From 9220b2c7d933440b8cb3a9b5c6688feb498e763d Mon Sep 17 00:00:00 2001
From: Zheng Xiao Mei <xmzheng@cn.ibm.com>
Date: Fri, 2 Jun 2023 16:42:23 +0800
Subject: [PATCH] Support bastion insert and clean .

Signed-off-by: Zheng Xiao Mei <xmzheng@cn.ibm.com>
---
 .../cloud_infra_center/ocp_upi/01-preparation.yaml       | 4 ++++
 .../cloud_infra_center/ocp_upi/04-destroy.yaml           | 3 +++
 .../cloud_infra_center/ocp_upi/README.md                 | 9 ++++++++-
 .../cloud_infra_center/ocp_upi/destroy-bastion.yaml      | 1 +
 .../cloud_infra_center/ocp_upi/inventory.yaml            | 1 +
 5 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 z_infra_provisioning/cloud_infra_center/ocp_upi/destroy-bastion.yaml

diff --git a/z_infra_provisioning/cloud_infra_center/ocp_upi/01-preparation.yaml b/z_infra_provisioning/cloud_infra_center/ocp_upi/01-preparation.yaml
index 7702ccffc..9765e209d 100644
--- a/z_infra_provisioning/cloud_infra_center/ocp_upi/01-preparation.yaml
+++ b/z_infra_provisioning/cloud_infra_center/ocp_upi/01-preparation.yaml
@@ -42,3 +42,7 @@
 - import_playbook: configure-security-groups.yaml
 - import_playbook: configure-network.yaml
 - import_playbook: configure-bastion-properties.yaml
+- import_playbook: configure-dns.yaml
+  when: use_bastion == true
+- import_playbook: configure-haproxy.yaml
+  when: use_bastion == true
diff --git a/z_infra_provisioning/cloud_infra_center/ocp_upi/04-destroy.yaml b/z_infra_provisioning/cloud_infra_center/ocp_upi/04-destroy.yaml
index 19b80aaff..3626c4c48 100644
--- a/z_infra_provisioning/cloud_infra_center/ocp_upi/04-destroy.yaml
+++ b/z_infra_provisioning/cloud_infra_center/ocp_upi/04-destroy.yaml
@@ -25,3 +25,6 @@
     - volume_type_id is defined
     - vm_type == "kvm"
 - import_playbook: destroy-files.yaml
+- import_playbook: destroy-bastion.yaml
+  when: use_bastion == true
+
diff --git a/z_infra_provisioning/cloud_infra_center/ocp_upi/README.md b/z_infra_provisioning/cloud_infra_center/ocp_upi/README.md
index 16316a41d..6bf85bcbe 100644
--- a/z_infra_provisioning/cloud_infra_center/ocp_upi/README.md
+++ b/z_infra_provisioning/cloud_infra_center/ocp_upi/README.md
@@ -288,6 +288,7 @@ Update your settings based on the samples. The following propeties are **require
 If you need the Ansible playbook to help configure DNS server or HAProxy server on bastion server, you need to configure correct bastion properties.
 | Property| <div style="width:220px">Default</div> | Description                           |
 | --------------------------------------- | ------------------------------------- |:-----|
+| `use_bastion` | true | When false, you need configure DNS or HAproxy manually in step 2.
 | `ansible_ssh_host` | \<linux server ip addr\> | 'x.x.x.x'<br> **required** when use bastion server, give the IP address of bastion server.
 | `bastion_private_ip_address` | \<bastion ip addr\>      |IP address of your bastion node<br>**required** when use bastion server, give the IP address of bastion server.
 | `dns_forwarder` | \<upstream DNS ip addr\> |For nameserver where requests should be forwarded for resolution.<br>**required** when use bastion server
@@ -324,7 +325,9 @@ ansible-playbook -i inventory.yaml 01-preparation.yaml
 
 2. **Step2**:
 
-**Note**: This step is optional. You can skip this step if you want to use your external or existing DNS and Load Balancer, you can refer [Add-DNS-HAProxy](docs/add-dns-haproxy.md) to update it.
+**Note**: This step is optional. 
+You can skip this step if you set use_bastion true.
+You can skip this step if you want to use your external or existing DNS and Load Balancer, you can refer [Add-DNS-HAProxy](docs/add-dns-haproxy.md) to update it.
 
 > Use this playbook to configure the DNS server and HAProxy, please add `-K` parameter if you use the non-root user, and enter the password for your user.
 ```sh
@@ -337,6 +340,10 @@ ansible-playbook -i inventory.yaml bastion.yaml -K
 ```sh
 ansible-playbook -i inventory.yaml configure-haproxy.yaml
 ```
+> If you use your external or existing Load Balancer server, but no Load Balancer, you can refer [Add-DNS-HAProxy](docs/add-dns-haproxy.md) to update Load Balancer part, and use this playbook to configure DNS in your bastion server.
+```sh
+ansible-playbook -i inventory.yaml configure-dns.yaml
+```
 
 3. **Step3**:
 
diff --git a/z_infra_provisioning/cloud_infra_center/ocp_upi/destroy-bastion.yaml b/z_infra_provisioning/cloud_infra_center/ocp_upi/destroy-bastion.yaml
new file mode 100644
index 000000000..b33182559
--- /dev/null
+++ b/z_infra_provisioning/cloud_infra_center/ocp_upi/destroy-bastion.yaml
@@ -0,0 +1 @@
+# Clean DNS and Haproxy config 
\ No newline at end of file
diff --git a/z_infra_provisioning/cloud_infra_center/ocp_upi/inventory.yaml b/z_infra_provisioning/cloud_infra_center/ocp_upi/inventory.yaml
index 66fc01361..36dd7bf97 100644
--- a/z_infra_provisioning/cloud_infra_center/ocp_upi/inventory.yaml
+++ b/z_infra_provisioning/cloud_infra_center/ocp_upi/inventory.yaml
@@ -76,6 +76,7 @@ all:
       create_server_timeout: 10 # minute
 
     bastion:
+      use_bastion: true
       ansible_ssh_host: '<linux-server-ip-addr>'
       ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
       bastion_private_ip_address: '<bastion-ip-addr>'