rewrite prepare tasks for different systems

roles/prepare/tasks/centos.yml

@@ -9,15 +9,9 @@
 - name: 安装基础软件包
   yum: 
     name: 
-      - bash-completion     # bash命令补全工具，需要重新登录服务器生效
       - conntrack-tools     # ipvs 模式需要
-      - ipset               # ipvs 模式需要
-      - ipvsadm             # ipvs 模式需要
       - libseccomp          # 安装containerd需要
       - nfs-utils           # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
-      - psmisc              # 安装psmisc 才能使用命令killall，keepalive的监测脚本需要
-      - rsync               # 文件同步工具，分发证书等配置文件需要
-      - socat               # 用于port forwarding
     state: present
   when: 'INSTALL_SOURCE != "offline"'
 

roles/prepare/tasks/common.yml

@@ -10,9 +10,17 @@
     state: absent
     backup: 'yes'
 
-- name: 转换内核版本为浮点数
-  set_fact:
-    KERNEL_VER: "{{ ansible_kernel.split('-')[0].split('.')[0]|int + ansible_kernel.split('-')[0].split('.')[1]|int/100 }}"
+- name: 安装基础软件包
+  package:
+    name:
+      - bash-completion     # bash命令补全工具，需要重新登录服务器生效
+      - ipset               # ipvs 模式需要
+      - ipvsadm             # ipvs 模式需要
+      - psmisc              # 安装psmisc 才能使用命令killall，keepalive的监测脚本需要
+      - rsync               # 文件同步工具，分发证书等配置文件需要
+      - socat               # 用于port forwarding
+    state: present
+  when: 'INSTALL_SOURCE != "offline"'
 
 - name: 加载内核模块
   modprobe: name={{ item }} state=present
@@ -59,6 +67,20 @@
     reload: yes
   when: fs_may_detach_mounts.stat.exists|bool
 
+- name: 查看是否需要设置 net.ipv4.tcp_tw_recycle
+  stat:
+    path: /proc/sys/net/ipv4/tcp_tw_recycle
+  register: tcp_tw_recycle
+  ignore_errors: true
+
+- name: 设置tcp_tw_recycle
+  sysctl:
+    sysctl_file: "/etc/sysctl.d/95-k8s-sysctl.conf"
+    name: net.ipv4.tcp_tw_recycle
+    value: 0
+    state: present
+    reload: yes
+  when: tcp_tw_recycle.stat.exists|bool
 
 - name: 生效系统参数
   shell: "source /etc/profile; sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"

roles/prepare/tasks/main.yml

@@ -1,11 +1,3 @@
-# 系统基础软件环境
-- name: apt更新缓存刷新
-  apt: update_cache=yes cache_valid_time=72000
-  ignore_errors: true
-  when:
-  - 'ansible_distribution in ["Ubuntu","Debian"]'
-  - 'INSTALL_SOURCE != "offline"'
-
 - import_tasks: ubuntu.yml
   when: 'ansible_distribution in ["Ubuntu","Debian"]'
 

roles/prepare/tasks/ubuntu.yml

@@ -1,3 +1,9 @@
+# 系统基础软件环境
+- name: apt更新缓存刷新
+  apt: update_cache=yes cache_valid_time=72000
+  ignore_errors: true
+  when: 'INSTALL_SOURCE != "offline"'
+
 # 删除默认安装
 - name: 删除ubuntu默认安装
   shell: "apt remove -y {{ item }}"
@@ -13,16 +19,10 @@
 - name: 安装 ubuntu/debian基础软件
   apt: 
     name:
-      - bash-completion     # bash命令补全工具，需要重新登录服务器生效
       - conntrack           # network connection cleanup 用到
-      - ipset               # ipvs 模式需要
-      - ipvsadm             # ipvs 模式需要
       - jq                  # 轻量JSON处理程序，安装docker查询镜像需要
       - libseccomp2         # 安装containerd需要
       - nfs-common          # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
-      - psmisc              # 安装psmisc 才能使用命令killall，keepalive的监测脚本需要
-      - rsync               # 文件同步工具，分发证书等配置文件需要
-      - socat               # 用于port forwarding
     state: present
   when: 'INSTALL_SOURCE != "offline"'
 
@@ -42,11 +42,3 @@
 
 - name: 重启 journald 服务
   service: name=systemd-journald state=restarted
-
-- name: Configuration iptables
-  shell: 'iptables -F \
-    && iptables -t nat -F \
-    && iptables -t mangle -F \
-    && iptables -X \
-    && update-alternatives --set iptables /usr/sbin/iptables-legacy'
-  when: ansible_distribution == "Debian" and ansible_distribution_version|int >= 10

roles/prepare/templates/95-k8s-sysctl.conf.j2

@@ -2,9 +2,6 @@ net.ipv4.ip_forward = 1
 net.bridge.bridge-nf-call-iptables = 1
 net.bridge.bridge-nf-call-ip6tables = 1
 net.bridge.bridge-nf-call-arptables = 1
-{% if KERNEL_VER|float < 4.12 %}
-net.ipv4.tcp_tw_recycle = 0
-{% endif %}
 net.ipv4.tcp_tw_reuse = 0
 net.core.somaxconn = 32768
 net.netfilter.nf_conntrack_max=1000000