zailon/olimp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'Обновить roles/system_cleanup/tasks/main.yml' (#1) from zailon-cleanup-patch into main

Browse Source 
Reviewed-on: https://gitea.zailon.ru/zailon/olimp/pulls/1
This commit is contained in:
zailon 2026-05-13 10:51:35 +05:00
commit b6a7375b7e
1 changed files with 178 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

174
roles/system_cleanup/tasks/main.yml
View File

@ -1,104 +1,178 @@
--- ---
# =============================================================================
# SYSTEM CLEANUP ROLE
# =============================================================================
# ========== Docker Pre-check ==========
- name: Check if Docker is installed - name: Check if Docker is installed
command: docker --version command: docker --version
register: docker_check register: docker_check
ignore_errors: yes ignore_errors: yes
changed_when: false changed_when: false
tags: [cleanup, docker]
# ========== APT Cleanup ==========
- name: Remove unwanted system packages - name: Remove unwanted system packages
apt: apt:
name: "{{ cleanup_packages }}" name: "{{ cleanup_packages }}"
state: absent state: absent
autoremove: "{{ cleanup_autoremove }}" autoremove: "{{ cleanup_autoremove }}"
purge: true purge: true
when: cleanup_packages | length > 0 when: cleanup_packages | default([]) | length > 0
become: yes
tags: [cleanup, apt]
- name: Clean APT cache (remove downloaded .deb files)
command: apt-get clean
changed_when: false
become: yes
tags: [cleanup, apt]
- name: Remove old configuration files (dpkg --purge rc packages)
shell: dpkg --purge $(dpkg --list | grep '^rc' | awk '{print $2}') 2>/dev/null || true
changed_when: true
become: yes
tags: [cleanup, apt]
- name: Remove old kernels (keep current + N last)
shell: |
CURRENT_KERNEL=$(uname -r)
dpkg -l 'linux-image-*' 2>/dev/null | awk '/^ii/ {print $2}' | grep -v "$CURRENT_KERNEL" | sort -V | head -n -{{ cleanup_keep_kernels | default(2) }} | xargs -r apt-get purge -y || true
changed_when: true
become: yes
tags: [cleanup, apt, kernels]
# ========== SSH Keys Cleanup ==========
- name: Remove specific SSH authorized keys (if any defined) - name: Remove specific SSH authorized keys (if any defined)
authorized_key: authorized_key:
user: root user: root
key: "{{ item }}" key: "{{ item }}"
state: absent state: absent
loop: "{{ cleanup_ssh_keys | default([]) }}" loop: "{{ cleanup_ssh_keys | default([]) }}"
when: cleanup_ssh_keys | length > 0 when: cleanup_ssh_keys | default([]) | length > 0
become: yes
tags: [cleanup, ssh]
# ========== Docker Cleanup ==========
- name: Prune unused Docker containers - name: Prune unused Docker containers
command: docker container prune -f command: docker container prune -f
when: when:
- cleanup_docker and cleanup_docker_containers - cleanup_docker | default(false)
- cleanup_docker_containers | default(false)
- docker_check.rc == 0 - docker_check.rc == 0
changed_when: true changed_when: true
become: yes
tags: [cleanup, docker]
- name: Prune unused Docker images - name: Prune unused Docker images
command: docker image prune -af command: docker image prune -af
when: when:
- cleanup_docker and cleanup_docker_images - cleanup_docker | default(false)
- cleanup_docker_images | default(false)
- docker_check.rc == 0 - docker_check.rc == 0
changed_when: true changed_when: true
become: yes
tags: [cleanup, docker]
- name: Prune unused Docker volumes - name: Prune unused Docker volumes
command: docker volume prune -f command: docker volume prune -f
when: when:
- cleanup_docker and cleanup_docker_volumes - cleanup_docker | default(false)
- cleanup_docker_volumes | default(false)
- docker_check.rc == 0 - docker_check.rc == 0
changed_when: true changed_when: true
become: yes
tags: [cleanup, docker]
- name: Prune unused Docker networks - name: Prune unused Docker networks
command: docker network prune -f command: docker network prune -f
when: when:
- cleanup_docker and cleanup_docker_networks - cleanup_docker | default(false)
- cleanup_docker_networks | default(false)
- docker_check.rc == 0 - docker_check.rc == 0
changed_when: true changed_when: true
become: yes
tags: [cleanup, docker]
- name: Remove custom directories (use with caution!) - name: Prune Docker build cache
command: docker builder prune -f
when:
- cleanup_docker | default(false)
- docker_check.rc == 0
changed_when: true
become: yes
tags: [cleanup, docker]
# ========== Journal Logs Vacuum ==========
- name: Vacuum systemd journal logs
command: journalctl --vacuum-size={{ cleanup_max_journal_size | default('100M') }}
changed_when: true
become: yes
tags: [cleanup, logs]
# ========== Old Log Files Cleanup ==========
- name: Find old rotated logs (*.1, *.gz, *.old)
find:
paths: /var/log
patterns: "*.1,*.gz,*.old"
age: "{{ cleanup_logs_age_days | default(7) }}d"
recurse: yes
register: old_logs
become: yes
tags: [cleanup, logs]
- name: Delete found old log files
file:
path: "{{ item.path }}"
state: absent
loop: "{{ old_logs.files }}"
become: yes
tags: [cleanup, logs]
# ========== Temporary Files Cleanup ==========
- name: Clean systemd tmpfiles
command: systemd-tmpfiles --clean
changed_when: true
become: yes
tags: [cleanup, tmp]
- name: Find old files in /tmp (exclude system dirs)
find:
paths: /tmp
age: "{{ cleanup_tmp_age_days | default(3) }}d"
exclude: "systemd-*,ssh-*,tmux-*,.X*,.ICE-unix*"
register: tmp_old_files
become: yes
tags: [cleanup, tmp]
- name: Delete old /tmp files
file:
path: "{{ item.path }}"
state: absent
loop: "{{ tmp_old_files.files }}"
become: yes
tags: [cleanup, tmp]
# ========== Custom Directories Removal ==========
- name: Remove custom directories (if defined)
file: file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
loop: "{{ cleanup_directories | default([]) }}" loop: "{{ cleanup_directories | default([]) }}"
when: cleanup_directories | length > 0 when: cleanup_directories | default([]) | length > 0
- name: Remove cAdvisor (if cleanup_cadvisor is true)
block:
- name: Check if cAdvisor container exists
shell: docker ps -a --filter name=cadvisor --format "{{ '{{.Names}}' }}"
register: cadvisor_check
changed_when: false
when: docker_check.rc == 0
- name: Stop and remove cAdvisor container using docker-compose
community.docker.docker_compose_v2:
project_src: "{{ cadvisor_base_dir | default('/opt/cadvisor') }}"
state: absent
become: yes become: yes
when: tags: [cleanup]
- docker_check.rc == 0
- "'cadvisor' in cadvisor_check.stdout"
- name: Remove cAdvisor Docker image # ========== Summary: Show Disk Usage After Cleanup ==========
command: docker rmi gcr.io/cadvisor/cadvisor || true - name: Show disk usage after cleanup
when: docker_check.rc == 0 command: df -h /
ignore_errors: yes register: disk_after
- name: Remove cAdvisor directories
file:
path: "{{ item }}"
state: absent
loop:
- "{{ cadvisor_base_dir | default('/opt/cadvisor') }}"
- "{{ cadvisor_config_dir | default('/opt/cadvisor/config') }}"
ignore_errors: yes
- name: Verify cAdvisor removal
shell: |
echo "Containers: $(docker ps -a | grep cadvisor | wc -l 2>/dev/null || echo 0)"
echo "Images: $(docker images | grep cadvisor | wc -l 2>/dev/null || echo 0)"
echo "Directories: $(ls -d {{ cadvisor_base_dir | default('/opt/cadvisor') }}* 2>/dev/null | wc -l || echo 0)"
register: cadvisor_removal_check
changed_when: false changed_when: false
when: docker_check.rc == 0 tags: [cleanup, summary]
- name: Show cAdvisor removal status - name: Display cleanup summary
debug: debug:
msg: "cAdvisor removal status: {{ cadvisor_removal_check.stdout }}" msg: |
when: cadvisor_removal_check is defined === 🧹 Cleanup Summary ===
{{ disk_after.stdout_lines | join('\n') }}
when: cleanup_cadvisor | default(false) and docker_check.rc == 0 tags: [cleanup, summary]