From a450a3ea949e80dc93b92518b36a68eaec592648 Mon Sep 17 00:00:00 2001
From: Vadim Rutkovsky <vrutkovs@redhat.com>
Date: Wed, 7 Nov 2018 11:31:55 +0100
Subject: [PATCH 1/4] Dockerfile: fix pip install params

---
 images/installer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/images/installer/Dockerfile b/images/installer/Dockerfile
index 26f5200de2f..eb2d2c0c898 100644
--- a/images/installer/Dockerfile
+++ b/images/installer/Dockerfile
@@ -16,7 +16,7 @@ RUN INSTALL_PKGS="python-lxml python-dns pyOpenSSL python2-cryptography openssl
  && if [ "$(uname -m)" == "x86_64" ]; then yum install -y https://sdodson.fedorapeople.org/google-cloud-sdk-183.0.0-3.el7.x86_64.rpm ; fi \
  && yum install -y java-1.8.0-openjdk-headless \
  && rpm -V $INSTALL_PKGS $EPEL_PKGS $EPEL_TESTING_PKGS \
- && pip install 'apache-libcloud~=2.2.1' 'SecretStorage<3' 'ansible[azure] google-auth' \
+ && pip install 'apache-libcloud~=2.2.1' 'SecretStorage<3' 'ansible[azure]' 'google-auth' \
  && yum clean all
 
 LABEL name="openshift/origin-ansible" \

From 960f832d234ce957d4325e3d16453bd8d3e9f50b Mon Sep 17 00:00:00 2001
From: Vadim Rutkovsky <vrutkovs@redhat.com>
Date: Wed, 7 Nov 2018 13:13:45 +0100
Subject: [PATCH 2/4] Set default values for
 openshift_gcp_master_healthcheck_port and openshift_gcp_kubernetes_api_port

---
 roles/openshift_gcp/defaults/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/openshift_gcp/defaults/main.yml b/roles/openshift_gcp/defaults/main.yml
index 65710acc1ce..da6e194585a 100644
--- a/roles/openshift_gcp/defaults/main.yml
+++ b/roles/openshift_gcp/defaults/main.yml
@@ -64,6 +64,8 @@ openshift_gcp_multizone: False
 provision_custom_repositories: []
 
 mcd_port: 49500
+openshift_gcp_kubernetes_api_port: 6443
+openshift_gcp_master_healthcheck_port: 8080
 
 openshift_gcp_firewall_rules:
   - rule: icmp

From fa9e9329aa8cb22967444eab7b73da16077036c7 Mon Sep 17 00:00:00 2001
From: Vadim Rutkovsky <vrutkovs@redhat.com>
Date: Wed, 7 Nov 2018 15:00:08 +0100
Subject: [PATCH 3/4] crio-firewall: install iptables

---
 roles/container_runtime/tasks/crio_firewall.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/container_runtime/tasks/crio_firewall.yml b/roles/container_runtime/tasks/crio_firewall.yml
index fbd1ff51595..e42b7eb25b9 100644
--- a/roles/container_runtime/tasks/crio_firewall.yml
+++ b/roles/container_runtime/tasks/crio_firewall.yml
@@ -1,6 +1,11 @@
 ---
 - when: r_crio_firewall_enabled | bool and not r_crio_use_firewalld | bool
   block:
+  - name: Make sure iptables-services is installed
+    package:
+      name: iptables-services
+      state: present
+
   - name: Add iptables allow rules
     os_firewall_manage_iptables:
       name: "{{ item.service }}"

From e13714333695437b08a807387bf194908b1dfb18 Mon Sep 17 00:00:00 2001
From: Vadim Rutkovsky <vrutkovs@redhat.com>
Date: Wed, 7 Nov 2018 16:27:17 +0100
Subject: [PATCH 4/4] test/gcp: copy kubeconfig back to /tmp so that tests on
 CI could proceed

---
 test/gcp/install.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/test/gcp/install.yml b/test/gcp/install.yml
index 89bc7051be3..8e3d2d0b0e8 100644
--- a/test/gcp/install.yml
+++ b/test/gcp/install.yml
@@ -143,3 +143,8 @@
     delay: 5
     until: ansible_facts.services['bootkube.service'].state == 'stopped'
     ignore_errors: true
+  - name: Fetch kubeconfig for test container
+    fetch:
+      src: /opt/tectonic/auth/kubeconfig
+      dest: /tmp/artifacts/installer/auth/kubeconfig
+      flat: yes