新增role: clean，重写99.clean.yml

99.clean.yml

@@ -1,241 +1,17 @@
 # WARNING: This playbook will erase the entire k8s-cluster, include PODs, ETCD data etc.
 # Make sure you know what you are doing.
 
-# to clean 'kube-node' nodes
 - hosts:
   - kube-master
-  - kube-node
-  tasks:
-  - name: stop and disable kube-node service
-    service: name={{ item }} state=stopped enabled=no
-    with_items:
-    - kubelet
-    - kube-proxy
-    ignore_errors: true
-
-  - name: umount kubelet filesystems
-    shell: "mount | grep '/var/lib/kubelet'| awk '{print $3}'|xargs umount || exit 0"
-    args:
-      warn: false
-    ignore_errors: true
-
-  - name: remove files and dirs of 'kube-node' nodes
-    file: name={{ item }} state=absent
-    with_items:
-    - "/var/lib/kubelet/"
-    - "/var/lib/kube-proxy/"
-    - "/etc/systemd/system/kubelet.service"
-    - "/etc/systemd/system/kube-proxy.service"
-    - "/opt/kube/kube-system/"
-
-# to clean 'kube-master' nodes
-- hosts:
-  - kube-master
-  tasks:
-  - name: stop and disable kube-master service
-    service: name={{ item }} state=stopped enabled=no
-    with_items:
-    - kube-apiserver
-    - kube-controller-manager
-    - kube-scheduler
-    ignore_errors: true
-
-  - name: remove files and dirs of 'kube-master' nodes
-    file: name={{ item }} state=absent
-    with_items:
-    - "/var/run/kubernetes"
-    - "/etc/systemd/system/kube-apiserver.service"
-    - "/etc/systemd/system/kube-controller-manager.service"
-    - "/etc/systemd/system/kube-scheduler.service"
-
-# to clean container runtime and networking
-- hosts:
-  - kube-master
-  - kube-node
-  tasks:
-  - block:
-      - name: to check if container 'kubeasz' is running
-        shell: 'docker ps|grep kubeasz || echo "NOT FOUND"'
-        register: install_info
-    
-      - name: fail info
-        fail: msg="you CAN NOT delete dockerd, because container 'kubeasz' is running!" 
-        when: "'kubeasz' in install_info.stdout"
-    
-      - name: stop and disable docker service
-        service: 
-          name: docker
-          state: stopped
-          enabled: no
-        ignore_errors: true
-    
-      # as k8s-network-plugins use host-network, '/var/run/docker/netns/default' must be umounted
-      - name: unmount docker filesystem-1
-        mount: path=/var/run/docker/netns/default state=unmounted
-    
-      - name: unmount docker filesystem-2
-        mount: path=/var/lib/docker/overlay state=unmounted
-    
-      - name: remove files and dirs
-        file: name={{ item }} state=absent
-        with_items:
-        - "/var/lib/docker/"
-        - "/var/run/docker/"
-        - "/etc/systemd/system/docker.service"
-        - "/etc/systemd/system/docker.service.requires/"
-        - "/etc/systemd/system/docker.service.d/"
-        - "/etc/bash_completion.d/docker"
-        - "/usr/bin/docker"
-    when: CONTAINER_RUNTIME == 'docker'
-
-  - block:
-      - name: stop and disable containerd service
-        service: 
-          name: containerd
-          state: stopped
-          enabled: no
-        ignore_errors: true
-
-      - name: umount containerd filesystems
-        shell: "mount | grep 'containerd/io.containerd'| awk '{print $3}'|xargs umount || exit 0"
-        args:
-          warn: false
-        ignore_errors: true
-
-      - name: remove files and dirs
-        file: name={{ item }} state=absent
-        with_items:
-        - "/etc/containerd/"
-        - "/etc/crictl.yaml"
-        - "/etc/systemd/system/containerd.service"
-        - "/opt/containerd/"
-        - "/var/lib/containerd/"
-        - "/var/run/containerd/"
-    when: CONTAINER_RUNTIME == 'containerd'
-
-  - name: remove files and dirs2
-    file: name={{ item }} state=absent
-    with_items:
-    - "/etc/cni/"
-    - "/run/flannel/"
-    - "/etc/calico/"
-    - "/var/run/calico/"
-    - "/var/lib/calico/"
-    - "/var/log/calico/"
-    - "/etc/cilium/"
-    - "/var/run/cilium/"
-    - "/sys/fs/bpf/tc/"
-    - "/var/lib/cni/"
-    - "/var/lib/kube-router/"
-    - "/opt/kube/kube-system/"
-    - "/var/run/openvswitch/"
-    - "/etc/origin/openvswitch/"
-    - "/etc/openvswitch/"
-    - "/var/log/openvswitch/"
-
-  - name: cleanup iptables
-    shell: "iptables -F && iptables -X \
-	&& iptables -F -t nat && iptables -X -t nat \
-	&& iptables -F -t raw && iptables -X -t raw \
-	&& iptables -F -t mangle && iptables -X -t mangle"
-
-  - name: cleanup networks1
-    shell: "ip link del tunl0; \
-	ip link del flannel.1; \
-	ip link del cni0; \
-        ip link del mynet0; \
-	ip link del kube-bridge; \
-        ip link del dummy0; \
-        ip link del kube-ipvs0; \
-        ip link del cilium_net; \
-        ip link del cilium_vxlan; \
-        ip link del ovn0; \
-        ip link del ovs-system"
-    ignore_errors: true
-
-  - name: cleanup networks2
-    shell: "ip link del docker0; \
-	systemctl restart networking; \
-	systemctl restart network"
-    ignore_errors: true
-
-  - name: cleanup 'calico' routes
-    shell: "for rt in `ip route|grep bird|sed 's/blackhole //'|awk '{print $1}'`;do ip route del $rt;done;"
-    when: "CLUSTER_NETWORK == 'calico'"
-    ignore_errors: true
-
-# to clean 'etcd' nodes
-- hosts: etcd
-  tasks:
-  - name: stop and disable etcd service
-    service:
-      name: etcd
-      state: stopped
-      enabled: no
-    ignore_errors: true
-
-  - name: remove files and dirs
-    file: name={{ item }} state=absent
-    with_items:
-    - "/var/lib/etcd"
-    - "/etc/etcd/"
-    - "/backup/k8s"
-    - "/etc/systemd/system/etcd.service"
-
-# to clean 'lb' nodes
-- hosts:
   - kube-node
   - ex-lb
-  tasks:
-  - name: stop keepalived service
-    shell: systemctl disable keepalived && systemctl stop keepalived
-    ignore_errors: true
-
-  - name: stop haproxy service
-    shell: systemctl disable haproxy && systemctl stop haproxy
-    ignore_errors: true
-
-  - name: remove files and dirs
-    file: name={{ item }} state=absent
-    with_items:
-    - "/etc/haproxy"
-    - "/etc/keepalived"
-
-# to clean ntp, certs and keys, env path
-- hosts:
-  - kube-master
-  - kube-node
   - etcd
-  - ex-lb
+  vars:
-  tasks:
+    DEL_MASTER: "yes"
-  - block:
+    DEL_NODE: "yes"
-      - name: stop and disable chrony in Ubuntu
+    DEL_ETCD: "yes"
-        service: name=chrony state=stopped enabled=no
+    DEL_LB: "yes"
-        ignore_errors: true
+    DEL_CHRONY: "yes"
-        when: 'ansible_distribution in ["Ubuntu","Debian"]'
+    DEL_ENV: "yes"
-
+  roles:
-      - name: stop and disable chronyd in CentOS/RedHat
+  - clean
-        service: name=chronyd state=stopped enabled=no
-        ignore_errors: true
-        when: 'ansible_distribution in ["CentOS","RedHat","Amazon"]'
-    when: "groups['chrony']|length > 0"
-
-  - name: clean certs and keys
-    file: name={{ item }} state=absent
-    with_items:
-    - "/etc/kubernetes/"
-    - "{{ ca_dir }}" 
-    - "/root/.kube/config"
-    - "/etc/docker/"
-
-  - name: clean 'ENV PATH'
-    lineinfile:
-      dest: ~/.bashrc
-      state: absent
-      regexp: '{{ item }}'
-    with_items:
-    - 'kubeasz'
-    - 'helm completion'
-    - 'kubectl completion'
-    - 'crictl completion'
-    - 'HELM_TLS_ENABLE'

roles/clean/defaults/main.yml

@@ -0,0 +1,17 @@
+# 是否删除 kube-master 相关服务
+DEL_MASTER: "no"
+
+# 是否删除 kube-node 相关服务
+DEL_NODE: "no"
+
+# 是否删除 etc 相关服务
+DEL_ETCD: "no"
+
+# 是否删除 lb 相关服务
+DEL_LB: "no"
+
+# 是否删除 chrony 相关服务
+DEL_CHRONY: "no"
+
+# 是否删除 kubeasz 环境变量
+DEL_ENV: "no"

roles/clean/tasks/clean_chrony.yml

@@ -0,0 +1,11 @@
+- block:
+    - name: stop and disable chrony in Ubuntu
+      service: name=chrony state=stopped enabled=no
+      ignore_errors: true
+      when: 'ansible_distribution in ["Ubuntu","Debian"]'
+
+    - name: stop and disable chronyd in CentOS/RedHat
+      service: name=chronyd state=stopped enabled=no
+      ignore_errors: true
+      when: 'ansible_distribution in ["CentOS","RedHat","Amazon"]'
+  when: "groups['chrony']|length > 0"

roles/clean/tasks/clean_etcd.yml

@@ -0,0 +1,18 @@
+# to clean 'etcd' nodes
+- block:
+  - name: stop and disable etcd service
+    service:
+      name: etcd
+      state: stopped
+      enabled: no
+    ignore_errors: true
+
+  - name: remove files and dirs
+    file: name={{ item }} state=absent
+    with_items:
+    - "/var/lib/etcd"
+    - "/etc/etcd/"
+    - "/backup/k8s"
+    - "/etc/systemd/system/etcd.service"
+    - "{{ ca_dir }}"
+  when: "inventory_hostname in groups['etcd']"

roles/clean/tasks/clean_lb.yml

@@ -0,0 +1,16 @@
+# to clean 'lb' service
+- block:
+  - name: stop keepalived service
+    shell: systemctl disable keepalived && systemctl stop keepalived
+    ignore_errors: true
+
+  - name: stop haproxy service
+    shell: systemctl disable haproxy && systemctl stop haproxy
+    ignore_errors: true
+
+  - name: remove files and dirs
+    file: name={{ item }} state=absent
+    with_items:
+    - "/etc/haproxy"
+    - "/etc/keepalived"
+  when: "inventory_hostname in groups['kube-node'] or inventory_hostname in groups['ex-lb']"

roles/clean/tasks/clean_master.yml

@@ -0,0 +1,18 @@
+# to clean 'kube-master' nodes
+- name: stop and disable kube-master service
+  service: name={{ item }} state=stopped enabled=no
+  with_items:
+  - kube-apiserver
+  - kube-controller-manager
+  - kube-scheduler
+  ignore_errors: true
+  when: "inventory_hostname in groups['kube-master']"
+
+- name: remove files and dirs of 'kube-master' nodes
+  file: name={{ item }} state=absent
+  with_items:
+  - "/var/run/kubernetes"
+  - "/etc/systemd/system/kube-apiserver.service"
+  - "/etc/systemd/system/kube-controller-manager.service"
+  - "/etc/systemd/system/kube-scheduler.service"
+  when: "inventory_hostname in groups['kube-master']"

roles/clean/tasks/clean_node.yml

@@ -0,0 +1,141 @@
+# to clean 'kube-node' nodes
+- block:
+  - name: stop and disable kube-node service
+    service: name={{ item }} state=stopped enabled=no
+    with_items:
+    - kubelet
+    - kube-proxy
+    ignore_errors: true
+
+  - name: umount kubelet filesystems
+    shell: "mount | grep '/var/lib/kubelet'| awk '{print $3}'|xargs umount || exit 0"
+    args:
+      warn: false
+    ignore_errors: true
+
+  - name: remove files and dirs of 'kube-node' nodes
+    file: name={{ item }} state=absent
+    with_items:
+    - "/var/lib/kubelet/"
+    - "/var/lib/kube-proxy/"
+    - "/etc/systemd/system/kubelet.service"
+    - "/etc/systemd/system/kube-proxy.service"
+    - "/opt/kube/kube-system/"
+    - "/etc/kubernetes/"
+    - "{{ ca_dir }}"
+    - "/root/.kube/config"
+
+# to clean container runtime and networking
+  - block:
+      - name: to check if container 'kubeasz' is running
+        shell: 'docker ps|grep kubeasz || echo "NOT FOUND"'
+        register: install_info
+
+      - name: fail info
+        fail: msg="you CAN NOT delete dockerd, because container 'kubeasz' is running!"
+        when: "'kubeasz' in install_info.stdout"
+
+      - name: stop and disable docker service
+        service:
+          name: docker
+          state: stopped
+          enabled: no
+        ignore_errors: true
+
+      # as k8s-network-plugins use host-network, '/var/run/docker/netns/default' must be umounted
+      - name: unmount docker filesystem-1
+        mount: path=/var/run/docker/netns/default state=unmounted
+
+      - name: unmount docker filesystem-2
+        mount: path=/var/lib/docker/overlay state=unmounted
+
+      - name: remove files and dirs
+        file: name={{ item }} state=absent
+        with_items:
+        - "/var/lib/docker/"
+        - "/var/run/docker/"
+        - "/etc/docker/"
+        - "/etc/systemd/system/docker.service"
+        - "/etc/systemd/system/docker.service.requires/"
+        - "/etc/systemd/system/docker.service.d/"
+        - "/etc/bash_completion.d/docker"
+        - "/usr/bin/docker"
+    when: CONTAINER_RUNTIME == 'docker'
+
+  - block:
+      - name: stop and disable containerd service
+        service:
+          name: containerd
+          state: stopped
+          enabled: no
+        ignore_errors: true
+
+      - name: umount containerd filesystems
+        shell: "mount | grep 'containerd/io.containerd'| awk '{print $3}'|xargs umount || exit 0"
+        args:
+          warn: false
+        ignore_errors: true
+
+      - name: remove files and dirs
+        file: name={{ item }} state=absent
+        with_items:
+        - "/etc/containerd/"
+        - "/etc/crictl.yaml"
+        - "/etc/systemd/system/containerd.service"
+        - "/opt/containerd/"
+        - "/var/lib/containerd/"
+        - "/var/run/containerd/"
+    when: CONTAINER_RUNTIME == 'containerd'
+
+  - name: remove files and dirs2
+    file: name={{ item }} state=absent
+    with_items:
+    - "/etc/cni/"
+    - "/run/flannel/"
+    - "/etc/calico/"
+    - "/var/run/calico/"
+    - "/var/lib/calico/"
+    - "/var/log/calico/"
+    - "/etc/cilium/"
+    - "/var/run/cilium/"
+    - "/sys/fs/bpf/tc/"
+    - "/var/lib/cni/"
+    - "/var/lib/kube-router/"
+    - "/opt/kube/kube-ovn/"
+    - "/opt/kube/kube-system/"
+    - "/var/run/openvswitch/"
+    - "/etc/origin/openvswitch/"
+    - "/etc/openvswitch/"
+    - "/var/log/openvswitch/"
+
+  - name: cleanup networks1
+    shell: "ip link del tunl0; \
+        ip link del flannel.1; \
+        ip link del cni0; \
+        ip link del mynet0; \
+        ip link del kube-bridge; \
+        ip link del dummy0; \
+        ip link del kube-ipvs0; \
+        ip link del cilium_net; \
+        ip link del cilium_vxlan; \
+        ip link del ovn0; \
+        ip link del ovs-system"
+    ignore_errors: true
+
+  - name: cleanup networks2
+    shell: "ip link del docker0; \
+        systemctl restart networking; \
+        systemctl restart network"
+    ignore_errors: true
+
+  - name: cleanup 'calico' routes
+    shell: "for rt in `ip route|grep bird|sed 's/blackhole //'|awk '{print $1}'`;do ip route del $rt;done;"
+    when: "CLUSTER_NETWORK == 'calico'"
+    ignore_errors: true
+
+  - name: cleanup iptables
+    shell: "iptables -F && iptables -X \
+        && iptables -F -t nat && iptables -X -t nat \
+        && iptables -F -t raw && iptables -X -t raw \
+        && iptables -F -t mangle && iptables -X -t mangle"
+  when: "inventory_hostname in groups['kube-master'] or inventory_hostname in groups['kube-node']"

roles/clean/tasks/main.yml

@@ -0,0 +1,28 @@
+# 
+- import_tasks: clean_master.yml
+  when: 'DEL_MASTER == "yes"'
+
+- import_tasks: clean_node.yml
+  when: 'DEL_NODE == "yes"'
+
+- import_tasks: clean_etcd.yml
+  when: 'DEL_ETCD == "yes"'
+
+- import_tasks: clean_lb.yml
+  when: 'DEL_LB == "yes"'
+
+- import_tasks: clean_chrony.yml
+  when: 'DEL_CHRONY == "yes"'
+
+- name: clean 'ENV PATH'
+  lineinfile:
+    dest: ~/.bashrc
+    state: absent
+    regexp: '{{ item }}'
+  with_items:
+  - 'kubeasz'
+  - 'helm completion'
+  - 'kubectl completion'
+  - 'crictl completion'
+  - 'HELM_TLS_ENABLE'
+  when: 'DEL_ENV == "yes"'