Purge old upgrade hooks and unused tasks (#1641)

This commit is contained in:
Matthew Mosesohn 2017-09-09 23:41:20 +03:00 committed by GitHub
parent 649388188b
commit 5d99fa0940
15 changed files with 2 additions and 380 deletions

View file

@ -1,6 +1,4 @@
--- ---
- include: pre_upgrade.yml
- name: ensure dnsmasq.d directory exists - name: ensure dnsmasq.d directory exists
file: file:
path: /etc/dnsmasq.d path: /etc/dnsmasq.d

View file

@ -1,9 +0,0 @@
---
- name: Delete legacy dnsmasq daemonset
kube:
name: dnsmasq
namespace: "{{system_namespace}}"
kubectl: "{{bin_dir}}/kubectl"
resource: "ds"
state: absent
when: inventory_hostname == groups['kube-master'][0]

View file

@ -11,22 +11,3 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
changed_when: false changed_when: false
# Plan B: looks nicer, but requires docker-py on all hosts:
# - name: Install | Set up etcd-binarycopy container
# docker:
# name: etcd-binarycopy
# state: present
# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
# when: etcd_deployment_type == "docker"
#
# - name: Install | Copy etcdctl from etcd-binarycopy container
# command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
# when: etcd_deployment_type == "docker"
#
# - name: Install | Clean up etcd-binarycopy container
# docker:
# name: etcd-binarycopy
# state: absent
# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
# when: etcd_deployment_type == "docker"

View file

@ -1,8 +1,4 @@
--- ---
- include: pre_upgrade.yml
when: etcd_cluster_setup
tags: etcd-pre-upgrade
- include: check_certs.yml - include: check_certs.yml
when: cert_management == "script" when: cert_management == "script"
tags: [etcd-secrets, facts] tags: [etcd-secrets, facts]

View file

@ -1,60 +0,0 @@
---
- name: "Pre-upgrade | check for etcd-proxy unit file"
stat:
path: /etc/systemd/system/etcd-proxy.service
register: etcd_proxy_service_file
tags: facts
- name: "Pre-upgrade | check for etcd-proxy init script"
stat:
path: /etc/init.d/etcd-proxy
register: etcd_proxy_init_script
tags: facts
- name: "Pre-upgrade | stop etcd-proxy if service defined"
service:
name: etcd-proxy
state: stopped
when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
- name: "Pre-upgrade | remove etcd-proxy service definition"
file:
path: "{{ item }}"
state: absent
when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
with_items:
- /etc/systemd/system/etcd-proxy.service
- /etc/init.d/etcd-proxy
- name: "Pre-upgrade | find etcd-proxy container"
command: "{{ docker_bin_dir }}/docker ps -aq --filter 'name=etcd-proxy*'"
register: etcd_proxy_container
changed_when: false
failed_when: false
- name: "Pre-upgrade | remove etcd-proxy if it exists"
command: "{{ docker_bin_dir }}/docker rm -f {{item}}"
with_items: "{{etcd_proxy_container.stdout_lines|default()}}"
- name: "Pre-upgrade | see if etcdctl is installed"
stat:
path: "{{ bin_dir }}/etcdctl"
register: etcdctl_installed
- name: "Pre-upgrade | check if member list is non-SSL"
command: "{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list"
register: etcd_member_list
retries: 10
delay: 3
until: etcd_member_list.rc != 2
run_once: true
when: etcdctl_installed.stat.exists
changed_when: false
failed_when: false
- name: "Pre-upgrade | change peer names to SSL"
shell: >-
{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list |
awk -F"[: =]" '{print "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses | regex_replace('https','http') }} member update "$1" https:"$7":"$8}' | bash
run_once: true
when: 'etcdctl_installed.stat.exists and etcd_member_list.rc == 0 and "http://" in etcd_member_list.stdout'

View file

@ -85,6 +85,3 @@
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest" dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
notify: Master | wait for kube-controller-manager notify: Master | wait for kube-controller-manager
tags: kube-controller-manager tags: kube-controller-manager
- include: post-upgrade.yml
tags: k8s-post-upgrade

View file

@ -1,31 +0,0 @@
---
- name: "Post-upgrade | stop kubelet on all masters"
service:
name: kubelet
state: stopped
delegate_to: "{{item}}"
with_items: "{{groups['kube-master']}}"
when: needs_etcd_migration|bool
run_once: true
- name: "Post-upgrade | Pause for kubelet stop"
pause:
seconds: 10
when: needs_etcd_migration|bool
- name: "Post-upgrade | start kubelet on all masters"
service:
name: kubelet
state: started
delegate_to: "{{item}}"
with_items: "{{groups['kube-master']}}"
when: needs_etcd_migration|bool
run_once: true
- name: "Post-upgrade | etcd3 upgrade | purge etcd2 k8s data"
command: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} rm -r /registry"
environment:
ETCDCTL_API: 2
delegate_to: "{{groups['etcd'][0]}}"
run_once: true
when: kube_apiserver_storage_backend == "etcd3" and needs_etcd_migration|bool|default(false)

View file

@ -1,38 +1,4 @@
--- ---
- name: "Pre-upgrade | check for kube-apiserver unit file"
stat:
path: /etc/systemd/system/kube-apiserver.service
register: kube_apiserver_service_file
tags: [facts, kube-apiserver]
- name: "Pre-upgrade | check for kube-apiserver init script"
stat:
path: /etc/init.d/kube-apiserver
register: kube_apiserver_init_script
tags: [facts, kube-apiserver]
- name: "Pre-upgrade | stop kube-apiserver if service defined"
service:
name: kube-apiserver
state: stopped
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
tags: kube-apiserver
- name: "Pre-upgrade | remove kube-apiserver service definition"
file:
path: "{{ item }}"
state: absent
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
with_items:
- /etc/systemd/system/kube-apiserver.service
- /etc/init.d/kube-apiserver
tags: kube-apiserver
- name: "Pre-upgrade | See if kube-apiserver manifest exists"
stat:
path: /etc/kubernetes/manifests/kube-apiserver.manifest
register: kube_apiserver_manifest
- name: "Pre-upgrade | etcd3 upgrade | see if old config exists" - name: "Pre-upgrade | etcd3 upgrade | see if old config exists"
command: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} ls /registry/minions" command: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} ls /registry/minions"
environment: environment:
@ -47,19 +13,6 @@
kube_apiserver_storage_backend: "etcd2" kube_apiserver_storage_backend: "etcd2"
when: old_data_exists.rc == 0 and not force_etcd3|bool when: old_data_exists.rc == 0 and not force_etcd3|bool
- name: "Pre-upgrade | etcd3 upgrade | see if data was already migrated"
command: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} get --limit=1 --prefix=true /registry/minions"
environment:
ETCDCTL_API: 3
register: data_migrated
delegate_to: "{{groups['etcd'][0]}}"
when: kube_apiserver_storage_backend == "etcd3"
failed_when: false
- name: "Pre-upgrade | etcd3 upgrade | set needs_etcd_migration"
set_fact:
needs_etcd_migration: "{{ force_etcd3|default(false) and kube_apiserver_storage_backend == 'etcd3' and data_migrated.stdout_lines|length == 0 and old_data_exists.rc == 0 }}"
- name: "Pre-upgrade | Delete master manifests on all kube-masters" - name: "Pre-upgrade | Delete master manifests on all kube-masters"
file: file:
path: "/etc/kubernetes/manifests/{{item[1]}}.manifest" path: "/etc/kubernetes/manifests/{{item[1]}}.manifest"
@ -69,7 +22,7 @@
- "{{groups['kube-master']}}" - "{{groups['kube-master']}}"
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"] - ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
register: kube_apiserver_manifest_replaced register: kube_apiserver_manifest_replaced
when: (secret_changed|default(false) or etcd_secret_changed|default(false) or needs_etcd_migration|bool) and kube_apiserver_manifest.stat.exists when: (secret_changed|default(false) or etcd_secret_changed|default(false))
- name: "Pre-upgrade | Delete master containers forcefully on all kube-masters" - name: "Pre-upgrade | Delete master containers forcefully on all kube-masters"
shell: "docker ps -f name=k8s-{{item}}* -q | xargs --no-run-if-empty docker rm -f" shell: "docker ps -f name=k8s-{{item}}* -q | xargs --no-run-if-empty docker rm -f"
@ -77,34 +30,5 @@
with_nested: with_nested:
- "{{groups['kube-master']}}" - "{{groups['kube-master']}}"
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"] - ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
register: kube_apiserver_manifest_replaced when: kube_apiserver_manifest_replaced.changed
when: (secret_changed|default(false) or etcd_secret_changed|default(false) or needs_etcd_migration|bool) and kube_apiserver_manifest.stat.exists
run_once: true
- name: "Pre-upgrade | etcd3 upgrade | stop etcd"
service:
name: etcd
state: stopped
delegate_to: "{{item}}"
with_items: "{{groups['etcd']}}"
when: needs_etcd_migration|bool
run_once: true
- name: "Pre-upgrade | etcd3 upgrade | migrate data"
command: "{{ bin_dir }}/etcdctl migrate --data-dir=\"{{ etcd_data_dir }}\" --wal-dir=\"{{ etcd_data_dir }}/member/wal\""
environment:
ETCDCTL_API: 3
delegate_to: "{{item}}"
with_items: "{{groups['etcd']}}"
register: etcd_migrated
when: needs_etcd_migration|bool
run_once: true
- name: "Pre-upgrade | etcd3 upgrade | start etcd"
service:
name: etcd
state: started
delegate_to: "{{item}}"
with_items: "{{groups['etcd']}}"
when: needs_etcd_migration|bool
run_once: true run_once: true

View file

@ -1,30 +0,0 @@
---
# Deploy git infos
# ----------------
- name: 'GIT | Install script for collecting git info'
template:
src: "{{ role_path }}/gen-gitinfos.sh"
dest: "{{ bin_dir }}/gen-gitinfos.sh"
mode: a+rwx
- name: 'GIT | generate git informations'
local_action: command {{ role_path }}/gen-gitinfos.sh global
register: gitinfo
check_mode: no
- name: 'GIT | copy ansible information'
template:
src: ansible_git.j2
dest: /etc/.ansible.ini
backup: yes
- name: 'GIT | generate diff file'
local_action: command {{ role_path }}/gen-gitinfos.sh diff
register: gitdiff
check_mode: no
- name: 'GIT | copy git diff file'
copy:
content: "{{ gitdiff.stdout }}"
dest: /etc/.git-ansible.diff
backup: yes

View file

@ -16,10 +16,6 @@
become: true become: true
tags: bootstrap-os tags: bootstrap-os
- include: gitinfos.yml
when: run_gitinfos
tags: facts
- include: set_facts.yml - include: set_facts.yml
tags: facts tags: facts

View file

@ -1,6 +1,4 @@
--- ---
- include: pre-upgrade.yml
- include: seed.yml - include: seed.yml
when: weave_mode_seed when: weave_mode_seed

View file

@ -1,42 +0,0 @@
---
- name: Weave pre-upgrade | Stop legacy weave
command: weave stop
failed_when: false
- name: Weave pre-upgrade | Stop legacy systemd weave services
service:
name: "{{ item }}"
enabled: no
state: stopped
with_items:
- weaveexpose
- weaveproxy
- weave
failed_when: false
- name: Weave pre-upgrade | Purge legacy systemd weave systemd unit files
file:
path: "{{ item }}"
state: absent
register: purged_weave_systemd_units
with_items:
- "/etc/systemd/system/weaveexpose.service"
- "/etc/systemd/system/weaveproxy.service"
- "/etc/systemd/system/weave.service"
- name: Weave pre-upgrade | Reload systemd
command: systemctl daemon-reload
when: ansible_service_mgr == "systemd" and purged_weave_systemd_units.changed
- name: Weave pre-upgrade | Purge legacy weave configs and binary
file:
path: "{{ item }}"
state: absent
with_items:
- "{{ bin_dir }}/weave"
- "/etc/weave.env"
- name: Weave pre-upgrade | Purge legacy weave docker containers
shell: "docker ps -af 'name=^/weave.*' -q | xargs --no-run-if-empty docker rm -f"
retries: 3
failed_when: false

View file

@ -1,58 +0,0 @@
---
local_release_dir: /tmp
# Versions
etcd_version: v3.0.17
calico_version: v2.5.0
calico_cni_version: v1.10.0
weave_version: v2.0.1
# Download URL's
etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico"
calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam"
weave_download_url: "https://github.com/weaveworks/weave/releases/download/{{weave_version}}/weave"
# Checksums
calico_cni_checksum: "c72abd0d7ee88376952e43999bcbfa7958171708108bd3f1087c599115350b46"
calico_cni_ipam_checksum: "280fdb1d80f11904adc11760a9a5f3ae29b2aaf911ff0163a8da25646e757413"
weave_checksum: "311f5fe25036c774c3ea9975e033f67e1f3c5afbe8b5693a1d36d51c94ac31c4"
etcd_checksum: "274c46a7f8d26f7ae99d6880610f54933cbcf7f3beafa19236c52eb5df8c7a0b"
downloads:
- name: calico-cni-plugin
dest: calico/bin/calico
version: "{{calico_cni_version}}"
sha256: "{{ calico_cni_checksum }}"
source_url: "{{ calico_cni_download_url }}"
url: "{{ calico_cni_download_url }}"
owner: "root"
mode: "0755"
- name: calico-cni-plugin-ipam
dest: calico/bin/calico-ipam
version: "{{calico_cni_version}}"
sha256: "{{ calico_cni_ipam_checksum }}"
source_url: "{{ calico_cni_ipam_download_url }}"
url: "{{ calico_cni_ipam_download_url }}"
owner: "root"
mode: "0755"
- name: weave
dest: weave/bin/weave
version: "{{weave_version}}"
source_url: "{{weave_download_url}}"
url: "{{weave_download_url}}"
sha256: "{{ weave_checksum }}"
owner: "root"
mode: "0755"
- name: etcd
version: "{{etcd_version}}"
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
sha256: "{{ etcd_checksum }}"
source_url: "{{ etcd_download_url }}"
url: "{{ etcd_download_url }}"
unarchive: true
owner: "etcd"
mode: "0755"

View file

@ -1,27 +0,0 @@
---
- name: Create dest directories
file:
path: "{{local_release_dir}}/{{item.dest|dirname}}"
state: directory
recurse: yes
with_items: '{{downloads}}'
- name: Download items
get_url:
url: "{{item.source_url}}"
dest: "{{local_release_dir}}/{{item.dest}}"
sha256sum: "{{item.sha256 | default(omit)}}"
owner: "{{ item.owner|default(omit) }}"
mode: "{{ item.mode|default(omit) }}"
with_items: '{{downloads}}'
- name: uploads items
gc_storage:
bucket: kargo
object: "{{item.version}}_{{item.name}}"
src: "{{ local_release_dir }}/{{item.dest}}"
mode: put
permission: public-read
gs_access_key: 'changeme'
gs_secret_key: 'changeme'
with_items: '{{downloads}}'

View file

@ -1,11 +0,0 @@
---
- hosts: localhost
roles:
- {role: uploads}
# TEST download
- hosts: localhost
vars:
local_release_dir: /tmp/from_gcloud
roles:
- {role: download}