allow uninstalling AWS objects created by prerequisite playbook

add deprovisioners/uninstallers for objects created via playbooks/aws/openshift-cluster/prerequisites.yml

specifically: security groups, vpcs, and any ssh keys

introduce openshift_aws_enable_uninstall_shared_objects to protect AWS objects that would be shared in the case of multiple clusters co-existing in one AWS account. right now it protects the ssh keys, but it can/should be used to protect against deleting the shared IAM instance profile as well. default this variable to False to be on the safe side when uninstalling/deprovisioning.

add some documentation on using deprovisioning playbooks

1 files changed, 36 insertions, 0 deletions

diff --git a/roles/openshift_aws/tasks/uninstall_vpc.yml b/roles/openshift_aws/tasks/uninstall_vpc.yml
new file mode 100644
index 000000000..ecf39f694
--- /dev/null
+++ b/roles/openshift_aws/tasks/uninstall_vpc.yml
@@ -0,0 +1,36 @@
+---
+- name: Fetch the VPC for the vpc.id
+  ec2_vpc_net_facts:
+    region: "{{ openshift_aws_region }}"
+    filters:
+      "tag:Name": "{{ openshift_aws_clusterid }}"
+  register: vpcout
+- debug:
+    var: vpcout
+    verbosity: 1
+
+- when: vpcout.vpcs | length > 0
+  block:
+  - name: delete the vpc igw
+    ec2_vpc_igw:
+      state: absent
+      region: "{{ openshift_aws_region }}"
+      vpc_id: "{{ vpcout.vpcs[0].id }}"
+    register: igw
+
+  - name: delete the vpc subnets
+    ec2_vpc_subnet:
+      state: absent
+      region: "{{ openshift_aws_region }}"
+      vpc_id: "{{ vpcout.vpcs[0].id }}"
+      cidr: "{{ item.cidr }}"
+      az: "{{ item.az }}"
+    with_items: "{{ openshift_aws_vpc.subnets[openshift_aws_region] }}"
+
+  - name: Delete AWS VPC
+    ec2_vpc_net:
+      state: absent
+      region: "{{ openshift_aws_region }}"
+      name: "{{ openshift_aws_clusterid }}"
+      cidr_block: "{{ openshift_aws_vpc.cidr }}"
+    register: vpc