From 1f9546df88b0ade2f5af1577e62833d5a4ce1976 Mon Sep 17 00:00:00 2001 From: staebler Date: Wed, 18 Oct 2017 22:38:33 -0400 Subject: Fix a few small issues in service catalog uninstall --- roles/ansible_service_broker/tasks/remove.yml | 12 +++++++++--- roles/openshift_service_catalog/tasks/generate_certs.yml | 10 ++++++++++ roles/openshift_service_catalog/tasks/remove.yml | 7 ++++--- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml index f0a6be226..51b86fb26 100644 --- a/roles/ansible_service_broker/tasks/remove.yml +++ b/roles/ansible_service_broker/tasks/remove.yml @@ -85,9 +85,9 @@ - name: remove secret for broker auth oc_obj: - name: asb-auth-secret + name: asb-client namespace: openshift-ansible-service-broker - kind: Broker + kind: Secret state: absent # TODO: saw a oc_configmap in the library, but didn't understand how to get it to do the following: @@ -99,11 +99,17 @@ kind: ConfigMap # TODO: Is this going to work? +- shell: > + oc get apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found" + register: get_apiservices + changed_when: no + - name: remove broker object from the catalog oc_obj: name: ansible-service-broker state: absent - kind: ServiceBroker + kind: ClusterServiceBroker + when: not "'not found' in get_apiservices.stdout" - name: remove openshift-ansible-service-broker project oc_project: diff --git a/roles/openshift_service_catalog/tasks/generate_certs.yml b/roles/openshift_service_catalog/tasks/generate_certs.yml index 416bdac70..9d55185c8 100644 --- a/roles/openshift_service_catalog/tasks/generate_certs.yml +++ b/roles/openshift_service_catalog/tasks/generate_certs.yml @@ -16,6 +16,16 @@ --key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt --serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer +- name: Delete old apiserver.crt + file: + path: "{{ generated_certs_dir }}/apiserver.crt" + state: absent + +- name: Delete old apiserver.key + file: + path: "{{ generated_certs_dir }}/apiserver.key" + state: absent + - name: Generating server keys oc_adm_ca_server_cert: cert: "{{ generated_certs_dir }}/apiserver.crt" diff --git a/roles/openshift_service_catalog/tasks/remove.yml b/roles/openshift_service_catalog/tasks/remove.yml index 96ae61507..e473313b9 100644 --- a/roles/openshift_service_catalog/tasks/remove.yml +++ b/roles/openshift_service_catalog/tasks/remove.yml @@ -3,9 +3,10 @@ command: > oc delete apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io --ignore-not-found -n kube-service-catalog -- name: Remove Policy Binding - command: > - oc delete policybindings/kube-system:default -n kube-system --ignore-not-found +# TODO: policybinding is not a resource type. what was the original intention of this? +#- name: Remove Policy Binding +# command: > +# oc delete policybindings/kube-system:default -n kube-system --ignore-not-found # TODO: this module doesn't currently remove this #- name: Remove service catalog api service -- cgit v1.2.3 From e43c867dfd98e7ae3445db7e089a56bdbb7b690c Mon Sep 17 00:00:00 2001 From: staebler Date: Fri, 20 Oct 2017 15:44:41 -0400 Subject: Remove role bindings during service catalog un-install --- .../files/kubeservicecatalog_roles_bindings.yml | 2 +- .../files/kubesystem_roles_bindings.yml | 2 +- roles/openshift_service_catalog/tasks/install.yml | 10 ++++----- roles/openshift_service_catalog/tasks/remove.yml | 25 +++++++++++++++++----- roles/template_service_broker/tasks/remove.yml | 4 ++-- 5 files changed, 28 insertions(+), 15 deletions(-) diff --git a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml index 56b2d1463..f449fba2b 100644 --- a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml +++ b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Template metadata: - name: service-catalog + name: service-catalog-role-bindings objects: - apiVersion: authorization.openshift.io/v1 diff --git a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml index e1af51ce6..f563ae42e 100644 --- a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml +++ b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Template metadata: - name: kube-system-service-catalog + name: kube-system-service-catalog-role-bindings objects: - apiVersion: authorization.openshift.io/v1 diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml index 1e94c8c5d..aa3ec5724 100644 --- a/roles/openshift_service_catalog/tasks/install.yml +++ b/roles/openshift_service_catalog/tasks/install.yml @@ -47,16 +47,15 @@ dest: "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml" - oc_obj: - name: service-catalog + name: service-catalog-role-bindings kind: template namespace: "kube-service-catalog" files: - "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml" - delete_after: yes - oc_process: create: True - template_name: service-catalog + template_name: service-catalog-role-bindings namespace: "kube-service-catalog" - copy: @@ -64,16 +63,15 @@ dest: "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml" - oc_obj: - name: kube-system-service-catalog + name: kube-system-service-catalog-role-bindings kind: template namespace: kube-system files: - "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml" - delete_after: yes - oc_process: create: True - template_name: kube-system-service-catalog + template_name: kube-system-service-catalog-role-bindings namespace: kube-system - oc_obj: diff --git a/roles/openshift_service_catalog/tasks/remove.yml b/roles/openshift_service_catalog/tasks/remove.yml index e473313b9..224665655 100644 --- a/roles/openshift_service_catalog/tasks/remove.yml +++ b/roles/openshift_service_catalog/tasks/remove.yml @@ -3,11 +3,6 @@ command: > oc delete apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io --ignore-not-found -n kube-service-catalog -# TODO: policybinding is not a resource type. what was the original intention of this? -#- name: Remove Policy Binding -# command: > -# oc delete policybindings/kube-system:default -n kube-system --ignore-not-found - # TODO: this module doesn't currently remove this #- name: Remove service catalog api service # oc_obj: @@ -51,6 +46,26 @@ kind: deployment name: controller-manager +- name: Remove Service Catalog kube-system Role Bindinds + shell: > + oc process kube-system-service-catalog-role-bindings -n kube-system | oc delete --ignore-not-found -f - + +- oc_obj: + kind: template + name: "kube-system-service-catalog-role-bindings" + namespace: kube-system + state: absent + +- name: Remove Service Catalog kube-service-catalog Role Bindinds + shell: > + oc process service-catalog-role-bindings -n kube-service-catalog | oc delete --ignore-not-found -f - + +- oc_obj: + kind: template + name: "service-catalog-role-bindings" + namespace: kube-service-catalog + state: absent + - name: Remove Service Catalog namespace oc_project: state: absent diff --git a/roles/template_service_broker/tasks/remove.yml b/roles/template_service_broker/tasks/remove.yml index f3afe65ed..28836f97f 100644 --- a/roles/template_service_broker/tasks/remove.yml +++ b/roles/template_service_broker/tasks/remove.yml @@ -13,11 +13,11 @@ - name: Delete TSB broker shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" | oc delete -f - + oc process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" | oc delete --ignore-not-found -f - - name: Delete TSB objects shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" | kubectl delete -f - + oc process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" | oc delete --ignore-not-found -f - - name: empty out tech preview extension file for service console UI copy: -- cgit v1.2.3 From bb5a5bc3e2566a3b1d9b92932c96e59631a4e3cc Mon Sep 17 00:00:00 2001 From: staebler Date: Mon, 23 Oct 2017 09:06:50 -0400 Subject: Remove extraneous spaces that yamllint dislikes --- roles/openshift_service_catalog/tasks/remove.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openshift_service_catalog/tasks/remove.yml b/roles/openshift_service_catalog/tasks/remove.yml index 224665655..ca9844e79 100644 --- a/roles/openshift_service_catalog/tasks/remove.yml +++ b/roles/openshift_service_catalog/tasks/remove.yml @@ -48,7 +48,7 @@ - name: Remove Service Catalog kube-system Role Bindinds shell: > - oc process kube-system-service-catalog-role-bindings -n kube-system | oc delete --ignore-not-found -f - + oc process kube-system-service-catalog-role-bindings -n kube-system | oc delete --ignore-not-found -f - - oc_obj: kind: template @@ -58,14 +58,14 @@ - name: Remove Service Catalog kube-service-catalog Role Bindinds shell: > - oc process service-catalog-role-bindings -n kube-service-catalog | oc delete --ignore-not-found -f - + oc process service-catalog-role-bindings -n kube-service-catalog | oc delete --ignore-not-found -f - - oc_obj: kind: template name: "service-catalog-role-bindings" namespace: kube-service-catalog state: absent - + - name: Remove Service Catalog namespace oc_project: state: absent -- cgit v1.2.3