rewrite prepare tasks for different systems

pull/1282/head
gjmzj 2023-05-02 22:24:53 +08:00
parent 9acff29630
commit f0947daaec
5 changed files with 31 additions and 34 deletions

View File

@ -9,15 +9,9 @@
- name: 安装基础软件包 - name: 安装基础软件包
yum: yum:
name: name:
- bash-completion # bash命令补全工具需要重新登录服务器生效
- conntrack-tools # ipvs 模式需要 - conntrack-tools # ipvs 模式需要
- ipset # ipvs 模式需要
- ipvsadm # ipvs 模式需要
- libseccomp # 安装containerd需要 - libseccomp # 安装containerd需要
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要) - nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- psmisc # 安装psmisc 才能使用命令killallkeepalive的监测脚本需要
- rsync # 文件同步工具,分发证书等配置文件需要
- socat # 用于port forwarding
state: present state: present
when: 'INSTALL_SOURCE != "offline"' when: 'INSTALL_SOURCE != "offline"'

View File

@ -10,9 +10,17 @@
state: absent state: absent
backup: 'yes' backup: 'yes'
- name: 转换内核版本为浮点数 - name: 安装基础软件包
set_fact: package:
KERNEL_VER: "{{ ansible_kernel.split('-')[0].split('.')[0]|int + ansible_kernel.split('-')[0].split('.')[1]|int/100 }}" name:
- bash-completion # bash命令补全工具需要重新登录服务器生效
- ipset # ipvs 模式需要
- ipvsadm # ipvs 模式需要
- psmisc # 安装psmisc 才能使用命令killallkeepalive的监测脚本需要
- rsync # 文件同步工具,分发证书等配置文件需要
- socat # 用于port forwarding
state: present
when: 'INSTALL_SOURCE != "offline"'
- name: 加载内核模块 - name: 加载内核模块
modprobe: name={{ item }} state=present modprobe: name={{ item }} state=present
@ -59,6 +67,20 @@
reload: yes reload: yes
when: fs_may_detach_mounts.stat.exists|bool when: fs_may_detach_mounts.stat.exists|bool
- name: 查看是否需要设置 net.ipv4.tcp_tw_recycle
stat:
path: /proc/sys/net/ipv4/tcp_tw_recycle
register: tcp_tw_recycle
ignore_errors: true
- name: 设置tcp_tw_recycle
sysctl:
sysctl_file: "/etc/sysctl.d/95-k8s-sysctl.conf"
name: net.ipv4.tcp_tw_recycle
value: 0
state: present
reload: yes
when: tcp_tw_recycle.stat.exists|bool
- name: 生效系统参数 - name: 生效系统参数
shell: "source /etc/profile; sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf" shell: "source /etc/profile; sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"

View File

@ -1,11 +1,3 @@
# 系统基础软件环境
- name: apt更新缓存刷新
apt: update_cache=yes cache_valid_time=72000
ignore_errors: true
when:
- 'ansible_distribution in ["Ubuntu","Debian"]'
- 'INSTALL_SOURCE != "offline"'
- import_tasks: ubuntu.yml - import_tasks: ubuntu.yml
when: 'ansible_distribution in ["Ubuntu","Debian"]' when: 'ansible_distribution in ["Ubuntu","Debian"]'

View File

@ -1,3 +1,9 @@
# 系统基础软件环境
- name: apt更新缓存刷新
apt: update_cache=yes cache_valid_time=72000
ignore_errors: true
when: 'INSTALL_SOURCE != "offline"'
# 删除默认安装 # 删除默认安装
- name: 删除ubuntu默认安装 - name: 删除ubuntu默认安装
shell: "apt remove -y {{ item }}" shell: "apt remove -y {{ item }}"
@ -13,16 +19,10 @@
- name: 安装 ubuntu/debian基础软件 - name: 安装 ubuntu/debian基础软件
apt: apt:
name: name:
- bash-completion # bash命令补全工具需要重新登录服务器生效
- conntrack # network connection cleanup 用到 - conntrack # network connection cleanup 用到
- ipset # ipvs 模式需要
- ipvsadm # ipvs 模式需要
- jq # 轻量JSON处理程序安装docker查询镜像需要 - jq # 轻量JSON处理程序安装docker查询镜像需要
- libseccomp2 # 安装containerd需要 - libseccomp2 # 安装containerd需要
- nfs-common # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要) - nfs-common # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- psmisc # 安装psmisc 才能使用命令killallkeepalive的监测脚本需要
- rsync # 文件同步工具,分发证书等配置文件需要
- socat # 用于port forwarding
state: present state: present
when: 'INSTALL_SOURCE != "offline"' when: 'INSTALL_SOURCE != "offline"'
@ -42,11 +42,3 @@
- name: 重启 journald 服务 - name: 重启 journald 服务
service: name=systemd-journald state=restarted service: name=systemd-journald state=restarted
- name: Configuration iptables
shell: 'iptables -F \
&& iptables -t nat -F \
&& iptables -t mangle -F \
&& iptables -X \
&& update-alternatives --set iptables /usr/sbin/iptables-legacy'
when: ansible_distribution == "Debian" and ansible_distribution_version|int >= 10

View File

@ -2,9 +2,6 @@ net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-arptables = 1 net.bridge.bridge-nf-call-arptables = 1
{% if KERNEL_VER|float < 4.12 %}
net.ipv4.tcp_tw_recycle = 0
{% endif %}
net.ipv4.tcp_tw_reuse = 0 net.ipv4.tcp_tw_reuse = 0
net.core.somaxconn = 32768 net.core.somaxconn = 32768
net.netfilter.nf_conntrack_max=1000000 net.netfilter.nf_conntrack_max=1000000