[ci-framework-jobs] add cleanup-openstack-for-reuse playbook

Add a wrapper playbook that calls the ci-framework cleanup-openstack-for-reuse
playbook to enable infrastructure reuse in ci-framework-jobs workflows.

This playbook provides a convenient way to clean up OpenStack resources
(CRs, storage, API resources) while preserving the OpenShift cluster
infrastructure for reuse in subsequent deployments. By default, it performs
aggressive cleanup including namespace deletion and force removal of finalizers
to ensure a clean state.

The playbook follows the same pattern as clean-env.yaml, executing the
ci-framework cleanup playbook with configurable options that can be overridden
via extra variables.

Related: OSPRH-21759

Signed-off-by: Roberto Alfieri <[email protected]>

Author: rebtoor

cleanup-openstack-for-reuse.yml

@@ -0,0 +1,68 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# This playbook cleans up OpenStack resources while preserving the OpenShift
+# cluster infrastructure for reuse. It removes:
+# - All OpenStack CRs (ControlPlane, DataPlane, etc.)
+# - Storage resources (PVCs, secrets, ConfigMaps)
+# - Optionally: OpenStack API resources (servers, networks, volumes, etc.)
+#
+# Usage examples:
+#
+# Basic cleanup (removes OpenStack CRs and storage, keeps cluster):
+#   ansible-playbook -i inventory.yml cleanup-openstack-for-reuse.yml
+#
+# Skip API resource cleanup (if needed):
+#   ansible-playbook -i inventory.yml cleanup-openstack-for-reuse.yml \
+#     -e cleanup_api_resources=false
+#
+# Aggressive cleanup (removes everything including namespaces):
+#   ansible-playbook -i inventory.yml cleanup-openstack-for-reuse.yml \
+#     -e cleanup_api_resources=true \
+#     -e cleanup_namespaces=true \
+#     -e force_remove_finalizers=true
+
+- name: Clean OpenStack deployment for infrastructure reuse
+  hosts: "{{ target_host | default('localhost') }}"
+  gather_facts: true
+  vars:
+    # By default, clean OpenStack CRs, storage, and API resources but keep OpenShift cluster
+    # Set to false to skip OpenStack API resource cleanup
+    cifmw_cleanup_openstack_delete_api_resources: "{{ cleanup_api_resources | default(true) }}"
+    # Set to true to delete namespaces (use with caution)
+    cifmw_cleanup_openstack_delete_namespaces: "{{ cleanup_namespaces | default(false) }}"
+    # Set to true to force remove finalizers from stuck CRs
+    cifmw_cleanup_openstack_force_remove_finalizers: "{{ force_remove_finalizers | default(false) }}"
+  tasks:
+    - name: Cleanup OpenStack deployment
+      ansible.builtin.include_role:
+        name: cleanup_openstack
+
+    - name: Display cleanup summary
+      ansible.builtin.debug:
+        msg: >-
+          OpenStack cleanup completed. The OpenShift cluster is now ready for reuse.
+
+          Cleaned resources:
+          - OpenStack CRs (ControlPlane, DataPlane, etc.)
+          - Storage resources (PVCs, secrets, ConfigMaps)
+          - OpenStack API resources (servers, networks, volumes, etc.)
+          - Artifacts and logs
+          {% if cifmw_cleanup_openstack_delete_namespaces %}
+          - OpenStack namespaces (if empty)
+          {% endif %}
+
+          The cluster infrastructure is preserved and ready for a new deployment.

roles/cleanup_openstack/tasks/cleanup_crs_direct.yaml

@@ -0,0 +1,155 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Get OpenStack namespace
+  ansible.builtin.set_fact:
+    _openstack_namespace: "{{ cifmw_kustomize_deploy_namespace | default('openstack') }}"
+
+- name: Delete OpenStackControlPlane CRs
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    api_version: core.openstack.org/v1beta1
+    kind: OpenStackControlPlane
+    namespace: "{{ _openstack_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 600
+  ignore_errors: true
+  register: _delete_controlplane_result
+  until: _delete_controlplane_result is succeeded or (_delete_controlplane_result.failed and 'not found' in (_delete_controlplane_result.msg | default('')))
+  retries: 3
+  delay: 30
+
+- name: Wait for control plane pods to terminate
+  kubernetes.core.k8s_info:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    namespace: "{{ _openstack_namespace }}"
+    kind: Pod
+  register: _remaining_pods
+  until: _remaining_pods.resources | length == 0 or (_remaining_pods.resources | selectattr('metadata.name', 'match', '.*(rabbitmq|galera|openstack).*') | list | length == 0)
+  retries: 60
+  delay: 10
+  when: _delete_controlplane_result is succeeded
+
+- name: Delete OpenStackDataPlaneDeployment CRs
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    api_version: dataplane.openstack.org/v1beta1
+    kind: OpenStackDataPlaneDeployment
+    namespace: "{{ _openstack_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 600
+  ignore_errors: true
+
+- name: Delete OpenStackDataPlaneNodeSet CRs
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    api_version: dataplane.openstack.org/v1beta1
+    kind: OpenStackDataPlaneNodeSet
+    namespace: "{{ _openstack_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 600
+  ignore_errors: true
+
+- name: Delete OpenStackDataPlaneService CRs
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    api_version: dataplane.openstack.org/v1beta1
+    kind: OpenStackDataPlaneService
+    namespace: "{{ _openstack_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 300
+  ignore_errors: true
+
+- name: Delete OpenStackDataPlaneNode CRs
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    api_version: dataplane.openstack.org/v1beta1
+    kind: OpenStackDataPlaneNode
+    namespace: "{{ _openstack_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 300
+  ignore_errors: true
+
+- name: Delete OpenStackClient CRs
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    api_version: client.openstack.org/v1beta1
+    kind: OpenStackClient
+    namespace: "{{ _openstack_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 300
+  ignore_errors: true
+
+- name: Delete OpenStackVersion CRs
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    api_version: core.openstack.org/v1beta1
+    kind: OpenStackVersion
+    namespace: "{{ _openstack_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 300
+  ignore_errors: true
+
+- name: Delete OpenStack CR (legacy)
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    api_version: openstack.org/v1beta1
+    kind: OpenStack
+    namespace: "{{ _openstack_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 300
+  ignore_errors: true
+
+- name: Remove finalizers from stuck OpenStackControlPlane CRs
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    api_version: core.openstack.org/v1beta1
+    kind: OpenStackControlPlane
+    namespace: "{{ _openstack_namespace }}"
+    state: patched
+    definition:
+      metadata:
+        finalizers: []
+  ignore_errors: true
+  when: cifmw_cleanup_openstack_force_remove_finalizers | default(false)

roles/cleanup_openstack/tasks/cleanup_namespaces.yaml

@@ -0,0 +1,93 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Get OpenStack namespace
+  ansible.builtin.set_fact:
+    _openstack_namespace: "{{ cifmw_kustomize_deploy_namespace | default('openstack') }}"
+    _openstack_operators_namespace: "{{ cifmw_kustomize_deploy_operators_namespace | default('openstack-operators') }}"
+
+- name: Get all resources in OpenStack namespace
+  kubernetes.core.k8s_info:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    namespace: "{{ _openstack_namespace }}"
+  register: _openstack_namespace_resources
+  ignore_errors: true
+
+- name: Check if OpenStack namespace is empty
+  ansible.builtin.set_fact:
+    _openstack_namespace_empty: >-
+      {{
+        (_openstack_namespace_resources.resources | default([]) |
+         rejectattr('kind', 'in', ['Namespace', 'ServiceAccount']) |
+         list | length) == 0
+      }}
+
+- name: Delete OpenStack namespace if empty
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    kind: Namespace
+    name: "{{ _openstack_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 300
+  when:
+    - _openstack_namespace_empty
+    - cifmw_cleanup_openstack_delete_namespaces
+  ignore_errors: true
+
+- name: Get all resources in OpenStack operators namespace
+  kubernetes.core.k8s_info:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    namespace: "{{ _openstack_operators_namespace }}"
+  register: _operators_namespace_resources
+  ignore_errors: true
+
+- name: Check if OpenStack operators namespace is empty
+  ansible.builtin.set_fact:
+    _operators_namespace_empty: >-
+      {{
+        (_operators_namespace_resources.resources | default([]) |
+         rejectattr('kind', 'in', ['Namespace', 'ServiceAccount']) |
+         list | length) == 0
+      }}
+
+- name: Delete OpenStack operators namespace if empty
+  kubernetes.core.k8s:
+    kubeconfig: "{{ cifmw_openshift_kubeconfig }}"
+    api_key: "{{ cifmw_openshift_token | default(omit) }}"
+    context: "{{ cifmw_openshift_context | default(omit) }}"
+    kind: Namespace
+    name: "{{ _openstack_operators_namespace }}"
+    state: absent
+    wait: true
+    wait_timeout: 300
+  when:
+    - _operators_namespace_empty
+    - cifmw_cleanup_openstack_delete_namespaces
+  ignore_errors: true
+
+- name: Display namespace cleanup status
+  ansible.builtin.debug:
+    msg: >-
+      Namespace cleanup:
+      - {{ _openstack_namespace }}: {{ 'deleted' if (_openstack_namespace_empty and cifmw_cleanup_openstack_delete_namespaces) else 'kept (not empty or deletion disabled)' }}
+      - {{ _openstack_operators_namespace }}: {{ 'deleted' if (_operators_namespace_empty and cifmw_cleanup_openstack_delete_namespaces) else 'kept (not empty or deletion disabled)' }}