diff --git a/roles/ex-lb/defaults/main.yml b/roles/ex-lb/defaults/main.yml
index bf1e6b0..db6f98b 100644
--- a/roles/ex-lb/defaults/main.yml
+++ b/roles/ex-lb/defaults/main.yml
@@ -13,3 +13,6 @@ BALANCE_ALG: "roundrobin"
 INGRESS_NODEPORT_LB: "yes"
 # 启用 ingress tls NodePort服务的负载均衡 (yes/no)
 INGRESS_TLS_NODEPORT_LB: "yes"
+
+# 离线安装 haproxy+keepalived (offline|online)
+INSTALL_SOURCE: "offline"
diff --git a/roles/ex-lb/tasks/main.yml b/roles/ex-lb/tasks/main.yml
index b0b1998..2b8a88c 100644
--- a/roles/ex-lb/tasks/main.yml
+++ b/roles/ex-lb/tasks/main.yml
@@ -13,15 +13,22 @@
   set_fact: LB_IF={{ LB_IF_TMP.stdout }}
   tags: restart_lb
 
-- name: apt更新缓存刷新
-  apt: update_cache=yes cache_valid_time=72000
-  when: 'ansible_distribution in ["Ubuntu","Debian"]'
+- name: 创建相关目录
+  file: name={{ item }} state=directory
+  with_items:
+  - /etc/haproxy
+  - /etc/keepalived 
 
-- name: 安装 haproxy
-  package: name=haproxy state=present
+- name: 安装 haproxy+keepalived
+  package: name={{ item }} state=present
+  with_items:
+  - haproxy
+  - keepalived
+  when: 'INSTALL_SOURCE != "offline"'
 
-- name: 创建haproxy配置目录
-  file: name=/etc/haproxy state=directory
+# 离线安装 haproxy+keepalived
+- import_tasks: offline.yml
+  when: 'INSTALL_SOURCE == "offline"'
 
 - name: 修改centos的haproxy.service
   template: src=haproxy.service.j2 dest=/usr/lib/systemd/system/haproxy.service
@@ -32,12 +39,6 @@
   template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg
   tags: restart_lb
 
-- name: 安装 keepalived
-  package: name=keepalived state=present
-
-- name: 创建keepalived配置目录
-  file: name=/etc/keepalived state=directory
-
 - name: 配置 keepalived 主节点
   template: src=keepalived-master.conf.j2 dest=/etc/keepalived/keepalived.conf
   when: LB_ROLE == "master"
diff --git a/roles/ex-lb/tasks/offline.yml b/roles/ex-lb/tasks/offline.yml
new file mode 100644
index 0000000..49fba60
--- /dev/null
+++ b/roles/ex-lb/tasks/offline.yml
@@ -0,0 +1,56 @@
+# 离线安装 haproxy
+- name: 准备离线安装包目录
+  file: name=/opt/kube/packages/haproxy state=directory
+
+- block:
+  - name: 分发 haproxy_xenial 离线包
+    copy:
+      src: "{{ base_dir }}/down/packages/haproxy_xenial.tar.gz"
+      dest: "/opt/kube/packages/haproxy/haproxy_xenial.tar.gz"
+
+  - name: 安装 haproxy_xenial 离线包
+    shell: 'cd /opt/kube/packages/haproxy && tar zxf haproxy_xenial.tar.gz && \
+           dpkg -i *.deb > /tmp/install_haproxy.log 2>&1'
+  when: ansible_distribution_release == "xenial"
+
+- block:
+  - name: 分发 haproxy_centos7 离线包
+    copy:
+      src: "{{ base_dir }}/down/packages/haproxy_centos7.tar.gz"
+      dest: "/opt/kube/packages/haproxy/haproxy_centos7.tar.gz"
+
+  - name: 安装 haproxy_centos7 离线包
+    shell: 'cd /opt/kube/packages/haproxy && tar zxf haproxy_centos7.tar.gz && \
+           rpm -Uvh --nodeps *.rpm > /tmp/install_haproxy.log 2>&1'
+  when:
+  - 'ansible_distribution == "CentOS"'
+  - 'ansible_distribution_major_version == "7"'
+
+# 离线安装 keepalived
+- name: 准备离线安装包目录
+  file: name=/opt/kube/packages/keepalived state=directory
+
+- block:
+  - name: 分发 keepalived_xenial 离线包
+    copy:
+      src: "{{ base_dir }}/down/packages/keepalived_xenial.tar.gz"
+      dest: "/opt/kube/packages/keepalived/keepalived_xenial.tar.gz"
+
+  - name: 安装 keepalived_xenial 离线包
+    shell: 'cd /opt/kube/packages/keepalived && tar zxf keepalived_xenial.tar.gz && \
+           dpkg -i *.deb > /tmp/install_keepalived.log 2>&1'
+  when: ansible_distribution_release == "xenial"
+
+- block:
+  - name: 分发 keepalived_centos7 离线包
+    copy:
+      src: "{{ base_dir }}/down/packages/keepalived_centos7.tar.gz"
+      dest: "/opt/kube/packages/keepalived/keepalived_centos7.tar.gz"
+
+  - name: 安装 keepalived_centos7 离线包
+    shell: 'cd /opt/kube/packages/keepalived && tar zxf keepalived_centos7.tar.gz && \
+           rpm -Uvh --nodeps *.rpm > /tmp/install_keepalived.log 2>&1'
+  when:
+  - 'ansible_distribution == "CentOS"'
+  - 'ansible_distribution_major_version == "7"'
+
diff --git a/roles/ex-lb/templates/haproxy.cfg.j2 b/roles/ex-lb/templates/haproxy.cfg.j2
index 0684023..732b1ab 100644
--- a/roles/ex-lb/templates/haproxy.cfg.j2
+++ b/roles/ex-lb/templates/haproxy.cfg.j2
@@ -1,8 +1,6 @@
 global
         log /dev/log    local1 warning
         chroot /var/lib/haproxy
-        stats socket /run/haproxy/admin.sock mode 660 level admin
-        stats timeout 30s
         user haproxy
         group haproxy
         daemon
diff --git a/roles/kube-node/tasks/offline.yml b/roles/kube-node/tasks/offline.yml
index eed45ed..8a55b06 100644
--- a/roles/kube-node/tasks/offline.yml
+++ b/roles/kube-node/tasks/offline.yml
@@ -1,4 +1,4 @@
-# 离线安装基础系统包
+# 离线安装 haproxy
 - name: 准备离线安装包目录
   file: name=/opt/kube/packages/haproxy state=directory
 
diff --git a/roles/kube-node/templates/haproxy.cfg.j2 b/roles/kube-node/templates/haproxy.cfg.j2
index e252c3f..34b0715 100644
--- a/roles/kube-node/templates/haproxy.cfg.j2
+++ b/roles/kube-node/templates/haproxy.cfg.j2
@@ -1,8 +1,6 @@
 global
         log /dev/log    local1 warning
         chroot /var/lib/haproxy
-        stats socket /run/haproxy/admin.sock mode 660 level admin
-        stats timeout 30s
         user haproxy
         group haproxy
         daemon