kubeasz/roles/prepare/tasks/main.yml

131 lines
3.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

- name: prepare some dirs
file: name={{ item }} state=directory
with_items:
- "{{ bin_dir }}"
- "{{ ca_dir }}"
- /root/.kube
- /etc/docker
- name: 写入环境变量$PATH
lineinfile:
dest: ~/.bashrc
state: present
regexp: 'kubeasz'
line: 'export PATH={{ bin_dir }}:$PATH # generated by kubeasz'
- name: 下载证书工具 CFSSL和 kubectl
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- cfssl
- cfssl-certinfo
- cfssljson
- kubectl
tags: upgrade_k8s
# 删除默认安装
- name: 删除ubuntu默认安装
when: ansible_distribution == "Ubuntu"
apt: name={{ item }} state=absent
with_items:
- ufw
- lxd
- lxd-client
- lxcfs
- lxc-common
# 安装通用软件包
- name: 安装系统通用软件
package: name={{ item }} state=latest
with_items:
- jq # 轻量JSON处理程序安装docker查询镜像需要
- socat # 用于port forwarding
- bash-completion # bash命令补全工具需要重新登录服务器生效
- rsync # 文件同步工具,分发证书等配置文件需要
# Ubuntu 安装基础软件包
- name: 安装 ubuntu基础软件
when: ansible_distribution == "Ubuntu"
apt: name={{ item }} state=latest
with_items:
- nfs-common # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- conntrack # network connection cleanup 用到
- block:
- name: 删除centos默认安装
yum: name={{ item }} state=absent
with_items:
- firewalld
- python-firewall
- firewalld-filesystem
- name: 添加EPEL仓库
yum: name=epel-release state=latest
- name: 安装基础软件包
yum: name={{ item }} state=latest
with_items:
- psmisc # 安装psmisc 才能使用命令killall它在keepalive的监测脚本中使用到
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- net-tools
- name: 临时关闭 selinux
shell: "setenforce 0"
failed_when: false
- name: 永久关闭 selinux
lineinfile:
dest: /etc/selinux/config
regexp: "^SELINUX="
line: "SELINUX=disabled"
when: ansible_distribution == "CentOS"
- name: 安装kubeconfig配置文件
synchronize: src=/root/.kube/config dest=/root/.kube/config
delegate_to: "{{ groups.deploy[0] }}"
- name: 分发CA 证书
synchronize: src={{ ca_dir }}/{{ item }} dest={{ ca_dir }}/{{ item }}
with_items:
- ca.pem
- ca-key.pem
- ca.csr
- ca-config.json
delegate_to: "{{ groups.deploy[0] }}"
- name: 添加 kubectl 命令自动补全
lineinfile:
dest: ~/.bashrc
state: present
regexp: 'kubectl completion'
line: 'source <(kubectl completion bash)'
# 禁用系统swap
- name: 禁用系统 swap
shell: "swapoff -a && sysctl -w vm.swappiness=0"
ignore_errors: true
- name: 删除fstab swap 相关配置
lineinfile:
path: /etc/fstab
regexp: 'swap'
state: absent
backup: 'yes'
# 设置系统参数for k8s
# 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled
- name: 设置系统参数
copy: src=95-k8s-sysctl.conf dest=/etc/sysctl.d/95-k8s-sysctl.conf
- name: 加载内核模块
modprobe: name={{ item }} state=present
with_items:
- br_netfilter
- ip_vs
- ip_vs_rr
- ip_vs_wrr
- ip_vs_sh
- nf_conntrack_ipv4
ignore_errors: true
- name: 生效系统参数
shell: "sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"
ignore_errors: true