c12s-kubespray/roles/reset/tasks/main.yml
Maxim Krasilnikov 2ba285a544 Fixed deploy cluster with vault cert manager (#1548)
* Added custom ips to etcd vault distributed certificates

* Added custom ips to kube-master vault distributed certificates

* Added comment about issue_cert_copy_ca var in vault/issue_cert role file

* Generate kube-proxy, controller-manager and scheduler certificates by vault

* Revert "Disable vault from CI (#1546)"

This reverts commit 781f31d2b8.

* Fixed upgrade cluster with vault cert manager

* Remove vault dir in reset playbook
2017-08-20 13:53:58 +03:00

136 lines
3.2 KiB
YAML

---
- name: reset | stop services
service:
name: "{{ item }}"
state: stopped
with_items:
- kubelet
- etcd
failed_when: false
tags: ['services']
- name: reset | remove services
file:
path: "/etc/systemd/system/{{ item }}.service"
state: absent
with_items:
- kubelet
- etcd
register: services_removed
tags: ['services']
- name: reset | remove docker dropins
file:
path: "/etc/systemd/system/docker.service.d/{{ item }}"
state: absent
with_items:
- docker-dns.conf
- docker-options.conf
register: docker_dropins_removed
tags: ['docker']
- name: reset | systemctl daemon-reload
command: systemctl daemon-reload
when: services_removed.changed or docker_dropins_removed.changed
- name: reset | remove all containers
shell: "{{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv"
tags: ['docker']
- name: reset | restart docker if needed
service:
name: docker
state: restarted
when: docker_dropins_removed.changed
tags: ['docker']
- name: reset | gather mounted kubelet dirs
shell: mount | grep /var/lib/kubelet | awk '{print $3}' | tac
check_mode: no
register: mounted_dirs
tags: ['mounts']
- name: reset | unmount kubelet dirs
command: umount {{item}}
with_items: '{{ mounted_dirs.stdout_lines }}'
tags: ['mounts']
- name: flush iptables
iptables:
flush: yes
when: flush_iptables|bool
tags: ['iptables']
- name: reset | delete some files and directories
file:
path: "{{ item }}"
state: absent
with_items:
- "{{kube_config_dir}}"
- /var/lib/kubelet
- "{{ etcd_data_dir }}"
- /etc/ssl/etcd
- /var/log/calico
- /etc/cni
- /etc/nginx
- /etc/dnsmasq.d
- /etc/dnsmasq.conf
- /etc/dnsmasq.d-available
- /etc/etcd.env
- /etc/calico
- /etc/weave.env
- /opt/cni
- /etc/dhcp/dhclient.d/zdnsupdate.sh
- /etc/dhcp/dhclient-exit-hooks.d/zdnsupdate
- /run/flannel
- /etc/flannel
- /run/kubernetes
- /usr/local/share/ca-certificates/kube-ca.crt
- /usr/local/share/ca-certificates/etcd-ca.crt
- /etc/ssl/certs/kube-ca.pem
- /etc/ssl/certs/etcd-ca.pem
- /etc/vault
- /var/log/pods/
- "{{ bin_dir }}/kubelet"
- "{{ bin_dir }}/etcd-scripts"
- "{{ bin_dir }}/etcd"
- "{{ bin_dir }}/etcdctl"
- "{{ bin_dir }}/kubernetes-scripts"
- "{{ bin_dir }}/kubectl"
- "{{ bin_dir }}/helm"
- "{{ bin_dir }}/calicoctl"
- "{{ bin_dir }}/weave"
tags: ['files']
- name: reset | remove dns settings from dhclient.conf
blockinfile:
dest: "{{ item }}"
state: absent
follow: yes
marker: "# Ansible entries {mark}"
failed_when: false
with_items:
- /etc/dhclient.conf
- /etc/dhcp/dhclient.conf
tags: ['files', 'dns']
- name: reset | remove host entries from /etc/hosts
blockinfile:
dest: "/etc/hosts"
state: absent
follow: yes
marker: "# Ansible inventory hosts {mark}"
tags: ['files', 'dns']
- name: reset | Restart network
service:
name: >-
{% if ansible_os_family == "RedHat" -%}
network
{%- elif ansible_os_family == "Debian" -%}
networking
{%- endif %}
state: restarted
when: ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"]
tags: ['services', 'network']