diff --git a/cp3pt0-deployment/common/utils.sh b/cp3pt0-deployment/common/utils.sh index dfde40c27..2a2b0aa5b 100644 --- a/cp3pt0-deployment/common/utils.sh +++ b/cp3pt0-deployment/common/utils.sh @@ -659,7 +659,7 @@ function cleanup_OperandBindInfo() { function cleanup_NamespaceScope() { local namespace=$1 - ${OC} delete namespacescope odlm-scope-managedby-odlm nss-odlm-scope nss-managedby-odlm -n ${namespace} --ignore-not-found + ${OC} delete namespacescope odlm-scope-managedby-odlm nss-odlm-scope nss-managedby-odlm common-service -n ${namespace} --ignore-not-found } function cleanup_OperandRequest() { @@ -1031,7 +1031,7 @@ function delete_operand_finalizer() { local ns=$2 for crd in ${crds}; do if [ "${crd}" != "packagemanifests.packages.operators.coreos.com" ] && [ "${crd}" != "events" ] && [ "${crd}" != "events.events.k8s.io" ]; then - crs=$(${OC} get ${crd} --no-headers --ignore-not-found -n ${ns} 2>/dev/null | awk '{print $1}') + crs=$(${OC} get "${crd}" --no-headers --ignore-not-found -n "${ns}" 2>/dev/null | awk '{print $1}') for cr in ${crs}; do msg "Removing the finalizers for resource: ${crd}/${cr}" ${OC} patch ${crd} ${cr} -n ${ns} --type="json" -p '[{"op": "remove", "path":"/metadata/finalizers"}]' 2>/dev/null diff --git a/cp3pt0-deployment/uninstall_tenant.sh b/cp3pt0-deployment/uninstall_tenant.sh index 5a4676871..bb35afa29 100755 --- a/cp3pt0-deployment/uninstall_tenant.sh +++ b/cp3pt0-deployment/uninstall_tenant.sh @@ -13,6 +13,7 @@ OC=oc YQ=yq TENANT_NAMESPACES="" +OPERATOR_NS_LIST="" FORCE_DELETE=0 DEBUG=0 @@ -123,18 +124,48 @@ function pre_req() { } function set_tenant_namespaces() { - TENANT_NAMESPACES=$(${OC} get -n "$OPERATOR_NS" configmap namespace-scope -o jsonpath='{.data.namespaces}') - if [ "$TENANT_NAMESPACES" == "" ]; then - TENANT_NAMESPACES=$OPERATOR_NS - fi - info "Tenant namespaces are: $TENANT_NAMESPACES" + # check if user want to cleanup operatorNamespace + for ns in ${OPERATOR_NS//,/ }; do + # if this namespace is operatorNamespace + temp_namespace=$(${OC} get -n "$ns" configmap namespace-scope -o jsonpath='{.data.namespaces}' --ignore-not-found) + if [ "$temp_namespace" != "" ]; then + if [ "$TENANT_NAMESPACES" == "" ]; then + TENANT_NAMESPACES=$temp_namespace + OPERATOR_NS_LIST=$ns + else + TENANT_NAMESPACES="${TENANT_NAMESPACES},${temp_namespace}" + OPERATOR_NS_LIST="${OPERATOR_NS_LIST},${ns}" + fi + continue + fi + + # if this namespace is servicesNamespace + operator_ns=$(${OC} get -n "$ns" commonservice common-service -o jsonpath='{.spec.operatorNamespace}' --ignore-not-found) + services_ns=$(${OC} get -n "$ns" commonservice common-service -o jsonpath='{.spec.servicesNamespace}' --ignore-not-found) + if [ "$services_ns" == "$ns" ]; then + temp_namespace=$(${OC} get -n "$operator_ns" configmap namespace-scope -o jsonpath='{.data.namespaces}' --ignore-not-found) + if [ "$TENANT_NAMESPACES" == "" ]; then + TENANT_NAMESPACES=$temp_namespace + OPERATOR_NS_LIST=$operator_ns + else + TENANT_NAMESPACES="${TENANT_NAMESPACES},${temp_namespace}" + OPERATOR_NS_LIST="${OPERATOR_NS_LIST},${operator_ns}" + fi + continue + fi - # TODO: have a fallback to populate TENANT_NAMESPACES, so that script - # can be run multiple times, i.e. handle case where NSS configmap has been - # deleted, but script hits error before namespace cleanup - # if [ "$TENANT_NAMESPACES" == "" ]; then - # error "Failed to get tenant namespaces" - # fi + # if this namespace neither operatorNamespace nor serviceNamsespace + if [ "$TENANT_NAMESPACES" == "" ]; then + TENANT_NAMESPACES=$ns + else + TENANT_NAMESPACES="${TENANT_NAMESPACES},${ns}" + fi + done + + # delete duplicate namespace in TENANT_NAMESPACES and OPERATOR_NS_LIST + TENANT_NAMESPACES=$(echo "$TENANT_NAMESPACES" | sed -e 's/,/\n/g' | sort -u | tr "\r\n" "," | sed '$ s/,$//') + OPERATOR_NS_LIST=$(echo "$OPERATOR_NS_LIST" | sed -e 's/,/\n/g' | sort -u | tr "\r\n" "," | sed '$ s/,$//') + info "Tenant namespaces are: $TENANT_NAMESPACES" } function uninstall_odlm() { @@ -153,28 +184,30 @@ function uninstall_odlm() { grep_args='no-operand-requests' fi - local namespace=$1 - local name=$2 - local condition="${OC} get operandrequests -A --no-headers | cut -d ' ' -f1 | grep -w ${grep_args} || echo Success" - local retries=20 - local sleep_time=10 - local total_time_mins=$(( sleep_time * retries / 60)) - local wait_message="Waiting for all OperandRequests in tenant namespaces to be deleted" - local success_message="All tenant OperandRequests deleted" - local error_message="Timeout after ${total_time_mins} minutes waiting for tenant OperandRequests to be deleted" - - # ideally ODLM will ensure OperandRequests are cleaned up neatly - wait_for_condition "${condition}" ${retries} ${sleep_time} "${wait_message}" "${success_message}" "${error_message}" - - local sub=$(fetch_sub_from_package ibm-odlm $OPERATOR_NS) - if [ "$sub" != "" ]; then - ${OC} delete --ignore-not-found -n "$OPERATOR_NS" sub "$sub" - fi + for ns in ${TENANT_NAMESPACES//,/ }; do + local condition="${OC} get operandrequests -n ${ns} --no-headers | cut -d ' ' -f1 | grep -w ${grep_args} || echo Success" + local retries=20 + local sleep_time=10 + local total_time_mins=$(( sleep_time * retries / 60)) + local wait_message="Waiting for all OperandRequests in tenant namespaces:${ns} to be deleted" + local success_message="This tenant OperandRequests deleted" + local error_message="Timeout after ${total_time_mins} minutes waiting for tenant OperandRequests to be deleted" + + # ideally ODLM will ensure OperandRequests are cleaned up neatly + wait_for_condition "${condition}" ${retries} ${sleep_time} "${wait_message}" "${success_message}" "${error_message}" + done - local csv=$(fetch_csv_from_sub operand-deployment-lifecycle-manager "$OPERATOR_NS") - if [ "$csv" != "" ]; then - ${OC} delete --ignore-not-found -n "$OPERATOR_NS" csv "$csv" - fi + for ns in ${TENANT_NAMESPACES//,/ }; do + local sub=$(fetch_sub_from_package ibm-odlm $ns) + if [ "$sub" != "" ]; then + ${OC} delete --ignore-not-found -n "$ns" sub "$sub" + fi + + local csv=$(fetch_csv_from_sub operand-deployment-lifecycle-manager "$ns") + if [ "$csv" != "" ]; then + ${OC} delete --ignore-not-found -n "$ns" csv "$csv" + fi + done } function uninstall_cs_operator() { @@ -196,22 +229,24 @@ function uninstall_cs_operator() { function uninstall_nss() { title "Uninstall ibm-namespace-scope-operator" - ${OC} delete --ignore-not-found nss -n "$OPERATOR_NS" common-service - for ns in ${TENANT_NAMESPACES//,/ }; do - ${OC} delete --ignore-not-found rolebinding "nss-managed-role-from-$OPERATOR_NS" - ${OC} delete --ignore-not-found role "nss-managed-role-from-$OPERATOR_NS" - done - - sub=$(fetch_sub_from_package ibm-namespace-scope-operator "$OPERATOR_NS") - if [ "$sub" != "" ]; then - ${OC} delete --ignore-not-found -n "$OPERATOR_NS" sub "$sub" - fi + ${OC} delete --ignore-not-found nss -n "$ns" common-service + for op_ns in ${OPERATOR_NS_LIST//,/ }; do + ${OC} delete --ignore-not-found rolebinding -n "$ns" "nss-managed-role-from-$op_ns" + ${OC} delete --ignore-not-found role -n "$ns" "nss-managed-role-from-$op_ns" + ${OC} delete --ignore-not-found rolebinding -n "$ns" "nss-runtime-managed-role-from-$op_ns" + ${OC} delete --ignore-not-found role -n "$ns" "nss-runtime-managed-role-from-$op_ns" + done - csv=$(fetch_csv_from_sub "$sub" "$OPERATOR_NS") - if [ "$csv" != "" ]; then - ${OC} delete --ignore-not-found -n "$OPERATOR_NS" csv "$csv" - fi + sub=$(fetch_sub_from_package ibm-namespace-scope-operator "$ns") + if [ "$sub" != "" ]; then + ${OC} delete --ignore-not-found -n "$ns" sub "$sub" + fi + csv=$(fetch_csv_from_sub "$sub" "$ns") + if [ "$csv" != "" ]; then + ${OC} delete --ignore-not-found -n "$ns" csv "$csv" + fi + done } function delete_webhook() { @@ -266,10 +301,85 @@ function delete_tenant_ns() { warning "Failed to delete namespace $ns, force deleting remaining resources..." remove_all_finalizers $ns && success "Namespace $ns is deleted successfully." fi + update_namespaceMapping $ns done + + cleanup_cs_control + success "Common Services uninstall finished and successfull." } +function update_namespaceMapping() { + namespace=$1 + title "Updating common-service-maps $namespace" + msg "-----------------------------------------------------------------------" + local current_yaml=$("${OC}" get -n kube-public cm common-service-maps -o yaml | yq '.data.["common-service-maps.yaml"]') + local isExist=$(echo "$current_yaml" | yq '.namespaceMapping[] | select(.map-to-common-service-namespace == "'$namespace'")') + + if [ "$isExist" ]; then + info "The map-to-common-service-namespace: $namespace, exist in common-service-maps" + info "Deleting this tenant in common-service-maps" + updated_yaml=$(echo "$current_yaml" | yq 'del(.namespaceMapping[] | select(.map-to-common-service-namespace == "'$namespace'"))') + local padded_yaml=$(echo "$updated_yaml" | awk '$0=" "$0') + update_cs_maps "$padded_yaml" + else + info "Namespace: $namespace does not exist in .map-to-common-service-namespace, skipping" + fi +} + +# update_cs_maps Updates the common-service-maps with the given yaml. Note that +# the given yaml should have the right indentation/padding, minimum 2 spaces per +# line. If there are multiple lines in the yaml, ensure that each line has +# correct indentation. +function update_cs_maps() { + local yaml=$1 + + local object="$( + cat <