diff --git a/scripts/rke2-killall.sh b/scripts/rke2-killall.sh new file mode 100755 index 0000000..5eea924 --- /dev/null +++ b/scripts/rke2-killall.sh @@ -0,0 +1,141 @@ +#!/bin/sh + +# Ensure the script is run as root +if [ ! $(id -u) -eq 0 ]; then + echo "$(basename "${0}"): must be run as root" >&2 + exit 1 +fi + +# Function to find child processes of a given parent process +pschildren() { + ps -e -o ppid= -o pid= | \ + sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \ + grep -w "^$1" | \ + cut -f2 +} + +# Function to recursively build a process tree starting from a given process +pstree() { + for pid in "$@"; do + echo ${pid} + for child in $(pschildren ${pid}); do + pstree ${child} + done + done +} + +# Function to kill all processes in a tree starting from a given parent process +killtree() { + kill -9 $( + { set +x; } 2>/dev/null; + pstree "$@"; + set -x; + ) 2>/dev/null +} + +# Function to find containerd-shim processes related to RKE2 +getshims() { + COLUMNS=2147483647 ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w "${RKE2_DATA_DIR}"'/data/[^/]*/bin/containerd-shim' | cut -f1 +} + +# Function to unmount and remove directories +do_unmount_and_remove() { + { set +x; } 2>/dev/null + MOUNTS= + while read ignore mount ignore; do + MOUNTS="${mount}\n${MOUNTS}" + done /dev/null; getshims; set -x) + +# Unmount and remove directories +do_unmount_and_remove "${RUN_DIR}" +do_unmount_and_remove "${KUBELET_PODS_DIR}" +do_unmount_and_remove "${NETNS_CNI_DIR}" + +# Delete network interface(s) that match 'master cni0' +ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; do + iface=${iface%%@*} + [ -z "$iface" ] || ip link delete $iface +done + +# Delete additional network interfaces +ip link delete cni0 +ip link delete flannel.1 +ip link delete flannel.4096 +ip link delete flannel-v6.1 +ip link delete flannel-v6.4096 +ip link delete flannel-wg +ip link delete flannel-wg-v6 +ip link delete vxlan.calico +ip link delete vxlan-v6.calico +ip link delete cilium_vxlan +ip link delete cilium_net +ip link delete cilium_wg0 +ip link delete kube-ipvs0 + +# Delete nodeLocalDNS objects +if [ -d /sys/class/net/nodelocaldns ]; then + for i in $(ip address show nodelocaldns | grep inet | awk '{print $2}'); do + iptables-save | grep -v $i | iptables-restore + done + ip link delete nodelocaldns || true +fi + +# Remove directories related to CNI and pod logs +rm -rf ${CNI_DIR} ${STYLUS_ROOT}/var/log/pods/ ${STYLUS_ROOT}/var/log/containers + +# Remove pod manifest files for RKE2 components +POD_MANIFESTS_DIR=${RKE2_DATA_DIR}/agent/pod-manifests + +rm -f "${POD_MANIFESTS_DIR}/etcd.yaml" \ + "${POD_MANIFESTS_DIR}/kube-apiserver.yaml" \ + "${POD_MANIFESTS_DIR}/kube-controller-manager.yaml" \ + "${POD_MANIFESTS_DIR}/cloud-controller-manager.yaml" \ + "${POD_MANIFESTS_DIR}/kube-scheduler.yaml" \ + "${POD_MANIFESTS_DIR}/kube-proxy.yaml" + +# Cleanup iptables created by CNI plugins or Kubernetes (kube-proxy) +iptables-save | grep -v KUBE- | grep -v CNI- | grep -v cali- | grep -v cali: | grep -v CILIUM_ | grep -v flannel | iptables-restore +ip6tables-save | grep -v KUBE- | grep -v CNI- | grep -v cali- | grep -v cali: | grep -v CILIUM_ | grep -v flannel | ip6tables-restore + +set +x + +# Provide a message for additional iptables cleanup if needed +echo 'If this cluster was upgraded from an older release of the Canal CNI, you may need to manually remove some flannel iptables rules:' +echo -e '\texport cluster_cidr=YOUR-CLUSTER-CIDR' +echo -e '\tiptables -D POSTROUTING -s $cluster_cidr -j MASQUERADE --random-fully' +echo -e '\tiptables -D POSTROUTING ! -s $cluster_cidr -d -j MASQUERADE --random-fully' diff --git a/scripts/rke2-uninstall.sh b/scripts/rke2-uninstall.sh new file mode 100755 index 0000000..98778dc --- /dev/null +++ b/scripts/rke2-uninstall.sh @@ -0,0 +1,135 @@ +#!/bin/sh +set -ex + +# Ensure the script is run as root +if [ ! $(id -u) -eq 0 ]; then + echo "$(basename "${0}"): must be run as root" >&2 + exit 1 +fi + +# Load custom environment variables from /etc/spectro/environment if it exists +if [ -f /etc/spectro/environment ]; then + . /etc/spectro/environment +fi + +# Ensure STYLUS_ROOT does not have a trailing slash +STYLUS_ROOT="${STYLUS_ROOT%/}" + +# Set RKE2_DATA_DIR, defaulting to /var/lib/rancher/rke2 if STYLUS_ROOT is not set +RKE2_DATA_DIR=${STYLUS_ROOT}/var/lib/rancher/rke2 + +# Function to check if the target directory is a mountpoint +check_target_mountpoint() { + mountpoint -q "$1" +} + +# Function to check if the target directory is read-only +check_target_ro() { + touch "$1"/.rke2-ro-test && rm -rf "$1"/.rke2-ro-test + test $? -ne 0 +} + +# OS check and INSTALL_RKE2_ROOT setup +. /etc/os-release +if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ -r /etc/amazon-linux-release ]; then + # If redhat/oracle family OS is detected, check whether RKE2 was installed via yum or tar. + if rpm -q rke2-common >/dev/null 2>&1; then + INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr + else + INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr/local + fi +# Check if the OS is SUSE +elif [ "${ID_LIKE%%[ ]*}" = "suse" ]; then + if rpm -q rke2-common >/dev/null 2>&1; then + INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr + if [ -x /usr/sbin/transactional-update ]; then + transactional_update="transactional-update -c --no-selfupdate -d run" + fi + elif check_target_mountpoint "${STYLUS_ROOT}/usr/local" || check_target_ro "${STYLUS_ROOT}/usr/local"; then + INSTALL_RKE2_ROOT=${STYLUS_ROOT}/opt/rke2 + else + INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr/local + fi +# Default to /usr for other OSes +else + INSTALL_RKE2_ROOT=${STYLUS_ROOT}/usr +fi + +# Uninstall killall script +uninstall_killall() { + _killall="$(dirname "$0")/rke2-killall.sh" + if [ -e "${_killall}" ]; then + eval "${_killall}" + fi +} + +# Disable services +uninstall_disable_services() { + if command -v systemctl >/dev/null 2>&1; then + systemctl disable rke2-server || true + systemctl disable rke2-agent || true + systemctl reset-failed rke2-server || true + systemctl reset-failed rke2-agent || true + systemctl daemon-reload + fi +} + +# Remove files +uninstall_remove_files() { + if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ -r /etc/amazon-linux-release ]; then + yum remove -y "rke2-*" + rm -f ${STYLUS_ROOT}/etc/yum.repos.d/rancher-rke2*.repo + fi + + if [ "${ID_LIKE%%[ ]*}" = "suse" ]; then + if rpm -q rke2-common >/dev/null 2>&1; then + uninstall_cmd="zypper remove -y rke2-server rke2-agent rke2-common rke2-selinux" + if [ "${TRANSACTIONAL_UPDATE=false}" != "true" ] && [ -x /usr/sbin/transactional-update ]; then + uninstall_cmd="transactional-update -c --no-selfupdate -d run $uninstall_cmd" + fi + $uninstall_cmd + rm -f ${STYLUS_ROOT}/etc/zypp/repos.d/rancher-rke2*.repo + fi + fi + + $transactional_update find "${INSTALL_RKE2_ROOT}/lib/systemd/system" -name rke2-*.service -type f -delete + $transactional_update find "${INSTALL_RKE2_ROOT}/lib/systemd/system" -name rke2-*.env -type f -delete + find ${STYLUS_ROOT}/etc/systemd/system -name rke2-*.service -type f -delete + $transactional_update rm -f "${INSTALL_RKE2_ROOT}/bin/rke2" + $transactional_update rm -f "${INSTALL_RKE2_ROOT}/bin/rke2-killall.sh" + $transactional_update rm -rf "${INSTALL_RKE2_ROOT}/share/rke2" + + # Removing directories with STYLUS_ROOT support + rm -rf ${STYLUS_ROOT}/etc/rancher/rke2 + rm -rf ${STYLUS_ROOT}/etc/rancher/node + rm -d ${STYLUS_ROOT}/etc/rancher || true + rm -rf ${STYLUS_ROOT}/etc/cni + rm -rf ${STYLUS_ROOT}/opt/cni/bin + rm -rf ${STYLUS_ROOT}/var/lib/kubelet || true + rm -rf "${RKE2_DATA_DIR}" + rm -d ${STYLUS_ROOT}/var/lib/rancher || true + + if type fapolicyd >/dev/null 2>&1; then + if [ -f ${STYLUS_ROOT}/etc/fapolicyd/rules.d/80-rke2.rules ]; then + rm -f ${STYLUS_ROOT}/etc/fapolicyd/rules.d/80-rke2.rules + fi + fagenrules --load + systemctl try-restart fapolicyd + fi +} + +# Remove uninstall script +uninstall_remove_self() { + $transactional_update rm -f "${INSTALL_RKE2_ROOT}/bin/rke2-uninstall.sh" +} + +# Remove SELinux policies +uninstall_remove_policy() { + semodule -r rke2 || true +} + +uninstall_killall +trap uninstall_remove_self EXIT +uninstall_disable_services +uninstall_remove_files +uninstall_remove_policy