修正多主多节点集群部署脚本

99.clean.yml

@@ -1,5 +1,5 @@
 # 警告：此脚本将清理真个K8S集群，包括所有POD、ETCD数据等
-# 请三思后运行改脚本 ansible-playbook 99.clean.yml
+# 请三思后运行此脚本 ansible-playbook 99.clean.yml
 - hosts: kube-cluster
   tasks:
   - name: stop calico-node service
@@ -25,6 +25,7 @@
     - "/var/run/docker/"
     - "/etc/systemd/system/calico-node.service"
     - "/etc/systemd/system/docker.service"
+    - "/etc/systemd/system/docker.service.requires/"
 
   - name: 清理 iptables
     shell: iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat

roles/ca/tasks/main.yml

@@ -3,6 +3,8 @@
   with_items:
   - "{{ bin_dir }}"
   - "{{ ca_dir }}"
+  - "{{ base_dir }}/roles/calico/files/"
+  - "{{ base_dir }}/roles/prepare/files/"
 
 - name: 下载证书工具 CFSSL
   copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755

roles/etcd/tasks/main.yml

@@ -17,9 +17,18 @@
         -config={{ ca_dir }}/ca-config.json \
         -profile=kubernetes etcd-csr.json | {{ bin_dir }}/cfssljson -bare etcd"
 
-- name: 复制ectd相关证书生成calico secrets使用
-  shell: "cd /etc/etcd/ssl && \
-	cp etcd.pem etcd-key.pem {{ base_dir }}/roles/calico/files/"
+- name: 获取ectd.pem 供calico secrets使用
+  fetch:
+    src: /etc/etcd/ssl/etcd.pem
+    dest: /etc/ansible/roles/calico/files/
+    flat: yes
+  when: NODE_NAME is defined and NODE_NAME == "etcd1"
+
+- name: 获取ectd-key.pem 供calico secrets使用
+  fetch:
+    src: /etc/etcd/ssl/etcd-key.pem
+    dest: /etc/ansible/roles/calico/files/
+    flat: yes
   when: NODE_NAME is defined and NODE_NAME == "etcd1"
 
 - name: 创建etcd工作目录

roles/lb/tasks/main.yml

@@ -1,6 +1,9 @@
 
+- name: apt更新缓存刷新
+  apt: update_cache=yes cache_valid_time=72000
+
 - name: 安装 haproxy
-  shell: "apt-get update && apt-get install haproxy -y"
+  apt: name=haproxy state=latest
 
 - name: 创建haproxy配置目录
   file: name=/etc/haproxy state=directory
@@ -9,7 +12,7 @@
   template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg
 
 - name: 安装 keepalived
-  shell: "apt-get install keepalived -y"
+  apt: name=keepalived state=latest
 
 - name: 创建keepalived配置目录
   file: name=/etc/keepalived state=directory

roles/lb/templates/haproxy.cfg.j2

@@ -22,3 +22,4 @@ listen kube-master
         balance source
         server s1 {{ LB_EP1 }}  check inter 10000 fall 2 rise 2 weight 1
         server s2 {{ LB_EP2 }}  check inter 10000 fall 2 rise 2 weight 1
+        server s3 {{ LB_EP3 }}  check inter 10000 fall 2 rise 2 weight 1

roles/lb/templates/keepalived-backup.conf.j2

@@ -1,5 +1,5 @@
 global_defs {
-    router_id {{ LB_NAME }}
+    router_id lb-backup
 }
 
 vrrp_instance VI-kube-master {

roles/lb/templates/keepalived-master.conf.j2

@@ -1,5 +1,5 @@
 global_defs {
-    router_id {{ LB_NAME }}
+    router_id lb-master
 }
 
 vrrp_script check-haproxy {

roles/prepare/tasks/main.yml

@@ -6,8 +6,8 @@
   - /root/.kube
   - /etc/docker
 
-- name: 集群hosts文件更新
-  copy: src=hosts.j2 dest=/etc/hosts
+#- name: 集群hosts文件更新
+#  copy: src=hosts.j2 dest=/etc/hosts
 
 - name: 写入环境变量$PATH 
   shell: "echo export PATH={{ bin_dir }}:$PATH >> /etc/profile"