Issue #985: Cleanup_Script

Signed-off-by: Lakshmi-Patneedi <Lakshmi_Patneedi@Dellteam.com>

.all-contributorsrc

@@ -78,7 +78,8 @@
       "profile": "https://github.com/sakshiarora13",
       "contributions": [
         "code",
-        "bug"
+        "bug",
+        "talk"
       ]
     },
     {

control_plane/tools/control_plane_cleanup.yml

@@ -0,0 +1,20 @@
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Cleanup control_plane
+  hosts: localhost
+  connection: local
+  roles:
+    - control_plane_cleanup

control_plane/tools/roles/control_plane_cleanup/tasks/decrypt_vault_files.yml

@@ -0,0 +1,52 @@
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check if {{ login_vars_file }} file is encrypted
+  command: cat {{ login_vars_file }}
+  changed_when: false
+  no_log: true
+  register: config_content
+
+- name: Decrpyt {{ login_vars_file }}
+  command: >-
+    ansible-vault decrypt {{ login_vars_file }}
+    --vault-password-file {{ login_vault_file }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  changed_when: false
+
+- name: Check idrac_tools_vars.yml file is encrypted
+  command: cat "{{ idrac_tools_vars_filename }}"
+  changed_when: false
+  no_log: true
+  register: config_content
+
+- name: Decrpyt idrac_tools_vars.yml
+  command: >-
+    ansible-vault decrypt "{{ idrac_tools_vars_filename }}"
+    --vault-password-file "{{ idrac_tools_vaultname }}"
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  changed_when: false
+
+- name: Check if omnia config file is encrypted
+  command: cat {{ config_filename }}
+  changed_when: false
+  register: config_content
+  no_log: True
+
+- name: Decrpyt omnia_config.yml
+  command: >-
+    ansible-vault decrypt {{ config_filename }} --vault-password-file {{ config_vaultname }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  changed_when: false

control_plane/tools/roles/control_plane_cleanup/tasks/delete_files_vault_keys.yml

@@ -0,0 +1,40 @@
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Unmount /mnt/leap
+  command: "umount /mnt/leap"
+  changed_when: true
+  failed_when: false
+
+- name: Unmount /mnt/rocky
+  command: "umount /mnt/rocky"
+  changed_when: true
+  failed_when: false
+
+- name: Delete folders and files
+  file:
+    path: "{{ item }}"
+    state: absent
+  failed_when: false
+  with_items:
+    - "{{ del_files }}"
+
+- name: Delete all vault keys
+  file:
+    path: "{{ item }}"
+    state: absent
+  failed_when: false
+  with_items:
+    - "{{ vault_keys }}"

control_plane/tools/roles/control_plane_cleanup/tasks/main.yml

@@ -0,0 +1,26 @@
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Remove containers and images
+  include_tasks: remove_containers_images.yml
+
+- name: Decrypt vault files
+  include_tasks: decrypt_vault_files.yml
+
+- name: Reset kubeadm cluster
+  include_tasks: reset_kubeadm_cluster.yml
+
+- name: Delete vault keys and files
+  include_tasks: delete_files_vault_keys.yml

control_plane/tools/roles/control_plane_cleanup/tasks/remove_containers_images.yml

@@ -0,0 +1,133 @@
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Get K8s pods
+  command: "kubectl get pods --all-namespaces"
+  changed_when: false
+  register: k8s_pods
+
+- name: Get the image list
+  command: "buildah images"
+  changed_when: false
+  register: image_list
+
+- name: Get the infiniband pod name
+  command: 'kubectl get pod -n network-config -l app=infiniband -o jsonpath="{.items[0].metadata.name}"'
+  changed_when: false
+  failed_when: false
+  register: infiniband_pod_name
+
+- name: Delete infiniband container
+  command: "kubectl delete -f {{ k8s_infiniband }}"
+  when: "infiniband_pod_name.stdout in k8s_pods.stdout"
+  failed_when: false
+
+- name: Delete infiniband image
+  command: "buildah rmi -f {{ infiniband_container }}:latest"
+  when: infiniband_container in image_list.stdout
+
+- name: Check if awx.yml file exists
+  stat:
+     path: "{{ awx_file }}"
+  register: awx_exists
+
+- name: Delete awx.yml
+  command: "kubectl delete -f {{ awx_file }}"
+  when: awx_exists.stat.exists
+  failed_when: false
+
+- name: Getting pods
+  command: kubectl get pods -n awx
+  changed_when: false
+  register: awx_pods
+
+- name: UnDeploying awx-operator
+  command: make undeploy
+  args:
+    chdir: "{{ awx_operator }}"
+  when: awx_pods.stdout | regex_search('awx-operator-controller-manager-([A-Za-z0-9]{10})-([A-Za-z0-9]{5})')
+
+- name: Get the postgres volume claim name
+  command: "kubectl get pvc -n awx"
+  changed_when: false
+  register: postgresclaimname
+
+- name: Delete the postgres volume claim
+  command: "kubectl delete pvc {{ postgresclaimname.stdout }} -n awx"
+  when: postgresclaimname.stdout
+  failed_when: false
+
+- name: Check if awx_postgres_pv.yml file exists
+  stat:
+      path: "{{ awx_postgres_pv }}"
+  register: awx_postgres_pv_exists
+
+- name: Delete awx_postgres_pv.yml
+  command: "kubectl delete -f {{ awx_postgres_pv }}"
+  when: awx_postgres_pv_exists.stat.exists
+  failed_when: false
+
+- name: Check if awx_projects_pv.yml file exists
+  stat:
+    path: "{{ awx_projects_pv }}"
+  register: awx_projects_pv_exists
+
+- name: Delete awx_projects_pv.yml
+  command: "kubectl delete -f {{ awx_projects_pv }}"
+  when: awx_projects_pv_exists.stat.exists
+  failed_when: false
+
+- name: Delete awx image
+  command: "buildah rmi -f {{ awx_image }}"
+  when: awx_image in image_list.stdout
+
+- name: Check for awx namespace
+  command: kubectl get namespace -n awx
+  changed_when: false
+  register: awx_namespace
+
+- name: Delete Namespace awx
+  command: kubectl delete namespace awx -n awx
+  when: "'awx' in awx_namespace.stdout"
+
+- name: Get cobbler pod name
+  command: 'kubectl get pod -n cobbler -l app=cobbler -o jsonpath="{.items[0].metadata.name}"'
+  changed_when: false
+  failed_when: false
+  register: cobbler_pod_name
+
+- name: Delete cobbler container
+  command: "kubectl delete -f {{ k8s_cobbler }}"
+  when: "cobbler_pod_name.stdout in k8s_pods.stdout"
+  failed_when: false
+
+- name: Delete cobbler image
+  command: "buildah rmi -f {{ cobbler_image }}:latest"
+  when: cobbler_image in image_list.stdout
+
+- name: Get mngmnt_network pod name
+  command: 'kubectl get pod -n network-config -l app=mngmnt-network -o jsonpath="{.items[0].metadata.name}"'
+  changed_when: false
+  failed_when: false
+  register: mngmnt_network_pod_name
+
+- name: Delete management network container
+  command: "kubectl delete -f {{ k8s_mngmnt_network }}"
+  when: "mngmnt_network_pod_name.stdout in k8s_pods.stdout"
+  failed_when: false
+
+- name: Delete management network image
+  command: "buildah rmi -f {{ mngmnt_network_container }}:latest"
+  when: mngmnt_network_container in image_list.stdout

control_plane/tools/roles/control_plane_cleanup/tasks/reset_kubeadm_cluster.yml

@@ -0,0 +1,31 @@
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Reset kubeadm cluster
+  command: "kubeadm reset -f"
+  changed_when: false
+
+- name: Remove CNI and kubeconfig files
+  file:
+    path: "{{ item }}"
+    state: absent
+  failed_when: false
+  with_items:
+    - "{{ k8_files }}"
+
+- name: Reset iptables
+  command: "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X"
+  changed_when: true
+  failed_when: false

control_plane/tools/roles/control_plane_cleanup/vars/main.yml

@@ -0,0 +1,55 @@
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# Usage: remove_container_images.yml
+k8s_mngmnt_network: "{{ playbook_dir }}/../roles/control_plane_device/files/k8s_mngmnt_network.yml"
+k8s_cobbler: "{{ playbook_dir }}/../roles/provision_cobbler/files/k8s_cobbler.yml"
+awx_projects_pv: "{{ playbook_dir }}/../roles/webui_awx/files/awx_projects_pv.yml"
+awx_postgres_pv:  "{{ playbook_dir }}/../roles/webui_awx/files/awx_postgres_pv.yml"
+awx_operator: "{{ playbook_dir }}/../../../awx-operator/"
+awx_file: "{{ playbook_dir }}/../roles/webui_awx/files/awx.yml"
+k8s_infiniband: "{{ playbook_dir }}/../roles/control_plane_ib/files/k8s_infiniband.yml"
+infiniband_container: infiniband-container
+mngmnt_network_container: mngmnt_network_container
+cobbler_image: cobbler
+awx_image: custom-awx-ee
+
+# Usage: decrypt_vault_files.yml
+login_vars_file: "{{ playbook_dir }}/../input_params/login_vars.yml"
+login_vault_file: "{{ playbook_dir }}/../input_params/.login_vault_key"
+idrac_tools_vars_filename: "{{ playbook_dir }}/../input_params/idrac_tools_vars.yml"
+idrac_tools_vaultname: "{{ playbook_dir }}/../input_params/.idrac_vault_key"
+config_filename: "{{ playbook_dir }}/../../omnia_config.yml"
+config_vaultname: "{{ playbook_dir }}/../../.omnia_vault_key"
+
+# Usage: reset_kubeadm_cluster.yml
+k8_files:
+   - $HOME/.kube/config
+   - /etc/cni/net.d
+
+# Usage: delete_files_vault_keys.yml
+del_files:
+    - /var/nfs_repo
+    - /var/nfs_awx
+    - /root/dsu
+    - /tmp/unattended_centos8.iso
+    - /tmp/iso
+    - /mnt/leap
+    - /mnt/rocky
+    - "{{ playbook_dir }}/..roles/control_plane_security/files/.ipavars.yml"
+    - "{{ playbook_dir }}/../roles/provision_idrac/files/management_station_ip.txt"
+vault_keys:
+    - "{{ playbook_dir }}/../roles/webui_awx/files/.tower_cli.cfg"
+    - "{{ playbook_dir }}/../roles/webui_awx/files/.tower_vault_key"