diff --git a/01.prepare.yml b/01.prepare.yml
index 716ebae..2295065 100644
--- a/01.prepare.yml
+++ b/01.prepare.yml
@@ -1,5 +1,10 @@
 # [optional] to synchronize system time of nodes with 'chrony' 
-- hosts: all
+- hosts:
+  - kube-master
+  - kube-node
+  - etcd
+  - ex-lb
+  - chrony
   roles:
   - { role: chrony, when: "groups['chrony']|length > 0" }
 
diff --git a/24.restore.yml b/24.restore.yml
index 4b0467b..5cac9e2 100644
--- a/24.restore.yml
+++ b/24.restore.yml
@@ -23,7 +23,10 @@
   - deploy
 
 # pre-tasks on all nodes
-- hosts: all
+- hosts:
+  - kube-master
+  - kube-node
+  - etcd
   roles:
   - prepare
 
diff --git a/90.setup.yml b/90.setup.yml
index 16299b1..12edc16 100644
--- a/90.setup.yml
+++ b/90.setup.yml
@@ -1,5 +1,10 @@
 # [optional] to synchronize time of nodes with 'chrony'
-- hosts: all
+- hosts:
+  - kube-master
+  - kube-node
+  - etcd
+  - ex-lb
+  - chrony
   roles:
   - { role: chrony, when: "groups['chrony']|length > 0" }
 
diff --git a/roles/chrony/chrony.yml b/roles/chrony/chrony.yml
index ac07bbd..0887931 100644
--- a/roles/chrony/chrony.yml
+++ b/roles/chrony/chrony.yml
@@ -1,3 +1,8 @@
-- hosts: all
+- hosts:
+  - kube-master
+  - kube-node
+  - etcd
+  - ex-lb
+  - chrony
   roles:
   - { role: chrony, when: "groups['chrony']|length > 0" }
diff --git a/roles/os-harden/os-harden.yml b/roles/os-harden/os-harden.yml
index d2d0ba6..796f220 100644
--- a/roles/os-harden/os-harden.yml
+++ b/roles/os-harden/os-harden.yml
@@ -1,5 +1,10 @@
 # [可选]操作系统安全加固 https://github.com/dev-sec/ansible-os-hardening
-- hosts: all
+- hosts:
+  - kube-master
+  - kube-node
+  - etcd
+  - ex-lb
+  - chrony
   vars:
     os_security_users_allow: change_user
     os_auth_pam_passwdqc_enable: false