- name: prepare some dirs
  file: name={{ item }} state=directory
  with_items:
  - "{{ bin_dir }}"
  - "{{ ca_dir }}"
  - /root/.kube
  - /etc/docker

- name: 写入环境变量$PATH 
  lineinfile:
    dest: ~/.bashrc
    state: present
    regexp: 'kubeasz'
    line: 'export PATH={{ bin_dir }}:$PATH # generated by kubeasz'

- name: 下载证书工具 CFSSL和 kubectl
  copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
  with_items:
  - cfssl
  - cfssl-certinfo
  - cfssljson
  - kubectl
  tags: upgrade_k8s

# 删除默认安装
- name: 删除ubuntu默认安装
  when: ansible_distribution == "Ubuntu"
  apt: name={{ item }} state=absent
  with_items:
  - ufw
  - lxd
  - lxd-client
  - lxcfs
  - lxc-common

# 安装通用软件包
- name: 安装系统通用软件
  package: name={{ item }} state=latest
  with_items:
  - jq                  # 轻量JSON处理程序，安装docker查询镜像需要
  - socat               # 用于port forwarding
  - bash-completion     # bash命令补全工具，需要重新登录服务器生效
  - rsync               # 文件同步工具，分发证书等配置文件需要

# Ubuntu 安装基础软件包
- name: 安装 ubuntu基础软件
  when: ansible_distribution == "Ubuntu"
  apt: name={{ item }} state=latest
  with_items:
  - nfs-common          # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
  - conntrack           # network connection cleanup 用到

- block:
    - name: 删除centos默认安装
      yum: name={{ item }} state=absent
      with_items:
        - firewalld
        - python-firewall
        - firewalld-filesystem

    - name: 添加EPEL仓库
      yum: name=epel-release state=latest

    - name: 安装基础软件包
      yum: name={{ item }}  state=latest
      with_items:
        - psmisc        # 安装psmisc 才能使用命令killall，它在keepalive的监测脚本中使用到
        - nfs-utils     # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
        - net-tools
    - name: 临时关闭 selinux
      shell: "setenforce 0" 
      failed_when: false
    - name: 永久关闭 selinux
      lineinfile:
        dest: /etc/selinux/config
        regexp: "^SELINUX="
        line: "SELINUX=disabled"
  when: ansible_distribution == "CentOS"

- name: 安装kubeconfig配置文件
  synchronize: src=/root/.kube/config dest=/root/.kube/config
  delegate_to: "{{ hostvars[inventory_hostname].groups.deploy[0] }}"

- name: 分发CA 证书
  synchronize: src={{ ca_dir }}/{{ item }} dest={{ ca_dir }}/{{ item }}
  with_items:
  - ca.pem
  - ca-key.pem
  - ca.csr
  - ca-config.json
  delegate_to: "{{ hostvars[inventory_hostname].groups.deploy[0] }}"

- name: 添加 kubectl 命令自动补全
  lineinfile:
    dest: ~/.bashrc
    state: present
    regexp: 'kubectl completion'
    line: 'source <(kubectl completion bash)'

# 禁用系统swap
- name: 禁用系统 swap
  shell: "swapoff -a && sysctl -w vm.swappiness=0"
  ignore_errors: true

- name: 删除fstab swap 相关配置 
  lineinfile:
    path: /etc/fstab
    regexp: 'swap'
    state: absent
    backup: 'yes'

# 设置系统参数for k8s
# 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled
- name: 设置系统参数
  copy: src=95-k8s-sysctl.conf dest=/etc/sysctl.d/95-k8s-sysctl.conf

- name: 加载内核模块
  modprobe: name={{ item }} state=present
  with_items:
    - br_netfilter
    - ip_vs
    - ip_vs_rr
    - ip_vs_wrr
    - ip_vs_sh
    - nf_conntrack_ipv4
  ignore_errors: true
  
- name: 生效系统参数
  shell: "sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"
  ignore_errors: true