cleanup-bm: run cleanup-images

Removing the data directories for the snapshotters isn't quite enough,
we also need to tell containerd to clean up its state.

packages/cleanup-bm.sh

@@ -56,3 +56,6 @@ for runtimeClass in "${unusedRuntimeClasses[@]}"; do
   dasel delete --file "${CONFIG}" --indent 0 --read toml --write toml "plugins.io\.containerd\.grpc\.v1\.cri.containerd.runtimes.${runtimeClass}" 2>/dev/null
   dasel delete --file "${CONFIG}" --indent 0 --read toml --write toml "proxy_plugins.${SNAPSHOTTER}-${runtimeClass}" 2>/dev/null
 done
+
+# Fix the state for removed snapshotters.
+cleanup-images

packages/containers.nix

@@ -159,6 +159,9 @@ let
     cleanup-bm = dockerTools.buildImage {
       name = "cleanup-bm";
       tag = "v0.0.1";
+      copyToRoot = with pkgs; [
+        cacert
+      ];
       config = {
         Cmd = [ "${lib.getExe pkgs.scripts.cleanup-bm}" ];
       };

packages/scripts.nix

@@ -3,7 +3,7 @@
 
 { pkgs, writeShellApplication }:
 
-{
+rec {
   create-coco-aks = writeShellApplication {
     name = "create-coco-aks";
     runtimeInputs = with pkgs; [ azure-cli ];
@@ -497,6 +497,7 @@
       busybox
       kubectl
       dasel
+      cleanup-images
     ];
     text = builtins.readFile ./cleanup-bm.sh;
   };

tools/bm-maintenance/deployment_tdx_snp.yml

@@ -62,6 +62,8 @@ spec:
                   mountPath: /var/lib/nydus-snapshotter
                 - name: containerd-config
                   mountPath: /var/lib/rancher/k3s/agent/etc/containerd
+                - name: containerd-run
+                  mountPath: /run/k3s/containerd/
           volumes:
             - name: opt-edgeless
               hostPath:
@@ -75,4 +77,8 @@ spec:
               hostPath:
                 path: /var/lib/rancher/k3s/agent/etc/containerd
                 type: Directory
+            - name: containerd-run
+              hostPath:
+                path: /run/k3s/containerd/
+                type: Directory
           restartPolicy: OnFailure