From 9bbf5fd7469b6f5911ab14049934aab5bbcae10d Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Tue, 25 Feb 2020 12:29:39 -0500 Subject: [PATCH] add uninstall state --- README.md | 75 +++++++++--------- tasks/build/install-k3s.yml | 10 +++ tasks/main.yml | 2 +- tasks/state-uninstalled.yml | 23 ++++++ tasks/teardown/uninstall-docker-amazon.yml | 5 ++ .../uninstall-docker-opensuse-leap.yml | 6 ++ .../uninstall-docker-prerequisites-debian.yml | 28 +++++++ .../uninstall-docker-prerequisites-redhat.yml | 38 ++++++++++ .../uninstall-docker-prerequisites-suse.yml | 1 + tasks/teardown/uninstall-docker-suse.yml | 6 ++ tasks/teardown/uninstall-docker.yml | 13 ++++ tasks/teardown/uninstall-k3s.yml | 13 ++++ templates/k3s-killall.sh.j2 | 76 +++++++++++++++++++ templates/k3s-uninstall.sh.j2 | 39 ++++++++++ 14 files changed, 296 insertions(+), 39 deletions(-) create mode 100644 tasks/state-uninstalled.yml create mode 100644 tasks/teardown/uninstall-docker-amazon.yml create mode 100644 tasks/teardown/uninstall-docker-opensuse-leap.yml create mode 100644 tasks/teardown/uninstall-docker-prerequisites-debian.yml create mode 100644 tasks/teardown/uninstall-docker-prerequisites-redhat.yml create mode 100644 tasks/teardown/uninstall-docker-prerequisites-suse.yml create mode 100644 tasks/teardown/uninstall-docker-suse.yml create mode 100644 tasks/teardown/uninstall-docker.yml create mode 100644 tasks/teardown/uninstall-k3s.yml create mode 100644 templates/k3s-killall.sh.j2 create mode 100644 templates/k3s-uninstall.sh.j2 diff --git a/README.md b/README.md index 2a2ed01..0250c97 100644 --- a/README.md +++ b/README.md @@ -43,44 +43,43 @@ my spare time so I cannot promise a speedy fix delivery. Below are variables that are set against all of the play hosts for environment consistency. -| Variable | Description | Default Value | -|----------------------------------|--------------------------------------------------------------------------|-----------------------------------------| -| `k3s_cluster_state` | State of cluster: installed, started, stopped, restarted, downloaded. | installed | -| `k3s_release_version` | Use a specific version of k3s, eg. `v0.2.0`. Specify `false` for latest. | `false` | -| `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s | -| `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` | -| `k3s_server_manifests_dir` | Path for place the `k3s_server_manifests_templates`. | `/var/lib/rancher/k3s/server/manifests` | -| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] | -| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` | -| `k3s_non_root` | Install k3s as non-root user. See notes below. | `false` | -| `k3s_control_workers` | Are control hosts also workers? | `true` | -| `k3s_cluster_cidr` | Network CIDR to use for pod IPs | 10.42.0.0/16 | -| `k3s_service_cidr` | Network CIDR to use for service IPs | 10.43.0.0/16 | -| `k3s_control_node_address` | Use a specific control node address. IP or FQDN. | _NULL_ | -| `k3s_control_token` | Use a specific control token, please read notes below. | _NULL_ | -| `k3s_https_port` | HTTPS port listening port. | 6443 | -| `k3s_use_docker` | Use Docker rather than Containerd? | `false` | -| `k3s_no_flannel` | Do not use Flannel | `false` | -| `k3s_flannel_backend` | Flannel backend ('none', 'vxlan', 'ipsec', 'host-gw' or 'wireguard') | vxlan | -| `k3s_no_coredns` | Do not use CoreDNS | `false` | -| `k3s_cluster_dns` | Cluster IP for CoreDNS service. Should be in your service-cidr range. | _NULL_ | -| `k3s_cluster_domain` | Cluster Domain. | cluster.local | -| `k3s_resolv_conf` | Kubelet resolv.conf file | _NULL_ | -| `k3s_no_traefik` | Do not use Traefik | `false` | -| `k3s_no_servicelb` | Do not use ServiceLB, necessary for using something like MetalLB. | `false` | -| `k3s_no_local_storage` | Do not use Local Storage | `false` | -| `k3s_default_local_storage_path` | Set Local Storage Path. Specify `false` for default. | -`false` | -| `k3s_no_metrics_server` | Do not deploy metrics server | `false` | -| `k3s_disable_scheduler` | Disable Kubernetes default scheduler | `false` | -| `k3s_disable_cloud_controller` | Disable k3s default cloud controller manager. | `false` | -| `k3s_disable_network_policy` | Disable k3s default network policy controller. | `false` | -| `k3s_write_kubeconfig_mode` | Define the file mode from the generated KubeConfig, eg. `644` | _NULL_ | -| `k3s_datastore_endpoint` | Define the database or etcd cluster endpoint for HA. | _NULL_ | -| `k3s_datastore_cafile` | Define the database TLS CA file. | _NULL_ | -| `k3s_datastore_certfile` | Define the database TLS Cert file. | _NULL_ | -| `k3s_datastore_keyfile` | Define the database TLS Key file. | _NULL_ | -| `k3s_dqlite_datastore` | Use DQLite as the database backend for HA. (EXPERIMENTAL) | `false` | +| Variable | Description | Default Value | +|----------------------------------|-------------------------------------------------------------------------------------|-----------------------------------------| +| `k3s_cluster_state` | State of cluster: installed, started, stopped, restarted, downloaded, uninstall. | installed | +| `k3s_release_version` | Use a specific version of k3s, eg. `v0.2.0`. Specify `false` for latest. | `false` | +| `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s | +| `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` | +| `k3s_server_manifests_dir` | Path for place the `k3s_server_manifests_templates`. | `/var/lib/rancher/k3s/server/manifests` | +| `k3s_server_manifests_templates` | A list of Auto-Deploying Manifests Templates. | [] | +| `k3s_use_experimental` | Allow the use of experimental features in k3s. | `false` | +| `k3s_non_root` | Install k3s as non-root user. See notes below. | `false` | +| `k3s_control_workers` | Are control hosts also workers? | `true` | +| `k3s_cluster_cidr` | Network CIDR to use for pod IPs | 10.42.0.0/16 | +| `k3s_service_cidr` | Network CIDR to use for service IPs | 10.43.0.0/16 | +| `k3s_control_node_address` | Use a specific control node address. IP or FQDN. | _NULL_ | +| `k3s_control_token` | Use a specific control token, please read notes below. | _NULL_ | +| `k3s_https_port` | HTTPS port listening port. | 6443 | +| `k3s_use_docker` | Use Docker rather than Containerd? | `false` | +| `k3s_no_flannel` | Do not use Flannel | `false` | +| `k3s_flannel_backend` | Flannel backend ('none', 'vxlan', 'ipsec', 'host-gw' or 'wireguard') | vxlan | +| `k3s_no_coredns` | Do not use CoreDNS | `false` | +| `k3s_cluster_dns` | Cluster IP for CoreDNS service. Should be in your service-cidr range. | _NULL_ | +| `k3s_cluster_domain` | Cluster Domain. | cluster.local | +| `k3s_resolv_conf` | Kubelet resolv.conf file | _NULL_ | +| `k3s_no_traefik` | Do not use Traefik | `false` | +| `k3s_no_servicelb` | Do not use ServiceLB, necessary for using something like MetalLB. | `false` | +| `k3s_no_local_storage` | Do not use Local Storage | `false` | +| `k3s_default_local_storage_path` | Set Local Storage Path. Specify `false` for default. | `false` | +| `k3s_no_metrics_server` | Do not deploy metrics server | `false` | +| `k3s_disable_scheduler` | Disable Kubernetes default scheduler | `false` | +| `k3s_disable_cloud_controller` | Disable k3s default cloud controller manager. | `false` | +| `k3s_disable_network_policy` | Disable k3s default network policy controller. | `false` | +| `k3s_write_kubeconfig_mode` | Define the file mode from the generated KubeConfig, eg. `644` | _NULL_ | +| `k3s_datastore_endpoint` | Define the database or etcd cluster endpoint for HA. | _NULL_ | +| `k3s_datastore_cafile` | Define the database TLS CA file. | _NULL_ | +| `k3s_datastore_certfile` | Define the database TLS Cert file. | _NULL_ | +| `k3s_datastore_keyfile` | Define the database TLS Key file. | _NULL_ | +| `k3s_dqlite_datastore` | Use DQLite as the database backend for HA. (EXPERIMENTAL) | `false` | #### Important note about `k3s_release_version` diff --git a/tasks/build/install-k3s.yml b/tasks/build/install-k3s.yml index 8de5737..61ba82f 100644 --- a/tasks/build/install-k3s.yml +++ b/tasks/build/install-k3s.yml @@ -19,6 +19,16 @@ - meta: flush_handlers +- name: Ensure k3s killall script is present on all nodes + template: + src: k3s-killall.sh.j2 + dest: "/usr/local/bin/k3s-killall.sh" + +- name: Ensure k3s uninstall script is present on all nodes + template: + src: k3s-uninstall.sh.j2 + dest: "/usr/local/bin/k3s-uninstall.sh" + - name: Ensure k3s is symlinked into the installation destinations file: src: "{{ k3s_install_dir }}/k3s-{{ k3s_release_version }}" diff --git a/tasks/main.yml b/tasks/main.yml index 7e98735..be4d8b2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,7 +3,7 @@ - name: Check to see if k3s_cluster_state is a supported value assert: that: - - k3s_cluster_state in ['installed', 'started', 'stopped', 'restarted', 'downloaded'] + - k3s_cluster_state in ['installed', 'started', 'stopped', 'restarted', 'downloaded', 'uninstall'] fail_msg: "k3s_cluster_state not valid. Check README.md for details." success_msg: "k3s_cluster_state is valid." when: k3s_cluster_state is defined diff --git a/tasks/state-uninstalled.yml b/tasks/state-uninstalled.yml new file mode 100644 index 0000000..6289e4c --- /dev/null +++ b/tasks/state-uninstalled.yml @@ -0,0 +1,23 @@ +--- + +- include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml + when: k3s_use_docker + and ((k3s_control_workers) + or (not k3s_control_workers and not k3s_control_node)) + and (k3s_non_root is not defined or not k3s_non_root) + +- import_tasks: teardown/uninstall-docker.yml + when: k3s_use_docker + and ((k3s_control_workers) + or (not k3s_control_workers and not k3s_control_node)) + and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap'] + and (k3s_non_root is not defined or not k3s_non_root) + +- include_tasks: teardown/uninstall-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml + when: k3s_use_docker + and ((k3s_control_workers) + or (not k3s_control_workers and not k3s_control_node)) + and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap'] + and (k3s_non_root is not defined or not k3s_non_root) + +- import_tasks: teardown/uninstall-k3s.yml diff --git a/tasks/teardown/uninstall-docker-amazon.yml b/tasks/teardown/uninstall-docker-amazon.yml new file mode 100644 index 0000000..df1f849 --- /dev/null +++ b/tasks/teardown/uninstall-docker-amazon.yml @@ -0,0 +1,5 @@ +--- + +- name: Ensure docker is uninstalled using amazon-linux-extras + command: amazon-linux-extras uninstall docker + diff --git a/tasks/teardown/uninstall-docker-opensuse-leap.yml b/tasks/teardown/uninstall-docker-opensuse-leap.yml new file mode 100644 index 0000000..6ee00c5 --- /dev/null +++ b/tasks/teardown/uninstall-docker-opensuse-leap.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure docker is installed using Zypper + zypper: + name: docker + state: absent diff --git a/tasks/teardown/uninstall-docker-prerequisites-debian.yml b/tasks/teardown/uninstall-docker-prerequisites-debian.yml new file mode 100644 index 0000000..ca79667 --- /dev/null +++ b/tasks/teardown/uninstall-docker-prerequisites-debian.yml @@ -0,0 +1,28 @@ +--- + +- name: Ensure Docker repository is uninstalled + apt_repository: + filename: docker-ce + repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable" + update_cache: false + state: absent + +- name: Ensure Docker APT key is uninstalled + apt_key: + url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg + state: absent + +- name: Ensure Docker prerequisites are uninstalled + apt: + name: "{{ item }}" + state: absent + register: ensure_docker_prerequisites_uninstalled + until: ensure_docker_prerequisites_uninstalled is succeeded + retries: 3 + delay: 10 + loop: + - apt-transport-https + - ca-certificates + - curl + - "{{ 'gnupg2' if ansible_distribution == 'Debian' else 'gnupg-agent' }}" + - software-properties-common diff --git a/tasks/teardown/uninstall-docker-prerequisites-redhat.yml b/tasks/teardown/uninstall-docker-prerequisites-redhat.yml new file mode 100644 index 0000000..1af7fd8 --- /dev/null +++ b/tasks/teardown/uninstall-docker-prerequisites-redhat.yml @@ -0,0 +1,38 @@ +--- + +- name: Ensure Docker repository is removed + yum_repository: + name: docker-ce + description: Docker CE Repository + baseurl: https://download.docker.com/linux/{{ ansible_distribution | lower }}/{{ ansible_distribution_major_version }}/$basearch/stable + gpgkey: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg + enabled: true + gpgcheck: true + state: absent + when: ansible_distribution | lower not in ['amazon'] + +- name: Ensure Docker repository is removed + command: yum-config-manager disable docker-ce + when: ansible_distribution | lower not in ['amazon'] + +- name: Ensure Docker prerequisites are uninstalled + yum: + name: + - yum-utils + - device-mapper-persistent-data + - lvm2 + state: absent + register: ensure_docker_prerequisites_uninstalled + until: ensure_docker_prerequisites_uninstalled is succeeded + retries: 3 + delay: 10 + +- name: Ensure python-dnf is uninstalled + package: + name: "{{ 'python-dnf' if ansible_python_version is version_compare('3.0.0', '<') else 'python3-dnf' }}" + state: absent + register: ensure_python_dnf_installed + until: ensure_python_dnf_installed is succeeded + retries: 3 + delay: 10 + when: ansible_pkg_mgr == 'dnf' diff --git a/tasks/teardown/uninstall-docker-prerequisites-suse.yml b/tasks/teardown/uninstall-docker-prerequisites-suse.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/tasks/teardown/uninstall-docker-prerequisites-suse.yml @@ -0,0 +1 @@ +--- diff --git a/tasks/teardown/uninstall-docker-suse.yml b/tasks/teardown/uninstall-docker-suse.yml new file mode 100644 index 0000000..85c727e --- /dev/null +++ b/tasks/teardown/uninstall-docker-suse.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure docker is uninstalled using Zypper + zypper: + name: docker + state: absent diff --git a/tasks/teardown/uninstall-docker.yml b/tasks/teardown/uninstall-docker.yml new file mode 100644 index 0000000..8da22d1 --- /dev/null +++ b/tasks/teardown/uninstall-docker.yml @@ -0,0 +1,13 @@ +--- + +- name: Ensure docker is uninstalled + package: + name: + - docker-ce + - docker-ce-cli + - containerd.io + state: absent + register: ensure_docker_uninstalled + until: ensure_docker_uninstalled is succeeded + retries: 3 + delay: 10 diff --git a/tasks/teardown/uninstall-k3s.yml b/tasks/teardown/uninstall-k3s.yml new file mode 100644 index 0000000..db74aa1 --- /dev/null +++ b/tasks/teardown/uninstall-k3s.yml @@ -0,0 +1,13 @@ +--- + +- name: "Run k3s-killall.sh" + command: k3s-killall.sh + +- name: "Run k3s-uninstall.sh" + command: + cmd: k3s-uninstall.sh + removes: /usr/local/bin/k3s-uninstall.sh + +- name: "Clean up Docker" + command: docker system prune -a --force + when: k3s_use_docker \ No newline at end of file diff --git a/templates/k3s-killall.sh.j2 b/templates/k3s-killall.sh.j2 new file mode 100644 index 0000000..49a9f82 --- /dev/null +++ b/templates/k3s-killall.sh.j2 @@ -0,0 +1,76 @@ +#!/bin/sh +[ $(id -u) -eq 0 ] || exec sudo $0 $@ + +for bin in /var/lib/rancher/k3s/data/**/bin/; do + [ -d $bin ] && export PATH=$bin:$PATH +done + +set -x + +for service in /etc/systemd/system/k3s*.service; do + [ -s $service ] && systemctl stop $(basename $service) +done + +for service in /etc/init.d/k3s*; do + [ -x $service ] && $service stop +done + +pschildren() { + ps -e -o ppid= -o pid= | \ + sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \ + grep -w "^$1" | \ + cut -f2 +} + +pstree() { + for pid in $@; do + echo $pid + for child in $(pschildren $pid); do + pstree $child + done + done +} + +killtree() { + kill -9 $( + { set +x; } 2>/dev/null; + pstree $@; + set -x; + ) 2>/dev/null +} + +getshims() { + lsof | sed -e 's/^[^0-9]*//g; s/ */\t/g' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1 | sort -n -u +} + +killtree $({ set +x; } 2>/dev/null; getshims; set -x) + +do_unmount() { + { set +x; } 2>/dev/null + MOUNTS= + while read ignore mount ignore; do + MOUNTS="$mount\n$MOUNTS" + done /dev/null | grep 'master cni0' | while read ignore iface ignore; do + iface=${iface%%@*} + [ -z "$iface" ] || ip link delete $iface +done +ip link delete cni0 +ip link delete flannel.1 +rm -rf /var/lib/cni/ +iptables-save | grep -v KUBE- | grep -v CNI- | iptables-restore \ No newline at end of file diff --git a/templates/k3s-uninstall.sh.j2 b/templates/k3s-uninstall.sh.j2 new file mode 100644 index 0000000..f47d45d --- /dev/null +++ b/templates/k3s-uninstall.sh.j2 @@ -0,0 +1,39 @@ +#!/bin/sh +set -x +[ $(id -u) -eq 0 ] || exec sudo $0 $@ + +/usr/local/bin/k3s-killall.sh + +if which systemctl; then + systemctl disable k3s + systemctl reset-failed k3s + systemctl daemon-reload +fi +if which rc-update; then + rc-update delete k3s default +fi + +rm -f /etc/systemd/system/k3s.service +rm -f /etc/systemd/system/k3s.service.env + +remove_uninstall() { + rm -f /usr/local/bin/k3s-uninstall.sh +} +trap remove_uninstall EXIT + +if (ls /etc/systemd/system/k3s*.service || ls /etc/init.d/k3s*) >/dev/null 2>&1; then + set +x; echo 'Additional k3s services installed, skipping uninstall of k3s'; set -x + exit +fi + +for cmd in kubectl crictl ctr; do + if [ -L /usr/local/bin/$cmd ]; then + rm -f /usr/local/bin/$cmd + fi +done + +rm -rf /etc/rancher/k3s +rm -rf /var/lib/rancher/k3s +rm -rf /var/lib/kubelet +rm -f /usr/local/bin/k3s +rm -f /usr/local/bin/k3s-killall.sh \ No newline at end of file