kubeasz/roles/prepare/tasks/main.yml

106 lines
3.0 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

- name: prepare some dirs
file: name={{ item }} state=directory
with_items:
- "{{ bin_dir }}"
- "{{ ca_dir }}"
- /root/.kube
- /etc/docker
- name: 写入环境变量$PATH
lineinfile:
dest: ~/.bashrc
state: present
regexp: 'kubeasz'
line: 'export PATH={{ bin_dir }}:$PATH # generated by kubeasz'
- name: 下载证书工具 CFSSL和 kubectl
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- cfssl
- cfssl-certinfo
- cfssljson
- kubectl
- name: 安装kubeconfig配置文件
copy: src=/root/.kube/config dest=/root/.kube/config
- name: 分发CA 证书
copy: src={{ ca_dir }}/{{ item }} dest={{ ca_dir }}/{{ item }} mode=0644
with_items:
- ca.pem
- ca-key.pem
- ca.csr
- ca-config.json
# 先拉取下节点的ansible setup信息起到缓存效果否则后续when 判断可能失败
- name: 缓存ansilbe setup信息
setup: gather_subset=min
# 删除默认安装
- name: 删除ubuntu默认安装
when: ansible_distribution == "Ubuntu"
apt: name={{ item }} state=absent
with_items:
- ufw
- lxd
- lxd-client
- lxcfs
- lxc-common
# Ubuntu 安装基础软件包
- name: 安装 ubuntu基础软件
when: ansible_distribution == "Ubuntu"
apt: name={{ item }} state=latest
with_items:
- jq # 轻量JSON处理程序安装docker查询镜像需要
- socat # 用于port forwarding
- nfs-common # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- conntrack # network connection cleanup 用到
- bash-completion
- block:
- name: 删除centos默认安装
yum: name={{ item }} state=absent
with_items:
- firewalld
- python-firewall
- firewalld-filesystem
- name: 安装基础软件包
yum: name={{ item }} state=latest
with_items:
- jq # 轻量JSON处理程序安装docker查询镜像需要
- socat # 用于port forwarding
- psmisc # 安装psmisc 才能使用命令killall它在keepalive的监测脚本中使用到
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- net-tools
- bash-completion
- name: 临时关闭 selinux
shell: "setenforce 0"
failed_when: false
- name: 永久关闭 selinux
lineinfile:
dest: /etc/selinux/config
regexp: "^SELINUX"
line: "SELINUX=disabled"
when: ansible_distribution == "CentOS"
- name: 添加 kubectl 命令自动补全
lineinfile:
dest: ~/.bashrc
state: present
regexp: 'kubectl completion'
line: 'source <(kubectl completion bash)'
# 设置系统参数for k8s
# 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled
- name: 设置系统参数
copy: src=95-k8s-sysctl.conf dest=/etc/sysctl.d/95-k8s-sysctl.conf
- name: 加载br_netfilter模块
modprobe: name=br_netfilter state=present
ignore_errors: true
- name: 生效系统参数
shell: "sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"
ignore_errors: true