Cleanup on AWS ROSA

This section provides cleanup procedures that needs to be done on an IBM Storage Scale container native deployment on Red Hat OpenShift Service on AWS (ROSA).

Cleaning up the ROSA worker security group

Complete the following steps to clean up ROSA worker security group:

1. In your AWS Management Console, navigate to the "EC2 Dashboard" in the region where ROSA is installed and select the "Security Groups" option from the navigation pane. Locate the Security Group for ROSA (worker security group id in case of ocp version < 4.16.x and node security group id in case of ocp version ≥ 4.16.x). Export the following variable.

   export AWS_ROSA_WORKER_SECURITY_GROUP=<security_group_id>
   

2. Use the following commands to revoke the IBM Storage Scale container native ingress traffic rules.

    aws ec2 revoke-security-group-ingress --group-id ${AWS_ROSA_WORKER_SECURITY_GROUP} --protocol tcp --port 12345  --source-group ${AWS_ROSA_WORKER_SECURITY_GROUP}
    aws ec2 revoke-security-group-ingress --group-id ${AWS_ROSA_WORKER_SECURITY_GROUP} --protocol tcp --port 1191  --source-group ${AWS_ROSA_WORKER_SECURITY_GROUP}
    aws ec2 revoke-security-group-ingress --group-id ${AWS_ROSA_WORKER_SECURITY_GROUP} --protocol tcp --port 60000-61000  --source-group ${AWS_ROSA_WORKER_SECURITY_GROUP}
   

Revoke filesystem access from the storage cluster

Before revoking access from the storage cluster, ensure that you have fully cleaned up the IBM Storage Scale container native cluster and no longer have any applications utilizing the filesystems.

After IBM Storage Scale container native has been uninstalled, use the following command to revoke the filesystem access:

cloudkit revoke filesystem

The following block shows an example of what you can expect to see when revoking the filesystem:

# ./cloudkit revoke filesystem
I: Logging at /root/scale-cloudkit/logs/cloudkit-16-2-2023_0-16-37.log
? Cloud platform name:  AWS
=========================================================================
|                              ! Note !                                 |
========================================================================|
|  Revoke cluster involves unmount of filesystem. Make sure the I/O is  |
|  stopped and data is flushed before proceeding further.               |
=========================================================================
? Select remotemount name:  scale-strg-cls-rosa-scale
? IBM Storage Scale Container Native cluster name:  ibm-spectrum-scale.stg.rosa-scale.example.com
? Storage cluster management GUI username:  administrator
? Storage cluster management GUI password:  ********
? Connectivity method to cloud:  JumpHost
? Bastion/JumpHost instance login username:  ec2-user
? Bastion/JumpHost instance public ip address:  xxx.xxx.xxx.195
? Bastion/JumpHost SSH private key file path (will be used only for configuration):  /root/bastion_pvt_key
I: Obtaining IBM Storage Scale storage cluster definition.
I: Initiating remote mount revoke configuration.
 100% |██████████████████████████████████████████████████████████████████████████████████████████████| (10/10, 1 it/min)
I: IBM Storage Scale cluster configuration completed.
I: Updating storage security group '<sg-storage-hash>' to revoke traffic from OCP security group '<sg-ocp-group-hash>'.
I: Access to IBM Storage Scale cluster 'scale-strg-cls' has been revoked.