From 9bbf5fd7469b6f5911ab14049934aab5bbcae10d Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 25 Feb 2020 12:29:39 -0500 Subject: [PATCH 1/9] add uninstall state --- README.md | 75 +++++++++--------- tasks/build/install-k3s.yml | 10 +++ tasks/main.yml | 2 +- tasks/state-uninstalled.yml | 23 ++++++ tasks/teardown/uninstall-docker-amazon.yml | 5 ++ .../uninstall-docker-opensuse-leap.yml | 6 ++ .../uninstall-docker-prerequisites-debian.yml | 28 +++++++ .../uninstall-docker-prerequisites-redhat.yml | 38 ++++++++++ .../uninstall-docker-prerequisites-suse.yml | 1 + tasks/teardown/uninstall-docker-suse.yml | 6 ++ tasks/teardown/uninstall-docker.yml | 13 ++++ tasks/teardown/uninstall-k3s.yml | 13 ++++ templates/k3s-killall.sh.j2 | 76 +++++++++++++++++++ templates/k3s-uninstall.sh.j2 | 39 ++++++++++ 14 files changed, 296 insertions(+), 39 deletions(-) create mode 100644 tasks/state-uninstalled.yml create mode 100644 tasks/teardown/uninstall-docker-amazon.yml create mode 100644 tasks/teardown/uninstall-docker-opensuse-leap.yml create mode 100644 tasks/teardown/uninstall-docker-prerequisites-debian.yml create mode 100644 tasks/teardown/uninstall-docker-prerequisites-redhat.yml create mode 100644 tasks/teardown/uninstall-docker-prerequisites-suse.yml create mode 100644 tasks/teardown/uninstall-docker-suse.yml create mode 100644 tasks/teardown/uninstall-docker.yml create mode 100644 tasks/teardown/uninstall-k3s.yml create mode 100644 templates/k3s-killall.sh.j2 create mode 100644 templates/k3s-uninstall.sh.j2 diff --git a/README.md b/README.md index 2a2ed01..0250c97 100644 --- a/README.md +++ b/README.md @@ -43,44 +43,43 @@ my spare time so I cannot promise a speedy fix delivery. Below are variables that are set against all of the play hosts for environment consistency. -| Variable | Description | Default Value | -|----------------------------------|--------------------------------------------------------------------------|-----------------------------------------| -| `k3s_cluster_state` | State of cluster: installed, started, stopped, restarted, downloaded. | installed | -| `k3s_release_version` | Use a specific version of k3s, eg. `v0.2.0`. Specify `false` for latest. | `false` | -| `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s | -| `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` | -| `k3s_server_manifests_dir` | Path for place the `k3s_server_manifests_templates`. | `/var/lib/rancher/k3s/server/manifests` | -| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] | -| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` | -| `k3s_non_root` | Install k3s as non-root user. See notes below. | `false` | -| `k3s_control_workers` | Are control hosts also workers? | `true` | -| `k3s_cluster_cidr` | Network CIDR to use for pod IPs | 10.42.0.0/16 | -| `k3s_service_cidr` | Network CIDR to use for service IPs | 10.43.0.0/16 | -| `k3s_control_node_address` | Use a specific control node address. IP or FQDN. | _NULL_ | -| `k3s_control_token` | Use a specific control token, please read notes below. | _NULL_ | -| `k3s_https_port` | HTTPS port listening port. | 6443 | -| `k3s_use_docker` | Use Docker rather than Containerd? | `false` | -| `k3s_no_flannel` | Do not use Flannel | `false` | -| `k3s_flannel_backend` | Flannel backend ('none', 'vxlan', 'ipsec', 'host-gw' or 'wireguard') | vxlan | -| `k3s_no_coredns` | Do not use CoreDNS | `false` | -| `k3s_cluster_dns` | Cluster IP for CoreDNS service. Should be in your service-cidr range. | _NULL_ | -| `k3s_cluster_domain` | Cluster Domain. | cluster.local | -| `k3s_resolv_conf` | Kubelet resolv.conf file | _NULL_ | -| `k3s_no_traefik` | Do not use Traefik | `false` | -| `k3s_no_servicelb` | Do not use ServiceLB, necessary for using something like MetalLB. | `false` | -| `k3s_no_local_storage` | Do not use Local Storage | `false` | -| `k3s_default_local_storage_path` | Set Local Storage Path. Specify `false` for default. | -`false` | -| `k3s_no_metrics_server` | Do not deploy metrics server | `false` | -| `k3s_disable_scheduler` | Disable Kubernetes default scheduler | `false` | -| `k3s_disable_cloud_controller` | Disable k3s default cloud controller manager. | `false` | -| `k3s_disable_network_policy` | Disable k3s default network policy controller. | `false` | -| `k3s_write_kubeconfig_mode` | Define the file mode from the generated KubeConfig, eg. `644` | _NULL_ | -| `k3s_datastore_endpoint` | Define the database or etcd cluster endpoint for HA. | _NULL_ | -| `k3s_datastore_cafile` | Define the database TLS CA file. | _NULL_ | -| `k3s_datastore_certfile` | Define the database TLS Cert file. | _NULL_ | -| `k3s_datastore_keyfile` | Define the database TLS Key file. | _NULL_ | -| `k3s_dqlite_datastore` | Use DQLite as the database backend for HA. (EXPERIMENTAL) | `false` | +| Variable | Description | Default Value | +|----------------------------------|-------------------------------------------------------------------------------------|-----------------------------------------| +| `k3s_cluster_state` | State of cluster: installed, started, stopped, restarted, downloaded, uninstall. | installed | +| `k3s_release_version` | Use a specific version of k3s, eg. `v0.2.0`. Specify `false` for latest. | `false` | +| `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s | +| `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` | +| `k3s_server_manifests_dir` | Path for place the `k3s_server_manifests_templates`. | `/var/lib/rancher/k3s/server/manifests` | +| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] | +| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` | +| `k3s_non_root` | Install k3s as non-root user. See notes below. | `false` | +| `k3s_control_workers` | Are control hosts also workers? | `true` | +| `k3s_cluster_cidr` | Network CIDR to use for pod IPs | 10.42.0.0/16 | +| `k3s_service_cidr` | Network CIDR to use for service IPs | 10.43.0.0/16 | +| `k3s_control_node_address` | Use a specific control node address. IP or FQDN. | _NULL_ | +| `k3s_control_token` | Use a specific control token, please read notes below. | _NULL_ | +| `k3s_https_port` | HTTPS port listening port. | 6443 | +| `k3s_use_docker` | Use Docker rather than Containerd? | `false` | +| `k3s_no_flannel` | Do not use Flannel | `false` | +| `k3s_flannel_backend` | Flannel backend ('none', 'vxlan', 'ipsec', 'host-gw' or 'wireguard') | vxlan | +| `k3s_no_coredns` | Do not use CoreDNS | `false` | +| `k3s_cluster_dns` | Cluster IP for CoreDNS service. Should be in your service-cidr range. | _NULL_ | +| `k3s_cluster_domain` | Cluster Domain. | cluster.local | +| `k3s_resolv_conf` | Kubelet resolv.conf file | _NULL_ | +| `k3s_no_traefik` | Do not use Traefik | `false` | +| `k3s_no_servicelb` | Do not use ServiceLB, necessary for using something like MetalLB. | `false` | +| `k3s_no_local_storage` | Do not use Local Storage | `false` | +| `k3s_default_local_storage_path` | Set Local Storage Path. Specify `false` for default. | `false` | +| `k3s_no_metrics_server` | Do not deploy metrics server | `false` | +| `k3s_disable_scheduler` | Disable Kubernetes default scheduler | `false` | +| `k3s_disable_cloud_controller` | Disable k3s default cloud controller manager. | `false` | +| `k3s_disable_network_policy` | Disable k3s default network policy controller. | `false` | +| `k3s_write_kubeconfig_mode` | Define the file mode from the generated KubeConfig, eg. `644` | _NULL_ | +| `k3s_datastore_endpoint` | Define the database or etcd cluster endpoint for HA. | _NULL_ | +| `k3s_datastore_cafile` | Define the database TLS CA file. | _NULL_ | +| `k3s_datastore_certfile` | Define the database TLS Cert file. | _NULL_ | +| `k3s_datastore_keyfile` | Define the database TLS Key file. | _NULL_ | +| `k3s_dqlite_datastore` | Use DQLite as the database backend for HA. (EXPERIMENTAL) | `false` | #### Important note about `k3s_release_version` diff --git a/tasks/build/install-k3s.yml b/tasks/build/install-k3s.yml index 8de5737..61ba82f 100644 --- a/tasks/build/install-k3s.yml +++ b/tasks/build/install-k3s.yml @@ -19,6 +19,16 @@ - meta: flush_handlers +- name: Ensure k3s killall script is present on all nodes + template: + src: k3s-killall.sh.j2 + dest: "/usr/local/bin/k3s-killall.sh" + +- name: Ensure k3s uninstall script is present on all nodes + template: + src: k3s-uninstall.sh.j2 + dest: "/usr/local/bin/k3s-uninstall.sh" + - name: Ensure k3s is symlinked into the installation destinations file: src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}" diff --git a/tasks/main.yml b/tasks/main.yml index 7e98735..be4d8b2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,7 +3,7 @@ - name: Check to see if k3s_cluster_state is a supported value assert: that: - - k3s_cluster_state in ['installed', 'started', 'stopped', 'restarted', 'downloaded'] + - k3s_cluster_state in ['installed', 'started', 'stopped', 'restarted', 'downloaded', 'uninstall'] fail_msg: "k3s_cluster_state not valid. Check README.md for details." success_msg: "k3s_cluster_state is valid." when: k3s_cluster_state is defined diff --git a/tasks/state-uninstalled.yml b/tasks/state-uninstalled.yml new file mode 100644 index 0000000..6289e4c --- /dev/null +++ b/tasks/state-uninstalled.yml @@ -0,0 +1,23 @@ +--- + +- include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml + when: k3s_use_docker + and ((k3s_control_workers) + or (not k3s_control_workers and not k3s_control_node)) + and (k3s_non_root is not defined or not k3s_non_root) + +- import_tasks: teardown/uninstall-docker.yml + when: k3s_use_docker + and ((k3s_control_workers) + or (not k3s_control_workers and not k3s_control_node)) + and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap'] + and (k3s_non_root is not defined or not k3s_non_root) + +- include_tasks: teardown/uninstall-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml + when: k3s_use_docker + and ((k3s_control_workers) + or (not k3s_control_workers and not k3s_control_node)) + and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap'] + and (k3s_non_root is not defined or not k3s_non_root) + +- import_tasks: teardown/uninstall-k3s.yml diff --git a/tasks/teardown/uninstall-docker-amazon.yml b/tasks/teardown/uninstall-docker-amazon.yml new file mode 100644 index 0000000..df1f849 --- /dev/null +++ b/tasks/teardown/uninstall-docker-amazon.yml @@ -0,0 +1,5 @@ +--- + +- name: Ensure docker is uninstalled using amazon-linux-extras + command: amazon-linux-extras uninstall docker + diff --git a/tasks/teardown/uninstall-docker-opensuse-leap.yml b/tasks/teardown/uninstall-docker-opensuse-leap.yml new file mode 100644 index 0000000..6ee00c5 --- /dev/null +++ b/tasks/teardown/uninstall-docker-opensuse-leap.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure docker is installed using Zypper + zypper: + name: docker + state: absent diff --git a/tasks/teardown/uninstall-docker-prerequisites-debian.yml b/tasks/teardown/uninstall-docker-prerequisites-debian.yml new file mode 100644 index 0000000..ca79667 --- /dev/null +++ b/tasks/teardown/uninstall-docker-prerequisites-debian.yml @@ -0,0 +1,28 @@ +--- + +- name: Ensure Docker repository is uninstalled + apt_repository: + filename: docker-ce + repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable" + update_cache: false + state: absent + +- name: Ensure Docker APT key is uninstalled + apt_key: + url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg + state: absent + +- name: Ensure Docker prerequisites are uninstalled + apt: + name: "{{ item }}" + state: absent + register: ensure_docker_prerequisites_uninstalled + until: ensure_docker_prerequisites_uninstalled is succeeded + retries: 3 + delay: 10 + loop: + - apt-transport-https + - ca-certificates + - curl + - "{{ 'gnupg2' if ansible_distribution == 'Debian' else 'gnupg-agent' }}" + - software-properties-common diff --git a/tasks/teardown/uninstall-docker-prerequisites-redhat.yml b/tasks/teardown/uninstall-docker-prerequisites-redhat.yml new file mode 100644 index 0000000..1af7fd8 --- /dev/null +++ b/tasks/teardown/uninstall-docker-prerequisites-redhat.yml @@ -0,0 +1,38 @@ +--- + +- name: Ensure Docker repository is removed + yum_repository: + name: docker-ce + description: Docker CE Repository + baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable + gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg + enabled: true + gpgcheck: true + state: absent + when: ansible_distribution | lower not in ['amazon'] + +- name: Ensure Docker repository is removed + command: yum-config-manager disable docker-ce + when: ansible_distribution | lower not in ['amazon'] + +- name: Ensure Docker prerequisites are uninstalled + yum: + name: + - yum-utils + - device-mapper-persistent-data + - lvm2 + state: absent + register: ensure_docker_prerequisites_uninstalled + until: ensure_docker_prerequisites_uninstalled is succeeded + retries: 3 + delay: 10 + +- name: Ensure python-dnf is uninstalled + package: + name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}" + state: absent + register: ensure_python_dnf_installed + until: ensure_python_dnf_installed is succeeded + retries: 3 + delay: 10 + when: ansible_pkg_mgr == 'dnf' diff --git a/tasks/teardown/uninstall-docker-prerequisites-suse.yml b/tasks/teardown/uninstall-docker-prerequisites-suse.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/tasks/teardown/uninstall-docker-prerequisites-suse.yml @@ -0,0 +1 @@ +--- diff --git a/tasks/teardown/uninstall-docker-suse.yml b/tasks/teardown/uninstall-docker-suse.yml new file mode 100644 index 0000000..85c727e --- /dev/null +++ b/tasks/teardown/uninstall-docker-suse.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure docker is uninstalled using Zypper + zypper: + name: docker + state: absent diff --git a/tasks/teardown/uninstall-docker.yml b/tasks/teardown/uninstall-docker.yml new file mode 100644 index 0000000..8da22d1 --- /dev/null +++ b/tasks/teardown/uninstall-docker.yml @@ -0,0 +1,13 @@ +--- + +- name: Ensure docker is uninstalled + package: + name: + - docker-ce + - docker-ce-cli + - containerd.io + state: absent + register: ensure_docker_uninstalled + until: ensure_docker_uninstalled is succeeded + retries: 3 + delay: 10 diff --git a/tasks/teardown/uninstall-k3s.yml b/tasks/teardown/uninstall-k3s.yml new file mode 100644 index 0000000..db74aa1 --- /dev/null +++ b/tasks/teardown/uninstall-k3s.yml @@ -0,0 +1,13 @@ +--- + +- name: "Run k3s-killall.sh" + command: k3s-killall.sh + +- name: "Run k3s-uninstall.sh" + command: + cmd: k3s-uninstall.sh + removes: /usr/local/bin/k3s-uninstall.sh + +- name: "Clean up Docker" + command: docker system prune -a --force + when: k3s_use_docker \ No newline at end of file diff --git a/templates/k3s-killall.sh.j2 b/templates/k3s-killall.sh.j2 new file mode 100644 index 0000000..49a9f82 --- /dev/null +++ b/templates/k3s-killall.sh.j2 @@ -0,0 +1,76 @@ +#!/bin/sh +[ $(id -u) -eq 0 ] || exec sudo $0 $@ + +for bin in /var/lib/rancher/k3s/data/**/bin/; do + [ -d $bin ] && export PATH=$bin:$PATH +done + +set -x + +for service in /etc/systemd/system/k3s*.service; do + [ -s $service ] && systemctl stop $(basename $service) +done + +for service in /etc/init.d/k3s*; do + [ -x $service ] && $service stop +done + +pschildren() { + ps -e -o ppid= -o pid= | \ + sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \ + grep -w "^$1" | \ + cut -f2 +} + +pstree() { + for pid in $@; do + echo $pid + for child in $(pschildren $pid); do + pstree $child + done + done +} + +killtree() { + kill -9 $( + { set +x; } 2>/dev/null; + pstree $@; + set -x; + ) 2>/dev/null +} + +getshims() { + lsof | sed -e 's/^[^0-9]*//g; s/ */\t/g' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1 | sort -n -u +} + +killtree $({ set +x; } 2>/dev/null; getshims; set -x) + +do_unmount() { + { set +x; } 2>/dev/null + MOUNTS= + while read ignore mount ignore; do + MOUNTS="$mount\n$MOUNTS" + done /dev/null | grep 'master cni0' | while read ignore iface ignore; do + iface=${iface%%@*} + [ -z "$iface" ] || ip link delete $iface +done +ip link delete cni0 +ip link delete flannel.1 +rm -rf /var/lib/cni/ +iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore \ No newline at end of file diff --git a/templates/k3s-uninstall.sh.j2 b/templates/k3s-uninstall.sh.j2 new file mode 100644 index 0000000..f47d45d --- /dev/null +++ b/templates/k3s-uninstall.sh.j2 @@ -0,0 +1,39 @@ +#!/bin/sh +set -x +[ $(id -u) -eq 0 ] || exec sudo $0 $@ + +/usr/local/bin/k3s-killall.sh + +if which systemctl; then + systemctl disable k3s + systemctl reset-failed k3s + systemctl daemon-reload +fi +if which rc-update; then + rc-update delete k3s default +fi + +rm -f /etc/systemd/system/k3s.service +rm -f /etc/systemd/system/k3s.service.env + +remove_uninstall() { + rm -f /usr/local/bin/k3s-uninstall.sh +} +trap remove_uninstall EXIT + +if (ls /etc/systemd/system/k3s*.service || ls /etc/init.d/k3s*) >/dev/null 2>&1; then + set +x; echo 'Additional k3s services installed, skipping uninstall of k3s'; set -x + exit +fi + +for cmd in kubectl crictl ctr; do + if [ -L /usr/local/bin/$cmd ]; then + rm -f /usr/local/bin/$cmd + fi +done + +rm -rf /etc/rancher/k3s +rm -rf /var/lib/rancher/k3s +rm -rf /var/lib/kubelet +rm -f /usr/local/bin/k3s +rm -f /usr/local/bin/k3s-killall.sh \ No newline at end of file From be85c9ccc53d69aaf3607e57db03d5c611bccd66 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 25 Feb 2020 12:39:34 -0500 Subject: [PATCH 2/9] state uninstalled --- README.md | 2 +- tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0250c97..85956a4 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ consistency. | Variable | Description | Default Value | |----------------------------------|-------------------------------------------------------------------------------------|-----------------------------------------| -| `k3s_cluster_state` | State of cluster: installed, started, stopped, restarted, downloaded, uninstall. | installed | +| `k3s_cluster_state` | State of cluster: installed, started, stopped, restarted, downloaded, uninstalled. | installed | | `k3s_release_version` | Use a specific version of k3s, eg. `v0.2.0`. Specify `false` for latest. | `false` | | `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s | | `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` | diff --git a/tasks/main.yml b/tasks/main.yml index be4d8b2..e5d6678 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,7 +3,7 @@ - name: Check to see if k3s_cluster_state is a supported value assert: that: - - k3s_cluster_state in ['installed', 'started', 'stopped', 'restarted', 'downloaded', 'uninstall'] + - k3s_cluster_state in ['installed', 'started', 'stopped', 'restarted', 'downloaded', 'uninstalled'] fail_msg: "k3s_cluster_state not valid. Check README.md for details." success_msg: "k3s_cluster_state is valid." when: k3s_cluster_state is defined From fd7498303dc6c6dceec0a326554d3f6581e4df42 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 25 Feb 2020 15:07:05 -0500 Subject: [PATCH 3/9] Fix first YAML lint issue --- tasks/teardown/uninstall-k3s.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/teardown/uninstall-k3s.yml b/tasks/teardown/uninstall-k3s.yml index db74aa1..6fa26fc 100644 --- a/tasks/teardown/uninstall-k3s.yml +++ b/tasks/teardown/uninstall-k3s.yml @@ -10,4 +10,5 @@ - name: "Clean up Docker" command: docker system prune -a --force - when: k3s_use_docker \ No newline at end of file + when: k3s_use_docker + From 8d0ee6901291c20e62c5cce771f6923ecfd24492 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 25 Feb 2020 15:08:17 -0500 Subject: [PATCH 4/9] Fix other yaml lint issue --- tasks/teardown/uninstall-docker-amazon.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/teardown/uninstall-docker-amazon.yml b/tasks/teardown/uninstall-docker-amazon.yml index df1f849..a732462 100644 --- a/tasks/teardown/uninstall-docker-amazon.yml +++ b/tasks/teardown/uninstall-docker-amazon.yml @@ -2,4 +2,3 @@ - name: Ensure docker is uninstalled using amazon-linux-extras command: amazon-linux-extras uninstall docker - From e7c787e10f4e97e4283faf3032f21106efcf55a0 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 25 Feb 2020 15:25:23 -0500 Subject: [PATCH 5/9] Fix other lint issue --- tasks/teardown/uninstall-k3s.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/teardown/uninstall-k3s.yml b/tasks/teardown/uninstall-k3s.yml index 6fa26fc..f376109 100644 --- a/tasks/teardown/uninstall-k3s.yml +++ b/tasks/teardown/uninstall-k3s.yml @@ -11,4 +11,3 @@ - name: "Clean up Docker" command: docker system prune -a --force when: k3s_use_docker - From a1e52fb66053959a8a588976e9dff7a68aaaeeed Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 25 Feb 2020 15:41:29 -0500 Subject: [PATCH 6/9] fixed 301 lint issue in uninstall-k3s.yml --- tasks/teardown/uninstall-k3s.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tasks/teardown/uninstall-k3s.yml b/tasks/teardown/uninstall-k3s.yml index f376109..eb84364 100644 --- a/tasks/teardown/uninstall-k3s.yml +++ b/tasks/teardown/uninstall-k3s.yml @@ -2,11 +2,15 @@ - name: "Run k3s-killall.sh" command: k3s-killall.sh + register: k3s_killall + changed_when: k3s_killall.rc == 0 - name: "Run k3s-uninstall.sh" command: cmd: k3s-uninstall.sh removes: /usr/local/bin/k3s-uninstall.sh + register: k3s_uninstall + changed_when: k3s_uninstall.rc == 0 - name: "Clean up Docker" command: docker system prune -a --force From 5f7ff27f175b3872d2bb258615afa78d0d744e60 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 25 Feb 2020 15:42:40 -0500 Subject: [PATCH 7/9] Fix 301 lint issue in uninstall-docker-amazon --- tasks/teardown/uninstall-docker-amazon.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/teardown/uninstall-docker-amazon.yml b/tasks/teardown/uninstall-docker-amazon.yml index a732462..5d78cc3 100644 --- a/tasks/teardown/uninstall-docker-amazon.yml +++ b/tasks/teardown/uninstall-docker-amazon.yml @@ -2,3 +2,5 @@ - name: Ensure docker is uninstalled using amazon-linux-extras command: amazon-linux-extras uninstall docker + register: uninstall_docker_from_amazon_linux + changed_when: uninstall_docker_from_amazon_linux.rc == 0 From 75fd17aac8a90aeb805adaa59699e172abde453c Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Wed, 26 Feb 2020 20:05:38 +0000 Subject: [PATCH 8/9] Slightly updated tasks and added validation checks 1. Now does not remove prerequisite packages, lvm2 was included in these packages (not good when you use LVM2 for real). 2. Added a bit more idempotency to the shell scripts - only delete if it exists. 3. Check that the process isn't running and binaries are gone. --- LICENSE | 26 --------- README.md | 2 +- .../default/playbook-uninstall-cluster.yml | 10 ++++ tasks/build/install-docker-opensuse-leap.yml | 4 ++ .../install-docker-prerequisites-debian.yml | 13 ++--- tasks/build/install-docker-suse.yml | 4 ++ tasks/build/install-k3s.yml | 2 + tasks/state-uninstalled.yml | 14 +++-- .../uninstall-docker-opensuse-leap.yml | 4 ++ .../uninstall-docker-prerequisites-debian.yml | 15 ----- .../uninstall-docker-prerequisites-redhat.yml | 28 +--------- tasks/teardown/uninstall-docker-suse.yml | 4 ++ tasks/teardown/uninstall-k3s.yml | 32 ++++++++--- tasks/validate/check-uninstalled.yml | 55 +++++++++++++++++++ templates/k3s-killall.sh.j2 | 12 ++-- templates/k3s-uninstall.sh.j2 | 25 +++++---- 16 files changed, 146 insertions(+), 104 deletions(-) delete mode 100644 LICENSE create mode 100644 molecule/default/playbook-uninstall-cluster.yml create mode 100644 tasks/validate/check-uninstalled.yml diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 03dc591..0000000 --- a/LICENSE +++ /dev/null @@ -1,26 +0,0 @@ -Copyright 2019 Xan Manning - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation -and/or other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/README.md b/README.md index 85956a4..facbd1a 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ my spare time so I cannot promise a speedy fix delivery. Below are variables that are set against all of the play hosts for environment consistency. -| Variable | Description | Default Value | +| Variable | Description | Default Value | |----------------------------------|-------------------------------------------------------------------------------------|-----------------------------------------| | `k3s_cluster_state` | State of cluster: installed, started, stopped, restarted, downloaded, uninstalled. | installed | | `k3s_release_version` | Use a specific version of k3s, eg. `v0.2.0`. Specify `false` for latest. | `false` | diff --git a/molecule/default/playbook-uninstall-cluster.yml b/molecule/default/playbook-uninstall-cluster.yml new file mode 100644 index 0000000..0e42556 --- /dev/null +++ b/molecule/default/playbook-uninstall-cluster.yml @@ -0,0 +1,10 @@ +--- +- name: Converge + hosts: all + become: true + vars: + molecule_is_test: true + k3s_cluster_state: uninstalled + k3s_use_docker: true + roles: + - role: xanmanning.k3s diff --git a/tasks/build/install-docker-opensuse-leap.yml b/tasks/build/install-docker-opensuse-leap.yml index 536c338..5135bd2 100644 --- a/tasks/build/install-docker-opensuse-leap.yml +++ b/tasks/build/install-docker-opensuse-leap.yml @@ -4,6 +4,10 @@ zypper: name: docker state: present + register: ensure_docker_prerequisites_installed + until: ensure_docker_prerequisites_installed is succeeded + retries: 3 + delay: 10 notify: - restart docker diff --git a/tasks/build/install-docker-prerequisites-debian.yml b/tasks/build/install-docker-prerequisites-debian.yml index 1f755de..379755b 100644 --- a/tasks/build/install-docker-prerequisites-debian.yml +++ b/tasks/build/install-docker-prerequisites-debian.yml @@ -2,18 +2,17 @@ - name: Ensure Docker prerequisites are installed apt: - name: "{{ item }}" + name: + - apt-transport-https + - ca-certificates + - curl + - "{{ 'gnupg2' if ansible_distribution == 'Debian' else 'gnupg-agent' }}" + - software-properties-common state: present register: ensure_docker_prerequisites_installed until: ensure_docker_prerequisites_installed is succeeded retries: 3 delay: 10 - loop: - - apt-transport-https - - ca-certificates - - curl - - "{{ 'gnupg2' if ansible_distribution == 'Debian' else 'gnupg-agent' }}" - - software-properties-common - name: Ensure Docker APT key is present apt_key: diff --git a/tasks/build/install-docker-suse.yml b/tasks/build/install-docker-suse.yml index 536c338..5135bd2 100644 --- a/tasks/build/install-docker-suse.yml +++ b/tasks/build/install-docker-suse.yml @@ -4,6 +4,10 @@ zypper: name: docker state: present + register: ensure_docker_prerequisites_installed + until: ensure_docker_prerequisites_installed is succeeded + retries: 3 + delay: 10 notify: - restart docker diff --git a/tasks/build/install-k3s.yml b/tasks/build/install-k3s.yml index 61ba82f..1951d31 100644 --- a/tasks/build/install-k3s.yml +++ b/tasks/build/install-k3s.yml @@ -23,11 +23,13 @@ template: src: k3s-killall.sh.j2 dest: "/usr/local/bin/k3s-killall.sh" + mode: 0700 - name: Ensure k3s uninstall script is present on all nodes template: src: k3s-uninstall.sh.j2 dest: "/usr/local/bin/k3s-uninstall.sh" + mode: 0700 - name: Ensure k3s is symlinked into the installation destinations file: diff --git a/tasks/state-uninstalled.yml b/tasks/state-uninstalled.yml index 6289e4c..a75fcfa 100644 --- a/tasks/state-uninstalled.yml +++ b/tasks/state-uninstalled.yml @@ -1,10 +1,6 @@ --- -- include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml - when: k3s_use_docker - and ((k3s_control_workers) - or (not k3s_control_workers and not k3s_control_node)) - and (k3s_non_root is not defined or not k3s_non_root) +- import_tasks: teardown/uninstall-k3s.yml - import_tasks: teardown/uninstall-docker.yml when: k3s_use_docker @@ -20,4 +16,10 @@ and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap'] and (k3s_non_root is not defined or not k3s_non_root) -- import_tasks: teardown/uninstall-k3s.yml +- include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml + when: k3s_use_docker + and ((k3s_control_workers) + or (not k3s_control_workers and not k3s_control_node)) + and (k3s_non_root is not defined or not k3s_non_root) + +- import_tasks: validate/check-uninstalled.yml diff --git a/tasks/teardown/uninstall-docker-opensuse-leap.yml b/tasks/teardown/uninstall-docker-opensuse-leap.yml index 6ee00c5..115f965 100644 --- a/tasks/teardown/uninstall-docker-opensuse-leap.yml +++ b/tasks/teardown/uninstall-docker-opensuse-leap.yml @@ -4,3 +4,7 @@ zypper: name: docker state: absent + register: ensure_docker_uninstalled + until: ensure_docker_uninstalled is succeeded + retries: 3 + delay: 10 diff --git a/tasks/teardown/uninstall-docker-prerequisites-debian.yml b/tasks/teardown/uninstall-docker-prerequisites-debian.yml index ca79667..ba76a6e 100644 --- a/tasks/teardown/uninstall-docker-prerequisites-debian.yml +++ b/tasks/teardown/uninstall-docker-prerequisites-debian.yml @@ -11,18 +11,3 @@ apt_key: url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg state: absent - -- name: Ensure Docker prerequisites are uninstalled - apt: - name: "{{ item }}" - state: absent - register: ensure_docker_prerequisites_uninstalled - until: ensure_docker_prerequisites_uninstalled is succeeded - retries: 3 - delay: 10 - loop: - - apt-transport-https - - ca-certificates - - curl - - "{{ 'gnupg2' if ansible_distribution == 'Debian' else 'gnupg-agent' }}" - - software-properties-common diff --git a/tasks/teardown/uninstall-docker-prerequisites-redhat.yml b/tasks/teardown/uninstall-docker-prerequisites-redhat.yml index 1af7fd8..f25a88b 100644 --- a/tasks/teardown/uninstall-docker-prerequisites-redhat.yml +++ b/tasks/teardown/uninstall-docker-prerequisites-redhat.yml @@ -6,33 +6,7 @@ description: Docker CE Repository baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg - enabled: true + enabled: false gpgcheck: true state: absent when: ansible_distribution | lower not in ['amazon'] - -- name: Ensure Docker repository is removed - command: yum-config-manager disable docker-ce - when: ansible_distribution | lower not in ['amazon'] - -- name: Ensure Docker prerequisites are uninstalled - yum: - name: - - yum-utils - - device-mapper-persistent-data - - lvm2 - state: absent - register: ensure_docker_prerequisites_uninstalled - until: ensure_docker_prerequisites_uninstalled is succeeded - retries: 3 - delay: 10 - -- name: Ensure python-dnf is uninstalled - package: - name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}" - state: absent - register: ensure_python_dnf_installed - until: ensure_python_dnf_installed is succeeded - retries: 3 - delay: 10 - when: ansible_pkg_mgr == 'dnf' diff --git a/tasks/teardown/uninstall-docker-suse.yml b/tasks/teardown/uninstall-docker-suse.yml index 85c727e..ed66b9b 100644 --- a/tasks/teardown/uninstall-docker-suse.yml +++ b/tasks/teardown/uninstall-docker-suse.yml @@ -4,3 +4,7 @@ zypper: name: docker state: absent + register: ensure_docker_uninstalled + until: ensure_docker_uninstalled is succeeded + retries: 3 + delay: 10 diff --git a/tasks/teardown/uninstall-k3s.yml b/tasks/teardown/uninstall-k3s.yml index eb84364..120a3a7 100644 --- a/tasks/teardown/uninstall-k3s.yml +++ b/tasks/teardown/uninstall-k3s.yml @@ -1,17 +1,35 @@ --- -- name: "Run k3s-killall.sh" - command: k3s-killall.sh +- name: Check to see if k3s-killall.sh exits + stat: + path: /usr/local/bin/k3s-killall.sh + register: check_k3s_killall_script + +- name: Check to see if k3s-uninstall.sh exits + stat: + path: /usr/local/bin/k3s-uninstall.sh + register: check_k3s_uninstall_script + +- name: Check to see if docker is present + command: which docker + failed_when: false + changed_when: false + register: check_k3s_docker_path + +- name: Run k3s-killall.sh + command: /usr/local/bin/k3s-killall.sh register: k3s_killall changed_when: k3s_killall.rc == 0 + when: check_k3s_killall_script.stat.exists -- name: "Run k3s-uninstall.sh" - command: - cmd: k3s-uninstall.sh +- name: Run k3s-uninstall.sh + command: /usr/local/bin/k3s-uninstall.sh + args: removes: /usr/local/bin/k3s-uninstall.sh register: k3s_uninstall changed_when: k3s_uninstall.rc == 0 + when: check_k3s_uninstall_script.stat.exists -- name: "Clean up Docker" +- name: Clean up Docker command: docker system prune -a --force - when: k3s_use_docker + when: k3s_use_docker and check_k3s_docker_path.rc == 0 diff --git a/tasks/validate/check-uninstalled.yml b/tasks/validate/check-uninstalled.yml new file mode 100644 index 0000000..f5c3e0a --- /dev/null +++ b/tasks/validate/check-uninstalled.yml @@ -0,0 +1,55 @@ +--- + +- name: Check that k3s is not running + command: pgrep k3s + ignore_errors: true + changed_when: false + register: check_k3s_process + +- name: Fail if k3s is still running + fail: + msg: k3s is still running, uninstall script failed. Please investigate. + when: check_k3s_process.rc == 0 + +- name: Check that docker is not running + command: pgrep docker + ignore_errors: true + changed_when: false + register: check_k3s_docker_process + when: k3s_use_docker is defined and k3s_use_docker + +- name: Fail if docker is still running + fail: + msg: docker is still running, uninstall script failed. Please investigate. + when: k3s_use_docker is defined and k3s_use_docker and check_k3s_docker_process.rc == 0 + +- name: Fail if k3s binaries have not been removed + stat: + path: "{{ k3s_install_dir }}/{{ item }}" + register: check_k3s_binaries_removed + failed_when: check_k3s_binaries_removed.stat.exists + loop: + - k3s + - kubectl + - crictl + - ctr + +- name: Check k3s-killall.sh is removed + stat: + path: /usr/local/bin/k3s-killall.sh + register: check_k3s_killall + +- name: Fail if k3s-killall.sh script still exists + fail: + msg: k3s-killall.sh is still running, uninstall script failed. Please investigate. + when: check_k3s_killall.stat.exists + +- name: Check k3s-uninstall.sh is removed + stat: + path: /usr/local/bin/k3s-uninstall.sh + register: check_k3s_uninstall + +- name: Fail if k3s-uninstall.sh script still exists + fail: + msg: k3s-uninstall.sh is still running, uninstall script failed. Please investigate. + when: check_k3s_uninstall.stat.exists diff --git a/templates/k3s-killall.sh.j2 b/templates/k3s-killall.sh.j2 index 49a9f82..534eb8e 100644 --- a/templates/k3s-killall.sh.j2 +++ b/templates/k3s-killall.sh.j2 @@ -1,18 +1,19 @@ #!/bin/sh + [ $(id -u) -eq 0 ] || exec sudo $0 $@ for bin in /var/lib/rancher/k3s/data/**/bin/; do - [ -d $bin ] && export PATH=$bin:$PATH + [ -d "$bin" ] && export PATH=$bin:$PATH done set -x for service in /etc/systemd/system/k3s*.service; do - [ -s $service ] && systemctl stop $(basename $service) + [ -s "$service" ] && systemctl stop "$(basename $service)" done for service in /etc/init.d/k3s*; do - [ -x $service ] && $service stop + [ -x "$service" ] && "$service" stop done pschildren() { @@ -70,7 +71,8 @@ ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; iface=${iface%%@*} [ -z "$iface" ] || ip link delete $iface done + ip link delete cni0 ip link delete flannel.1 -rm -rf /var/lib/cni/ -iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore \ No newline at end of file +[ -d /var/lib/cni ] && rm -rf /var/lib/cni/ +iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore diff --git a/templates/k3s-uninstall.sh.j2 b/templates/k3s-uninstall.sh.j2 index f47d45d..b65f301 100644 --- a/templates/k3s-uninstall.sh.j2 +++ b/templates/k3s-uninstall.sh.j2 @@ -1,4 +1,5 @@ #!/bin/sh + set -x [ $(id -u) -eq 0 ] || exec sudo $0 $@ @@ -9,15 +10,17 @@ if which systemctl; then systemctl reset-failed k3s systemctl daemon-reload fi + if which rc-update; then rc-update delete k3s default fi -rm -f /etc/systemd/system/k3s.service -rm -f /etc/systemd/system/k3s.service.env +for unit in /etc/systemd/system/k3s*.service; do + [ -f "$unit" ] && rm -f "$unit" +done remove_uninstall() { - rm -f /usr/local/bin/k3s-uninstall.sh + [ -f /usr/local/sbin/k3s-uninstall.sh ] && rm -f /usr/local/sbin/k3s-uninstall.sh } trap remove_uninstall EXIT @@ -27,13 +30,15 @@ if (ls /etc/systemd/system/k3s*.service || ls /etc/init.d/k3s*) >/dev/null 2>&1; fi for cmd in kubectl crictl ctr; do - if [ -L /usr/local/bin/$cmd ]; then - rm -f /usr/local/bin/$cmd + if [ -L "{{ k3s_install_dir }}/$cmd" ]; then + rm -f "{{ k3s_install_dir }}/$cmd" fi done -rm -rf /etc/rancher/k3s -rm -rf /var/lib/rancher/k3s -rm -rf /var/lib/kubelet -rm -f /usr/local/bin/k3s -rm -f /usr/local/bin/k3s-killall.sh \ No newline at end of file +[ -d /etc/rancher/k3s ] && rm -rf /etc/rancher/k3s +[ -d /var/lib/rancher/k3s ] && rm -rf /var/lib/rancher/k3s +[ -d /var/lib/kubelet ] && rm -rf /var/lib/kubelet +for bin in {{ k3s_install_dir }}/k3s*; do + [ -f "$bin" ] && rm -f "$bin" +done +[ -f /usr/local/sbin/k3s-killall.sh ] && rm -f /usr/local/sbin/k3s-killall.sh From 56b2d7bc03304099608a0d0d0c287640f7de1cd5 Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Wed, 26 Feb 2020 21:52:56 +0000 Subject: [PATCH 9/9] Fixed path in k3s-uninstall.sh - my bad --- templates/k3s-uninstall.sh.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/k3s-uninstall.sh.j2 b/templates/k3s-uninstall.sh.j2 index b65f301..fabc7a5 100644 --- a/templates/k3s-uninstall.sh.j2 +++ b/templates/k3s-uninstall.sh.j2 @@ -20,7 +20,7 @@ for unit in /etc/systemd/system/k3s*.service; do done remove_uninstall() { - [ -f /usr/local/sbin/k3s-uninstall.sh ] && rm -f /usr/local/sbin/k3s-uninstall.sh + [ -f /usr/local/bin/k3s-uninstall.sh ] && rm -f /usr/local/bin/k3s-uninstall.sh } trap remove_uninstall EXIT @@ -41,4 +41,4 @@ done for bin in {{ k3s_install_dir }}/k3s*; do [ -f "$bin" ] && rm -f "$bin" done -[ -f /usr/local/sbin/k3s-killall.sh ] && rm -f /usr/local/sbin/k3s-killall.sh +[ -f /usr/local/bin/k3s-killall.sh ] && rm -f /usr/local/bin/k3s-killall.sh