ci-operator/step-registry/ipi/deprovision/vsphere: Decompose into sub-steps

ci-operator/step-registry/ipi/conf/vsphere/dns/ipi-conf-vsphere-dns-commands.sh

@@ -24,7 +24,7 @@ hosted_zone_id="$(aws route53 list-hosted-zones-by-name \
             --dns-name "${base_domain}" \
             --query "HostedZones[? Config.PrivateZone != \`true\` && Name == \`${base_domain}.\`].Id" \
             --output text)"
-
+echo "${hosted_zone_id}" > "${SHARED_DIR}/hosted-zone.txt"
 
 echo "Creating DNS records..."
 cat > "${SHARED_DIR}"/dns-create.json <<EOF

ci-operator/step-registry/ipi/conf/vsphere/dns/ipi-conf-vsphere-dns-ref.yaml

@@ -10,4 +10,5 @@ ref:
     Uses VIPs in ${SHARED_DIR}/vips.txt to create route53 dns records. Outputs
     ${SHARED_DIR}/basedomain.txt to ensure consistent basedomain in conf and
     deprovision steps. Saves batch job to delete DNS records to
-    ${SHARED_DIR}/dns-delete.json for use in deprovisioning.
+    ${SHARED_DIR}/dns-delete.json for use in deprovisioning, with the hosted
+    zone ID in ${SHARED_DIR}/hosted-zone.txt.

ci-operator/step-registry/ipi/conf/vsphere/vips/ipi-conf-vsphere-vips-ref.yaml

@@ -10,4 +10,5 @@ ref:
     Using secrets from the vSphere cluster profile, the vSphere VIP setup step
     reserves IP addresses through IPAM and saves them to $SHARED_DIR/vips.txt
     for later use in creating DNS records and the install config. They are also
-    needed in deprovisioning to release the reserved VIPs.
+    needed in deprovisioning to release the reserved VIPs (via the
+    ipi-deprovision-vsphere-vips step).

ci-operator/step-registry/ipi/deprovision/vsphere/dns/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- abhinavdahiya
+- jcpowermac
+- patrickdillon

ci-operator/step-registry/ipi/deprovision/vsphere/dns/ipi-deprovision-vsphere-dns-commands.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+cluster_profile=/var/run/secrets/ci.openshift.io/cluster-profile
+export AWS_SHARED_CREDENTIALS_FILE=${cluster_profile}/.awscred 
+
+HOSTED_ZONE_ID="$(cat "${SHARED_DIR}/hosted-zone.txt")"
+
+echo "Deleting Route53 DNS records..."
+aws route53 change-resource-record-sets --hosted-zone-id "${HOSTED_ZONE_ID}" --change-batch "file:///${SHARED_DIR}/dns-delete.json"

ci-operator/step-registry/ipi/deprovision/vsphere/dns/ipi-deprovision-vsphere-dns-ref.yaml

@@ -0,0 +1,10 @@
+ref:
+  as: ipi-deprovision-vsphere-dns
+  from: upi-installer
+  commands: ipi-deprovision-vsphere-dns-commands.sh
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 100Mi
+  documentation: >-
+    Releases DNS records via `${SHARED_DIR}/hosted-zone.txt` and `${SHARED_DIR}/dns-delete.json`.  The IP addresses were allocated with the ipi-conf-vsphere-dns step.

ci-operator/step-registry/ipi/deprovision/vsphere/ipi-deprovision-vsphere-commands.sh

@@ -0,0 +1 @@
+../deprovision/ipi-deprovision-deprovision-commands.sh

ci-operator/step-registry/ipi/deprovision/vsphere/ipi-deprovision-vsphere-ref.yaml

@@ -7,6 +7,6 @@ ref:
       cpu: 1000m
       memory: 100Mi
   documentation: >-
-    Reads the VIP and DNS records created in the setup phases from $SHARED_DIR
-    and delete them. Also uses $SHARED_DIR/basedomain.txt to ensure consistent
-    basedomain as setup steps.
+    The IPI deprovision step tears down the cluster.  Unlike the other
+    IPI deprovisioning, the installer image must include vCenter CA
+    certs.

ci-operator/step-registry/ipi/deprovision/vsphere/vips/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- abhinavdahiya
+- jcpowermac
+- patrickdillon

ci-operator/step-registry/ipi/deprovision/vsphere/vips/ipi-deprovision-vsphere-vips-commands.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+cluster_profile=/var/run/secrets/ci.openshift.io/cluster-profile
+tfvars_path="${cluster_profile}/secret.auto.tfvars"
+cluster_name="${NAMESPACE}-${JOB_NAME_HASH}"
+ipam_token=$(grep -oP 'ipam_token="\K[^"]+' "${tfvars_path}")
+
+export AWS_SHARED_CREDENTIALS_FILE="${cluster_profile}/.awscred"
+
+# FIXME: should this be using ${SHARED_DIR}/vips.txt ?
+echo "Releasing IP addresses from IPAM server..."
+for i in {0..2}
+do
+    curl "http://139.178.89.254/api/removeHost.php?apiapp=address&apitoken=${ipam_token}&host=${cluster_name}-$i"
+done

ci-operator/step-registry/ipi/deprovision/vsphere/vips/ipi-deprovision-vsphere-vips-ref.yaml

@@ -0,0 +1,10 @@
+ref:
+  as: ipi-deprovision-vsphere-vips
+  from: upi-installer
+  commands: ipi-deprovision-vsphere-vips-commands.sh
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 100Mi
+  documentation: >-
+    Releases IP addresses from the IPAM server.  The IP addresses were allocated with the ipi-conf-vsphere-vips step.

ci-operator/step-registry/ipi/vsphere/post/ipi-vsphere-post-chain.yaml

@@ -1,7 +1,10 @@
 chain:
   as: ipi-vsphere-post
   steps:
-  - chain: ipi-deprovision
+  - chain: gather
+  - ref: ipi-deprovision-vsphere
+  - ref: ipi-deprovision-vsphere-vips
+  - ref: ipi-deprovision-vsphere-dns
   documentation: |-
     The IPI cleanup step contains all steps that deprovision an OpenShift
     cluster on vSphere, provisioned by the `ipi-vsphere-pre` chain.