Communishift: project deletion and notifcations SOP

Openshift: WIP best practices

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>

modules/sysadmin_guide/pages/sop_communishift.adoc

@@ -9,4 +9,5 @@ The following SOPs are related to the administration of the Communishift Cluster
 - xref:sop_communishift_onboard_tenant.adoc[Onboarding a Communishift tenant]
 - xref:sop_communishift_tenant_quota.adoc[Configuring the Resourcequota for a tenant]
 - xref:sop_communishift_create_sharedvolume.adoc[Create the SharedVolume object which manages tenant storage]
+- xref:sop_communishift_cleanup_script.adoc[Run the Communishift Clean Up Script]
 

modules/sysadmin_guide/pages/sop_communishift_cleanup_script.adoc

@@ -0,0 +1,41 @@
+= Run the Communishift Clean Up Script
+
+== Resources
+- [1] Playbook: https://pagure.io/fedora-infra/ansible/blob/main/f/playbooks/manual/communishift_send_email_notifications.yml
+- [2] Role: https://pagure.io/fedora-infra/ansible/blob/main/f/roles/communishift
+- [3] Cluster: https://console-openshift-console.apps.fedora.cj14.p1.openshiftapps.com
+
+
+=== Add project name to variables
+Members of `sysadmin-openshift` can run this playbook at [1]. It contains the list of communishift projects. When on boarding, add the new name of the project to the `communishift_projects` dictionary in `inventory/group_vars/all`.
+If needed, resource quotas can be overriden from defaults in the same dictionary. The `do_not_delete: true` variable attached to a project will prevent the project from recieving notifications and being cleaned up by cleanup scripts.
+
+=== Run the playbook to send notifications
+Run the playbook[1] on the batcave in order to send notifications to project administrators.
+
+----
+sudo rbac-playbook manual/communishift_send_email_notifications.yml
+----
+
+
+=== Cleaning up projects
+The system for actually deleting the projects is not automated. Please manually delete each one.
+
+
+=== Finally update the all groups var with the remaining list of projects
+Update the `communishift_projects` dictionary in `inventory/groups/all` to include only the remaining projects which were not removed as part of this process eg:
+
+----
+communishift_projects:
+  communishift-fedora-review-service:
+    name: communishift-fedora-review-service
+    do_not_delete: true                           # Marked do not delete 2024-10-21
+  communishift-log-detective:
+    name: communishift-log-detective
+    do_not_delete: true                           # Marked do not delete 2024-10-21
+    memory_requests: 4Gi
+    memory_limits: 6Gi
+    storage_requests: 10Gi
+----
+
+Please also disable each FAS group which corresponded with the pruned project. It should match the name of the project listed in the `inventory/groups/all` `communishift_projects` dictionary.

modules/sysadmin_guide/pages/sop_communishift_onboard_tenant.adoc

@@ -16,6 +16,20 @@ If needed, resource quotas can be overriden from defaults in the same dictionary
 
 Note: Projects *must* start with `communishift-` eg `communishift-dev-test`.
 
+See the following example of the `communishift-eventbot` project and the `communishift-fedora-review-service` project being added:
+
+----
+communishift_projects:
+  communishift-eventbot:
+    name: communishift-eventbot
+  communishift-fedora-review-service:
+    name: communishift-fedora-review-service
+    do_not_delete: true                           # Marked do not delete 2024-10-21
+...
+----
+
+NOTE: To mark a project as one which should _NOT_ be cleaned up as part of the Communishift clean up script, mark it with the boolean like so and it is helpful to include the date so we can see at a glance when projects were granted this special status: `do_not_delete: true # Marked do not delete YYYY-MM-DD`
+
 
 === Add new project group to IPA
 A group must be created in IPA which matches the name of the group added to the playbook in the previous step. Please ensure that the community member requesting access to the cluster is also added to this group in IPA, and made a sponsor. This way they can administer members in their group in a self service fashion later.