ci-operator/step-registry/ipi/deprovision/vsphere: Decompose into sub-steps

So we can recycle the vanilla IPI deprovision step without needing to
make changes to it (other than using the UPI image to get the vSphere
CA certs).  This also makes the link between the resource-creating and
resource-destroying steps more transparent.

Also store the hosted zone ID in a secret so we don't have to look it
up again, which lets us simplify the secret loading a bit in the DNS
deprovisioning.

Remove the ipi-deprovision-vsphere chain, since there's no reason
folks would use it instead of the ipi-vsphere-post chain.

Author: wking

ci-operator/step-registry/ipi/conf/vsphere/dns/ipi-conf-vsphere-dns-commands.sh

@@ -24,7 +24,7 @@ hosted_zone_id="$(aws route53 list-hosted-zones-by-name \
             --dns-name "${base_domain}" \
             --query "HostedZones[? Config.PrivateZone != \`true\` && Name == \`${base_domain}.\`].Id" \
             --output text)"
-
+echo "${hosted_zone_id}" > "${SHARED_DIR}/hosted-zone.txt"
 
 echo "Creating DNS records..."
 cat > "${SHARED_DIR}"/dns-create.json <<EOF

ci-operator/step-registry/ipi/conf/vsphere/dns/ipi-conf-vsphere-dns-ref.yaml

@@ -10,4 +10,5 @@ ref:
     Uses VIPs in ${SHARED_DIR}/vips.txt to create route53 dns records. Outputs
     ${SHARED_DIR}/basedomain.txt to ensure consistent basedomain in conf and
     deprovision steps. Saves batch job to delete DNS records to
-    ${SHARED_DIR}/dns-delete.json for use in deprovisioning.
+    ${SHARED_DIR}/dns-delete.json for use in deprovisioning, with the hosted
+    zone ID in ${SHARED_DIR}/hosted-zone.txt.

ci-operator/step-registry/ipi/conf/vsphere/vips/ipi-conf-vsphere-vips-ref.yaml

@@ -10,4 +10,5 @@ ref:
     Using secrets from the vSphere cluster profile, the vSphere VIP setup step
     reserves IP addresses through IPAM and saves them to $SHARED_DIR/vips.txt
     for later use in creating DNS records and the install config. They are also
-    needed in deprovisioning to release the reserved VIPs.
+    needed in deprovisioning to release the reserved VIPs (via the
+    ipi-deprovision-vsphere-vips step).

ci-operator/step-registry/ipi/deprovision/vsphere/dns/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- abhinavdahiya
+- jcpowermac
+- patrickdillon

ci-operator/step-registry/ipi/deprovision/vsphere/dns/ipi-deprovision-vsphere-dns-commands.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+cluster_profile=/var/run/secrets/ci.openshift.io/cluster-profile
+export AWS_SHARED_CREDENTIALS_FILE=${cluster_profile}/.awscred 
+
+HOSTED_ZONE_ID="$(cat "${SHARED_DIR}/hosted-zone.txt")"
+
+echo "Deleting Route53 DNS records..."
+aws route53 change-resource-record-sets --hosted-zone-id "${HOSTED_ZONE_ID}" --change-batch "file:///${SHARED_DIR}/dns-delete.json"

ci-operator/step-registry/ipi/deprovision/vsphere/dns/ipi-deprovision-vsphere-dns-ref.yaml

@@ -0,0 +1,10 @@
+ref:
+  as: ipi-deprovision-vsphere-dns
+  from: upi-installer
+  commands: ipi-deprovision-vsphere-dns-commands.sh
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 100Mi
+  documentation: >-
+    Releases DNS records via `${SHARED_DIR}/hosted-zone.txt` and `${SHARED_DIR}/dns-delete.json`.  The IP addresses were allocated with the ipi-conf-vsphere-dns step.

ci-operator/step-registry/ipi/deprovision/vsphere/ipi-deprovision-vsphere-chain.yaml

@@ -0,0 +1 @@
+../deprovision/ipi-deprovision-deprovision-commands.sh

ci-operator/step-registry/ipi/deprovision/vsphere/ipi-deprovision-vsphere-commands.sh

@@ -7,6 +7,6 @@ ref:
       cpu: 1000m
       memory: 100Mi
   documentation: >-
-    Reads the VIP and DNS records created in the setup phases from $SHARED_DIR
-    and delete them. Also uses $SHARED_DIR/basedomain.txt to ensure consistent
-    basedomain as setup steps.
+    The IPI deprovision step tears down the cluster.  Unlike the other
+    IPI deprovisioning, the installer image must include vCenter CA
+    certs.

ci-operator/step-registry/ipi/deprovision/vsphere/ipi-deprovision-vsphere-commands.sh

@@ -0,0 +1,4 @@
+approvers:
+- abhinavdahiya
+- jcpowermac
+- patrickdillon

ci-operator/step-registry/ipi/deprovision/vsphere/ipi-deprovision-vsphere-ref.yaml

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+cluster_profile=/var/run/secrets/ci.openshift.io/cluster-profile
+tfvars_path="${cluster_profile}/secret.auto.tfvars"
+cluster_name="${NAMESPACE}-${JOB_NAME_HASH}"
+ipam_token=$(grep -oP 'ipam_token="\K[^"]+' "${tfvars_path}")
+
+export AWS_SHARED_CREDENTIALS_FILE="${cluster_profile}/.awscred"
+
+# FIXME: should this be using ${SHARED_DIR}/vips.txt ?
+echo "Releasing IP addresses from IPAM server..."
+for i in {0..2}
+do
+    curl "http://139.178.89.254/api/removeHost.php?apiapp=address&apitoken=${ipam_token}&host=${cluster_name}-$i"
+done

ci-operator/step-registry/ipi/deprovision/vsphere/vips/OWNERS

@@ -0,0 +1,10 @@
+ref:
+  as: ipi-deprovision-vsphere-vips
+  from: upi-installer
+  commands: ipi-deprovision-vsphere-vips-commands.sh
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 100Mi
+  documentation: >-
+    Releases IP addresses from the IPAM server.  The IP addresses were allocated with the ipi-conf-vsphere-vips step.

ci-operator/step-registry/ipi/deprovision/vsphere/vips/ipi-deprovision-vsphere-vips-commands.sh

@@ -1,7 +1,10 @@
 chain:
   as: ipi-vsphere-post
   steps:
-  - chain: ipi-deprovision
+  - chain: gather
+  - ref: ipi-deprovision-vsphere
+  - ref: ipi-deprovision-vsphere-vips
+  - ref: ipi-deprovision-vsphere-dns
   documentation: |-
     The IPI cleanup step contains all steps that deprovision an OpenShift
     cluster on vSphere, provisioned by the `ipi-vsphere-pre` chain.