From 244f14c03c5158c8f599d9a37b2b7c74480ffc4c Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Fri, 13 Mar 2020 17:59:01 -0400
Subject: [PATCH] Add call to cleanup_ipa.yml playbook when doing a stack
 delete

When doing a stack delete, we need to make sure that any IPA entries are
cleaned up. We have added a call to the cli-cleanup-ipa.yml playbook
to ensure that this is done.

This commit also introduces a new option called ``--skip-ipa-cleanup``
so that callers can bypass this playbook. The default is False, meaning
the intended behavior is to cleanup FreeIPA by default during overcloud
delete operations.

Change-Id: I131ff1977005d0f90afa567e5c4e2e9c3b5d3af2
---
 ...-to-overcloud-delete-bf803bc67a4b38c2.yaml | 12 +++++++++
 .../overcloud_delete/test_overcloud_delete.py | 27 +++++++++++++++++--
 tripleoclient/v2/overcloud_delete.py          | 23 ++++++++++++++--
 3 files changed, 58 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/add-ipa-cleanup-to-overcloud-delete-bf803bc67a4b38c2.yaml

diff --git a/releasenotes/notes/add-ipa-cleanup-to-overcloud-delete-bf803bc67a4b38c2.yaml b/releasenotes/notes/add-ipa-cleanup-to-overcloud-delete-bf803bc67a4b38c2.yaml
new file mode 100644
index 000000000..2e123b311
--- /dev/null
+++ b/releasenotes/notes/add-ipa-cleanup-to-overcloud-delete-bf803bc67a4b38c2.yaml
@@ -0,0 +1,12 @@
+---
+features:
+  - |
+    The `overcloud delete` subcommand now supports cleaning up overcloud hosts,
+    services, and DNS entries in FreeIPA. This is applicable to deployments
+    with TLS support enabled since FreeIPA serves DNS and manages certificates
+    for overcloud infrastructure. This subcommand also includes a new option
+    called ``--skip-ipa-cleanup`` that allows the caller to forego cleaning up
+    FreeIPA. This may be useful when deployers want to forcibly cleanup
+    overcloud stacks and leave FreeIPA entries intact (e.g., network partition
+    events where the FreeIPA server isn't reachable). Note that you will need
+    to manually cleanup FreeIPA if you use ``--skip-ipa-cleanup``.
diff --git a/tripleoclient/tests/v2/overcloud_delete/test_overcloud_delete.py b/tripleoclient/tests/v2/overcloud_delete/test_overcloud_delete.py
index bb0f286ca..af52fe42c 100644
--- a/tripleoclient/tests/v2/overcloud_delete/test_overcloud_delete.py
+++ b/tripleoclient/tests/v2/overcloud_delete/test_overcloud_delete.py
@@ -44,8 +44,8 @@ class TestDeleteOvercloud(deploy_fakes.TestDeployOvercloud):
         self.cmd.take_action(parsed_args)
 
         mock_run_playbook.assert_called_once_with(
-            'cli-overcloud-delete.yaml',
-            'undercloud,',
+            ['cli-cleanup-ipa.yml', 'cli-overcloud-delete.yaml'],
+            constants.ANSIBLE_INVENTORY,
             mock.ANY,
             constants.ANSIBLE_TRIPLEO_PLAYBOOKS,
             extra_vars={
@@ -65,3 +65,26 @@ class TestDeleteOvercloud(deploy_fakes.TestDeployOvercloud):
 
         self.assertRaises(exceptions.CommandError,
                           self.cmd.take_action, parsed_args)
+
+    @mock.patch("tripleoclient.utils.run_ansible_playbook", autospec=True)
+    def test_skip_ipa_cleanup(self, mock_run_playbook):
+        arglist = ["overcast", "-y", "--skip-ipa-cleanup"]
+        verifylist = [
+            ("stack", "overcast"),
+            ("yes", True),
+            ("skip_ipa_cleanup", True)
+        ]
+
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+        self.cmd.take_action(parsed_args)
+
+        mock_run_playbook.assert_called_once_with(
+            ['cli-overcloud-delete.yaml'],
+            constants.ANSIBLE_INVENTORY,
+            mock.ANY,
+            constants.ANSIBLE_TRIPLEO_PLAYBOOKS,
+            extra_vars={
+                "stack_name": "overcast",
+            },
+            verbosity=3,
+        )
diff --git a/tripleoclient/v2/overcloud_delete.py b/tripleoclient/v2/overcloud_delete.py
index ead709f8f..21d41f942 100644
--- a/tripleoclient/v2/overcloud_delete.py
+++ b/tripleoclient/v2/overcloud_delete.py
@@ -39,6 +39,18 @@ class DeleteOvercloud(command.Command):
                             help=_('Skip yes/no prompt (assume yes).'),
                             default=False,
                             action="store_true")
+        parser.add_argument('-s', '--skip-ipa-cleanup',
+                            help=_('Skip removing overcloud hosts, services, '
+                                   'and DNS records from FreeIPA. This is '
+                                   'particularly relevant for deployments '
+                                   'using certificates from FreeIPA for TLS. '
+                                   'By default, overcloud hosts, services, '
+                                   'and DNS records will be removed from '
+                                   'FreeIPA before deleting the overcloud. '
+                                   'Using this option might require you to '
+                                   'manually cleanup FreeIPA later.'),
+                            default=False,
+                            action="store_true")
         return parser
 
     def _validate_args(self, parsed_args):
@@ -58,10 +70,17 @@ class DeleteOvercloud(command.Command):
             if not confirm:
                 raise oscexc.CommandError("Action not confirmed, exiting.")
 
+        if parsed_args.skip_ipa_cleanup:
+            playbooks = ["cli-overcloud-delete.yaml"]
+        else:
+            # Order is important, let's make sure we cleanup FreeIPA before we
+            # start removing infrastructure.
+            playbooks = ["cli-cleanup-ipa.yml", "cli-overcloud-delete.yaml"]
+
         with utils.TempDirs() as tmp:
             utils.run_ansible_playbook(
-                "cli-overcloud-delete.yaml",
-                'undercloud,',
+                playbooks,
+                constants.ANSIBLE_INVENTORY,
                 workdir=tmp,
                 playbook_dir=constants.ANSIBLE_TRIPLEO_PLAYBOOKS,
                 verbosity=utils.playbook_verbosity(self=self),