c12s-kubespray/roles/reset/tasks/main.yml

359 lines
8.9 KiB
YAML
Raw Normal View History

---
- name: reset | stop services
service:
name: "{{ item }}"
state: stopped
with_items:
- kubelet
- vault
failed_when: false
tags:
- services
- name: reset | remove services
2016-12-09 15:33:10 +00:00
file:
path: "/etc/systemd/system/{{ item }}"
2016-12-09 15:33:10 +00:00
state: absent
with_items:
- kubelet.service
- vault.service
- calico-node.service
- containerd.service.d/http-proxy.conf
- crio.service.d/http-proxy.conf
- vault.service.d/http-proxy.conf
- k8s-certs-renew.service
- k8s-certs-renew.timer
register: services_removed
tags:
- services
- containerd
- crio
- name: reset | remove docker dropins
file:
path: "/etc/systemd/system/docker.service.d/{{ item }}"
state: absent
with_items:
- docker-dns.conf
- docker-options.conf
2018-03-08 15:16:02 +00:00
- http-proxy.conf
- docker-orphan-cleanup.conf
register: docker_dropins_removed
tags:
- docker
- name: reset | systemctl daemon-reload # noqa 503
systemd:
daemon_reload: true
when: services_removed.changed or docker_dropins_removed.changed
2020-08-28 08:20:53 +00:00
- name: reset | remove all containers
shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv"
args:
executable: /bin/bash
register: remove_all_containers
retries: 4
until: remove_all_containers.rc == 0
delay: 5
when: container_manager == "docker"
tags:
- docker
- name: reset | restart docker if needed # noqa 503
service:
name: docker
state: restarted
when: docker_dropins_removed.changed and container_manager == "docker"
tags:
- docker
- name: reset | check if crictl is present
stat:
path: "{{ bin_dir }}/crictl"
get_attributes: no
get_checksum: no
get_mime: no
register: crictl
2020-08-28 08:20:53 +00:00
- name: reset | stop all cri containers
shell: "set -o pipefail && {{ bin_dir }}/crictl ps -q | xargs -r {{ bin_dir }}/crictl -t 60s stop"
2020-08-28 08:20:53 +00:00
args:
executable: /bin/bash
register: remove_all_cri_containers
retries: 5
until: remove_all_cri_containers.rc == 0
delay: 5
tags:
- crio
- containerd
when:
- crictl.stat.exists
- container_manager in ["crio", "containerd"]
ignore_errors: true
- name: reset | force remove all cri containers
command: "{{ bin_dir }}/crictl rm -a -f"
register: remove_all_cri_containers
retries: 5
until: remove_all_cri_containers.rc == 0
delay: 5
tags:
- crio
- containerd
when:
- crictl.stat.exists
- container_manager in ["crio", "containerd"]
- deploy_container_engine|default(true)
- name: reset | stop and disable crio service
service:
name: crio
state: stopped
enabled: false
failed_when: false
tags: [ crio ]
when: container_manager == "crio"
- name: reset | forcefully wipe CRI-O's container and image storage
command: "crio wipe -f"
failed_when: false
tags: [ crio ]
when: container_manager == "crio"
2020-08-28 08:20:53 +00:00
- name: reset | stop all cri pods
shell: "set -o pipefail && {{ bin_dir }}/crictl pods -q | xargs -r {{ bin_dir }}/crictl -t 60s stopp"
2020-08-28 08:20:53 +00:00
args:
executable: /bin/bash
register: remove_all_cri_containers
retries: 5
until: remove_all_cri_containers.rc == 0
delay: 5
tags: [ containerd ]
when:
- crictl.stat.exists
- container_manager == "containerd"
ignore_errors: true
- block:
- name: reset | force remove all cri pods
command: "{{ bin_dir }}/crictl rmp -a -f"
register: remove_all_cri_containers
retries: 5
until: remove_all_cri_containers.rc == 0
delay: 5
tags: [ containerd ]
when:
- crictl.stat.exists
- container_manager == "containerd"
rescue:
- name: reset | force remove all cri pods (rescue)
shell: "ip netns list | cut -d' ' -f 1 | xargs -n1 ip netns delete && {{ bin_dir }}/crictl rmp -a -f"
- name: reset | stop etcd services
service:
name: "{{ item }}"
state: stopped
with_items:
- etcd
- etcd-events
failed_when: false
tags:
- services
- name: reset | remove etcd services
file:
path: "/etc/systemd/system/{{ item }}.service"
state: absent
with_items:
- etcd
- etcd-events
register: services_removed
tags:
- services
2020-08-28 08:20:53 +00:00
- name: reset | gather mounted kubelet dirs # noqa 301
shell: set -o pipefail && mount | grep /var/lib/kubelet/ | awk '{print $3}' | tac
args:
2020-08-28 08:20:53 +00:00
executable: /bin/bash
warn: false
check_mode: no
register: mounted_dirs
failed_when: false
tags:
- mounts
- name: reset | unmount kubelet dirs # noqa 301
command: umount -f {{ item }}
with_items: "{{ mounted_dirs.stdout_lines }}"
2018-02-21 11:41:57 +00:00
register: umount_dir
when: mounted_dirs
2018-02-21 11:41:57 +00:00
retries: 4
until: umount_dir.rc == 0
delay: 5
tags:
- mounts
2017-03-21 09:13:54 +00:00
- name: flush iptables
iptables:
table: "{{ item }}"
2017-03-21 09:13:54 +00:00
flush: yes
with_items:
- filter
- nat
- mangle
when: flush_iptables|bool
tags:
- iptables
2017-03-21 09:13:54 +00:00
2020-07-28 08:39:08 +00:00
- name: Clear IPVS virtual server table
command: "ipvsadm -C"
when:
- kube_proxy_mode == 'ipvs' and inventory_hostname in groups['k8s-cluster']
- name: reset | check kube-ipvs0 network device
stat:
path: /sys/class/net/kube-ipvs0
get_attributes: no
get_checksum: no
get_mime: no
register: kube_ipvs0
- name: reset | Remove kube-ipvs0
command: "ip link del kube-ipvs0"
when:
- kube_proxy_mode == 'ipvs'
- kube_ipvs0.stat.exists
- name: reset | check nodelocaldns network device
stat:
path: /sys/class/net/nodelocaldns
get_attributes: no
get_checksum: no
get_mime: no
register: nodelocaldns_device
- name: reset | Remove nodelocaldns
command: "ip link del nodelocaldns"
when:
- enable_nodelocaldns|default(false)|bool
- nodelocaldns_device.stat.exists
- name: reset | delete some files and directories
file:
path: "{{ item }}"
state: absent
with_items:
- "{{ kube_config_dir }}"
- /var/lib/kubelet
- "{{ ansible_env.HOME | default('/root') }}/.kube"
- "{{ ansible_env.HOME | default('/root') }}/.helm"
- "{{ etcd_data_dir }}"
- "{{ etcd_events_data_dir }}"
- "{{ etcd_config_dir }}"
2016-12-09 15:33:10 +00:00
- /var/log/calico
- /etc/cni
- "{{ nginx_config_dir }}"
2016-12-09 15:33:10 +00:00
- /etc/dnsmasq.d
- /etc/dnsmasq.conf
- /etc/dnsmasq.d-available
2016-12-09 15:33:10 +00:00
- /etc/etcd.env
- /etc/calico
- /etc/NetworkManager/conf.d/calico.conf
- /etc/NetworkManager/conf.d/k8s.conf
2017-06-29 03:44:52 +00:00
- /etc/weave.env
2016-12-09 15:33:10 +00:00
- /opt/cni
- /etc/dhcp/dhclient.d/zdnsupdate.sh
- /etc/dhcp/dhclient-exit-hooks.d/zdnsupdate
2017-06-29 06:45:15 +00:00
- /run/flannel
- /etc/flannel
- /run/kubernetes
- /usr/local/share/ca-certificates/etcd-ca.crt
- /usr/local/share/ca-certificates/kube-ca.crt
- /usr/local/share/ca-certificates/vault-ca.crt
2017-06-29 06:45:15 +00:00
- /etc/ssl/certs/etcd-ca.pem
- /etc/ssl/certs/kube-ca.pem
- /etc/ssl/certs/vault-ca.crt
- /etc/pki/ca-trust/source/anchors/etcd-ca.crt
- /etc/pki/ca-trust/source/anchors/kube-ca.crt
- /etc/pki/ca-trust/source/anchors/vault-ca.crt
- /etc/vault
2017-06-29 06:45:15 +00:00
- /var/log/pods/
2017-06-29 03:44:52 +00:00
- "{{ bin_dir }}/kubelet"
- "{{ bin_dir }}/etcd-scripts"
- "{{ bin_dir }}/etcd"
- "{{ bin_dir }}/etcd-events"
2017-06-29 03:44:52 +00:00
- "{{ bin_dir }}/etcdctl"
- "{{ bin_dir }}/kubernetes-scripts"
- "{{ bin_dir }}/kubectl"
- "{{ bin_dir }}/kubeadm"
2017-06-29 03:44:52 +00:00
- "{{ bin_dir }}/helm"
- "{{ bin_dir }}/calicoctl"
- "{{ bin_dir }}/calicoctl.sh"
- "{{ bin_dir }}/calico-upgrade"
2017-06-29 03:44:52 +00:00
- "{{ bin_dir }}/weave"
- "{{ bin_dir }}/crictl"
- "{{ bin_dir }}/netctl"
- "{{ bin_dir }}/k8s-certs-renew.sh"
2018-09-20 19:36:25 +00:00
- /var/lib/cni
2018-09-17 14:45:05 +00:00
- /etc/openvswitch
- /run/openvswitch
- /var/lib/kube-router
- /var/lib/calico
- /etc/cilium
- /run/calico
ignore_errors: yes
tags:
- files
- name: reset | remove dns settings from dhclient.conf
blockinfile:
path: "{{ item }}"
state: absent
marker: "# Ansible entries {mark}"
failed_when: false
with_items:
- /etc/dhclient.conf
- /etc/dhcp/dhclient.conf
tags:
- files
- dns
- name: reset | remove host entries from /etc/hosts
blockinfile:
path: "/etc/hosts"
state: absent
marker: "# Ansible inventory hosts {mark}"
tags:
- files
- dns
- name: reset | include file with reset tasks specific to the network_plugin if exists
include_tasks: "{{ (role_path + '/../network_plugin/' + kube_network_plugin + '/tasks/reset.yml') | realpath }}"
when:
2020-11-30 14:48:50 +00:00
- kube_network_plugin in ['flannel', 'cilium', 'kube-router', 'calico']
tags:
- network
- name: reset | Restart network
service:
name: >-
{% if ansible_os_family == "RedHat" -%}
{%- if ansible_distribution_major_version|int == 8 or is_fedora_coreos -%}
Fixes for CentOS 8 (#5213) * Fix python3-libselinux installation for RHEL/CentOS 8 In bootstrap-centos.yml we haven't gathered the facts, so #5127 couldn't work Minimum ansible version to run kubespray is 2.7.8, so ansible_distribution_major_version is defined an there is no need to default it Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Restart NetworkManager for RHEL/CentOS 8 network.service doesn't exist anymore # systemctl status network Unit network.service could not be found. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Add module_hotfixes=True to docker / containerd yum repo config https://bugzilla.redhat.com/show_bug.cgi?id=1734081 https://bugzilla.redhat.com/show_bug.cgi?id=1756473 Without this setting you end up with the following error: # yum install docker-ce Failed to set locale, defaulting to C Last metadata expiration check: 0:03:21 ago on Thu Sep 26 22:00:05 2019. Error: Problem: package docker-ce-3:19.03.2-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed - cannot install the best candidate for the job - package containerd.io-1.2.2-3.3.el7.x86_64 is excluded - package containerd.io-1.2.2-3.el7.x86_64 is excluded - package containerd.io-1.2.4-3.1.el7.x86_64 is excluded - package containerd.io-1.2.5-3.1.el7.x86_64 is excluded - package containerd.io-1.2.6-3.3.el7.x86_64 is excluded (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2019-12-09 09:37:10 +00:00
NetworkManager
{%- else -%}
network
Fixes for CentOS 8 (#5213) * Fix python3-libselinux installation for RHEL/CentOS 8 In bootstrap-centos.yml we haven't gathered the facts, so #5127 couldn't work Minimum ansible version to run kubespray is 2.7.8, so ansible_distribution_major_version is defined an there is no need to default it Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Restart NetworkManager for RHEL/CentOS 8 network.service doesn't exist anymore # systemctl status network Unit network.service could not be found. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Add module_hotfixes=True to docker / containerd yum repo config https://bugzilla.redhat.com/show_bug.cgi?id=1734081 https://bugzilla.redhat.com/show_bug.cgi?id=1756473 Without this setting you end up with the following error: # yum install docker-ce Failed to set locale, defaulting to C Last metadata expiration check: 0:03:21 ago on Thu Sep 26 22:00:05 2019. Error: Problem: package docker-ce-3:19.03.2-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed - cannot install the best candidate for the job - package containerd.io-1.2.2-3.3.el7.x86_64 is excluded - package containerd.io-1.2.2-3.el7.x86_64 is excluded - package containerd.io-1.2.4-3.1.el7.x86_64 is excluded - package containerd.io-1.2.5-3.1.el7.x86_64 is excluded - package containerd.io-1.2.6-3.3.el7.x86_64 is excluded (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2019-12-09 09:37:10 +00:00
{%- endif -%}
{%- elif ansible_distribution == "Ubuntu" and ansible_distribution_release in ["bionic", "focal"] -%}
systemd-networkd
{%- elif ansible_os_family == "Debian" -%}
networking
{%- endif %}
state: restarted
when:
- ansible_os_family not in ["Flatcar Container Linux by Kinvolk"]
- reset_restart_network
tags:
- services
- network