Add uninstall tasks

During migration, old container engine and it's packages should be removed, these new tasks are responsible for that. Change-Id: I9cf650de544155ff0b9119ad50a0402f06f7aa96 Signed-off-by: Ivan Halomi <ivan.halomi@tietoevry.com> Signed-off-by: Roman Krčdek <roman.krcek@tietoevry.com>
2024-07-29 10:44:33 +02:00
parent 26d26ddd5f
commit e06d31a2b9
16 changed files with 338 additions and 158 deletions
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -69,3 +69,13 @@ docker_systemd_reload: false

 # Whether to enable debug logging
 docker_debug: false
+
+# Folders in which docker stores any kind of data
+docker_paths:
+  - /var/lib/docker
+  - /var/lib/containerd
+  - /usr/libexec/docker
+  - /etc/docker
+
+# Action taken on the packages
+package_action: "install"
--- a/roles/docker/tasks/install.yml
+++ b/roles/docker/tasks/install.yml
@@ -1,4 +1,7 @@
 ---
+- include_tasks: "repo-{{ ansible_facts.os_family }}.yml"
+  when: enable_docker_repo | bool
+
 # Upgrading docker engine may cause containers to stop. Take a snapshot of the
 # running containers prior to a potential upgrade of Docker.

@@ -70,3 +73,10 @@
    - docker_install_result is changed
    - running_containers.rc == 0
    - running_containers.stdout != ''
+
+- import_tasks: config.yml
+
+- include_tasks: configure-containerd-for-zun.yml
+  when:
+    - containerd_configure_for_zun|bool
+    - "'zun-cni-daemon' in group_names"
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -1,12 +1,2 @@
 ---
- include_tasks: "repo-{{ ansible_facts.os_family }}.yml"
-  when: enable_docker_repo | bool
-
- import_tasks: install.yml
-
- import_tasks: config.yml
-
- include_tasks: configure-containerd-for-zun.yml
-  when:
-    - containerd_configure_for_zun|bool
-    - "'zun-cni-daemon' in group_names"
+- include_tasks: "{{ package_action }}.yml"
--- a/roles/docker/tasks/uninstall.yml
+++ b/roles/docker/tasks/uninstall.yml
@@ -0,0 +1,68 @@
+---
+- name: Check for leftover containers
+  command: docker ps -q
+  become: true
+  changed_when: false
+  failed_when: false
+  register: containers
+
+- name: Check for leftover volumes
+  command: docker volume ls -q
+  become: true
+  changed_when: false
+  failed_when: false
+  register: volumes
+
+- name: Fail if there are any containers
+  assert:
+    that: (containers.stdout_lines | length) == 0
+    fail_msg: |-
+      There are still some containers left over!
+      Remove them before uninstalling container engine!
+
+- name: Fail if there are any volumes
+  assert:
+    that: (volumes.stdout_lines | length) == 0
+    fail_msg: |-
+      There are still some volumes left over!
+      Remove them before uninstalling container engine!
+
+- name: Stop docker service
+  become: true
+  systemd:
+    name: docker
+    state: stopped
+    enabled: false
+
+- name: Uninstall docker packages
+  package:
+    name: "{{ docker_packages | select | list }}"
+    autoremove: true
+    state: absent
+  become: true
+
+- name: Remove docker group
+  become: true
+  group:
+    name: docker
+    state: absent
+
+- name: Cleanup CNI config directory
+  become: true
+  file:
+    path: "{{ cni_config_dir }}"
+    state: absent
+
+- block:
+    # NOTE(mhiner): cleanup is best effort because sometimes there are still
+    # qemu-kvm processes running that prevent the removal
+    - name: Cleanup docker files
+      become: true
+      file:
+        path: "{{ item }}"
+        state: absent
+      loop: "{{ docker_paths }}"
+  rescue:
+    - name: Unable to remove all files
+      debug:
+        var: ansible_failed_result
--- a/roles/docker_sdk/defaults/main.yml
+++ b/roles/docker_sdk/defaults/main.yml
@@ -24,8 +24,10 @@ docker_sdk_packages: >-

 # List of Python packages to install via Pip.
 # NOTE(mnasiadka) docker 3.0.0 is in kolla-ansible requirements
-docker_sdk_pip_packages:
+docker_sdk_core_pip_packages:
  - "docker>=7.0.0"
+
+docker_sdk_additional_pip_packages:
  - "requests"
  - "dbus-python"

@@ -55,3 +57,6 @@ docker_sdk_upper_constraints_file:

 docker_sdk_osbpo_apt_url: "http://osbpo.debian.net/debian"
 docker_sdk_osbpo_apt_repo: "deb [signed-by=/etc/apt/keyrings/osbpo.asc] {{ docker_sdk_osbpo_apt_url }} bookworm-bobcat-backports-nochange main"
+
+# Action taken on the packages
+package_action: "install"
--- a/roles/docker_sdk/tasks/install.yml
+++ b/roles/docker_sdk/tasks/install.yml
@@ -0,0 +1,64 @@
+---
+- name: Configure osbpo apt repository
+  block:
+    - name: Ensure apt sources list directory exists
+      file:
+        path: /etc/apt/sources.list.d
+        state: directory
+        recurse: true
+      become: true
+
+    - name: Ensure apt keyrings directory exists
+      file:
+        path: /etc/apt/keyrings
+        state: directory
+        recurse: true
+      become: true
+
+    - name: Install osbpo apt gpg key
+      template:
+        src: osbpo_pubkey.gpg.j2
+        dest: /etc/apt/keyrings/osbpo.asc
+        mode: "0644"
+      become: true
+
+    - name: Enable osbpo apt repository
+      apt_repository:
+        repo: "{{ docker_sdk_osbpo_apt_repo }}"
+        filename: osbpo
+      become: true
+  when:
+    - ansible_facts.distribution == 'Debian'
+    - docker_sdk_python_externally_managed | default(false)
+    - virtualenv is none
+
+- name: Install packages
+  package:
+    name: "{{ docker_sdk_packages | select | list }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
+    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
+    state: present
+  become: true
+
+- name: Install latest pip in the virtualenv
+  pip:
+    # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2
+    name: pip>19.3
+    virtualenv: "{{ virtualenv }}"
+    virtualenv_site_packages: "{{ virtualenv_site_packages }}"
+    virtualenv_command: "python{{ host_python_version }} -m venv"
+  become: true
+  become_user: "{{ docker_sdk_virtualenv_owner }}"
+  when: virtualenv is not none
+
+- name: Install docker SDK for python using pip
+  pip:
+    name: "{{ docker_sdk_core_pip_packages + docker_sdk_additional_pip_packages }}"
+    executable: "{{ virtualenv is none | ternary('pip3', omit) }}"
+    extra_args: "{% if docker_sdk_upper_constraints_file %}-c {{ docker_sdk_upper_constraints_file }}{% endif %}"
+    virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
+    virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
+    virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}"
+  become: true
+  become_user: "{{ virtualenv is none | ternary(omit, docker_sdk_virtualenv_owner) }}"
+  when: not (docker_sdk_python_externally_managed | default(false) and virtualenv is none)
--- a/roles/docker_sdk/tasks/main.yml
+++ b/roles/docker_sdk/tasks/main.yml
@@ -19,66 +19,4 @@

  when: ansible_facts.python.version.major == 3 and ansible_facts.python.version.minor >= 10

- name: Configure osbpo apt repository
-  block:
-    - name: Ensure apt sources list directory exists
-      file:
-        path: /etc/apt/sources.list.d
-        state: directory
-        recurse: true
-      become: true
-
-    - name: Ensure apt keyrings directory exists
-      file:
-        path: /etc/apt/keyrings
-        state: directory
-        recurse: true
-      become: true
-
-    - name: Install osbpo apt gpg key
-      template:
-        src: osbpo_pubkey.gpg.j2
-        dest: /etc/apt/keyrings/osbpo.asc
-        mode: "0644"
-      become: true
-
-    - name: Enable osbpo apt repository
-      apt_repository:
-        repo: "{{ docker_sdk_osbpo_apt_repo }}"
-        filename: osbpo
-      become: true
-  when:
-    - ansible_facts.distribution == 'Debian'
-    - docker_sdk_python_externally_managed | default(false)
-    - virtualenv is none
-
- name: Install packages
-  package:
-    name: "{{ docker_sdk_packages | select | list }}"
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
-    state: present
-  become: true
-
- name: Install latest pip in the virtualenv
-  pip:
-    # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2
-    name: pip>19.3
-    virtualenv: "{{ virtualenv }}"
-    virtualenv_site_packages: "{{ virtualenv_site_packages }}"
-    virtualenv_command: "python{{ host_python_version }} -m venv"
-  become: true
-  become_user: "{{ docker_sdk_virtualenv_owner }}"
-  when: virtualenv is not none
-
- name: Install docker SDK for python using pip
-  pip:
-    name: "{{ docker_sdk_pip_packages }}"
-    executable: "{{ virtualenv is none | ternary('pip3', omit) }}"
-    extra_args: "{% if docker_sdk_upper_constraints_file %}-c {{ docker_sdk_upper_constraints_file }}{% endif %}"
-    virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
-    virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
-    virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}"
-  become: true
-  become_user: "{{ virtualenv is none | ternary(omit, docker_sdk_virtualenv_owner) }}"
-  when: not (docker_sdk_python_externally_managed | default(false) and virtualenv is none)
+- include_tasks: "{{ package_action }}.yml"
--- a/roles/docker_sdk/tasks/uninstall.yml
+++ b/roles/docker_sdk/tasks/uninstall.yml
@@ -0,0 +1,15 @@
+---
+- name: Uninstall docker SDK for python using pip
+  pip:
+    name: "{{ docker_sdk_core_pip_packages }}"
+    executable: "{{ virtualenv is none | ternary('pip3', omit) }}"
+    virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
+    virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
+    virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}"
+    state: absent
+  become: true
+  become_user: "{{ virtualenv is none | ternary(omit, docker_sdk_virtualenv_owner) }}"
+  when: not (docker_sdk_python_externally_managed | default(false) and virtualenv is none)
+
+# NOTE(r-krcek): Don't uninstall docker_sdk_packages because that includes
+# important packages like pip or setuptools that are still needed on systems!
--- a/roles/podman/defaults/main.yml
+++ b/roles/podman/defaults/main.yml
@@ -20,3 +20,12 @@ podman_registry_mirror:

 # Path to a CA file for registry
 podman_registry_ca:
+
+# Folders in which podman stores any kind of data
+podman_paths:
+  - /var/run/podman/podman.sock
+  - /etc/containers
+  - /var/lib/containers
+
+# Action taken on the packages
+package_action: "install"
--- a/roles/podman/tasks/install.yml
+++ b/roles/podman/tasks/install.yml
@@ -46,3 +46,5 @@
    - podman_install_result.changed
    - running_containers.rc == 0
    - running_containers.stdout != ''
+
+- import_tasks: config.yml
--- a/roles/podman/tasks/main.yml
+++ b/roles/podman/tasks/main.yml
@@ -1,4 +1,2 @@
 ---
- import_tasks: install.yml
-
- import_tasks: config.yml
+- include_tasks: "{{ package_action }}.yml"
--- a/roles/podman/tasks/uninstall.yml
+++ b/roles/podman/tasks/uninstall.yml
@@ -0,0 +1,49 @@
+---
+- name: Check for leftover containers
+  command: podman ps -q
+  become: true
+  changed_when: false
+  failed_when: false
+  register: containers
+
+- name: Check for leftover volumes
+  command: podman volume ls -q
+  become: true
+  changed_when: false
+  failed_when: false
+  register: volumes
+
+- name: Fail if there are any containers
+  assert:
+    that: (containers.stdout_lines | length) == 0
+    fail_msg: |-
+      There are still some containers left over!
+      Remove them before uninstalling container engine!
+
+- name: Fail if there are any volumes
+  assert:
+    that: (volumes.stdout_lines | length) == 0
+    fail_msg: |-
+      There are still some volumes left over!
+      Remove them before uninstalling container engine!
+
+- name: Uninstall podman packages
+  become: true
+  package:
+    name: "{{ podman_packages | select | list }}"
+    autoclean: true
+    state: absent
+
+- block:
+    # NOTE(mhiner): cleanup is best effort because sometimes there are still
+    # qemu-kvm processes running that prevent the removal
+    - name: Cleanup docker files
+      become: true
+      file:
+        path: "{{ item }}"
+        state: absent
+      loop: "{{ podman_paths }}"
+  rescue:
+    - name: Unable to remove all files
+      debug:
+        var: ansible_failed_result
--- a/roles/podman_sdk/defaults/main.yml
+++ b/roles/podman_sdk/defaults/main.yml
@@ -8,8 +8,10 @@ podman_sdk_packages_default:

 # List of Python packages to install via Pip.
 # NOTE(kevko) podman 4.7.0 is built in debian as apt package, so..
-podman_sdk_pip_packages:
+podman_sdk_core_pip_packages:
  - "podman>=4.7.0"
+
+podman_sdk_additional_pip_packages:
  - "dbus-python"

 podman_sdk_packages_dbus_deps_redhat:
@@ -53,3 +55,6 @@ podman_sdk_virtualenv_owner: "{{ kolla_user if create_kolla_user | bool else omi
 podman_sdk_upper_constraints_file:

 podman_sdk_osbpo_apt_url: "http://osbpo.debian.net/debian"
+
+# Default action when handling packages will be install
+package_action: "install"
--- a/roles/podman_sdk/tasks/install.yml
+++ b/roles/podman_sdk/tasks/install.yml
@@ -0,0 +1,80 @@
+---
+- name: Configure osbpo apt repository
+  block:
+    - name: Ensure apt sources list directory exists
+      file:
+        path: /etc/apt/sources.list.d
+        state: directory
+        recurse: true
+
+    - name: Ensure apt keyrings directory exists
+      file:
+        path: /etc/apt/keyrings
+        state: directory
+        recurse: true
+
+    - name: Install osbpo apt gpg key
+      template:
+        src: osbpo_pubkey.gpg.j2
+        dest: /etc/apt/keyrings/osbpo.asc
+        mode: "0644"
+
+    - name: Ensure old osbpo apt repository absent
+      file:
+        path: /etc/apt/sources.list.d/osbpo.list
+        state: absent
+
+    # TODO(mmalchuk): replace with ansible.builtin.deb822_repository module
+    # when all stable releases moves to the ansible-core >= 2.15
+    - name: Enable osbpo apt repository
+      copy:
+        dest: /etc/apt/sources.list.d/docker.sources
+        content: |
+            # Ansible managed
+
+            Types: deb
+            URIs: {{ podman_sdk_osbpo_apt_url }}
+            Suites: bookworm-bobcat-backports-nochange
+            Components: main
+            Signed-by: /etc/apt/keyrings/osbpo.asc
+        mode: "0644"
+
+    - name: Update the apt cache
+      apt:
+        update_cache: true
+  when:
+    - ansible_facts.distribution == 'Debian'
+    - podman_sdk_python_externally_managed | default(false)
+    - virtualenv is none
+  become: true
+
+- name: Install packages
+  package:
+    name: "{{ podman_sdk_packages | select | list }}"
+    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
+    update_cache: "{{ true if ansible_facts.os_family == 'Debian' else omit }}"
+    state: present
+  become: true
+
+- name: Install latest pip in the virtualenv
+  pip:
+    # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2
+    name: pip>19.3
+    virtualenv: "{{ virtualenv }}"
+    virtualenv_site_packages: "{{ virtualenv_site_packages }}"
+    virtualenv_command: "python{{ host_python_version }} -m venv"
+  become: true
+  become_user: "{{ podman_sdk_virtualenv_owner }}"
+  when: virtualenv is not none
+
+- name: Install podman SDK for python
+  pip:
+    name: "{{ podman_sdk_core_pip_packages + podman_sdk_additional_pip_packages }}"
+    executable: "{{ virtualenv is none | ternary('pip3', omit) }}"
+    extra_args: "{% if podman_sdk_upper_constraints_file %}-c {{ podman_sdk_upper_constraints_file }}{% endif %}"
+    virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
+    virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
+    virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}"
+  become: true
+  become_user: "{{ virtualenv is none | ternary(omit, podman_sdk_virtualenv_owner) }}"
+  when: not (podman_sdk_python_externally_managed | default(false) and virtualenv is none)
--- a/roles/podman_sdk/tasks/main.yml
+++ b/roles/podman_sdk/tasks/main.yml
@@ -19,82 +19,4 @@

  when: ansible_facts.python.version.major == 3 and ansible_facts.python.version.minor >= 10

- name: Configure osbpo apt repository
-  block:
-    - name: Ensure apt sources list directory exists
-      file:
-        path: /etc/apt/sources.list.d
-        state: directory
-        recurse: true
-
-    - name: Ensure apt keyrings directory exists
-      file:
-        path: /etc/apt/keyrings
-        state: directory
-        recurse: true
-
-    - name: Install osbpo apt gpg key
-      template:
-        src: osbpo_pubkey.gpg.j2
-        dest: /etc/apt/keyrings/osbpo.asc
-        mode: "0644"
-
-    - name: Ensure old osbpo apt repository absent
-      file:
-        path: /etc/apt/sources.list.d/osbpo.list
-        state: absent
-
-    # TODO(mmalchuk): replace with ansible.builtin.deb822_repository module
-    # when all stable releases moves to the ansible-core >= 2.15
-    - name: Enable osbpo apt repository
-      copy:
-        dest: /etc/apt/sources.list.d/docker.sources
-        content: |
-            # Ansible managed
-
-            Types: deb
-            URIs: {{ podman_sdk_osbpo_apt_url }}
-            Suites: bookworm-bobcat-backports-nochange
-            Components: main
-            Signed-by: /etc/apt/keyrings/osbpo.asc
-        mode: "0644"
-
-    - name: Update the apt cache
-      apt:
-        update_cache: true
-  when:
-    - ansible_facts.distribution == 'Debian'
-    - podman_sdk_python_externally_managed | default(false)
-    - virtualenv is none
-  become: true
-
- name: Install packages
-  package:
-    name: "{{ podman_sdk_packages | select | list }}"
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ true if ansible_facts.os_family == 'Debian' else omit }}"
-    state: present
-  become: true
-
- name: Install latest pip in the virtualenv
-  pip:
-    # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2
-    name: pip>19.3
-    virtualenv: "{{ virtualenv }}"
-    virtualenv_site_packages: "{{ virtualenv_site_packages }}"
-    virtualenv_command: "python{{ host_python_version }} -m venv"
-  become: true
-  become_user: "{{ podman_sdk_virtualenv_owner }}"
-  when: virtualenv is not none
-
- name: Install podman SDK for python
-  pip:
-    name: "{{ podman_sdk_pip_packages }}"
-    executable: "{{ virtualenv is none | ternary('pip3', omit) }}"
-    extra_args: "{% if podman_sdk_upper_constraints_file %}-c {{ podman_sdk_upper_constraints_file }}{% endif %}"
-    virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
-    virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
-    virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}"
-  become: true
-  become_user: "{{ virtualenv is none | ternary(omit, podman_sdk_virtualenv_owner) }}"
-  when: not (podman_sdk_python_externally_managed | default(false) and virtualenv is none)
+- include_tasks: "{{ package_action }}.yml"
--- a/roles/podman_sdk/tasks/uninstall.yml
+++ b/roles/podman_sdk/tasks/uninstall.yml
@@ -0,0 +1,15 @@
+---
+- name: Uninstall podman SDK for python
+  pip:
+    name: "{{ podman_sdk_core_pip_packages }}"
+    executable: "{{ virtualenv is none | ternary('pip3', omit) }}"
+    virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}"
+    virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}"
+    virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}"
+    state: absent
+  become: true
+  become_user: "{{ virtualenv is none | ternary(omit, podman_sdk_virtualenv_owner) }}"
+  when: not (podman_sdk_python_externally_managed | default(false) and virtualenv is none)
+
+# NOTE(r-krcek): Don't uninstall podman_sdk_packages because that includes
+# important packages like pip or setuptools that are still needed on systems!