From 672e47a7ebfb6ddc87b2ffdf171563f0163c364d Mon Sep 17 00:00:00 2001 From: cyril-corbon Date: Mon, 28 Feb 2022 19:59:46 +0100 Subject: [PATCH] feat: check & uninstall container engine (#8439) Signed-off-by: Cyril Corbon --- .../containerd/tasks/reset.yml | 41 ++++++ .../cri-o/tasks/crio_repo.yml | 5 +- roles/container-engine/cri-o/tasks/reset.yml | 91 ++++++++++++++ roles/container-engine/docker/tasks/reset.yml | 61 +++++++++ roles/container-engine/meta/main.yml | 5 + .../validate-container-engine/tasks/main.yml | 117 ++++++++++++++++++ 6 files changed, 317 insertions(+), 3 deletions(-) create mode 100644 roles/container-engine/containerd/tasks/reset.yml create mode 100644 roles/container-engine/cri-o/tasks/reset.yml create mode 100644 roles/container-engine/docker/tasks/reset.yml create mode 100644 roles/container-engine/validate-container-engine/tasks/main.yml diff --git a/roles/container-engine/containerd/tasks/reset.yml b/roles/container-engine/containerd/tasks/reset.yml new file mode 100644 index 000000000..5c551b6d9 --- /dev/null +++ b/roles/container-engine/containerd/tasks/reset.yml @@ -0,0 +1,41 @@ +--- +- name: containerd | Remove containerd repository for RedHat os family + file: + path: "{{ yum_repo_dir }}/containerd.repo" + state: absent + when: + - ansible_os_family in ['RedHat'] + tags: + - reset_containerd + +- name: containerd | Remove containerd repository for Debian os family + apt_repository: + repo: "{{ item }}" + state: absent + with_items: "{{ containerd_repo_info.repos }}" + when: ansible_pkg_mgr == 'apt' + tags: + - reset_containerd + +- name: containerd | Stop containerd service + service: + name: containerd + daemon_reload: true + enabled: false + masked: true + state: stopped + tags: + - reset_containerd + +- name: containerd | Remove configuration files + file: + path: "{{ item }}" + state: absent + loop: + - /etc/systemd/system/containerd.service + - "{{ containerd_systemd_dir }}" + - "{{ containerd_cfg_dir }}" + - "{{ containerd_storage_dir }}" + - "{{ containerd_state_dir }}" + tags: + - reset_containerd diff --git a/roles/container-engine/cri-o/tasks/crio_repo.yml b/roles/container-engine/cri-o/tasks/crio_repo.yml index 51142640c..f2b1b71a9 100644 --- a/roles/container-engine/cri-o/tasks/crio_repo.yml +++ b/roles/container-engine/cri-o/tasks/crio_repo.yml @@ -1,5 +1,4 @@ --- - - block: - name: Add Debian Backports apt repo apt_repository: @@ -99,7 +98,7 @@ baseurl: http://{{ crio_download_base }}/CentOS_{{ ansible_distribution_major_version }}/ gpgcheck: yes gpgkey: http://{{ crio_download_base }}/CentOS_{{ ansible_distribution_major_version }}/repodata/repomd.xml.key - keepcache: '0' + keepcache: "0" when: - ansible_os_family == "RedHat" - ansible_distribution not in ["Amazon", "Fedora"] @@ -122,7 +121,7 @@ baseurl: http://{{ crio_download_base }}/CentOS_7/ gpgcheck: yes gpgkey: http://{{ crio_download_base }}/CentOS_7/repodata/repomd.xml.key - keepcache: '0' + keepcache: "0" when: ansible_distribution in ["Amazon"] - name: Add CRI-O kubic yum repo diff --git a/roles/container-engine/cri-o/tasks/reset.yml b/roles/container-engine/cri-o/tasks/reset.yml new file mode 100644 index 000000000..24f50be3d --- /dev/null +++ b/roles/container-engine/cri-o/tasks/reset.yml @@ -0,0 +1,91 @@ +--- +- name: CRI-O | Kubic repo name for debian os family + set_fact: + crio_kubic_debian_repo_name: "{{ ((ansible_distribution == 'Ubuntu') | ternary('x','')) ~ ansible_distribution ~ '_' ~ ansible_distribution_version }}" + when: ansible_os_family == "Debian" + tags: + - reset_crio + +- name: CRI-O | Remove kubic apt repo + apt_repository: + repo: "deb http://{{ crio_download_base }}/{{ crio_kubic_debian_repo_name }}/ /" + state: absent + when: crio_kubic_debian_repo_name is defined + tags: + - reset_crio + +- name: CRI-O | Remove cri-o apt repo + apt_repository: + repo: "deb {{ crio_download_crio }}{{ crio_version }}/{{ crio_kubic_debian_repo_name }}/ /" + state: present + filename: devel-kubic-libcontainers-stable-cri-o + when: crio_kubic_debian_repo_name is defined + tags: + - reset_crio + +- name: CRI-O | Remove CRI-O kubic yum repo + yum_repository: + name: devel_kubic_libcontainers_stable + state: absent + when: ansible_distribution in ["Amazon"] + tags: + - reset_crio + +- name: CRI-O | Remove CRI-O kubic yum repo + yum_repository: + name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}" + state: absent + when: + - ansible_os_family == "RedHat" + - ansible_distribution not in ["Amazon", "Fedora"] + tags: + - reset_crio + +- name: CRI-O | Run yum-clean-metadata + command: yum clean metadata + args: + warn: no + when: + - ansible_os_family == "RedHat" + tags: + - reset_crio + +- name: CRI-O | Remove crictl + file: + name: "{{ item }}" + state: absent + loop: + - /etc/crictl.yaml + - "{{ bin_dir }}/crictl" + tags: + - reset_crio + +- name: CRI-O | Stop crio service + service: + name: crio + daemon_reload: true + enabled: false + masked: true + state: stopped + tags: + - reset_crio + +- name: CRI-O | Remove CRI-O configuration files + file: + name: "{{ item }}" + state: absent + loop: + - /etc/crio + - /etc/containers + - /etc/systemd/system/crio.service.d + tags: + - reset_crio + +- name: CRI-O | Uninstall CRI-O package + package: + name: "{{ item }}" + state: absent + when: not is_ostree + with_items: "{{ crio_packages }}" + tags: + - reset_crio diff --git a/roles/container-engine/docker/tasks/reset.yml b/roles/container-engine/docker/tasks/reset.yml new file mode 100644 index 000000000..7feec312a --- /dev/null +++ b/roles/container-engine/docker/tasks/reset.yml @@ -0,0 +1,61 @@ +--- +- name: Docker | ensure docker-ce repository is removed + apt_repository: + repo: "{{ item }}" + state: absent + with_items: "{{ docker_repo_info.repos }}" + when: ansible_pkg_mgr == 'apt' + tags: + - reset_docker + +- name: Docker | Remove docker repository on Fedora + file: + name: "{{ yum_repo_dir }}/docker.repo" + state: absent + when: ansible_distribution == "Fedora" and not is_ostree + tags: + - reset_docker + +- name: Docker | Remove docker repository on RedHat/CentOS/Oracle/AlmaLinux Linux + template: + name: "{{ yum_repo_dir }}/docker-ce.repo" + state: absent + when: + - ansible_os_family == "RedHat" + - ansible_distribution != "Fedora" + - not is_ostree + tags: + - reset_docker + +- name: Docker | Stop docker service + service: + name: docker + daemon_reload: true + enabled: false + masked: true + state: stopped + tags: + - reset_docker + +- name: Docker | Remove docker configuration files + file: + name: "{{ item }}" + state: absent + loop: + - /etc/systemd/system/docker.service.d/ + - /var/lib/docker + - /etc/docker + tags: + - reset_docker + +- name: Docker | Remove docker package + package: + name: "{{ docker_package_info.pkgs }}" + state: absent + changed_when: false + when: + - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] + - not is_ostree + - docker_package_info.pkgs|length > 0 + tags: + - reset_docker diff --git a/roles/container-engine/meta/main.yml b/roles/container-engine/meta/main.yml index 7ef823629..bed9c13a2 100644 --- a/roles/container-engine/meta/main.yml +++ b/roles/container-engine/meta/main.yml @@ -1,6 +1,11 @@ # noqa role-name - this is a meta role that doesn't need a name --- dependencies: + - role: container-engine/validate-container-engine + tags: + - container-engine + - validate-container-engine + - role: container-engine/kata-containers when: - kata_containers_enabled diff --git a/roles/container-engine/validate-container-engine/tasks/main.yml b/roles/container-engine/validate-container-engine/tasks/main.yml new file mode 100644 index 000000000..ad9e92feb --- /dev/null +++ b/roles/container-engine/validate-container-engine/tasks/main.yml @@ -0,0 +1,117 @@ +--- +- name: Ensure kubelet systemd unit exists + stat: + path: "/etc/systemd/system/kubelet.service" + register: kubelet_systemd_unit_exists + +- name: Check if containerd is installed + find: + file_type: file + recurse: yes + use_regex: yes + patterns: + - containerd.service$ + paths: + - /lib/systemd + - /etc/systemd + - /run/systemd + register: containerd_installed + +- name: Check if docker is installed + find: + file_type: file + recurse: yes + use_regex: yes + patterns: + - docker.service$ + paths: + - /lib/systemd + - /etc/systemd + - /run/systemd + register: docker_installed + +- name: Check if crio is installed + find: + file_type: file + recurse: yes + use_regex: yes + patterns: + - crio.service$ + paths: + - /lib/systemd + - /etc/systemd + - /run/systemd + register: crio_installed + +- name: Uninstall containerd + block: + - name: Drain node + include_role: + name: remove-node/pre-remove + apply: + tags: + - pre-remove + - name: Stop kubelet + service: + name: kubelet + state: stopped + when: + - kubelet_systemd_unit_exists + - name: Remove Containerd + include_role: + name: container-engine/containerd + apply: + tags: + - reset_containerd + when: + - container_manager != "containerd" + - docker_installed.matched == 0 + - containerd_installed.matched > 0 + +- name: Uninstall docker + block: + - name: Drain node + include_role: + name: remove-node/pre-remove + apply: + tags: + - pre-remove + - name: Stop kubelet + service: + name: kubelet + state: stopped + when: + - kubelet_systemd_unit_exists + - name: Remove Docker + include_role: + name: container-engine/docker + apply: + tags: + - reset_docker + when: + - container_manager != "docker" + - docker_installed.matched > 0 + +- name: Uninstall crio + block: + - name: Drain node + include_role: + name: remove-node/pre-remove + apply: + tags: + - pre-remove + - name: Stop kubelet + service: + name: kubelet + state: stopped + when: + - kubelet_systemd_unit_exists + - name: Remove CRI-O + include_role: + name: container-engine/crio + apply: + tags: + - reset_crio + when: + - container_manager != "crio" + - crio_installed.matched > 0