AWS も OpenShift も超初心者なので OpenShift を壊してしまったため IPI で再構築しようとopenshift-install destroy cluster
で削除してたら止まってしまった。
openshift-install --log-level debug destroy cluster
で再実行したら以下の様なログが出た。どうやら AWS の Security Group に依存関係があるため消せなくなったようだ。
DEBUG search for and delete matching resources by tag in us-east-2 matching aws.Filter{"kubernetes.io/cluster/cluster-9373-dlhk2":"owned"} DEBUG DependencyViolation: The dhcpOptions 'dopt-085c2dada1f343ae4' has dependencies and cannot be deleted. status code: 400, request id: 45d53455-d1d7-41ce-ad6f-66934e8eca4b arn="arn:aws:ec2:us-east-2:434612646751:dhcp-options/dopt-085c2dada1f343ae4" DEBUG DependencyViolation: resource sg-0a444d2ee4b09f1a1 has a dependent object status code: 400, request id: b7665590-49ae-4179-98f8-1ffc1f268c5e arn="arn:aws:ec2:us-east-2:434612646751:security-group/sg-0a444d2ee4b09f1a1" DEBUG Skipping default security group arn="arn:aws:ec2:us-east-2:434612646751:vpc/vpc-004bba1a4101c1ff0" id=vpc-004bba1a4101c1ff0 security group=sg-009a1a514280a6428 DEBUG deleting EC2 security group sg-0a444d2ee4b09f1a1: DependencyViolation: resource sg-0a444d2ee4b09f1a1 has a dependent object status code: 400, request id: e09c5452-30cc-40a5-a250-68206a0c0500 arn="arn:aws:ec2:us-east-2:434612646751:vpc/vpc-004bba1a4101c1ff0" DEBUG search for and delete matching resources by tag in us-east-2 matching aws.Filter{"openshiftClusterID":"2ec853c4-fdb5-4048-b121-4b2cdb884949"} DEBUG search for and delete matching resources by tag in us-east-1 matching aws.Filter{"kubernetes.io/cluster/cluster-9373-dlhk2":"owned"} DEBUG NoSuchHostedZone: No hosted zone found with ID: Z05082143QIXIT5Y0HD82 status code: 404, request id: 775594c5-092d-41a4-bac6-d610faad2aa1 arn="arn:aws:route53:::hostedzone/Z05082143QIXIT5Y0HD82" DEBUG search for and delete matching resources by tag in us-east-1 matching aws.Filter{"openshiftClusterID":"2ec853c4-fdb5-4048-b121-4b2cdb884949"}
Webコンソールにはアクセスできないので、AWS CLI を使って対応していきます。
消せない Security Group は sg-0a444d2ee4b09f1a1
です。これを探してみると、default の Security Group である sg-009a1a514280a6428
に追加されているようです。
$ aws ec2 describe-security-groups { "SecurityGroups": [ { "Description": "default VPC security group", "GroupName": "default", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": [ { "GroupId": "sg-009a1a514280a6428", "UserId": "434612646751" }, { "GroupId": "sg-0a444d2ee4b09f1a1", "UserId": "434612646751" } ] } ], (略)
Security Group の ingress 情報を削除するのは aws ec2 revoke-security-group-ingress
らしい。以下の様にして取り除きます。
aws ec2 revoke-security-group-ingress --group-id sg-009a1a514280a6428 --ip-permissions '[{"IpProtocol":"-1","UserIdGroupPairs":[{"GroupId":"sg-0a444d2ee4b09f1a1","UserId":"434612646751"}]}]'
確認してみます。
$ aws ec2 describe-security-groups { "SecurityGroups": [ { "Description": "default VPC security group", "GroupName": "default", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": [ { "GroupId": "sg-021e9474e3577bea9", "UserId": "434612646751" } ] } ],
消えた!これでopenshift-install destroy cluster
で削除できるようになりました。