main.yml
All that is created by the create_organization playbook, is undone and more!
The project created for the team config as code is not deleted, to preserve the configuration in there. Just the pipeline is set to nothing, so it can't run.
The organization and all its definitions are removed from the gateway.
Then the project is cleaned up, removing the file content for the team, re-run the pipeline.
After running the config as code, some thing stay behing, having no relation to any organization, these are queried from controller and deleted.
---
# This is the complete playbook to remove an organization from rhaap
# in a multi environment!
- name: Delete organization and disable CaC.
hosts: localhost
gather_facts: false
pre_tasks:
- name: Get vars
ansible.builtin.include_vars: env_vars.yml
no_log: true
# Create a gitlab access token for use in this playbook
- name: GitLab Post | Obtain Access Token
ansible.builtin.include_tasks:
file: get_gitlab_api_token.yml
# When the gitlab_group has slashes, these must be replaced with '%2F'
- name: Create correct url for gitlab_group
ansible.builtin.set_fact:
gitlab_group_safe: "{{ gitlab_group | replace('/', '%2F') }}"
tasks:
# Start Phase 1 disable team cac repository
- name: Disable pipeline on GitLab Project in group
community.general.gitlab_project:
api_url: "{{ gitlab_protocol }}{{ gitlab_url }}"
validate_certs: "{{ gitlab_validate_certs }}"
api_username: "{{ gitlab_user_username }}"
api_password: "{{ gitlab_user_password }}"
name: "{{ team_project_name }}"
group: "{{ gitlab_group }}"
ci_config_path: ''
# End Phase 1 disable team cac repository
# Start Phase 2 remove org admin from base users in all environments
- name: Remove admin user from secrets vault
ansible.builtin.include_tasks:
file: vault_delete_local_admin_user.yml
vars:
main_ns_name: "{{ senv.key }}"
remove_user: "CaC_admin_{{ organization_short_name | upper }}"
loop: "{{ aap_env | dict2items }}"
loop_control:
loop_var: senv
# End Phase 2
# Start Phase 3 remove organization namespace from vault
- name: Remove namespace (organization_short_name) for each environment
ansible.builtin.include_tasks:
file: vault_delete_namespace.yml
vars:
main_ns_name: "{{ venv.key }}"
sub_ns_name: "{{ organization_short_name | lower }}"
loop: "{{ aap_env | dict2items }}"
loop_control:
loop_var: venv
# End Phase 3
# Start Phase 4
- name: Set ldap facts
ansible.builtin.set_fact:
ldap_pre: "{{ ldap | selectattr('name', 'match', ldap_name) | map(attribute='ldap_pre_str') | join() }}"
ldap_post: "{{ ldap | selectattr('name', 'match', ldap_name) | map(attribute='ldap_post_str') | join() }}"
when: add_ldap
- name: Remove the rhaap_admin (CaC_admin_ORG) from rhaap instances
ansible.builtin.include_tasks:
file: rhaap_absent_organization.yml
vars:
org_admin_user: "CaC_admin_{{ organization_short_name | upper }}"
rhaap_hostname: "{{ aap_env[wenv.key]['rhaap_hostname'] }}"
loop: "{{ aap_env | dict2items }}"
loop_control:
loop_var: wenv
# End Phase 4
# Start Phase 5 rhaap configuration "cleanup"
# clone the rhaap_base repository and add "state: absent" to the organization items
- name: Clone the GitLab repository # noqa: command-instead-of-module
ansible.builtin.shell: |
git config --global user.name "{{ gitlab_user_username }}"
git config --global user.email "{{ gitlab_user_username }}@homelab.wf"
git config --global http.sslVerify "false"
git clone "{{ gitlab_protocol }}oauth:{{ token }}@{{ gitlab_url }}{{ gitlab_group }}/{{ cac_project_name }}.git"
args:
chdir: /tmp
changed_when: true
- name: Delete the Organization from config as code
ansible.builtin.blockinfile:
path: "/tmp/{{ cac_project_name }}/group_vars/all/aap_organizations.yml"
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ organization_long_name | upper }}"
marker_begin: "# BEGIN BLOCK {{ organization_long_name | upper }}"
marker_end: "# END BLOCK {{ organization_long_name | upper }}"
block: ""
state: absent
- name: Absent admin rights for ORG_ADMIN
ansible.builtin.blockinfile:
path: "/tmp/{{ cac_project_name }}/group_vars/all/gateway_role_user_assignments.yml"
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ organization_long_name | upper }}"
marker_begin: "# BEGIN BLOCK {{ organization_long_name | upper }}"
marker_end: "# END BLOCK {{ organization_long_name | upper }}"
block: ""
state: absent
- name: "Delete gateway_authenticator_maps.yml" # noqa: name[template]
ansible.builtin.blockinfile:
path: "/tmp/{{ cac_project_name }}/group_vars/all/gateway_authenticator_maps.yml"
block: ""
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ organization_short_name | upper }} TEAM_MAP"
marker_begin: "# BEGIN ANSIBLE MANAGED BLOCK {{ organization_short_name | upper }}"
marker_end: "# END ANSIBLE MANAGED BLOCK {{ organization_short_name | upper }}"
backup: false
state: absent
when: add_ldap
- name: "Delete the gateway_teams.yml" # noqa: name[template]
ansible.builtin.blockinfile:
path: "/tmp/{{ cac_project_name }}/group_vars/all/aap_teams.yml"
block: ""
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ organization_short_name | upper }} ORGANIZATION_MAP"
marker_begin: "# BEGIN ANSIBLE MANAGED BLOCK {{ organization_short_name | upper }}"
marker_end: "# END ANSIBLE MANAGED BLOCK {{ organization_short_name | upper }}"
backup: false
state: absent
when: add_ldap
- name: "Remove the organization from controller_organization.yml" # noqa: name[template]
ansible.builtin.blockinfile:
path: "/tmp/{{ cac_project_name }}/group_vars/all/controller_organization.yml"
block: ''
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ organization_short_name | upper }} ORGANIZATION_CREDS"
marker_begin: "# BEGIN ANSIBLE MANAGED BLOCK {{ organization_short_name | upper }}"
marker_end: "# END ANSIBLE MANAGED BLOCK {{ organization_short_name | upper }}"
backup: false
state: absent
insertbefore: ...
- name: "Remove the credential rights from controller_roles.yml" # noqa: name[template]
ansible.builtin.lineinfile:
path: "/tmp/{{ cac_project_name }}/group_vars/all/controller_roles.yml"
regexp: '^(.*){{ organization_long_name | upper }}(.*)$'
backup: false
state: absent
# Run the pipeline for the Development Environment
- name: Push the updated GitLab repository to dev # noqa: command-instead-of-module
ansible.builtin.shell: |
git config --global user.name "{{ gitlab_user_username }}"
git config --global user.email "{{ gitlab_user_username }}@homelab.wf"
git add --all
git commit -m "Organization branch Cleanup files {{ organization_short_name }} removed"
git push origin dev
args:
chdir: "/tmp/{{ cac_project_name }}"
changed_when: false
- name: Wait for 10 secs
ansible.builtin.pause:
seconds: 10
- name: Check the pipeline until it has run
ansible.builtin.uri:
url: "{{ gitlab_protocol }}{{ gitlab_url }}api/v4/projects/{{ gitlab_group_safe }}%2F{{ cac_project_name }}/jobs"
validate_certs: false
headers:
Authorization: "Bearer {{ token }}"
register: _jobs_list
failed_when: _jobs_list.json[0].pipeline.status == "failed"
until: (_jobs_list.json[0].pipeline.status == "success") or (_jobs_list.json[0].pipeline.status == "failed")
retries: 30
delay: 30
# Run the pipeline for the Production Environment
- name: Push the updated GitLab repository to prod # noqa: command-instead-of-module
ansible.builtin.shell: |
git config --global user.name "{{ gitlab_user_username }}"
git config --global user.email "{{ gitlab_user_username }}@homelab.wf"
git push -o merge_request.create -o merge_request.target=prod -o merge_request.auto_merge
args:
chdir: "/tmp/{{ cac_project_name }}"
changed_when: false
- name: Delete the tempory directory
ansible.builtin.file:
path: /tmp/{{ cac_project_name }}
state: absent
- name: Wait for 10 secs
ansible.builtin.pause:
seconds: 10
- name: Check the pipeline until it has run
ansible.builtin.uri:
url: "{{ gitlab_protocol }}{{ gitlab_url }}api/v4/projects/{{ gitlab_group_safe }}%2F{{ cac_project_name }}/jobs"
validate_certs: false
headers:
Authorization: "Bearer {{ token }}"
register: _jobs_list
failed_when: _jobs_list.json[0].pipeline.status == "failed"
until: (_jobs_list.json[0].pipeline.status == "success") or (_jobs_list.json[0].pipeline.status == "failed")
retries: 30
delay: 30
# End Phase 5
# Start Phase 6 Cleanup
- name: Remove Stale objects from rhaap environments
ansible.builtin.include_tasks:
file: cleanup_controller.yml
vars:
controller_name: "{{ aap_env[xenv.key]['rhaap_hostname'] }}"
loop: "{{ aap_env | dict2items }}"
loop_control:
loop_var: xenv
# End Phase 6
# Remove the organization repository from the recovery process for both environments
# you could create a loop for this
- name: Clone the Recovery DEV Branch gitlab repository
ansible.builtin.git:
repo: "https://{{ gitlab_user_username }}:{{ gitlab_user_password }}@{{ gitlab_url }}/cac_26/recover_rhaap.git"
dest: "/tmp/recover_rhaap"
version: dev
clone: true
update: true
- name: Remove the organization from Recovery DEV Branch env_vars
ansible.builtin.lineinfile:
path: "/tmp/recover_rhaap/env_vars.yml"
line: " - {{ gitlab_group }}/{{ team_project_name }}"
state: absent
- name: Push the new env_vars to Recovery DEV Branch GIT # noqa: command-instead-of-module
ansible.builtin.shell: |
git config --global user.name "{{ gitlab_user_username }}"
git config --global user.email "{{ gitlab_user_username }}@homelab"
git add --all
git commit -m 'initial config'
git push origin dev
args:
chdir: "/tmp/recover_rhaap"
changed_when: false
- name: Delete the tempory recovery DEV directory
ansible.builtin.file:
path: "/tmp/recovery_rhaap"
state: absent
- name: Clone the Recovery MAIN Branch gitlab repository
ansible.builtin.git:
repo: "https://{{ gitlab_user_username }}:{{ gitlab_user_password }}@{{ gitlab_url }}/cac_26/recover_rhaap.git"
dest: "/tmp/recover_rhaap"
version: master
clone: true
update: true
- name: Add new EE to Recovery MAIN Branch env_vars
ansible.builtin.lineinfile:
path: "/tmp/recover_rhaap/env_vars.yml"
line: " - {{ gitlab_group }}/{{ team_project_name }}"
state: absent
- name: Push the new env_vars to MAIN Branch GIT # noqa: command-instead-of-module
ansible.builtin.shell: |
git config --global user.name "{{ gitlab_user_username }}"
git config --global user.email "{{ gitlab_user_username }}@homelab"
git add --all
git commit -m 'initial config'
git push origin master
args:
chdir: "/tmp/recover_rhaap"
changed_when: false
- name: Delete the tempory recovery MAIN directory
ansible.builtin.file:
path: "/tmp/recovery_rhaap"
state: absent