fix(reset): add etcd backup directory cleanup to prevent redeployment failures by Irshu786 · Pull Request #13221 · kubernetes-sigs/kubespray

Irshu786 · 2026-04-29T07:14:48Z

What type of PR is this?
/kind fix

What this PR does / why we need it:

This PR removes the etcd backup directory in the reset role.

The reset playbook did not remove the etcd backup directory (/var/backups/etcd by default). As a result, stale backup data from the previous deployment remained on the node, causing subsequent cluster deployments to fail or hang during the etcd backup job.

This can lead to increased operational toil, with users spending additional time troubleshooting failed or stuck deployments.

Special notes for your reviewer:
The etcd_backup_prefix variable already exists in Kubespray and points to the etcd backup directory (e.g., /var/backups/etcd)

Fixed reset playbook to clean up etcd backup directory, preventing cluster redeployment failures

Does this PR introduce a user-facing change?:
NONE

Add tasks to the reset role to find and remove etcd backup directories.

linux-foundation-easycla · 2026-04-29T07:14:55Z

The committers listed above are authorized under a signed CLA.

✅ login: Irshu786 / name: Ali Irshad (277ddb7)
✅ login: Irshu786 / name: Irshu786 (c58831a)

k8s-ci-robot · 2026-04-29T07:14:57Z

Welcome @Irshu786!

It looks like this is your first PR to kubernetes-sigs/kubespray 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/kubespray has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

k8s-ci-robot · 2026-04-29T07:14:59Z

Hi @Irshu786. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot · 2026-04-29T07:15:04Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Irshu786
Once this PR has been reviewed and has the lgtm label, please assign ant31 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Copilot

Pull request overview

Adds cleanup logic to the reset role so that etcd backup directories created under /var/backups (e.g. /var/backups/etcd-*) are removed during a cluster reset, aligning reset behavior with “remove all etcd-related data”.

Changes:

Find directories matching etcd-* under /var/backups.
Remove any matched etcd backup directories during playbooks/reset.yml runs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

guoard · 2026-04-30T11:28:36Z

Thank you for your contribution.
please sign the CLA and follow pull request template.

Irshu786 · 2026-04-30T11:50:05Z

/easycla

guoard · 2026-04-30T11:56:24Z

I think the CLA error is because of copilot commit!
Can you sqush all commits so you be the only author?

guoard · 2026-04-30T12:51:17Z

Please follow pull request template.

kind and release-note.

guoard · 2026-05-01T08:58:51Z

I think kind should be fix and release note should be in block like this that Prow can undrestand it:

guoard · 2026-05-01T08:59:09Z

/ok-to-test

Irshu786 · 2026-05-01T11:44:10Z

I think kind should be fix and release note should be in block like this that Prow can undrestand it:

can you please have a look at failed CI checks?

guoard · 2026-05-01T16:42:32Z

/retest-failed

guoard · 2026-05-04T04:34:57Z

/retest-failed

guoard · 2026-05-04T06:58:13Z

/retest

guoard · 2026-05-05T15:57:59Z

    - /etc/origin/ovn
    - "{{ sysctl_file_path }}"
    - /etc/crictl.yaml
+    - "{{ etcd_backup_prefix }}"


I tested it, this will fail because that variable is undefined when reset playbook is running.

and this is not a good idea to delete everything in /var/backups dir, we need to delete {{ etcd_backup_prefix }}/etcd-* files. but i don't know how to access that variable.

can we add a task rather than env approach?

@yankay WDYT?

@yankay can u have a look 👁️

yankay · 2026-05-11T09:55:02Z

Thanks for the fix @Irshu786!

One small concern: reset wiping the etcd backup directory feels a bit risky — backups are often the last recovery option if something goes wrong, including after an accidental reset.

Also, the current diff removes the whole {{ etcd_backup_prefix }} (defaults to /var/backups), not just the etcd-* subdirectories.

If the underlying issue is that stale backup dirs break redeployment, would it make sense to harden roles/etcd/handlers/backup_cleanup.yml instead, so it tolerates leftover dirs gracefully? Something like:

- name: Remove old etcd backups
  ansible.builtin.file:
    state: absent
    path: "{{ item }}"
  loop: "{{ (_etcd_backups.files | sort(attribute='ctime', reverse=True))[etcd_backup_retention_count:] | map(attribute='path') }}"
  when: etcd_backup_retention_count >= 0
  ignore_errors: true  # noqa ignore-errors - don't block etcd restart on stale backup cleanup

Just a thought — curious what others think.

Irshu786 · 2026-05-13T13:53:58Z

Thanks for the fix @Irshu786!

One small concern: reset wiping the etcd backup directory feels a bit risky — backups are often the last recovery option if something goes wrong, including after an accidental reset.

Also, the current diff removes the whole {{ etcd_backup_prefix }} (defaults to /var/backups), not just the etcd-* subdirectories.

If the underlying issue is that stale backup dirs break redeployment, would it make sense to harden roles/etcd/handlers/backup_cleanup.yml instead, so it tolerates leftover dirs gracefully? Something like:
- name: Remove old etcd backups
  ansible.builtin.file:
    state: absent
    path: "{{ item }}"
  loop: "{{ (_etcd_backups.files | sort(attribute='ctime', reverse=True))[etcd_backup_retention_count:] | map(attribute='path') }}"
  when: etcd_backup_retention_count >= 0
  ignore_errors: true  # noqa ignore-errors - don't block etcd restart on stale backup cleanup
Just a thought — curious what others think.

Thanks, That makes sense !!
I think reset should ideally leave the cluster in a fully clean state, But agreed that hardening the backup cleanup handler would prevent redeploys from getting stuck on stale backup dirs even if cleanup was missed earlier.

can i update the PR with suggested changes?

Add tasks to find and remove etcd backup directories

277ddb7

Add tasks to the reset role to find and remove etcd backup directories.

Copilot AI review requested due to automatic review settings April 29, 2026 07:14

k8s-ci-robot added the do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. label Apr 29, 2026

k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 29, 2026

k8s-ci-robot requested review from ErikJiang and VannTen April 29, 2026 07:15

Copilot started reviewing on behalf of Irshu786 April 29, 2026 07:15 View session

Copilot AI reviewed Apr 29, 2026

View reviewed changes

Comment thread roles/reset/tasks/main.yml Outdated

Comment thread roles/reset/tasks/main.yml Outdated

guoard reviewed Apr 30, 2026

View reviewed changes

Comment thread roles/reset/tasks/main.yml Outdated

k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 30, 2026

Irshu786 changed the title ~~Add tasks to find and remove etcd backup directories~~ Add etcd_backup_prefix path to remove etcd backup directories Apr 30, 2026

Irshu786 changed the title ~~Add etcd_backup_prefix path to remove etcd backup directories~~ Add etcd_backup_prefix path to remove etcd backup directory Apr 30, 2026

Irshu786 changed the title ~~Add etcd_backup_prefix path to remove etcd backup directory~~ fix: add etcd_backup_prefix path to remove etcd backup directory Apr 30, 2026

Irshu786 force-pushed the patch-1 branch from cc9149f to 277ddb7 Compare April 30, 2026 12:25

Irshu786 requested a review from guoard April 30, 2026 12:26

fix: squash copilot commits

c58831a

k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 30, 2026

Irshu786 changed the title ~~fix: add etcd_backup_prefix path to remove etcd backup directory~~ fix(reset): add etcd backup directory cleanup to prevent redeployment failures Apr 30, 2026

guoard reviewed May 5, 2026

View reviewed changes

Conversation

Irshu786 commented Apr 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

linux-foundation-easycla Bot commented Apr 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

k8s-ci-robot commented Apr 29, 2026

Uh oh!

k8s-ci-robot commented Apr 29, 2026

Uh oh!

k8s-ci-robot commented Apr 29, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

guoard commented Apr 30, 2026

Uh oh!

Irshu786 commented Apr 30, 2026

Uh oh!

guoard commented Apr 30, 2026

Uh oh!

guoard commented Apr 30, 2026

Uh oh!

guoard commented May 1, 2026

Uh oh!

guoard commented May 1, 2026

Uh oh!

Irshu786 commented May 1, 2026

Uh oh!

guoard commented May 1, 2026

Uh oh!

guoard commented May 4, 2026

Uh oh!

guoard commented May 4, 2026

Uh oh!

guoard May 5, 2026

Choose a reason for hiding this comment

Uh oh!

Irshu786 May 6, 2026

Choose a reason for hiding this comment

Uh oh!

guoard May 7, 2026

Choose a reason for hiding this comment

Uh oh!

Irshu786 May 11, 2026

Choose a reason for hiding this comment

Uh oh!

yankay commented May 11, 2026

Uh oh!

Irshu786 commented May 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Irshu786 commented Apr 29, 2026 •

edited

Loading

linux-foundation-easycla Bot commented Apr 29, 2026 •

edited

Loading

Irshu786 commented May 13, 2026 •

edited

Loading