Remove an OpenStack service¶
OpenStack Controller (Rockoon)
Since MOSK 25.1, the OpenStack Controller has been open-sourced under the name Rockoon and is maintained as an independent open-source project going forward.
As part of this transition, all openstack-controller
pods are named
rockoon
pods across the MOSK documentation and deployments. This change
does not affect functionality, but this is the reminder for the users to
utilize the new naming for pods and other related artifacts accordingly.
This section instructs you on how to remove an OpenStack service deployed on
top of Kubernetes. A service is typically removed by deleting a corresponding
entry in the spec.features.services
section of the
openstackdeployments.lcm.mirantis.com
(OsDpl) CR.
Caution
You cannot remove the default services built into the preset
section.
Remove a service¶
Verify that the
spec.features.services
section is present in the OsDpl object:kubectl -n openstack get osdpl osh-dev -o jsonpath='{.spec.features.services}'
Example of system output:
[instance-ha object-storage]
Obtain the user name of the service database that will be required during Clean up OpenStack database leftovers after the service removal to substitute
SERVICE-DB-NAME
:Note
For example, the
<SERVICE-NAME>
for theinstance-ha
service type ismasakari
.kubectl -n osh-system exec -t <ROCKOON-POD-NAME> -- helm3 -n openstack get values openstack-<SERVICE-NAME> -o json | jq -r .endpoints.oslo_db.auth.<SERVICE-NAME>.username
Delete the service from the
spec.features.services
section of the OsDpl CR:kubectl -n openstack edit osdpl osh-dev
The deletion may take a certain amount of time.
Verify that all related objects have been deleted and no objects are present in the output of the following command:
for i in $(kubectl api-resources --namespaced -o name | grep -v event); do kubectl -n openstack get $i 2>/dev/null | grep <SERVICE-NAME>; done
Clean up OpenStack API leftovers after the service removal¶
Log in to the Keystone client pod shell:
kubectl -n openstack exec -it <KEYSTONE-CLIENT-POD-NAME> -- bash
Remove service endpoints from the Keystone catalog:
for i in $(openstack endpoint list --service <SERVICE-NAME> -f value -c ID); do openstack endpoint delete $i; done
Remove the service user from the Keystone catalog:
openstack user list --project service | grep <SERVICE-NAME> openstack user delete <SERVICE-USER-ID>
Remove the service from the catalog:
openstack service list | grep <SERVICE-NAME> openstack service delete <SERVICE-ID>
Clean up OpenStack database leftovers after the service removal¶
Caution
The procedure below will permanently destroy the data of the removed service.
Log in to the
mariadb-server
pod shell:kubectl -n openstack exec -it mariadb-server-0 -- bash
Remove the service database user and its permissions:
Note
Use the user name for the service database obtained during the Remove a service procedure to substitute
SERVICE-DB-NAME
:mysql -u root -p${MYSQL_DBADMIN_PASSWORD} -e "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '<SERVICE-DB-USERNAME>'@'%';" mysql -u root -p${MYSQL_DBADMIN_PASSWORD} -e "DROP USER '<SERVICE-DB-USERNAME>'@'%';"
Remove the service database:
mysql -u root -p${MYSQL_DBADMIN_PASSWORD} -e "DROP DATABASE <SERVICE-NAME>;"