Purge old upgrade hooks and unused tasks (#1641)
This commit is contained in:
parent
649388188b
commit
5d99fa0940
15 changed files with 2 additions and 380 deletions
|
@ -1,6 +1,4 @@
|
|||
---
|
||||
- include: pre_upgrade.yml
|
||||
|
||||
- name: ensure dnsmasq.d directory exists
|
||||
file:
|
||||
path: /etc/dnsmasq.d
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
- name: Delete legacy dnsmasq daemonset
|
||||
kube:
|
||||
name: dnsmasq
|
||||
namespace: "{{system_namespace}}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "ds"
|
||||
state: absent
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
|
@ -11,22 +11,3 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
|
||||
# Plan B: looks nicer, but requires docker-py on all hosts:
|
||||
# - name: Install | Set up etcd-binarycopy container
|
||||
# docker:
|
||||
# name: etcd-binarycopy
|
||||
# state: present
|
||||
# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
|
||||
# when: etcd_deployment_type == "docker"
|
||||
#
|
||||
# - name: Install | Copy etcdctl from etcd-binarycopy container
|
||||
# command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
|
||||
# when: etcd_deployment_type == "docker"
|
||||
#
|
||||
# - name: Install | Clean up etcd-binarycopy container
|
||||
# docker:
|
||||
# name: etcd-binarycopy
|
||||
# state: absent
|
||||
# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
|
||||
# when: etcd_deployment_type == "docker"
|
||||
|
|
|
@ -1,8 +1,4 @@
|
|||
---
|
||||
- include: pre_upgrade.yml
|
||||
when: etcd_cluster_setup
|
||||
tags: etcd-pre-upgrade
|
||||
|
||||
- include: check_certs.yml
|
||||
when: cert_management == "script"
|
||||
tags: [etcd-secrets, facts]
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
---
|
||||
- name: "Pre-upgrade | check for etcd-proxy unit file"
|
||||
stat:
|
||||
path: /etc/systemd/system/etcd-proxy.service
|
||||
register: etcd_proxy_service_file
|
||||
tags: facts
|
||||
|
||||
- name: "Pre-upgrade | check for etcd-proxy init script"
|
||||
stat:
|
||||
path: /etc/init.d/etcd-proxy
|
||||
register: etcd_proxy_init_script
|
||||
tags: facts
|
||||
|
||||
- name: "Pre-upgrade | stop etcd-proxy if service defined"
|
||||
service:
|
||||
name: etcd-proxy
|
||||
state: stopped
|
||||
when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
|
||||
|
||||
- name: "Pre-upgrade | remove etcd-proxy service definition"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
when: (etcd_proxy_service_file.stat.exists|default(False) or etcd_proxy_init_script.stat.exists|default(False))
|
||||
with_items:
|
||||
- /etc/systemd/system/etcd-proxy.service
|
||||
- /etc/init.d/etcd-proxy
|
||||
|
||||
- name: "Pre-upgrade | find etcd-proxy container"
|
||||
command: "{{ docker_bin_dir }}/docker ps -aq --filter 'name=etcd-proxy*'"
|
||||
register: etcd_proxy_container
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: "Pre-upgrade | remove etcd-proxy if it exists"
|
||||
command: "{{ docker_bin_dir }}/docker rm -f {{item}}"
|
||||
with_items: "{{etcd_proxy_container.stdout_lines|default()}}"
|
||||
|
||||
- name: "Pre-upgrade | see if etcdctl is installed"
|
||||
stat:
|
||||
path: "{{ bin_dir }}/etcdctl"
|
||||
register: etcdctl_installed
|
||||
|
||||
- name: "Pre-upgrade | check if member list is non-SSL"
|
||||
command: "{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list"
|
||||
register: etcd_member_list
|
||||
retries: 10
|
||||
delay: 3
|
||||
until: etcd_member_list.rc != 2
|
||||
run_once: true
|
||||
when: etcdctl_installed.stat.exists
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: "Pre-upgrade | change peer names to SSL"
|
||||
shell: >-
|
||||
{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list |
|
||||
awk -F"[: =]" '{print "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses | regex_replace('https','http') }} member update "$1" https:"$7":"$8}' | bash
|
||||
run_once: true
|
||||
when: 'etcdctl_installed.stat.exists and etcd_member_list.rc == 0 and "http://" in etcd_member_list.stdout'
|
|
@ -85,6 +85,3 @@
|
|||
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
|
||||
notify: Master | wait for kube-controller-manager
|
||||
tags: kube-controller-manager
|
||||
|
||||
- include: post-upgrade.yml
|
||||
tags: k8s-post-upgrade
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
---
|
||||
- name: "Post-upgrade | stop kubelet on all masters"
|
||||
service:
|
||||
name: kubelet
|
||||
state: stopped
|
||||
delegate_to: "{{item}}"
|
||||
with_items: "{{groups['kube-master']}}"
|
||||
when: needs_etcd_migration|bool
|
||||
run_once: true
|
||||
|
||||
- name: "Post-upgrade | Pause for kubelet stop"
|
||||
pause:
|
||||
seconds: 10
|
||||
when: needs_etcd_migration|bool
|
||||
|
||||
- name: "Post-upgrade | start kubelet on all masters"
|
||||
service:
|
||||
name: kubelet
|
||||
state: started
|
||||
delegate_to: "{{item}}"
|
||||
with_items: "{{groups['kube-master']}}"
|
||||
when: needs_etcd_migration|bool
|
||||
run_once: true
|
||||
|
||||
- name: "Post-upgrade | etcd3 upgrade | purge etcd2 k8s data"
|
||||
command: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} rm -r /registry"
|
||||
environment:
|
||||
ETCDCTL_API: 2
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
run_once: true
|
||||
when: kube_apiserver_storage_backend == "etcd3" and needs_etcd_migration|bool|default(false)
|
|
@ -1,38 +1,4 @@
|
|||
---
|
||||
- name: "Pre-upgrade | check for kube-apiserver unit file"
|
||||
stat:
|
||||
path: /etc/systemd/system/kube-apiserver.service
|
||||
register: kube_apiserver_service_file
|
||||
tags: [facts, kube-apiserver]
|
||||
|
||||
- name: "Pre-upgrade | check for kube-apiserver init script"
|
||||
stat:
|
||||
path: /etc/init.d/kube-apiserver
|
||||
register: kube_apiserver_init_script
|
||||
tags: [facts, kube-apiserver]
|
||||
|
||||
- name: "Pre-upgrade | stop kube-apiserver if service defined"
|
||||
service:
|
||||
name: kube-apiserver
|
||||
state: stopped
|
||||
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
||||
tags: kube-apiserver
|
||||
|
||||
- name: "Pre-upgrade | remove kube-apiserver service definition"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
||||
with_items:
|
||||
- /etc/systemd/system/kube-apiserver.service
|
||||
- /etc/init.d/kube-apiserver
|
||||
tags: kube-apiserver
|
||||
|
||||
- name: "Pre-upgrade | See if kube-apiserver manifest exists"
|
||||
stat:
|
||||
path: /etc/kubernetes/manifests/kube-apiserver.manifest
|
||||
register: kube_apiserver_manifest
|
||||
|
||||
- name: "Pre-upgrade | etcd3 upgrade | see if old config exists"
|
||||
command: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} ls /registry/minions"
|
||||
environment:
|
||||
|
@ -47,19 +13,6 @@
|
|||
kube_apiserver_storage_backend: "etcd2"
|
||||
when: old_data_exists.rc == 0 and not force_etcd3|bool
|
||||
|
||||
- name: "Pre-upgrade | etcd3 upgrade | see if data was already migrated"
|
||||
command: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} get --limit=1 --prefix=true /registry/minions"
|
||||
environment:
|
||||
ETCDCTL_API: 3
|
||||
register: data_migrated
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
when: kube_apiserver_storage_backend == "etcd3"
|
||||
failed_when: false
|
||||
|
||||
- name: "Pre-upgrade | etcd3 upgrade | set needs_etcd_migration"
|
||||
set_fact:
|
||||
needs_etcd_migration: "{{ force_etcd3|default(false) and kube_apiserver_storage_backend == 'etcd3' and data_migrated.stdout_lines|length == 0 and old_data_exists.rc == 0 }}"
|
||||
|
||||
- name: "Pre-upgrade | Delete master manifests on all kube-masters"
|
||||
file:
|
||||
path: "/etc/kubernetes/manifests/{{item[1]}}.manifest"
|
||||
|
@ -69,7 +22,7 @@
|
|||
- "{{groups['kube-master']}}"
|
||||
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||
register: kube_apiserver_manifest_replaced
|
||||
when: (secret_changed|default(false) or etcd_secret_changed|default(false) or needs_etcd_migration|bool) and kube_apiserver_manifest.stat.exists
|
||||
when: (secret_changed|default(false) or etcd_secret_changed|default(false))
|
||||
|
||||
- name: "Pre-upgrade | Delete master containers forcefully on all kube-masters"
|
||||
shell: "docker ps -f name=k8s-{{item}}* -q | xargs --no-run-if-empty docker rm -f"
|
||||
|
@ -77,34 +30,5 @@
|
|||
with_nested:
|
||||
- "{{groups['kube-master']}}"
|
||||
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||
register: kube_apiserver_manifest_replaced
|
||||
when: (secret_changed|default(false) or etcd_secret_changed|default(false) or needs_etcd_migration|bool) and kube_apiserver_manifest.stat.exists
|
||||
run_once: true
|
||||
|
||||
- name: "Pre-upgrade | etcd3 upgrade | stop etcd"
|
||||
service:
|
||||
name: etcd
|
||||
state: stopped
|
||||
delegate_to: "{{item}}"
|
||||
with_items: "{{groups['etcd']}}"
|
||||
when: needs_etcd_migration|bool
|
||||
run_once: true
|
||||
|
||||
- name: "Pre-upgrade | etcd3 upgrade | migrate data"
|
||||
command: "{{ bin_dir }}/etcdctl migrate --data-dir=\"{{ etcd_data_dir }}\" --wal-dir=\"{{ etcd_data_dir }}/member/wal\""
|
||||
environment:
|
||||
ETCDCTL_API: 3
|
||||
delegate_to: "{{item}}"
|
||||
with_items: "{{groups['etcd']}}"
|
||||
register: etcd_migrated
|
||||
when: needs_etcd_migration|bool
|
||||
run_once: true
|
||||
|
||||
- name: "Pre-upgrade | etcd3 upgrade | start etcd"
|
||||
service:
|
||||
name: etcd
|
||||
state: started
|
||||
delegate_to: "{{item}}"
|
||||
with_items: "{{groups['etcd']}}"
|
||||
when: needs_etcd_migration|bool
|
||||
when: kube_apiserver_manifest_replaced.changed
|
||||
run_once: true
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
---
|
||||
# Deploy git infos
|
||||
# ----------------
|
||||
- name: 'GIT | Install script for collecting git info'
|
||||
template:
|
||||
src: "{{ role_path }}/gen-gitinfos.sh"
|
||||
dest: "{{ bin_dir }}/gen-gitinfos.sh"
|
||||
mode: a+rwx
|
||||
|
||||
- name: 'GIT | generate git informations'
|
||||
local_action: command {{ role_path }}/gen-gitinfos.sh global
|
||||
register: gitinfo
|
||||
check_mode: no
|
||||
|
||||
- name: 'GIT | copy ansible information'
|
||||
template:
|
||||
src: ansible_git.j2
|
||||
dest: /etc/.ansible.ini
|
||||
backup: yes
|
||||
|
||||
- name: 'GIT | generate diff file'
|
||||
local_action: command {{ role_path }}/gen-gitinfos.sh diff
|
||||
register: gitdiff
|
||||
check_mode: no
|
||||
|
||||
- name: 'GIT | copy git diff file'
|
||||
copy:
|
||||
content: "{{ gitdiff.stdout }}"
|
||||
dest: /etc/.git-ansible.diff
|
||||
backup: yes
|
|
@ -16,10 +16,6 @@
|
|||
become: true
|
||||
tags: bootstrap-os
|
||||
|
||||
- include: gitinfos.yml
|
||||
when: run_gitinfos
|
||||
tags: facts
|
||||
|
||||
- include: set_facts.yml
|
||||
tags: facts
|
||||
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
---
|
||||
- include: pre-upgrade.yml
|
||||
|
||||
- include: seed.yml
|
||||
when: weave_mode_seed
|
||||
|
||||
|
|
|
@ -1,42 +0,0 @@
|
|||
---
|
||||
- name: Weave pre-upgrade | Stop legacy weave
|
||||
command: weave stop
|
||||
failed_when: false
|
||||
|
||||
- name: Weave pre-upgrade | Stop legacy systemd weave services
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
enabled: no
|
||||
state: stopped
|
||||
with_items:
|
||||
- weaveexpose
|
||||
- weaveproxy
|
||||
- weave
|
||||
failed_when: false
|
||||
|
||||
- name: Weave pre-upgrade | Purge legacy systemd weave systemd unit files
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
register: purged_weave_systemd_units
|
||||
with_items:
|
||||
- "/etc/systemd/system/weaveexpose.service"
|
||||
- "/etc/systemd/system/weaveproxy.service"
|
||||
- "/etc/systemd/system/weave.service"
|
||||
|
||||
- name: Weave pre-upgrade | Reload systemd
|
||||
command: systemctl daemon-reload
|
||||
when: ansible_service_mgr == "systemd" and purged_weave_systemd_units.changed
|
||||
|
||||
- name: Weave pre-upgrade | Purge legacy weave configs and binary
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "{{ bin_dir }}/weave"
|
||||
- "/etc/weave.env"
|
||||
|
||||
- name: Weave pre-upgrade | Purge legacy weave docker containers
|
||||
shell: "docker ps -af 'name=^/weave.*' -q | xargs --no-run-if-empty docker rm -f"
|
||||
retries: 3
|
||||
failed_when: false
|
|
@ -1,58 +0,0 @@
|
|||
---
|
||||
local_release_dir: /tmp
|
||||
|
||||
# Versions
|
||||
etcd_version: v3.0.17
|
||||
calico_version: v2.5.0
|
||||
calico_cni_version: v1.10.0
|
||||
weave_version: v2.0.1
|
||||
|
||||
# Download URL's
|
||||
etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
|
||||
calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico"
|
||||
calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam"
|
||||
weave_download_url: "https://github.com/weaveworks/weave/releases/download/{{weave_version}}/weave"
|
||||
|
||||
# Checksums
|
||||
calico_cni_checksum: "c72abd0d7ee88376952e43999bcbfa7958171708108bd3f1087c599115350b46"
|
||||
calico_cni_ipam_checksum: "280fdb1d80f11904adc11760a9a5f3ae29b2aaf911ff0163a8da25646e757413"
|
||||
weave_checksum: "311f5fe25036c774c3ea9975e033f67e1f3c5afbe8b5693a1d36d51c94ac31c4"
|
||||
etcd_checksum: "274c46a7f8d26f7ae99d6880610f54933cbcf7f3beafa19236c52eb5df8c7a0b"
|
||||
|
||||
downloads:
|
||||
- name: calico-cni-plugin
|
||||
dest: calico/bin/calico
|
||||
version: "{{calico_cni_version}}"
|
||||
sha256: "{{ calico_cni_checksum }}"
|
||||
source_url: "{{ calico_cni_download_url }}"
|
||||
url: "{{ calico_cni_download_url }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: calico-cni-plugin-ipam
|
||||
dest: calico/bin/calico-ipam
|
||||
version: "{{calico_cni_version}}"
|
||||
sha256: "{{ calico_cni_ipam_checksum }}"
|
||||
source_url: "{{ calico_cni_ipam_download_url }}"
|
||||
url: "{{ calico_cni_ipam_download_url }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: weave
|
||||
dest: weave/bin/weave
|
||||
version: "{{weave_version}}"
|
||||
source_url: "{{weave_download_url}}"
|
||||
url: "{{weave_download_url}}"
|
||||
sha256: "{{ weave_checksum }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: etcd
|
||||
version: "{{etcd_version}}"
|
||||
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
|
||||
sha256: "{{ etcd_checksum }}"
|
||||
source_url: "{{ etcd_download_url }}"
|
||||
url: "{{ etcd_download_url }}"
|
||||
unarchive: true
|
||||
owner: "etcd"
|
||||
mode: "0755"
|
|
@ -1,27 +0,0 @@
|
|||
---
|
||||
- name: Create dest directories
|
||||
file:
|
||||
path: "{{local_release_dir}}/{{item.dest|dirname}}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
with_items: '{{downloads}}'
|
||||
|
||||
- name: Download items
|
||||
get_url:
|
||||
url: "{{item.source_url}}"
|
||||
dest: "{{local_release_dir}}/{{item.dest}}"
|
||||
sha256sum: "{{item.sha256 | default(omit)}}"
|
||||
owner: "{{ item.owner|default(omit) }}"
|
||||
mode: "{{ item.mode|default(omit) }}"
|
||||
with_items: '{{downloads}}'
|
||||
|
||||
- name: uploads items
|
||||
gc_storage:
|
||||
bucket: kargo
|
||||
object: "{{item.version}}_{{item.name}}"
|
||||
src: "{{ local_release_dir }}/{{item.dest}}"
|
||||
mode: put
|
||||
permission: public-read
|
||||
gs_access_key: 'changeme'
|
||||
gs_secret_key: 'changeme'
|
||||
with_items: '{{downloads}}'
|
11
uploads.yml
11
uploads.yml
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- {role: uploads}
|
||||
|
||||
# TEST download
|
||||
- hosts: localhost
|
||||
vars:
|
||||
local_release_dir: /tmp/from_gcloud
|
||||
roles:
|
||||
- {role: download}
|
Loading…
Reference in a new issue