kubeasz/roles/prepare/tasks/redhat.yml

59 lines
1.8 KiB
YAML
Raw Normal View History

2019-01-03 20:21:39 +08:00
- name: 删除centos/redhat默认安装
2023-05-03 07:22:49 +08:00
package:
name:
- firewalld
- python-firewall
- firewalld-filesystem
state: absent
2019-06-29 18:10:51 +08:00
ignore_errors: true
2018-09-02 14:08:51 +08:00
- name: 安装基础软件包
2023-05-03 07:22:49 +08:00
package:
2023-05-04 09:46:55 +08:00
name:
- bash-completion # bash命令补全工具需要重新登录服务器生效
2019-07-17 09:01:16 +08:00
- conntrack-tools # ipvs 模式需要
2023-05-04 09:46:55 +08:00
- ipset # ipvs 模式需要
- ipvsadm # ipvs 模式需要
2019-07-17 09:01:16 +08:00
- libseccomp # 安装containerd需要
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
2023-05-04 09:46:55 +08:00
- psmisc # 安装psmisc 才能使用命令killallkeepalive的监测脚本需要
- rsync # 文件同步工具,分发证书等配置文件需要
- socat # 用于port forwarding
2019-06-28 12:53:04 +08:00
state: present
when: 'INSTALL_SOURCE != "offline"'
# 离线安装基础软件包
- import_tasks: offline.yml
when: 'INSTALL_SOURCE == "offline"'
2018-09-02 14:08:51 +08:00
- name: 临时关闭 selinux
shell: "setenforce 0"
failed_when: false
- name: 永久关闭 selinux
lineinfile:
dest: /etc/selinux/config
regexp: "^SELINUX="
line: "SELINUX=disabled"
2019-03-28 18:44:10 +08:00
# 优化设置 journal 日志相关,避免日志重复搜集,浪费系统资源
- name: 禁止rsyslog获取journald日志1
2019-03-28 18:44:10 +08:00
lineinfile:
dest: /etc/rsyslog.conf
state: present
regexp: 'ModLoad imjournal'
line: '#$ModLoad imjournal # provides access to the systemd journal'
ignore_errors: true
2019-03-28 18:44:10 +08:00
- name: 禁止rsyslog获取journald日志2
lineinfile:
dest: /etc/rsyslog.conf
state: present
regexp: 'IMJournalStateFile'
line: '#$IMJournalStateFile imjournal.state'
ignore_errors: true
2019-03-28 18:44:10 +08:00
- name: 重启rsyslog服务
service: name=rsyslog state=restarted
ignore_errors: true