Merge pull request #62 from kairos-io/rke2-reset

PE-4727: Add uninstall scripts for rke2

scripts/rke2-killall.sh

@@ -0,0 +1,141 @@
+#!/bin/sh
+
+# Ensure the script is run as root
+if [ ! $(id -u) -eq 0 ]; then
+    echo "$(basename "${0}"): must be run as root" >&2
+    exit 1
+fi
+
+# Function to find child processes of a given parent process
+pschildren() {
+    ps -e -o ppid= -o pid= | \
+    sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \
+    grep -w "^$1" | \
+    cut -f2
+}
+
+# Function to recursively build a process tree starting from a given process
+pstree() {
+    for pid in "$@"; do
+        echo ${pid}
+        for child in $(pschildren ${pid}); do
+            pstree ${child}
+        done
+    done
+}
+
+# Function to kill all processes in a tree starting from a given parent process
+killtree() {
+    kill -9 $(
+        { set +x; } 2>/dev/null;
+        pstree "$@";
+        set -x;
+    ) 2>/dev/null
+}
+
+# Function to find containerd-shim processes related to RKE2
+getshims() {
+    COLUMNS=2147483647 ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w "${RKE2_DATA_DIR}"'/data/[^/]*/bin/containerd-shim' | cut -f1
+}
+
+# Function to unmount and remove directories
+do_unmount_and_remove() {
+    { set +x; } 2>/dev/null
+    MOUNTS=
+    while read ignore mount ignore; do
+        MOUNTS="${mount}\n${MOUNTS}"
+    done </proc/self/mounts
+    MOUNTS=$(printf ${MOUNTS} | grep "^$1" | sort -r)
+    if [ -n "${MOUNTS}" ]; then
+        set -x
+        umount ${MOUNTS}
+        rm -rf --one-file-system ${MOUNTS}
+    else
+        set -x
+    fi
+}
+
+# Load custom environment variables from /etc/spectro/environment if it exists
+if [ -f /etc/spectro/environment ]; then
+    . /etc/spectro/environment
+fi
+
+# Ensure STYLUS_ROOT does not have a trailing slash
+STYLUS_ROOT="${STYLUS_ROOT%/}"
+
+# Determine the base paths, use default if STYLUS_ROOT is not set
+RKE2_DATA_DIR=${STYLUS_ROOT}/var/lib/rancher/rke2
+RUN_DIR=/run/k3s
+KUBELET_PODS_DIR=${STYLUS_ROOT}/var/lib/kubelet/pods
+NETNS_CNI_DIR=/run/netns/cni-
+CNI_DIR=${STYLUS_ROOT}/var/lib/cni/
+
+export PATH=$PATH:${RKE2_DATA_DIR}/bin
+
+set -x
+
+# Stop RKE2 services
+systemctl stop rke2-server.service || true
+systemctl stop rke2-agent.service || true
+
+# Kill all relevant processes
+killtree $({ set +x; } 2>/dev/null; getshims; set -x)
+
+# Unmount and remove directories
+do_unmount_and_remove "${RUN_DIR}"
+do_unmount_and_remove "${KUBELET_PODS_DIR}"
+do_unmount_and_remove "${NETNS_CNI_DIR}"
+
+# Delete network interface(s) that match 'master cni0'
+ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; do
+    iface=${iface%%@*}
+    [ -z "$iface" ] || ip link delete $iface
+done
+
+# Delete additional network interfaces
+ip link delete cni0
+ip link delete flannel.1
+ip link delete flannel.4096
+ip link delete flannel-v6.1
+ip link delete flannel-v6.4096
+ip link delete flannel-wg
+ip link delete flannel-wg-v6
+ip link delete vxlan.calico
+ip link delete vxlan-v6.calico
+ip link delete cilium_vxlan
+ip link delete cilium_net
+ip link delete cilium_wg0
+ip link delete kube-ipvs0
+
+# Delete nodeLocalDNS objects
+if [ -d /sys/class/net/nodelocaldns ]; then
+  for i in $(ip address show nodelocaldns | grep inet | awk '{print $2}'); do
+    iptables-save | grep -v $i | iptables-restore
+  done
+  ip link delete nodelocaldns || true
+fi
+
+# Remove directories related to CNI and pod logs
+rm -rf ${CNI_DIR} ${STYLUS_ROOT}/var/log/pods/ ${STYLUS_ROOT}/var/log/containers
+
+# Remove pod manifest files for RKE2 components
+POD_MANIFESTS_DIR=${RKE2_DATA_DIR}/agent/pod-manifests
+
+rm -f "${POD_MANIFESTS_DIR}/etcd.yaml" \
+      "${POD_MANIFESTS_DIR}/kube-apiserver.yaml" \
+      "${POD_MANIFESTS_DIR}/kube-controller-manager.yaml" \
+      "${POD_MANIFESTS_DIR}/cloud-controller-manager.yaml" \
+      "${POD_MANIFESTS_DIR}/kube-scheduler.yaml" \
+      "${POD_MANIFESTS_DIR}/kube-proxy.yaml"
+
+# Cleanup iptables created by CNI plugins or Kubernetes (kube-proxy)
+iptables-save | grep -v KUBE- | grep -v CNI- | grep -v cali- | grep -v cali: | grep -v CILIUM_ | grep -v flannel | iptables-restore
+ip6tables-save | grep -v KUBE- | grep -v CNI- | grep -v cali- | grep -v cali: | grep -v CILIUM_ | grep -v flannel | ip6tables-restore
+
+set +x
+
+# Provide a message for additional iptables cleanup if needed
+echo 'If this cluster was upgraded from an older release of the Canal CNI, you may need to manually remove some flannel iptables rules:'
+echo -e '\texport cluster_cidr=YOUR-CLUSTER-CIDR'
+echo -e '\tiptables -D POSTROUTING -s $cluster_cidr -j MASQUERADE --random-fully'
+echo -e '\tiptables -D POSTROUTING ! -s $cluster_cidr -d  -j MASQUERADE --random-fully'

scripts/rke2-uninstall.sh

@@ -0,0 +1,135 @@
+#!/bin/sh
+set -ex
+
+# Ensure the script is run as root
+if [ ! $(id -u) -eq 0 ]; then
+    echo "$(basename "${0}"): must be run as root" >&2
+    exit 1
+fi
+
+# Load custom environment variables from /etc/spectro/environment if it exists
+if [ -f /etc/spectro/environment ]; then
+    . /etc/spectro/environment
+fi
+
+# Ensure STYLUS_ROOT does not have a trailing slash
+STYLUS_ROOT="${STYLUS_ROOT%/}"
+
+# Set RKE2_DATA_DIR, defaulting to /var/lib/rancher/rke2 if STYLUS_ROOT is not set
+RKE2_DATA_DIR=${STYLUS_ROOT}/var/lib/rancher/rke2
+
+# Function to check if the target directory is a mountpoint
+check_target_mountpoint() {
+    mountpoint -q "$1"
+}
+
+# Function to check if the target directory is read-only
+check_target_ro() {
+    touch "$1"/.rke2-ro-test && rm -rf "$1"/.rke2-ro-test
+    test $? -ne 0
+}
+
+# OS check and INSTALL_RKE2_ROOT setup
+. /etc/os-release
+if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ -r /etc/amazon-linux-release ]; then
+    # If redhat/oracle family OS is detected, check whether RKE2 was installed via yum or tar.
+    if rpm -q rke2-common >/dev/null 2>&1; then
+        INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr
+    else
+        INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr/local
+    fi 
+# Check if the OS is SUSE
+elif [ "${ID_LIKE%%[ ]*}" = "suse" ]; then 
+    if rpm -q rke2-common >/dev/null 2>&1; then
+        INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr
+        if [ -x /usr/sbin/transactional-update ]; then
+            transactional_update="transactional-update -c --no-selfupdate -d run"
+        fi
+    elif check_target_mountpoint "${STYLUS_ROOT}/usr/local" || check_target_ro "${STYLUS_ROOT}/usr/local"; then
+        INSTALL_RKE2_ROOT=${STYLUS_ROOT}/opt/rke2
+    else
+        INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr/local
+    fi
+# Default to /usr for other OSes
+else
+    INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr 
+fi
+
+# Uninstall killall script
+uninstall_killall() {
+    _killall="$(dirname "$0")/rke2-killall.sh"
+    if [ -e "${_killall}" ]; then
+        eval "${_killall}"
+    fi
+}
+
+# Disable services
+uninstall_disable_services() {
+    if command -v systemctl >/dev/null 2>&1; then
+        systemctl disable rke2-server || true
+        systemctl disable rke2-agent || true
+        systemctl reset-failed rke2-server || true
+        systemctl reset-failed rke2-agent || true
+        systemctl daemon-reload
+    fi
+}
+
+# Remove files
+uninstall_remove_files() {
+    if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ -r /etc/amazon-linux-release ]; then
+        yum remove -y "rke2-*"
+        rm -f ${STYLUS_ROOT}/etc/yum.repos.d/rancher-rke2*.repo
+    fi
+
+    if [ "${ID_LIKE%%[ ]*}" = "suse" ]; then
+        if rpm -q rke2-common >/dev/null 2>&1; then
+            uninstall_cmd="zypper remove -y rke2-server rke2-agent rke2-common rke2-selinux"
+            if [ "${TRANSACTIONAL_UPDATE=false}" != "true" ] && [ -x /usr/sbin/transactional-update ]; then
+                uninstall_cmd="transactional-update -c --no-selfupdate -d run $uninstall_cmd"
+            fi
+            $uninstall_cmd
+            rm -f ${STYLUS_ROOT}/etc/zypp/repos.d/rancher-rke2*.repo
+        fi
+    fi
+
+    $transactional_update find "${INSTALL_RKE2_ROOT}/lib/systemd/system" -name rke2-*.service -type f -delete
+    $transactional_update find "${INSTALL_RKE2_ROOT}/lib/systemd/system" -name rke2-*.env -type f -delete
+    find ${STYLUS_ROOT}/etc/systemd/system -name rke2-*.service -type f -delete
+    $transactional_update rm -f "${INSTALL_RKE2_ROOT}/bin/rke2"
+    $transactional_update rm -f "${INSTALL_RKE2_ROOT}/bin/rke2-killall.sh"
+    $transactional_update rm -rf "${INSTALL_RKE2_ROOT}/share/rke2"
+    
+    # Removing directories with STYLUS_ROOT support
+    rm -rf ${STYLUS_ROOT}/etc/rancher/rke2
+    rm -rf ${STYLUS_ROOT}/etc/rancher/node
+    rm -d ${STYLUS_ROOT}/etc/rancher || true
+    rm -rf ${STYLUS_ROOT}/etc/cni
+    rm -rf ${STYLUS_ROOT}/opt/cni/bin
+    rm -rf ${STYLUS_ROOT}/var/lib/kubelet || true
+    rm -rf "${RKE2_DATA_DIR}"
+    rm -d ${STYLUS_ROOT}/var/lib/rancher || true
+
+    if type fapolicyd >/dev/null 2>&1; then
+        if [ -f ${STYLUS_ROOT}/etc/fapolicyd/rules.d/80-rke2.rules ]; then
+            rm -f ${STYLUS_ROOT}/etc/fapolicyd/rules.d/80-rke2.rules
+        fi
+        fagenrules --load
+        systemctl try-restart fapolicyd
+    fi
+}
+
+# Remove uninstall script
+uninstall_remove_self() {
+    $transactional_update rm -f "${INSTALL_RKE2_ROOT}/bin/rke2-uninstall.sh"
+}
+
+# Remove SELinux policies
+uninstall_remove_policy() {
+    semodule -r rke2 || true
+}
+
+uninstall_killall
+trap uninstall_remove_self EXIT
+uninstall_disable_services
+uninstall_remove_files
+uninstall_remove_policy