Add call to cleanup_ipa.yml playbook when doing a stack delete

When doing a stack delete, we need to make sure that any IPA entries are cleaned up. We have added a call to the cli-cleanup-ipa.yml playbook to ensure that this is done. This commit also introduces a new option called ``--skip-ipa-cleanup`` so that callers can bypass this playbook. The default is False, meaning the intended behavior is to cleanup FreeIPA by default during overcloud delete operations. Change-Id: I131ff1977005d0f90afa567e5c4e2e9c3b5d3af2
2020-03-13 17:59:01 -04:00 · 2020-03-13 17:59:01 -04:00 · 244f14c03c
parent 5419a8db5f
commit 244f14c03c
3 changed files with 58 additions and 4 deletions
--- a/releasenotes/notes/add-ipa-cleanup-to-overcloud-delete-bf803bc67a4b38c2.yaml
+++ b/releasenotes/notes/add-ipa-cleanup-to-overcloud-delete-bf803bc67a4b38c2.yaml
@ -0,0 +1,12 @@
+---
+features:
+  - |
+    The `overcloud delete` subcommand now supports cleaning up overcloud hosts,
+    services, and DNS entries in FreeIPA. This is applicable to deployments
+    with TLS support enabled since FreeIPA serves DNS and manages certificates
+    for overcloud infrastructure. This subcommand also includes a new option
+    called ``--skip-ipa-cleanup`` that allows the caller to forego cleaning up
+    FreeIPA. This may be useful when deployers want to forcibly cleanup
+    overcloud stacks and leave FreeIPA entries intact (e.g., network partition
+    events where the FreeIPA server isn't reachable). Note that you will need
+    to manually cleanup FreeIPA if you use ``--skip-ipa-cleanup``.
--- a/tripleoclient/tests/v2/overcloud_delete/test_overcloud_delete.py
+++ b/tripleoclient/tests/v2/overcloud_delete/test_overcloud_delete.py
@ -44,8 +44,8 @@ class TestDeleteOvercloud(deploy_fakes.TestDeployOvercloud):
        self.cmd.take_action(parsed_args)

        mock_run_playbook.assert_called_once_with(
-            'cli-overcloud-delete.yaml',
-            'undercloud,',
+            ['cli-cleanup-ipa.yml', 'cli-overcloud-delete.yaml'],
+            constants.ANSIBLE_INVENTORY,
            mock.ANY,
            constants.ANSIBLE_TRIPLEO_PLAYBOOKS,
            extra_vars={
@ -65,3 +65,26 @@ class TestDeleteOvercloud(deploy_fakes.TestDeployOvercloud):

        self.assertRaises(exceptions.CommandError,
                          self.cmd.take_action, parsed_args)
+
+    @mock.patch("tripleoclient.utils.run_ansible_playbook", autospec=True)
+    def test_skip_ipa_cleanup(self, mock_run_playbook):
+        arglist = ["overcast", "-y", "--skip-ipa-cleanup"]
+        verifylist = [
+            ("stack", "overcast"),
+            ("yes", True),
+            ("skip_ipa_cleanup", True)
+        ]
+
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+        self.cmd.take_action(parsed_args)
+
+        mock_run_playbook.assert_called_once_with(
+            ['cli-overcloud-delete.yaml'],
+            constants.ANSIBLE_INVENTORY,
+            mock.ANY,
+            constants.ANSIBLE_TRIPLEO_PLAYBOOKS,
+            extra_vars={
+                "stack_name": "overcast",
+            },
+            verbosity=3,
+        )
--- a/tripleoclient/v2/overcloud_delete.py
+++ b/tripleoclient/v2/overcloud_delete.py
@ -39,6 +39,18 @@ class DeleteOvercloud(command.Command):
                            help=_('Skip yes/no prompt (assume yes).'),
                            default=False,
                            action="store_true")
+        parser.add_argument('-s', '--skip-ipa-cleanup',
+                            help=_('Skip removing overcloud hosts, services, '
+                                   'and DNS records from FreeIPA. This is '
+                                   'particularly relevant for deployments '
+                                   'using certificates from FreeIPA for TLS. '
+                                   'By default, overcloud hosts, services, '
+                                   'and DNS records will be removed from '
+                                   'FreeIPA before deleting the overcloud. '
+                                   'Using this option might require you to '
+                                   'manually cleanup FreeIPA later.'),
+                            default=False,
+                            action="store_true")
        return parser

    def _validate_args(self, parsed_args):
@ -58,10 +70,17 @@ class DeleteOvercloud(command.Command):
            if not confirm:
                raise oscexc.CommandError("Action not confirmed, exiting.")

+        if parsed_args.skip_ipa_cleanup:
+            playbooks = ["cli-overcloud-delete.yaml"]
+        else:
+            # Order is important, let's make sure we cleanup FreeIPA before we
+            # start removing infrastructure.
+            playbooks = ["cli-cleanup-ipa.yml", "cli-overcloud-delete.yaml"]
+
        with utils.TempDirs() as tmp:
            utils.run_ansible_playbook(
-                "cli-overcloud-delete.yaml",
-                'undercloud,',
+                playbooks,
+                constants.ANSIBLE_INVENTORY,
                workdir=tmp,
                playbook_dir=constants.ANSIBLE_TRIPLEO_PLAYBOOKS,
                verbosity=utils.playbook_verbosity(self=self),