From e06d31a2b913a4569ef365065bb64359b81d34dc Mon Sep 17 00:00:00 2001 From: Ivan Halomi Date: Mon, 29 Jul 2024 10:44:33 +0200 Subject: [PATCH] Add uninstall tasks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit During migration, old container engine and it's packages should be removed, these new tasks are responsible for that. Change-Id: I9cf650de544155ff0b9119ad50a0402f06f7aa96 Signed-off-by: Ivan Halomi Signed-off-by: Roman Krčdek --- roles/docker/defaults/main.yml | 10 ++++ roles/docker/tasks/install.yml | 10 ++++ roles/docker/tasks/main.yml | 12 +---- roles/docker/tasks/uninstall.yml | 68 +++++++++++++++++++++++ roles/docker_sdk/defaults/main.yml | 7 ++- roles/docker_sdk/tasks/install.yml | 64 ++++++++++++++++++++++ roles/docker_sdk/tasks/main.yml | 64 +--------------------- roles/docker_sdk/tasks/uninstall.yml | 15 ++++++ roles/podman/defaults/main.yml | 9 ++++ roles/podman/tasks/install.yml | 2 + roles/podman/tasks/main.yml | 4 +- roles/podman/tasks/uninstall.yml | 49 +++++++++++++++++ roles/podman_sdk/defaults/main.yml | 7 ++- roles/podman_sdk/tasks/install.yml | 80 ++++++++++++++++++++++++++++ roles/podman_sdk/tasks/main.yml | 80 +--------------------------- roles/podman_sdk/tasks/uninstall.yml | 15 ++++++ 16 files changed, 338 insertions(+), 158 deletions(-) create mode 100644 roles/docker/tasks/uninstall.yml create mode 100644 roles/docker_sdk/tasks/install.yml create mode 100644 roles/docker_sdk/tasks/uninstall.yml create mode 100644 roles/podman/tasks/uninstall.yml create mode 100644 roles/podman_sdk/tasks/install.yml create mode 100644 roles/podman_sdk/tasks/uninstall.yml diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 2481900..3a94b8a 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -69,3 +69,13 @@ docker_systemd_reload: false # Whether to enable debug logging docker_debug: false + +# Folders in which docker stores any kind of data +docker_paths: + - /var/lib/docker + - /var/lib/containerd + - /usr/libexec/docker + - /etc/docker + +# Action taken on the packages +package_action: "install" diff --git a/roles/docker/tasks/install.yml b/roles/docker/tasks/install.yml index 54873a5..122fa4c 100644 --- a/roles/docker/tasks/install.yml +++ b/roles/docker/tasks/install.yml @@ -1,4 +1,7 @@ --- +- include_tasks: "repo-{{ ansible_facts.os_family }}.yml" + when: enable_docker_repo | bool + # Upgrading docker engine may cause containers to stop. Take a snapshot of the # running containers prior to a potential upgrade of Docker. @@ -70,3 +73,10 @@ - docker_install_result is changed - running_containers.rc == 0 - running_containers.stdout != '' + +- import_tasks: config.yml + +- include_tasks: configure-containerd-for-zun.yml + when: + - containerd_configure_for_zun|bool + - "'zun-cni-daemon' in group_names" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index bc8f077..f2956ef 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,12 +1,2 @@ --- -- include_tasks: "repo-{{ ansible_facts.os_family }}.yml" - when: enable_docker_repo | bool - -- import_tasks: install.yml - -- import_tasks: config.yml - -- include_tasks: configure-containerd-for-zun.yml - when: - - containerd_configure_for_zun|bool - - "'zun-cni-daemon' in group_names" +- include_tasks: "{{ package_action }}.yml" diff --git a/roles/docker/tasks/uninstall.yml b/roles/docker/tasks/uninstall.yml new file mode 100644 index 0000000..0513476 --- /dev/null +++ b/roles/docker/tasks/uninstall.yml @@ -0,0 +1,68 @@ +--- +- name: Check for leftover containers + command: docker ps -q + become: true + changed_when: false + failed_when: false + register: containers + +- name: Check for leftover volumes + command: docker volume ls -q + become: true + changed_when: false + failed_when: false + register: volumes + +- name: Fail if there are any containers + assert: + that: (containers.stdout_lines | length) == 0 + fail_msg: |- + There are still some containers left over! + Remove them before uninstalling container engine! + +- name: Fail if there are any volumes + assert: + that: (volumes.stdout_lines | length) == 0 + fail_msg: |- + There are still some volumes left over! + Remove them before uninstalling container engine! + +- name: Stop docker service + become: true + systemd: + name: docker + state: stopped + enabled: false + +- name: Uninstall docker packages + package: + name: "{{ docker_packages | select | list }}" + autoremove: true + state: absent + become: true + +- name: Remove docker group + become: true + group: + name: docker + state: absent + +- name: Cleanup CNI config directory + become: true + file: + path: "{{ cni_config_dir }}" + state: absent + +- block: + # NOTE(mhiner): cleanup is best effort because sometimes there are still + # qemu-kvm processes running that prevent the removal + - name: Cleanup docker files + become: true + file: + path: "{{ item }}" + state: absent + loop: "{{ docker_paths }}" + rescue: + - name: Unable to remove all files + debug: + var: ansible_failed_result diff --git a/roles/docker_sdk/defaults/main.yml b/roles/docker_sdk/defaults/main.yml index 5c7e9b3..38eb4a3 100644 --- a/roles/docker_sdk/defaults/main.yml +++ b/roles/docker_sdk/defaults/main.yml @@ -24,8 +24,10 @@ docker_sdk_packages: >- # List of Python packages to install via Pip. # NOTE(mnasiadka) docker 3.0.0 is in kolla-ansible requirements -docker_sdk_pip_packages: +docker_sdk_core_pip_packages: - "docker>=7.0.0" + +docker_sdk_additional_pip_packages: - "requests" - "dbus-python" @@ -55,3 +57,6 @@ docker_sdk_upper_constraints_file: docker_sdk_osbpo_apt_url: "http://osbpo.debian.net/debian" docker_sdk_osbpo_apt_repo: "deb [signed-by=/etc/apt/keyrings/osbpo.asc] {{ docker_sdk_osbpo_apt_url }} bookworm-bobcat-backports-nochange main" + +# Action taken on the packages +package_action: "install" diff --git a/roles/docker_sdk/tasks/install.yml b/roles/docker_sdk/tasks/install.yml new file mode 100644 index 0000000..3896b49 --- /dev/null +++ b/roles/docker_sdk/tasks/install.yml @@ -0,0 +1,64 @@ +--- +- name: Configure osbpo apt repository + block: + - name: Ensure apt sources list directory exists + file: + path: /etc/apt/sources.list.d + state: directory + recurse: true + become: true + + - name: Ensure apt keyrings directory exists + file: + path: /etc/apt/keyrings + state: directory + recurse: true + become: true + + - name: Install osbpo apt gpg key + template: + src: osbpo_pubkey.gpg.j2 + dest: /etc/apt/keyrings/osbpo.asc + mode: "0644" + become: true + + - name: Enable osbpo apt repository + apt_repository: + repo: "{{ docker_sdk_osbpo_apt_repo }}" + filename: osbpo + become: true + when: + - ansible_facts.distribution == 'Debian' + - docker_sdk_python_externally_managed | default(false) + - virtualenv is none + +- name: Install packages + package: + name: "{{ docker_sdk_packages | select | list }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" + state: present + become: true + +- name: Install latest pip in the virtualenv + pip: + # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2 + name: pip>19.3 + virtualenv: "{{ virtualenv }}" + virtualenv_site_packages: "{{ virtualenv_site_packages }}" + virtualenv_command: "python{{ host_python_version }} -m venv" + become: true + become_user: "{{ docker_sdk_virtualenv_owner }}" + when: virtualenv is not none + +- name: Install docker SDK for python using pip + pip: + name: "{{ docker_sdk_core_pip_packages + docker_sdk_additional_pip_packages }}" + executable: "{{ virtualenv is none | ternary('pip3', omit) }}" + extra_args: "{% if docker_sdk_upper_constraints_file %}-c {{ docker_sdk_upper_constraints_file }}{% endif %}" + virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" + virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}" + virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}" + become: true + become_user: "{{ virtualenv is none | ternary(omit, docker_sdk_virtualenv_owner) }}" + when: not (docker_sdk_python_externally_managed | default(false) and virtualenv is none) diff --git a/roles/docker_sdk/tasks/main.yml b/roles/docker_sdk/tasks/main.yml index 368d3a9..062ab99 100644 --- a/roles/docker_sdk/tasks/main.yml +++ b/roles/docker_sdk/tasks/main.yml @@ -19,66 +19,4 @@ when: ansible_facts.python.version.major == 3 and ansible_facts.python.version.minor >= 10 -- name: Configure osbpo apt repository - block: - - name: Ensure apt sources list directory exists - file: - path: /etc/apt/sources.list.d - state: directory - recurse: true - become: true - - - name: Ensure apt keyrings directory exists - file: - path: /etc/apt/keyrings - state: directory - recurse: true - become: true - - - name: Install osbpo apt gpg key - template: - src: osbpo_pubkey.gpg.j2 - dest: /etc/apt/keyrings/osbpo.asc - mode: "0644" - become: true - - - name: Enable osbpo apt repository - apt_repository: - repo: "{{ docker_sdk_osbpo_apt_repo }}" - filename: osbpo - become: true - when: - - ansible_facts.distribution == 'Debian' - - docker_sdk_python_externally_managed | default(false) - - virtualenv is none - -- name: Install packages - package: - name: "{{ docker_sdk_packages | select | list }}" - cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" - state: present - become: true - -- name: Install latest pip in the virtualenv - pip: - # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2 - name: pip>19.3 - virtualenv: "{{ virtualenv }}" - virtualenv_site_packages: "{{ virtualenv_site_packages }}" - virtualenv_command: "python{{ host_python_version }} -m venv" - become: true - become_user: "{{ docker_sdk_virtualenv_owner }}" - when: virtualenv is not none - -- name: Install docker SDK for python using pip - pip: - name: "{{ docker_sdk_pip_packages }}" - executable: "{{ virtualenv is none | ternary('pip3', omit) }}" - extra_args: "{% if docker_sdk_upper_constraints_file %}-c {{ docker_sdk_upper_constraints_file }}{% endif %}" - virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" - virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}" - virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}" - become: true - become_user: "{{ virtualenv is none | ternary(omit, docker_sdk_virtualenv_owner) }}" - when: not (docker_sdk_python_externally_managed | default(false) and virtualenv is none) +- include_tasks: "{{ package_action }}.yml" diff --git a/roles/docker_sdk/tasks/uninstall.yml b/roles/docker_sdk/tasks/uninstall.yml new file mode 100644 index 0000000..170f396 --- /dev/null +++ b/roles/docker_sdk/tasks/uninstall.yml @@ -0,0 +1,15 @@ +--- +- name: Uninstall docker SDK for python using pip + pip: + name: "{{ docker_sdk_core_pip_packages }}" + executable: "{{ virtualenv is none | ternary('pip3', omit) }}" + virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" + virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}" + virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}" + state: absent + become: true + become_user: "{{ virtualenv is none | ternary(omit, docker_sdk_virtualenv_owner) }}" + when: not (docker_sdk_python_externally_managed | default(false) and virtualenv is none) + +# NOTE(r-krcek): Don't uninstall docker_sdk_packages because that includes +# important packages like pip or setuptools that are still needed on systems! diff --git a/roles/podman/defaults/main.yml b/roles/podman/defaults/main.yml index d183d2e..d872417 100644 --- a/roles/podman/defaults/main.yml +++ b/roles/podman/defaults/main.yml @@ -20,3 +20,12 @@ podman_registry_mirror: # Path to a CA file for registry podman_registry_ca: + +# Folders in which podman stores any kind of data +podman_paths: + - /var/run/podman/podman.sock + - /etc/containers + - /var/lib/containers + +# Action taken on the packages +package_action: "install" diff --git a/roles/podman/tasks/install.yml b/roles/podman/tasks/install.yml index 7870dbd..99e3c76 100644 --- a/roles/podman/tasks/install.yml +++ b/roles/podman/tasks/install.yml @@ -46,3 +46,5 @@ - podman_install_result.changed - running_containers.rc == 0 - running_containers.stdout != '' + +- import_tasks: config.yml diff --git a/roles/podman/tasks/main.yml b/roles/podman/tasks/main.yml index c45e500..f2956ef 100644 --- a/roles/podman/tasks/main.yml +++ b/roles/podman/tasks/main.yml @@ -1,4 +1,2 @@ --- -- import_tasks: install.yml - -- import_tasks: config.yml +- include_tasks: "{{ package_action }}.yml" diff --git a/roles/podman/tasks/uninstall.yml b/roles/podman/tasks/uninstall.yml new file mode 100644 index 0000000..401bf81 --- /dev/null +++ b/roles/podman/tasks/uninstall.yml @@ -0,0 +1,49 @@ +--- +- name: Check for leftover containers + command: podman ps -q + become: true + changed_when: false + failed_when: false + register: containers + +- name: Check for leftover volumes + command: podman volume ls -q + become: true + changed_when: false + failed_when: false + register: volumes + +- name: Fail if there are any containers + assert: + that: (containers.stdout_lines | length) == 0 + fail_msg: |- + There are still some containers left over! + Remove them before uninstalling container engine! + +- name: Fail if there are any volumes + assert: + that: (volumes.stdout_lines | length) == 0 + fail_msg: |- + There are still some volumes left over! + Remove them before uninstalling container engine! + +- name: Uninstall podman packages + become: true + package: + name: "{{ podman_packages | select | list }}" + autoclean: true + state: absent + +- block: + # NOTE(mhiner): cleanup is best effort because sometimes there are still + # qemu-kvm processes running that prevent the removal + - name: Cleanup docker files + become: true + file: + path: "{{ item }}" + state: absent + loop: "{{ podman_paths }}" + rescue: + - name: Unable to remove all files + debug: + var: ansible_failed_result diff --git a/roles/podman_sdk/defaults/main.yml b/roles/podman_sdk/defaults/main.yml index 63a0c9b..6ee77ae 100644 --- a/roles/podman_sdk/defaults/main.yml +++ b/roles/podman_sdk/defaults/main.yml @@ -8,8 +8,10 @@ podman_sdk_packages_default: # List of Python packages to install via Pip. # NOTE(kevko) podman 4.7.0 is built in debian as apt package, so.. -podman_sdk_pip_packages: +podman_sdk_core_pip_packages: - "podman>=4.7.0" + +podman_sdk_additional_pip_packages: - "dbus-python" podman_sdk_packages_dbus_deps_redhat: @@ -53,3 +55,6 @@ podman_sdk_virtualenv_owner: "{{ kolla_user if create_kolla_user | bool else omi podman_sdk_upper_constraints_file: podman_sdk_osbpo_apt_url: "http://osbpo.debian.net/debian" + +# Default action when handling packages will be install +package_action: "install" diff --git a/roles/podman_sdk/tasks/install.yml b/roles/podman_sdk/tasks/install.yml new file mode 100644 index 0000000..0dd883c --- /dev/null +++ b/roles/podman_sdk/tasks/install.yml @@ -0,0 +1,80 @@ +--- +- name: Configure osbpo apt repository + block: + - name: Ensure apt sources list directory exists + file: + path: /etc/apt/sources.list.d + state: directory + recurse: true + + - name: Ensure apt keyrings directory exists + file: + path: /etc/apt/keyrings + state: directory + recurse: true + + - name: Install osbpo apt gpg key + template: + src: osbpo_pubkey.gpg.j2 + dest: /etc/apt/keyrings/osbpo.asc + mode: "0644" + + - name: Ensure old osbpo apt repository absent + file: + path: /etc/apt/sources.list.d/osbpo.list + state: absent + + # TODO(mmalchuk): replace with ansible.builtin.deb822_repository module + # when all stable releases moves to the ansible-core >= 2.15 + - name: Enable osbpo apt repository + copy: + dest: /etc/apt/sources.list.d/docker.sources + content: | + # Ansible managed + + Types: deb + URIs: {{ podman_sdk_osbpo_apt_url }} + Suites: bookworm-bobcat-backports-nochange + Components: main + Signed-by: /etc/apt/keyrings/osbpo.asc + mode: "0644" + + - name: Update the apt cache + apt: + update_cache: true + when: + - ansible_facts.distribution == 'Debian' + - podman_sdk_python_externally_managed | default(false) + - virtualenv is none + become: true + +- name: Install packages + package: + name: "{{ podman_sdk_packages | select | list }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ true if ansible_facts.os_family == 'Debian' else omit }}" + state: present + become: true + +- name: Install latest pip in the virtualenv + pip: + # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2 + name: pip>19.3 + virtualenv: "{{ virtualenv }}" + virtualenv_site_packages: "{{ virtualenv_site_packages }}" + virtualenv_command: "python{{ host_python_version }} -m venv" + become: true + become_user: "{{ podman_sdk_virtualenv_owner }}" + when: virtualenv is not none + +- name: Install podman SDK for python + pip: + name: "{{ podman_sdk_core_pip_packages + podman_sdk_additional_pip_packages }}" + executable: "{{ virtualenv is none | ternary('pip3', omit) }}" + extra_args: "{% if podman_sdk_upper_constraints_file %}-c {{ podman_sdk_upper_constraints_file }}{% endif %}" + virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" + virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}" + virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}" + become: true + become_user: "{{ virtualenv is none | ternary(omit, podman_sdk_virtualenv_owner) }}" + when: not (podman_sdk_python_externally_managed | default(false) and virtualenv is none) diff --git a/roles/podman_sdk/tasks/main.yml b/roles/podman_sdk/tasks/main.yml index 96bf72d..528257b 100644 --- a/roles/podman_sdk/tasks/main.yml +++ b/roles/podman_sdk/tasks/main.yml @@ -19,82 +19,4 @@ when: ansible_facts.python.version.major == 3 and ansible_facts.python.version.minor >= 10 -- name: Configure osbpo apt repository - block: - - name: Ensure apt sources list directory exists - file: - path: /etc/apt/sources.list.d - state: directory - recurse: true - - - name: Ensure apt keyrings directory exists - file: - path: /etc/apt/keyrings - state: directory - recurse: true - - - name: Install osbpo apt gpg key - template: - src: osbpo_pubkey.gpg.j2 - dest: /etc/apt/keyrings/osbpo.asc - mode: "0644" - - - name: Ensure old osbpo apt repository absent - file: - path: /etc/apt/sources.list.d/osbpo.list - state: absent - - # TODO(mmalchuk): replace with ansible.builtin.deb822_repository module - # when all stable releases moves to the ansible-core >= 2.15 - - name: Enable osbpo apt repository - copy: - dest: /etc/apt/sources.list.d/docker.sources - content: | - # Ansible managed - - Types: deb - URIs: {{ podman_sdk_osbpo_apt_url }} - Suites: bookworm-bobcat-backports-nochange - Components: main - Signed-by: /etc/apt/keyrings/osbpo.asc - mode: "0644" - - - name: Update the apt cache - apt: - update_cache: true - when: - - ansible_facts.distribution == 'Debian' - - podman_sdk_python_externally_managed | default(false) - - virtualenv is none - become: true - -- name: Install packages - package: - name: "{{ podman_sdk_packages | select | list }}" - cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" - update_cache: "{{ true if ansible_facts.os_family == 'Debian' else omit }}" - state: present - become: true - -- name: Install latest pip in the virtualenv - pip: - # NOTE(hrw) pip 19.3 is first version complaining about being run with Python 2 - name: pip>19.3 - virtualenv: "{{ virtualenv }}" - virtualenv_site_packages: "{{ virtualenv_site_packages }}" - virtualenv_command: "python{{ host_python_version }} -m venv" - become: true - become_user: "{{ podman_sdk_virtualenv_owner }}" - when: virtualenv is not none - -- name: Install podman SDK for python - pip: - name: "{{ podman_sdk_pip_packages }}" - executable: "{{ virtualenv is none | ternary('pip3', omit) }}" - extra_args: "{% if podman_sdk_upper_constraints_file %}-c {{ podman_sdk_upper_constraints_file }}{% endif %}" - virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" - virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}" - virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}" - become: true - become_user: "{{ virtualenv is none | ternary(omit, podman_sdk_virtualenv_owner) }}" - when: not (podman_sdk_python_externally_managed | default(false) and virtualenv is none) +- include_tasks: "{{ package_action }}.yml" diff --git a/roles/podman_sdk/tasks/uninstall.yml b/roles/podman_sdk/tasks/uninstall.yml new file mode 100644 index 0000000..1d677d6 --- /dev/null +++ b/roles/podman_sdk/tasks/uninstall.yml @@ -0,0 +1,15 @@ +--- +- name: Uninstall podman SDK for python + pip: + name: "{{ podman_sdk_core_pip_packages }}" + executable: "{{ virtualenv is none | ternary('pip3', omit) }}" + virtualenv: "{{ virtualenv is none | ternary(omit, virtualenv) }}" + virtualenv_site_packages: "{{ virtualenv is none | ternary(omit, virtualenv_site_packages) }}" + virtualenv_command: "{{ virtualenv is none | ternary(omit, 'python' ~ host_python_version ~ ' -m venv') }}" + state: absent + become: true + become_user: "{{ virtualenv is none | ternary(omit, podman_sdk_virtualenv_owner) }}" + when: not (podman_sdk_python_externally_managed | default(false) and virtualenv is none) + +# NOTE(r-krcek): Don't uninstall podman_sdk_packages because that includes +# important packages like pip or setuptools that are still needed on systems!