# 禁用系统swap - name: 禁用系统 swap shell: "source /etc/profile; swapoff -a && sysctl -w vm.swappiness=0" ignore_errors: true - name: 删除fstab swap 相关配置 lineinfile: path: /etc/fstab regexp: 'swap' state: absent backup: 'yes' - name: 加载内核模块 modprobe: name={{ item }} state=present with_items: - br_netfilter - ip_vs - ip_vs_rr - ip_vs_wrr - ip_vs_sh - nf_conntrack ignore_errors: true - name: 尝试加载nf_conntrack_ipv4 shell: 'modprobe nf_conntrack_ipv4 || echo "NoFound"' register: NF_CONNTRACK_IPV4 - name: 启用systemd自动加载模块服务 service: name=systemd-modules-load enabled=yes - name: 增加内核模块开机加载配置 template: src=10-k8s-modules.conf.j2 dest=/etc/modules-load.d/10-k8s-modules.conf # 设置系统参数for k8s # 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled # https://success.docker.com/article/ipvs-connection-timeout-issue 缩短keepalive_time超时时间为600s - name: 设置系统参数 template: src=95-k8s-sysctl.conf.j2 dest=/etc/sysctl.d/95-k8s-sysctl.conf - name: 查看是否需要设置 fs.may_detach_mounts stat: path: /proc/sys/fs/may_detach_mounts get_attributes: no get_checksum: no get_mime: no register: fs_may_detach_mounts ignore_errors: true - name: 当需要时,设置 fs.may_detach_mounts 为 1 sysctl: sysctl_file: "/etc/sysctl.d/95-k8s-sysctl.conf" name: fs.may_detach_mounts value: 1 state: present reload: yes when: fs_may_detach_mounts.stat.exists|bool - name: 查看是否需要设置 net.ipv4.tcp_tw_recycle stat: path: /proc/sys/net/ipv4/tcp_tw_recycle register: tcp_tw_recycle ignore_errors: true - name: 设置tcp_tw_recycle sysctl: sysctl_file: "/etc/sysctl.d/95-k8s-sysctl.conf" name: net.ipv4.tcp_tw_recycle value: 0 state: present reload: yes when: tcp_tw_recycle.stat.exists|bool - name: 生效系统参数 shell: "source /etc/profile; sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf" ignore_errors: true # 设置系统 ulimits - name: 创建 systemd 配置目录 file: name=/etc/systemd/system.conf.d state=directory - name: 设置系统 ulimits template: src=30-k8s-ulimits.conf.j2 dest=/etc/systemd/system.conf.d/30-k8s-ulimits.conf - name: 把SCTP列入内核模块黑名单 copy: src=sctp.conf dest=/etc/modprobe.d/sctp.conf