Skip to content
main.yml 7.92 KiB
Newer Older
Erwan Miran's avatar
Erwan Miran committed
- name: reset | include file with pre-reset tasks specific to the network_plugin if exists
  include_tasks: "{{ (role_path + '/../network_plugin/' + kube_network_plugin + '/tasks/pre-reset.yml') | realpath  }}"
  when:
    - kube_network_plugin in ['contiv']
  tags:
    - network

- name: reset | stop services
  service:
    name: "{{ item }}"
    state: stopped
  with_items:
    - kubelet
  failed_when: false

- name: reset | remove services
  file:
    path: "/etc/systemd/system/{{ item }}.service"
    state: absent
  with_items:
    - kubelet
  register: services_removed
- name: reset | remove docker dropins
  file:
    path: "/etc/systemd/system/docker.service.d/{{ item }}"
    state: absent
  with_items:
    - docker-dns.conf
    - docker-options.conf
zhengchuan hu's avatar
zhengchuan hu committed
    - http-proxy.conf
- name: reset | systemctl daemon-reload  # noqa 503
  when: services_removed.changed or docker_dropins_removed.changed
- name: reset | remove all containers
  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv"
  args:
    executable: /bin/bash
  register: remove_all_containers
  retries: 4
  until: remove_all_containers.rc == 0
  delay: 5
okamototk's avatar
okamototk committed
  when: container_manager == "docker"
- name: reset | restart docker if needed  # noqa 503
  service:
    name: docker
    state: restarted
okamototk's avatar
okamototk committed
  when: docker_dropins_removed.changed and container_manager == "docker"
- name: reset | stop all cri containers
  shell: "set -o pipefail && crictl ps -aq | xargs -r crictl -t 60s stop"
  args:
    executable: /bin/bash
okamototk's avatar
okamototk committed
  register: remove_all_cri_containers
  retries: 5
  until: remove_all_cri_containers.rc == 0
okamototk's avatar
okamototk committed
    - containerd
  when: container_manager in ["crio", "containerd"]
- name: reset | remove all cri containers
  shell: "set -o pipefail && crictl ps -aq | xargs -r crictl -t 60s rm"
  args:
    executable: /bin/bash
okamototk's avatar
okamototk committed
  register: remove_all_cri_containers
  retries: 5
  until: remove_all_cri_containers.rc == 0
okamototk's avatar
okamototk committed
    - containerd
  when: container_manager in ["crio", "containerd"] and deploy_container_engine|default(true)
- name: reset | stop all cri pods
  shell: "set -o pipefail && crictl pods -q | xargs -r crictl -t 60s stopp"
  args:
    executable: /bin/bash
okamototk's avatar
okamototk committed
  register: remove_all_cri_containers
  retries: 5
  until: remove_all_cri_containers.rc == 0
okamototk's avatar
okamototk committed
    - containerd
  when: container_manager in ["crio", "containerd"]
- name: reset | remove all cri pods
  shell: "set -o pipefail && crictl pods -q | xargs -r crictl -t 60s rmp"
  args:
    executable: /bin/bash
okamototk's avatar
okamototk committed
  register: remove_all_cri_containers
  retries: 5
  until: remove_all_cri_containers.rc == 0
okamototk's avatar
okamototk committed
    - containerd
  when: container_manager in ["crio", "containerd"]

- name: reset | stop etcd services
  service:
    name: "{{ item }}"
    state: stopped
  with_items:
    - etcd
    - etcd-events
  failed_when: false
  tags:
    - services

- name: reset | remove etcd services
  file:
    path: "/etc/systemd/system/{{ item }}.service"
    state: absent
  with_items:
    - etcd
    - etcd-events
  register: services_removed
  tags:
    - services

- name: reset | gather mounted kubelet dirs  # noqa 301
  shell: set -o pipefail && mount | grep /var/lib/kubelet/ | awk '{print $3}' | tac
    executable: /bin/bash
  register: mounted_dirs
- name: reset | unmount kubelet dirs  # noqa 301
  command: umount -f {{ item }}
  with_items: "{{ mounted_dirs.stdout_lines }}"
  register: umount_dir
  retries: 4
  until: umount_dir.rc == 0
  delay: 5
- name: flush iptables
  iptables:
    flush: yes
- name: Clear IPVS virtual server table
  command: "ipvsadm -C"
    - kube_proxy_mode == 'ipvs' and inventory_hostname in groups['k8s-cluster']
- name: reset | check kube-ipvs0 network device
  stat:
    path: /sys/class/net/kube-ipvs0
  register: kube_ipvs0

- name: reset | Remove kube-ipvs0
  command: "ip link del kube-ipvs0"
  when:
    - kube_proxy_mode == 'ipvs'
- name: reset | check nodelocaldns network device
  stat:
    path: /sys/class/net/nodelocaldns
  register: nodelocaldns_device

- name: reset | Remove nodelocaldns
  command: "ip link del nodelocaldns"
  when:
    - enable_nodelocaldns|default(false)|bool
    - nodelocaldns_device.stat.exists

- name: reset | delete some files and directories
  file:
    path: "{{ item }}"
    state: absent
    - /var/lib/kubelet
    - "{{ ansible_env.HOME | default('/root') }}/.kube"
    - "{{ ansible_env.HOME | default('/root') }}/.helm"
    - "{{ etcd_data_dir }}"
    - "{{ etcd_events_data_dir }}"
    - "{{ etcd_config_dir }}"
    - /var/log/calico
    - /etc/cni
    - "{{ nginx_config_dir }}"
    - /etc/dnsmasq.d
    - /etc/dnsmasq.conf
    - /etc/dnsmasq.d-available
    - /etc/etcd.env
    - /etc/calico
jwfang's avatar
jwfang committed
    - /etc/weave.env
    - /opt/cni
    - /etc/dhcp/dhclient.d/zdnsupdate.sh
    - /etc/dhcp/dhclient-exit-hooks.d/zdnsupdate
tanshanshan's avatar
tanshanshan committed
    - /run/flannel
    - /etc/flannel
    - /run/kubernetes
    - /usr/local/share/ca-certificates/etcd-ca.crt
    - /usr/local/share/ca-certificates/kube-ca.crt
    - /usr/local/share/ca-certificates/vault-ca.crt
tanshanshan's avatar
tanshanshan committed
    - /etc/ssl/certs/etcd-ca.pem
    - /etc/ssl/certs/kube-ca.pem
    - /etc/ssl/certs/vault-ca.crt
    - /etc/pki/ca-trust/source/anchors/etcd-ca.crt
    - /etc/pki/ca-trust/source/anchors/kube-ca.crt
    - /etc/pki/ca-trust/source/anchors/vault-ca.crt
tanshanshan's avatar
tanshanshan committed
    - /var/log/pods/
jwfang's avatar
jwfang committed
    - "{{ bin_dir }}/kubelet"
    - "{{ bin_dir }}/etcd-scripts"
    - "{{ bin_dir }}/etcd"
    - "{{ bin_dir }}/etcd-events"
jwfang's avatar
jwfang committed
    - "{{ bin_dir }}/etcdctl"
    - "{{ bin_dir }}/kubernetes-scripts"
    - "{{ bin_dir }}/kubectl"
    - "{{ bin_dir }}/kubeadm"
    - "{{ bin_dir }}/hyperkube"
jwfang's avatar
jwfang committed
    - "{{ bin_dir }}/helm"
    - "{{ bin_dir }}/calicoctl"
    - "{{ bin_dir }}/calicoctl.sh"
    - "{{ bin_dir }}/calico-upgrade"
jwfang's avatar
jwfang committed
    - "{{ bin_dir }}/weave"
    - "{{ bin_dir }}/crictl"
    - "{{ bin_dir }}/netctl"
    - /var/lib/cni
Brad Beam's avatar
Brad Beam committed
    - /etc/vault
Erwan Miran's avatar
Erwan Miran committed
    - /etc/contiv
    - /var/contiv
    - /run/contiv
    - /etc/openvswitch
    - /run/openvswitch
    - /var/lib/kube-router
    - /var/lib/calico
    - /etc/cilium
    - /run/calico
Brad Beam's avatar
Brad Beam committed
  ignore_errors: yes
- name: reset | remove dns settings from dhclient.conf
  blockinfile:
    state: absent
    marker: "# Ansible entries {mark}"
  failed_when: false
  with_items:
    - /etc/dhclient.conf
    - /etc/dhcp/dhclient.conf

- name: reset | remove host entries from /etc/hosts
  blockinfile:
    state: absent
    marker: "# Ansible inventory hosts {mark}"
- name: reset | include file with reset tasks specific to the network_plugin if exists
  include_tasks: "{{ (role_path + '/../network_plugin/' + kube_network_plugin + '/tasks/reset.yml') | realpath  }}"
    - kube_network_plugin in ['flannel', 'cilium', 'contiv', 'kube-router', 'calico']
- name: reset | Restart network
  service:
    name: >-
      {% if ansible_os_family == "RedHat" -%}
      {%- if ansible_distribution_major_version|int == 8 -%}
      NetworkManager
      {%- else -%}
      {%- endif -%}
      {%- elif ansible_distribution == "Ubuntu" and ansible_distribution_release in ["bionic", "focal"] -%}
      {%- elif ansible_os_family == "Debian" -%}
      networking
      {%- endif %}
    state: restarted
    - ansible_os_family not in ["Flatcar Container Linux by Kinvolk"]
    - reset_restart_network