Cleanup Keystone services that are not required

Occassionally, services are disabled by the user. This can happen during upgrades on the undercloud. But it can also be invoked by a user who is removing a service. This change introduces a block to cleanup keystone services that are no longer required. Resolves: rhbz#1876045 Change-Id: If825271ec82f4906cf9ad433a3e4b848f7f2e685 (cherry picked from commit 1d9093bbef) (cherry picked from commit 258cf821e6)
2022-06-21 15:21:43 +10:00 · 2022-06-21 15:21:43 +10:00 · 2728b2fd48
parent 129edccee5
commit 2728b2fd48
4 changed files with 53 additions and 0 deletions
--- a/releasenotes/notes/clean-endpoints-cca5478129f0506d.yaml
+++ b/releasenotes/notes/clean-endpoints-cca5478129f0506d.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Add a new playbook to allow for the removal of old Keystone services.
+    This playbook will remove any services that exist but have since been
+    disabled. This cleanup task is tunable using
+    `tripleo_keystone_resources_cleanup` which by default is set to True.
--- a/tripleo_ansible/roles/tripleo-keystone-resources/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo-keystone-resources/defaults/main.yml
@ -29,3 +29,5 @@ tripleo_keystone_resources_clouds_file_mode: '0600'
 tripleo_keystone_resources_catalog_config: {}
 tripleo_keystone_resources_member_role_enabled: false
 tripleo_keystone_resources_batch: 10
+tripleo_keystone_removed_services: {}
+tripleo_keystone_resources_cleanup: true
--- a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/cleanup.yml
+++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/cleanup.yml
@ -0,0 +1,40 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Cleanup keystone services that have been removed
+  block:
+  - name: Get list of enabled services
+    shell: openstack service list -c "Name" -c "Type" -f json 2>/dev/null
+    register: keystone_service_list
+
+  - name: List services to be disabled
+    set_fact:
+      tripleo_keystone_removed_services: "{{ tripleo_keystone_removed_services | combine({item.Name: item.Type}) }}"
+    loop: "{{ keystone_service_list.stdout }}"
+    when:
+      - item.Name not in tripleo_keystone_resources_catalog_config
+      - item.Name != "keystone"
+
+  - name: Delete keystone services not enabled
+    openstack.cloud.catalog_service:
+      cloud: "{{ tripleo_keystone_resources_cloud_name }}"
+      name: "{{ item.key }}"
+      service_type: "{{ item.value }}"
+      state: absent
+    loop: "{{ tripleo_keystone_removed_services | dict2items }}"
+    register: cleanup_result
+  environment:
+    OS_CLOUD: "{{ tripleo_keystone_resources_cloud_name }}"
--- a/tripleo_ansible/roles/tripleo-keystone-resources/tasks/main.yml
+++ b/tripleo_ansible/roles/tripleo-keystone-resources/tasks/main.yml
@ -65,6 +65,10 @@
  loop_control:
    loop_var: keystone_endpoint_type

+- name: Run cleanup tasks
+  include_tasks: cleanup.yml
+  when: tripleo_keystone_resources_cleanup
+
 - name: Create Keystone Roles
  include_tasks: roles.yml
  loop: "{{ tripleo_keystone_resources_catalog_config | get_key_from_dict(key='roles', default='service') | batch(tripleo_keystone_resources_batch) | list }}"