2018-09-02 14:08:51 +08:00
|
|
|
# 禁用系统swap
|
|
|
|
|
- name: 禁用系统 swap
|
2022-12-04 09:39:51 +08:00
|
|
|
shell: "source /etc/profile; swapoff -a && sysctl -w vm.swappiness=0"
|
2018-09-02 14:08:51 +08:00
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
|
|
- name: 删除fstab swap 相关配置
|
|
|
|
|
lineinfile:
|
|
|
|
|
path: /etc/fstab
|
|
|
|
|
regexp: 'swap'
|
|
|
|
|
state: absent
|
|
|
|
|
backup: 'yes'
|
|
|
|
|
|
|
|
|
|
- name: 加载内核模块
|
|
|
|
|
modprobe: name={{ item }} state=present
|
|
|
|
|
with_items:
|
|
|
|
|
- br_netfilter
|
|
|
|
|
- ip_vs
|
|
|
|
|
- ip_vs_rr
|
|
|
|
|
- ip_vs_wrr
|
|
|
|
|
- ip_vs_sh
|
2021-10-15 12:50:34 +08:00
|
|
|
- nf_conntrack
|
2018-09-02 14:08:51 +08:00
|
|
|
ignore_errors: true
|
|
|
|
|
|
2021-10-17 10:33:00 +08:00
|
|
|
- name: 尝试加载nf_conntrack_ipv4
|
|
|
|
|
shell: 'modprobe nf_conntrack_ipv4 || echo "NoFound"'
|
|
|
|
|
register: NF_CONNTRACK_IPV4
|
|
|
|
|
|
2019-01-24 11:06:48 +08:00
|
|
|
- name: 启用systemd自动加载模块服务
|
|
|
|
|
service: name=systemd-modules-load enabled=yes
|
|
|
|
|
|
|
|
|
|
- name: 增加内核模块开机加载配置
|
|
|
|
|
template: src=10-k8s-modules.conf.j2 dest=/etc/modules-load.d/10-k8s-modules.conf
|
2018-11-10 09:52:57 +08:00
|
|
|
|
2018-09-05 09:24:32 +08:00
|
|
|
# 设置系统参数for k8s
|
|
|
|
|
# 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled
|
2019-09-03 12:39:07 +08:00
|
|
|
# https://success.docker.com/article/ipvs-connection-timeout-issue 缩短keepalive_time超时时间为600s
|
2018-09-05 09:24:32 +08:00
|
|
|
- name: 设置系统参数
|
|
|
|
|
template: src=95-k8s-sysctl.conf.j2 dest=/etc/sysctl.d/95-k8s-sysctl.conf
|
|
|
|
|
|
2023-04-16 12:44:07 +08:00
|
|
|
- name: 查看是否需要设置 fs.may_detach_mounts
|
|
|
|
|
stat:
|
|
|
|
|
path: /proc/sys/fs/may_detach_mounts
|
|
|
|
|
get_attributes: no
|
|
|
|
|
get_checksum: no
|
|
|
|
|
get_mime: no
|
|
|
|
|
register: fs_may_detach_mounts
|
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
|
|
- name: 当需要时,设置 fs.may_detach_mounts 为 1
|
|
|
|
|
sysctl:
|
|
|
|
|
sysctl_file: "/etc/sysctl.d/95-k8s-sysctl.conf"
|
|
|
|
|
name: fs.may_detach_mounts
|
|
|
|
|
value: 1
|
|
|
|
|
state: present
|
|
|
|
|
reload: yes
|
|
|
|
|
when: fs_may_detach_mounts.stat.exists|bool
|
|
|
|
|
|
2023-05-02 22:24:53 +08:00
|
|
|
- name: 查看是否需要设置 net.ipv4.tcp_tw_recycle
|
|
|
|
|
stat:
|
|
|
|
|
path: /proc/sys/net/ipv4/tcp_tw_recycle
|
|
|
|
|
register: tcp_tw_recycle
|
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
|
|
- name: 设置tcp_tw_recycle
|
|
|
|
|
sysctl:
|
|
|
|
|
sysctl_file: "/etc/sysctl.d/95-k8s-sysctl.conf"
|
|
|
|
|
name: net.ipv4.tcp_tw_recycle
|
|
|
|
|
value: 0
|
|
|
|
|
state: present
|
|
|
|
|
reload: yes
|
|
|
|
|
when: tcp_tw_recycle.stat.exists|bool
|
2023-04-16 12:44:07 +08:00
|
|
|
|
2018-09-05 09:24:32 +08:00
|
|
|
- name: 生效系统参数
|
2022-12-04 09:39:51 +08:00
|
|
|
shell: "source /etc/profile; sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"
|
2018-09-05 09:24:32 +08:00
|
|
|
ignore_errors: true
|
2019-01-24 11:06:48 +08:00
|
|
|
|
2019-06-26 12:02:27 +08:00
|
|
|
# 设置系统 ulimits
|
|
|
|
|
- name: 创建 systemd 配置目录
|
|
|
|
|
file: name=/etc/systemd/system.conf.d state=directory
|
|
|
|
|
|
2019-01-24 11:06:48 +08:00
|
|
|
- name: 设置系统 ulimits
|
2019-06-26 12:02:27 +08:00
|
|
|
template: src=30-k8s-ulimits.conf.j2 dest=/etc/systemd/system.conf.d/30-k8s-ulimits.conf
|
2019-03-28 09:44:56 +08:00
|
|
|
|
|
|
|
|
- name: 把SCTP列入内核模块黑名单
|
|
|
|
|
copy: src=sctp.conf dest=/etc/modprobe.d/sctp.conf
|
