mirror of https://github.com/easzlab/kubeasz.git
106 lines
3.0 KiB
YAML
106 lines
3.0 KiB
YAML
- name: prepare some dirs
|
||
file: name={{ item }} state=directory
|
||
with_items:
|
||
- "{{ bin_dir }}"
|
||
- "{{ ca_dir }}"
|
||
- /root/.kube
|
||
- /etc/docker
|
||
|
||
- name: 写入环境变量$PATH
|
||
lineinfile:
|
||
dest: ~/.bashrc
|
||
state: present
|
||
regexp: 'kubeasz'
|
||
line: 'export PATH={{ bin_dir }}:$PATH # generated by kubeasz'
|
||
|
||
- name: 下载证书工具 CFSSL和 kubectl
|
||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||
with_items:
|
||
- cfssl
|
||
- cfssl-certinfo
|
||
- cfssljson
|
||
- kubectl
|
||
|
||
- name: 安装kubeconfig配置文件
|
||
copy: src=/root/.kube/config dest=/root/.kube/config
|
||
|
||
- name: 分发CA 证书
|
||
copy: src={{ ca_dir }}/{{ item }} dest={{ ca_dir }}/{{ item }} mode=0644
|
||
with_items:
|
||
- ca.pem
|
||
- ca-key.pem
|
||
- ca.csr
|
||
- ca-config.json
|
||
|
||
# 先拉取下节点的ansible setup信息,起到缓存效果,否则后续when 判断可能失败
|
||
- name: 缓存ansilbe setup信息
|
||
setup: gather_subset=min
|
||
|
||
# 删除默认安装
|
||
- name: 删除ubuntu默认安装
|
||
when: ansible_distribution == "Ubuntu"
|
||
apt: name={{ item }} state=absent
|
||
with_items:
|
||
- ufw
|
||
- lxd
|
||
- lxd-client
|
||
- lxcfs
|
||
- lxc-common
|
||
|
||
# Ubuntu 安装基础软件包
|
||
- name: 安装 ubuntu基础软件
|
||
when: ansible_distribution == "Ubuntu"
|
||
apt: name={{ item }} state=latest
|
||
with_items:
|
||
- jq # 轻量JSON处理程序,安装docker查询镜像需要
|
||
- socat # 用于port forwarding
|
||
- nfs-common # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
|
||
- conntrack # network connection cleanup 用到
|
||
- bash-completion
|
||
|
||
- block:
|
||
- name: 删除centos默认安装
|
||
yum: name={{ item }} state=absent
|
||
with_items:
|
||
- firewalld
|
||
- python-firewall
|
||
- firewalld-filesystem
|
||
- name: 安装基础软件包
|
||
yum: name={{ item }} state=latest
|
||
with_items:
|
||
- jq # 轻量JSON处理程序,安装docker查询镜像需要
|
||
- socat # 用于port forwarding
|
||
- psmisc # 安装psmisc 才能使用命令killall,它在keepalive的监测脚本中使用到
|
||
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
|
||
- net-tools
|
||
- bash-completion
|
||
- name: 临时关闭 selinux
|
||
shell: "setenforce 0"
|
||
failed_when: false
|
||
- name: 永久关闭 selinux
|
||
lineinfile:
|
||
dest: /etc/selinux/config
|
||
regexp: "^SELINUX"
|
||
line: "SELINUX=disabled"
|
||
when: ansible_distribution == "CentOS"
|
||
|
||
- name: 添加 kubectl 命令自动补全
|
||
lineinfile:
|
||
dest: ~/.bashrc
|
||
state: present
|
||
regexp: 'kubectl completion'
|
||
line: 'source <(kubectl completion bash)'
|
||
|
||
# 设置系统参数for k8s
|
||
# 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled
|
||
- name: 设置系统参数
|
||
copy: src=95-k8s-sysctl.conf dest=/etc/sysctl.d/95-k8s-sysctl.conf
|
||
|
||
- name: 加载br_netfilter模块
|
||
modprobe: name=br_netfilter state=present
|
||
ignore_errors: true
|
||
|
||
- name: 生效系统参数
|
||
shell: "sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"
|
||
ignore_errors: true
|