openstack-k8s-operators
diff --git a/‎ci/playbooks/clean-config-drives-only.yml‎
Lines changed: 49 additions & 0 deletions b/‎ci/playbooks/clean-config-drives-only.yml‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎cleanup-openstack-for-reuse.yml‎
Lines changed: 68 additions & 0 deletions b/‎cleanup-openstack-for-reuse.yml‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎docs/dictionary/en-custom.txt‎
Lines changed: 12 additions & 0 deletions b/‎docs/dictionary/en-custom.txt‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎roles/cleanup_openstack/README.md‎
Lines changed: 106 additions & 2 deletions b/‎roles/cleanup_openstack/README.md‎
Lines changed: 106 additions & 2 deletions
diff --git a/‎roles/cleanup_openstack/defaults/main.yaml‎
Lines changed: 75 additions & 0 deletions b/‎roles/cleanup_openstack/defaults/main.yaml‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎roles/cleanup_openstack/tasks/cleanup_crs.yaml‎
Lines changed: 1 addition & 1 deletion b/‎roles/cleanup_openstack/tasks/cleanup_crs.yaml‎
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,49 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This playbook cleans only config drive ISO files to allow infrastructure reuse.
+# It does NOT clean libvirt VMs or other resources - only config drives.
+# This is needed when reusing infrastructure to avoid conflicts with existing
+# ISO files that might be attached to VMs.
+
+- name: Clean config drives for infrastructure reuse
+  hosts: "{{ cifmw_target_host | default('localhost') }}"
+  gather_facts: true
+  tasks:
+    - name: Cleanup config_drive workdir
+      ansible.builtin.include_role:
+        name: config_drive
+        tasks_from: cleanup.yml
+
+    - name: Remove ISO files from workload directory
+      when: cifmw_libvirt_manager_basedir is defined
+      ansible.builtin.find:
+        paths: "{{ cifmw_libvirt_manager_basedir }}/workload"
+        patterns: "*.iso"
+      register: _iso_files
+      failed_when: false
+
+    - name: Delete ISO files from workload directory
+      when:
+        - cifmw_libvirt_manager_basedir is defined
+        - _iso_files.files | default([]) | length > 0
+      ansible.builtin.file:
+        path: "{{ item.path }}"
+        state: absent
+      loop: "{{ _iso_files.files | default([]) }}"
+      failed_when: false
+      # Note: This may fail if ISO is attached to a running VM, but that's okay
+      # The config_drive role will handle the case where ISO doesn't exist
@@ -0,0 +1,68 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This playbook cleans up OpenStack resources while preserving the OpenShift
+# cluster infrastructure for reuse. It removes:
+# - All OpenStack CRs (ControlPlane, DataPlane, etc.)
+# - Storage resources (PVCs, secrets, ConfigMaps)
+# - Optionally: OpenStack API resources (servers, networks, volumes, etc.)
+#
+# Usage examples:
+#
+# Basic cleanup (removes OpenStack CRs and storage, keeps cluster):
+#   ansible-playbook -i inventory.yml cleanup-openstack-for-reuse.yml
+#
+# Skip API resource cleanup (if needed):
+#   ansible-playbook -i inventory.yml cleanup-openstack-for-reuse.yml \
+#     -e cleanup_api_resources=false
+#
+# Aggressive cleanup (removes everything including namespaces):
+#   ansible-playbook -i inventory.yml cleanup-openstack-for-reuse.yml \
+#     -e cleanup_api_resources=true \
+#     -e cleanup_namespaces=true \
+#     -e force_remove_finalizers=true
+
+- name: Clean OpenStack deployment for infrastructure reuse
+  hosts: "{{ target_host | default('localhost') }}"
+  gather_facts: true
+  vars:
+    # By default, clean OpenStack CRs, storage, and API resources but keep OpenShift cluster
+    # Set to false to skip OpenStack API resource cleanup
+    cifmw_cleanup_openstack_delete_api_resources: "{{ cleanup_api_resources | default(true) }}"
+    # Set to true to delete namespaces (use with caution)
+    cifmw_cleanup_openstack_delete_namespaces: "{{ cleanup_namespaces | default(false) }}"
+    # Set to true to force remove finalizers from stuck CRs
+    cifmw_cleanup_openstack_force_remove_finalizers: "{{ force_remove_finalizers | default(false) }}"
+  tasks:
+    - name: Cleanup OpenStack deployment
+      ansible.builtin.include_role:
+        name: cleanup_openstack
+
+    - name: Display cleanup summary
+      ansible.builtin.debug:
+        msg: >-
+          OpenStack cleanup completed. The OpenShift cluster is now ready for reuse.
+
+          Cleaned resources:
+          - OpenStack CRs (ControlPlane, DataPlane, etc.)
+          - Storage resources (PVCs, secrets, ConfigMaps)
+          - OpenStack API resources (servers, networks, volumes, etc.)
+          - Artifacts and logs
+          {% if cifmw_cleanup_openstack_delete_namespaces %}
+          - OpenStack namespaces (if empty)
+          {% endif %}
+
+          The cluster infrastructure is preserved and ready for a new deployment.
@@ -55,6 +55,7 @@ buildah
 buildpkgs
 cacert
 cacheable
+certmanager
 catalogsource
 cci
 ccitredhat
@@ -138,6 +139,7 @@ deepscrub
 delorean
 deployer
 deprovision
+deprovisioned
 deps
 dest
 dev
@@ -185,6 +187,7 @@ extraRPMs
 ezzmy
 favorit
 fbqufbqkfbzxrja
+finalizers
 fci
 fdp
 fedoraproject
@@ -299,6 +302,7 @@ kvm
 lacp
 lajly
 LDAP
+Lifecycle
 ldp
 libguestfs
 libvirt
@@ -415,8 +419,12 @@ openstack
 openstackclient
 openstackcontrolplane
 openstackdataplane
+openstackdataplanedeployment
+OpenStackDataPlaneDeployment
 openstackdataplanenodeset
 openstackdataplanenodesets
+openstackdataplaneservice
+OpenStackDataPlaneService
 openstackprovisioner
 openstacksdk
 openstackversion
@@ -443,6 +451,8 @@ passwd
 passwordless
 pastebin
 pem
+persistentvolumes
+PersistentVolumes
 pkgs
 pki
 png
@@ -468,6 +478,7 @@ pubkey
 publicdomain
 pullsecret
 pvs
+PVCs
 pwd
 pxe
 py
@@ -491,6 +502,7 @@ readmes
 readthedocs
 reauthenticate
 rebaser
+reusability
 redfish
 redhat
 refspec
 
@@ -1,11 +1,115 @@
 # cleanup_openstack
 
-Cleans up openstack resources created by CIFMW by deleting CRs
+Cleans up OpenStack resources created by CIFMW while preserving the OpenShift cluster infrastructure for reuse. This role removes OpenStack-specific resources (CRs, API resources, storage) but keeps infrastructure operators and cluster components intact.
 
 ## Privilege escalation
 None
 
 ## Parameters
-As this role is for cleanup it utilizes default vars from other roles which can be referenced at their role readme page: kustomize_deploy, deploy_bmh
+
+### Cleanup Behavior
 
 * `cifmw_cleanup_openstack_detach_bmh`: (Boolean) Detach BMH when cleaning flag, this is used to avoid deprovision when is not required. Default: `true`
+
+* `cifmw_cleanup_openstack_delete_crs_direct`: (Boolean) Delete OpenStack CRs directly from cluster (not just from files). This ensures all OpenStackControlPlane, OpenStackDataPlaneDeployment, OpenStackDataPlaneNodeSet, and other CRs are removed. Default: `true`
+
+* `cifmw_cleanup_openstack_delete_api_resources`: (Boolean) Delete OpenStack API resources (servers, networks, volumes, flavors, security groups, etc.) using the OpenStack client. This requires either an openstackclient pod in the cluster or openstackclient installed locally. Default: `true`
+
+* `cifmw_cleanup_openstack_delete_storage`: (Boolean) Delete PVCs, secrets, ConfigMaps, and release PersistentVolumes. Default: `true`
+
+* `cifmw_cleanup_openstack_delete_namespaces`: (Boolean) Delete OpenStack namespaces if they are empty. Use with caution as this will remove the namespace entirely. Default: `false`
+
+* `cifmw_cleanup_openstack_force_remove_finalizers`: (Boolean) Force remove finalizers from stuck OpenStackControlPlane CRs. Use only if CRs are stuck in terminating state. Default: `false`
+
+* `cifmw_cleanup_openstack_cloud_name`: (String) OpenStack cloud name to use for API cleanup. Default: `default`
+
+### Path Configuration
+
+The role includes default values for paths used by the `kustomize_deploy` and `deploy_bmh` roles. These can be overridden if needed:
+
+* `cifmw_kustomize_deploy_basedir`: Base directory for kustomize deployment artifacts. Default: `{{ cifmw_basedir | default(ansible_user_dir ~ '/ci-framework-data') }}`
+
+* `cifmw_kustomize_deploy_kustomizations_dest_dir`: Directory containing kustomization files. Default: `{{ cifmw_kustomize_deploy_basedir }}/artifacts/kustomize_deploy`
+
+* `cifmw_kustomize_deploy_namespace`: OpenStack namespace. Default: `openstack`
+
+* `cifmw_kustomize_deploy_operators_namespace`: OpenStack operators namespace. Default: `openstack-operators`
+
+* `cifmw_deploy_bmh_basedir`: Base directory for BMH artifacts. Default: `{{ cifmw_basedir | default(ansible_user_dir ~ '/ci-framework-data') }}`
+
+* `cifmw_deploy_bmh_dest_dir`: Directory containing BMH CRs. Default: `{{ cifmw_deploy_bmh_basedir }}/artifacts/deploy_bmh`
+
+* `cifmw_deploy_bmh_namespace`: Namespace for BaremetalHost resources. Default: `openshift-machine-api`
+
+### OpenShift Cluster Access
+
+* `cifmw_openshift_kubeconfig`: (String) Path to kubeconfig file. Optional - will be inherited from `openshift_login` role if available, or defaults to `~/.kube/config`.
+
+* `cifmw_openshift_token`: (String) OpenShift API token. Optional.
+
+* `cifmw_openshift_context`: (String) OpenShift context to use. Optional.
+
+### Architecture Variables (Optional)
+
+These are only needed if you deployed using architecture-based automation. If not provided, cleanup will skip architecture-specific tasks:
+
+* `cifmw_architecture_repo`: (String) Path to architecture repository. Optional.
+
+* `cifmw_architecture_scenario`: (String) Scenario name used during deployment. Optional.
+
+* `cifmw_architecture_automation_file`: (String) Direct path to automation YAML file. Optional - overrides repo+scenario.
+
+**Note**: This role is self-contained and does not require the `kustomize_deploy`, `deploy_bmh`, or `openshift_login` roles to be present. All necessary default values are included in this role's `defaults/main.yaml`. Architecture variables are optional and only needed for architecture-based deployments.
+
+## What gets cleaned up
+
+### Always cleaned (when enabled):
+- OpenStack CRs (OpenStackControlPlane, OpenStackDataPlaneDeployment, OpenStackDataPlaneNodeSet, OpenStackDataPlaneService, OpenStackClient, OpenStackVersion)
+- Bare Metal Hosts (detached, not deprovisioned)
+- OpenStack deployment CRs from kustomize files
+- OpenStack API resources (servers, networks, volumes, flavors, security groups, etc.)
+- PVCs, secrets, ConfigMaps in OpenStack namespace
+- PersistentVolumes in Released state
+- Certificates and Issuers (cert-manager)
+- Artifacts, logs, and test directories
+
+### Optionally cleaned:
+- Namespaces (if empty)
+
+## What is preserved
+
+The following infrastructure components are **NOT** deleted to preserve cluster reusability:
+- NMState operator (network management)
+- MetalLB operator (load balancing)
+- OLM (Operator Lifecycle Manager)
+- OpenShift cluster operators
+- Cluster-level infrastructure resources
+
+## Usage
+
+Basic cleanup (removes OpenStack CRs and storage, keeps OpenShift cluster):
+```yaml
+- name: Cleanup OpenStack
+  include_role:
+    name: cleanup_openstack
+```
+
+Disable API resource cleanup (if needed):
+```yaml
+- name: Cleanup OpenStack without API resources
+  include_role:
+    name: cleanup_openstack
+  vars:
+    cifmw_cleanup_openstack_delete_api_resources: false
+```
+
+Aggressive cleanup (removes everything including namespaces):
+```yaml
+- name: Aggressive cleanup
+  include_role:
+    name: cleanup_openstack
+  vars:
+    cifmw_cleanup_openstack_delete_api_resources: true
+    cifmw_cleanup_openstack_delete_namespaces: true
+    cifmw_cleanup_openstack_force_remove_finalizers: true
+```
@@ -1 +1,76 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Cleanup behavior flags
 cifmw_cleanup_openstack_detach_bmh: true
+# Delete OpenStack CRs directly from cluster (not just from files)
+cifmw_cleanup_openstack_delete_crs_direct: true
+# Delete OpenStack API resources (servers, networks, volumes, etc.)
+cifmw_cleanup_openstack_delete_api_resources: true
+# Delete PVCs, secrets, and storage resources
+cifmw_cleanup_openstack_delete_storage: true
+# Delete namespaces if empty (use with caution)
+cifmw_cleanup_openstack_delete_namespaces: false
+# Force remove finalizers from stuck CRs
+cifmw_cleanup_openstack_force_remove_finalizers: false
+# OpenStack cloud name for API cleanup
+cifmw_cleanup_openstack_cloud_name: default
+
+# Variables from kustomize_deploy role
+# These are needed for cleanup to locate deployment artifacts and namespaces
+cifmw_kustomize_deploy_basedir: >-
+  {{
+    cifmw_basedir | default(ansible_user_dir ~ '/ci-framework-data')
+  }}
+
+cifmw_kustomize_deploy_kustomizations_dest_dir: >-
+  {{
+    [
+      cifmw_kustomize_deploy_basedir,
+      'artifacts',
+      'kustomize_deploy'
+    ] | path_join
+  }}
+
+cifmw_kustomize_deploy_namespace: openstack
+cifmw_kustomize_deploy_operators_namespace: openstack-operators
+
+# Variables from deploy_bmh role
+# These are needed for cleanup to locate and detach baremetal hosts
+cifmw_deploy_bmh_basedir: >-
+  {{
+    cifmw_basedir | default(ansible_user_dir ~ '/ci-framework-data')
+  }}
+
+cifmw_deploy_bmh_dest_dir: >-
+  {{
+    [
+      cifmw_deploy_bmh_basedir,
+      'artifacts',
+      'deploy_bmh'
+    ] | path_join
+  }}
+
+cifmw_deploy_bmh_namespace: openshift-machine-api
+
+# Variables for OpenShift cluster access
+# Default kubeconfig path (can be overridden by cifmw_openshift_kubeconfig or cifmw_openshift_login_kubeconfig)
+cifmw_cleanup_openstack_kubeconfig_default: "{{ ansible_user_dir }}/.kube/config"
+
+# Architecture variables (optional - if not provided, cleanup will skip architecture-specific tasks)
+# cifmw_architecture_repo: Path to architecture repository (if using architecture-based deployment)
+# cifmw_architecture_scenario: Scenario name (if using architecture-based deployment)
+# cifmw_architecture_automation_file: Direct path to automation file (overrides repo+scenario)
@@ -7,7 +7,7 @@
 
 - name: Cleaning operators resources
   kubernetes.core.k8s:
-    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    kubeconfig: "{{ _k8s_kubeconfig }}"
     api_key: "{{ cifmw_openshift_token | default(omit) }}"
     context: "{{ cifmw_openshift_context | default(omit) }}"
     state: absent