diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2018-01-22 15:56:47 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-22 15:56:47 -0800 |
commit | 0acd0b6cceab794eeff005a3cde2fdc8221bbb0e (patch) | |
tree | 2d4544863b03854269ef1b343f91e0ef6460e3d1 /playbooks | |
parent | b79b497a9a443140f23cd3b8ef5c19d1893bce95 (diff) | |
parent | a0015f7ead6a89dbb602bc245b51e82cfad66902 (diff) | |
download | openshift-0acd0b6cceab794eeff005a3cde2fdc8221bbb0e.tar.gz openshift-0acd0b6cceab794eeff005a3cde2fdc8221bbb0e.tar.bz2 openshift-0acd0b6cceab794eeff005a3cde2fdc8221bbb0e.tar.xz openshift-0acd0b6cceab794eeff005a3cde2fdc8221bbb0e.zip |
Merge pull request #6533 from joelddiaz/prereqs_uninstall
Automatic merge from submit-queue.
allow uninstalling AWS objects created by prerequisite playbook
add deprovisioners/uninstallers for objects created via playbooks/aws/openshift-cluster/prerequisites.yml
specifically: security groups, vpcs, and any ssh keys
introduce openshift_aws_enable_uninstall_shared_objects to protect AWS objects that would be shared in the case of multiple clusters co-existing in one AWS account. right now it protects the ssh keys, but it can/should be used to protect against deleting the shared IAM instance profile as well. default this variable to False to be on the safe side when uninstalling/deprovisioning.
Diffstat (limited to 'playbooks')
-rw-r--r-- | playbooks/aws/README.md | 14 | ||||
-rw-r--r-- | playbooks/aws/openshift-cluster/uninstall_prerequisites.yml | 6 | ||||
-rw-r--r-- | playbooks/aws/openshift-cluster/uninstall_sec_group.yml | 10 | ||||
-rw-r--r-- | playbooks/aws/openshift-cluster/uninstall_ssh_keypair.yml | 10 | ||||
-rw-r--r-- | playbooks/aws/openshift-cluster/uninstall_vpc.yml | 10 |
5 files changed, 50 insertions, 0 deletions
diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md index d203b9cda..bdc98d1e0 100644 --- a/playbooks/aws/README.md +++ b/playbooks/aws/README.md @@ -198,3 +198,17 @@ At this point your cluster should be ready for workloads. Proceed to deploy app ### Still to come There are more enhancements that are arriving for provisioning. These will include more playbooks that enhance the provisioning capabilities. + +## Uninstall / Deprovisioning + +At this time, only deprovisioning of the output of the prerequisites step is provided. You can/must manually remove things like ELBs and scale groups before attempting to undo the work by the preprovisiong step. + +To undo the work done by the prerequisites playbook, simply call the uninstall_prerequisites.yml playbook. You should use the same inventory file and provisioning_vars.yml file that was used during provisioning. + +``` +ansible-playbook -i <previous inventory file> -e @<previous provisioning_vars file> uninstall_prerequisites.yml +``` + +This should result in removal of the security groups and VPC that were created. + +NOTE: If you want to also remove the ssh keys that were uploaded (**these ssh keys would be shared if you are running multiple clusters in the same AWS account** so we don't remove these by default) then you should add 'openshift_aws_enable_uninstall_shared_objects: True' to your provisioning_vars.yml file. diff --git a/playbooks/aws/openshift-cluster/uninstall_prerequisites.yml b/playbooks/aws/openshift-cluster/uninstall_prerequisites.yml new file mode 100644 index 000000000..180c2281a --- /dev/null +++ b/playbooks/aws/openshift-cluster/uninstall_prerequisites.yml @@ -0,0 +1,6 @@ +--- +- import_playbook: uninstall_sec_group.yml + +- import_playbook: uninstall_vpc.yml + +- import_playbook: uninstall_ssh_keypair.yml diff --git a/playbooks/aws/openshift-cluster/uninstall_sec_group.yml b/playbooks/aws/openshift-cluster/uninstall_sec_group.yml new file mode 100644 index 000000000..642e5b169 --- /dev/null +++ b/playbooks/aws/openshift-cluster/uninstall_sec_group.yml @@ -0,0 +1,10 @@ +--- +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: delete security groups + include_role: + name: openshift_aws + tasks_from: uninstall_security_group.yml + when: openshift_aws_create_security_groups | default(True) | bool diff --git a/playbooks/aws/openshift-cluster/uninstall_ssh_keypair.yml b/playbooks/aws/openshift-cluster/uninstall_ssh_keypair.yml new file mode 100644 index 000000000..ec9caa51b --- /dev/null +++ b/playbooks/aws/openshift-cluster/uninstall_ssh_keypair.yml @@ -0,0 +1,10 @@ +--- +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: remove ssh keypair(s) + include_role: + name: openshift_aws + tasks_from: uninstall_ssh_keys.yml + when: openshift_aws_users | default([]) | length > 0 diff --git a/playbooks/aws/openshift-cluster/uninstall_vpc.yml b/playbooks/aws/openshift-cluster/uninstall_vpc.yml new file mode 100644 index 000000000..4c988bcc5 --- /dev/null +++ b/playbooks/aws/openshift-cluster/uninstall_vpc.yml @@ -0,0 +1,10 @@ +--- +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: delete vpc + include_role: + name: openshift_aws + tasks_from: uninstall_vpc.yml + when: openshift_aws_create_vpc | default(True) | bool |