From a0015f7ead6a89dbb602bc245b51e82cfad66902 Mon Sep 17 00:00:00 2001
From: Joel Diaz <jdiaz@redhat.com>
Date: Wed, 20 Dec 2017 01:22:23 +0000
Subject: allow uninstalling AWS objects created by prerequisite playbook

add deprovisioners/uninstallers for objects created via playbooks/aws/openshift-cluster/prerequisites.yml

specifically: security groups, vpcs, and any ssh keys

introduce openshift_aws_enable_uninstall_shared_objects to protect AWS objects that would be shared in the case of multiple clusters co-existing in one AWS account. right now it protects the ssh keys, but it can/should be used to protect against deleting the shared IAM instance profile as well. default this variable to False to be on the safe side when uninstalling/deprovisioning.

add some documentation on using deprovisioning playbooks
---
 playbooks/aws/README.md                                    | 14 ++++++++++++++
 .../aws/openshift-cluster/uninstall_prerequisites.yml      |  6 ++++++
 playbooks/aws/openshift-cluster/uninstall_sec_group.yml    | 10 ++++++++++
 playbooks/aws/openshift-cluster/uninstall_ssh_keypair.yml  | 10 ++++++++++
 playbooks/aws/openshift-cluster/uninstall_vpc.yml          | 10 ++++++++++
 5 files changed, 50 insertions(+)
 create mode 100644 playbooks/aws/openshift-cluster/uninstall_prerequisites.yml
 create mode 100644 playbooks/aws/openshift-cluster/uninstall_sec_group.yml
 create mode 100644 playbooks/aws/openshift-cluster/uninstall_ssh_keypair.yml
 create mode 100644 playbooks/aws/openshift-cluster/uninstall_vpc.yml

(limited to 'playbooks/aws')

diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md
index d203b9cda..bdc98d1e0 100644
--- a/playbooks/aws/README.md
+++ b/playbooks/aws/README.md
@@ -198,3 +198,17 @@ At this point your cluster should be ready for workloads.  Proceed to deploy app
 ### Still to come
 
 There are more enhancements that are arriving for provisioning.  These will include more playbooks that enhance the provisioning capabilities.
+
+## Uninstall / Deprovisioning
+
+At this time, only deprovisioning of the output of the prerequisites step is provided. You can/must manually remove things like ELBs and scale groups before attempting to undo the work by the preprovisiong step.
+
+To undo the work done by the prerequisites playbook, simply call the uninstall_prerequisites.yml playbook. You should use the same inventory file and provisioning_vars.yml file that was used during provisioning.
+
+```
+ansible-playbook -i <previous inventory file> -e @<previous provisioning_vars file> uninstall_prerequisites.yml
+```
+
+This should result in removal of the security groups and VPC that were created.
+
+NOTE: If you want to also remove the ssh keys that were uploaded (**these ssh keys would be shared if you are running multiple clusters in the same AWS account** so we don't remove these by default) then you should add 'openshift_aws_enable_uninstall_shared_objects: True' to your provisioning_vars.yml file.
diff --git a/playbooks/aws/openshift-cluster/uninstall_prerequisites.yml b/playbooks/aws/openshift-cluster/uninstall_prerequisites.yml
new file mode 100644
index 000000000..180c2281a
--- /dev/null
+++ b/playbooks/aws/openshift-cluster/uninstall_prerequisites.yml
@@ -0,0 +1,6 @@
+---
+- import_playbook: uninstall_sec_group.yml
+
+- import_playbook: uninstall_vpc.yml
+
+- import_playbook: uninstall_ssh_keypair.yml
diff --git a/playbooks/aws/openshift-cluster/uninstall_sec_group.yml b/playbooks/aws/openshift-cluster/uninstall_sec_group.yml
new file mode 100644
index 000000000..642e5b169
--- /dev/null
+++ b/playbooks/aws/openshift-cluster/uninstall_sec_group.yml
@@ -0,0 +1,10 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks:
+  - name: delete security groups
+    include_role:
+      name: openshift_aws
+      tasks_from: uninstall_security_group.yml
+    when: openshift_aws_create_security_groups | default(True) | bool
diff --git a/playbooks/aws/openshift-cluster/uninstall_ssh_keypair.yml b/playbooks/aws/openshift-cluster/uninstall_ssh_keypair.yml
new file mode 100644
index 000000000..ec9caa51b
--- /dev/null
+++ b/playbooks/aws/openshift-cluster/uninstall_ssh_keypair.yml
@@ -0,0 +1,10 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks:
+  - name: remove ssh keypair(s)
+    include_role:
+      name: openshift_aws
+      tasks_from: uninstall_ssh_keys.yml
+    when: openshift_aws_users | default([]) | length  > 0
diff --git a/playbooks/aws/openshift-cluster/uninstall_vpc.yml b/playbooks/aws/openshift-cluster/uninstall_vpc.yml
new file mode 100644
index 000000000..4c988bcc5
--- /dev/null
+++ b/playbooks/aws/openshift-cluster/uninstall_vpc.yml
@@ -0,0 +1,10 @@
+---
+- hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks:
+  - name: delete vpc
+    include_role:
+      name: openshift_aws
+      tasks_from: uninstall_vpc.yml
+    when: openshift_aws_create_vpc | default(True) | bool
-- 
cgit v1.2.3