: true
-      immediate: true
-      state: enabled
-    when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_registry_os_firewall_allow }}"
-
-  - name: Remove firewalld allow rules
-    firewalld:
-      port: "{{ item.port }}"
-      permanent: true
-      immediate: true
-      state: disabled
-    when: item.cond | default(True)
-    with_items: "{{ r_openshift_hosted_registry_os_firewall_deny }}"
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router.yml
index 2a42b5a7c..2aeecc943 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router.yml
@@ -1,7 +1,11 @@
 ---
 - name: setup firewall
   include: firewall.yml
-  static: yes
+  vars:
+    l_openshift_hosted_firewall_enabled: "{{ r_openshift_hosted_router_firewall_enabled }}"
+    l_openshift_hosted_use_firewalld: "{{ r_openshift_hosted_router_use_firewalld }}"
+    l_openshift_hosted_fw_allow: "{{ r_openshift_hosted_router_os_firewall_allow }}"
+    l_openshift_hosted_fw_deny: "{{ r_openshift_hosted_router_os_firewall_deny }}"
 
 - name: Retrieve list of openshift nodes matching router selector
   oc_obj:
@@ -82,7 +86,7 @@
     replicas: "{{ item.replicas }}"
     namespace: "{{ item.namespace | default('default') }}"
     # This option is not yet implemented
-    # force_subdomain: "{{ openshift.hosted.router.force_subdomain | default(none) }}"
+    # force_subdomain: "{{ openshift_hosted_router_force_subdomain | default(none) }}"
     service_account: "{{ item.serviceaccount | default('router') }}"
     selector: "{{ item.selector | default(none) }}"
     images: "{{ item.images | default(omit) }}"
@@ -94,38 +98,8 @@
     stats_port: "{{ item.stats_port }}"
   with_items: "{{ openshift_hosted_routers }}"
 
-- when: openshift_hosted_router_wait | bool
-  block:
-  - name: Ensure OpenShift router correctly rolls out (best-effort today)
-    command: |
-      {{ openshift.common.client_binary }} rollout status deploymentconfig {{ item.name }} \
-                        --namespace {{ item.namespace | default('default') }} \
-                        --config {{ openshift.common.config_base }}/master/admin.kubeconfig
-    async: 600
-    poll: 15
-    with_items: "{{ openshift_hosted_routers }}"
-    failed_when: false
-
-  - name: Determine the latest version of the OpenShift router deployment
-    command: |
-      {{ openshift.common.client_binary }} get deploymentconfig {{ item.name }} \
-             --namespace {{ item.namespace }} \
-             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-             -o jsonpath='{ .status.latestVersion }'
-    register: openshift_hosted_routers_latest_version
-    with_items: "{{ openshift_hosted_routers }}"
-
-  - name: Poll for OpenShift router deployment success
-    command: |
-      {{ openshift.common.client_binary }} get replicationcontroller {{ item.0.name }}-{{ item.1.stdout }} \
-             --namespace {{ item.0.namespace }} \
-             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-             -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
-    register: openshift_hosted_router_rc_phase
-    until: "'Running' not in openshift_hosted_router_rc_phase.stdout"
-    delay: 15
-    retries: 40
-    failed_when: "'Failed' in openshift_hosted_router_rc_phase.stdout"
-    with_together:
-    - "{{ openshift_hosted_routers }}"
-    - "{{ openshift_hosted_routers_latest_version.results }}"
+- name: Wait for pod (Routers)
+  include: wait_for_pod.yml
+  vars:
+    l_openshift_hosted_wait_for_pod: "{{ openshift_hosted_router_wait }}"
+    l_openshift_hosted_wfp_items: "{{ openshift_hosted_routers }}"
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/secure.yml
index 434b679df..0da8ac8a7 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/secure.yml
@@ -38,11 +38,11 @@
     - "{{ docker_registry_service.results.clusterip }}"
     - "{{ docker_registry_route.results[0].spec.host }}"
     - "{{ openshift_hosted_registry_name }}.default.svc"
-    - "{{ openshift_hosted_registry_name }}.default.svc.{{ openshift.common.dns_domain }}"
+    - "{{ openshift_hosted_registry_name }}.default.svc.{{ openshift_cluster_domain }}"
     - "{{ openshift_hosted_registry_routehost }}"
     cert: "{{ docker_registry_cert_path }}"
     key: "{{ docker_registry_key_path }}"
-    expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool else omit }}"
+    expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift_deployment_type) | bool else omit }}"
   register: registry_self_cert
   when: docker_registry_self_signed
 
diff --git a/roles/openshift_hosted/tasks/registry/secure/passthrough.yml b/roles/openshift_hosted/tasks/secure/passthrough.yml
index 5b44fda10..5b44fda10 100644
--- a/roles/openshift_hosted/tasks/registry/secure/passthrough.yml
+++ b/roles/openshift_hosted/tasks/secure/passthrough.yml
diff --git a/roles/openshift_hosted/tasks/registry/secure/reencrypt.yml b/roles/openshift_hosted/tasks/secure/reencrypt.yml
index 48e5b0fba..48e5b0fba 100644
--- a/roles/openshift_hosted/tasks/registry/secure/reencrypt.yml
+++ b/roles/openshift_hosted/tasks/secure/reencrypt.yml
diff --git a/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml b/roles/openshift_hosted/tasks/storage/glusterfs.yml
index c2954fde1..c2954fde1 100644
--- a/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml
+++ b/roles/openshift_hosted/tasks/storage/glusterfs.yml
diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/storage/object_storage.yml
index 8553a8098..8553a8098 100644
--- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
+++ b/roles/openshift_hosted/tasks/storage/object_storage.yml
diff --git a/roles/openshift_hosted/tasks/registry/storage/registry_config.j2 b/roles/openshift_hosted/tasks/storage/registry_config.j2
index f3e82ad4f..f3e82ad4f 120000
--- a/roles/openshift_hosted/tasks/registry/storage/registry_config.j2
+++ b/roles/openshift_hosted/tasks/storage/registry_config.j2
diff --git a/roles/openshift_hosted/tasks/registry/storage/s3.yml b/roles/openshift_hosted/tasks/storage/s3.yml
index 318969885..8e905d905 100644
--- a/roles/openshift_hosted/tasks/registry/storage/s3.yml
+++ b/roles/openshift_hosted/tasks/storage/s3.yml
@@ -3,7 +3,7 @@
   assert:
     that:
     - openshift.hosted.registry.storage.s3.bucket | default(none) is not none
-    - openshift.hosted.registry.storage.s3.region | default(none) is not none
+    - openshift.hosted.registry.storage.s3.bucket | default(none) is not none
     msg: |
       When using S3 storage, the following variables are required:
         openshift_hosted_registry_storage_s3_bucket
diff --git a/roles/openshift_hosted/tasks/wait_for_pod.yml b/roles/openshift_hosted/tasks/wait_for_pod.yml
new file mode 100644
index 000000000..056c79334
--- /dev/null
+++ b/roles/openshift_hosted/tasks/wait_for_pod.yml
@@ -0,0 +1,36 @@
+---
+- when: l_openshift_hosted_wait_for_pod | default(False) | bool
+  block:
+  - name: Ensure OpenShift pod correctly rolls out (best-effort today)
+    command: |
+      {{ openshift.common.client_binary }} rollout status deploymentconfig {{ item.name }} \
+                        --namespace {{ item.namespace | default('default') }} \
+                        --config {{ openshift_master_config_dir }}/admin.kubeconfig
+    async: 600
+    poll: 15
+    with_items: "{{ l_openshift_hosted_wfp_items }}"
+    failed_when: false
+
+  - name: Determine the latest version of the OpenShift pod deployment
+    command: |
+      {{ openshift.common.client_binary }} get deploymentconfig {{ item.name }} \
+             --namespace {{ item.namespace }} \
+             --config {{ openshift_master_config_dir }}/admin.kubeconfig \
+             -o jsonpath='{ .status.latestVersion }'
+    register: l_openshift_hosted_wfp_latest_version
+    with_items: "{{ l_openshift_hosted_wfp_items }}"
+
+  - name: Poll for OpenShift pod deployment success
+    command: |
+      {{ openshift.common.client_binary }} get replicationcontroller {{ item.0.name }}-{{ item.1.stdout }} \
+             --namespace {{ item.0.namespace }} \
+             --config {{ openshift_master_config_dir }}/admin.kubeconfig \
+             -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
+    register: openshift_hosted_wfp_rc_phase
+    until: "'Running' not in openshift_hosted_wfp_rc_phase.stdout"
+    delay: 15
+    retries: 40
+    failed_when: "'Failed' in openshift_hosted_wfp_rc_phase.stdout"
+    with_together:
+    - "{{ l_openshift_hosted_wfp_items }}"
+    - "{{ l_openshift_hosted_wfp_latest_version.results }}"
diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2
index 61da452de..eae8b328e 100644
--- a/roles/openshift_hosted/templates/registry_config.j2
+++ b/roles/openshift_hosted/templates/registry_config.j2
@@ -70,10 +70,8 @@ auth:
   openshift:
     realm: openshift
 middleware:
-{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
   registry:
   - name: openshift
-{% endif %}
   repository:
   - name: openshift
     options:
@@ -87,7 +85,7 @@ middleware:
       baseurl: {{ openshift_hosted_registry_storage_s3_cloudfront_baseurl }}
       privatekey: /etc/origin/cloudfront.pem
       keypairid: {{ openshift_hosted_registry_storage_s3_cloudfront_keypairid }}
-{% elif openshift.common.version_gte_3_3_or_1_3 | bool %}
+{% else %}
   storage:
   - name: openshift
 {% endif -%}
diff --git a/roles/openshift_hosted/vars/main.yml b/roles/openshift_hosted/vars/main.yml
index 0821d0e7e..0e756d9e1 100644
--- a/roles/openshift_hosted/vars/main.yml
+++ b/roles/openshift_hosted/vars/main.yml
@@ -1,13 +1,2 @@
 ---
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
 registry_config_secret_name: registry-config
-
-openshift_default_projects:
-  default:
-    default_node_selector: ''
-  logging:
-    default_node_selector: ''
-  openshift-infra:
-    default_node_selector: ''
-
-openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts(openshift_default_projects) }}"