mirror of https://github.com/easzlab/kubeasz.git
72 lines
1.8 KiB
YAML
72 lines
1.8 KiB
YAML
- name: prepare some dirs
|
||
file: name={{ item }} state=directory
|
||
with_items:
|
||
- "{{ bin_dir }}"
|
||
- "{{ ca_dir }}"
|
||
- /root/.kube
|
||
- /etc/docker
|
||
|
||
#- name: 集群hosts文件更新
|
||
# copy: src=hosts.j2 dest=/etc/hosts
|
||
|
||
- name: 写入环境变量$PATH
|
||
shell: "sed -i '/export PATH=/d' /etc/profile && \
|
||
echo export PATH={{ bin_dir }}:$PATH >> /etc/profile"
|
||
|
||
- name: 下载证书工具 CFSSL
|
||
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
|
||
with_items:
|
||
- cfssl
|
||
- cfssl-certinfo
|
||
- cfssljson
|
||
|
||
- name: 分发CA 证书
|
||
copy: src={{ item }} dest={{ ca_dir }}/{{ item }} mode=0644
|
||
with_items:
|
||
- ca.pem
|
||
- ca-key.pem
|
||
- ca.csr
|
||
- ca-config.json
|
||
|
||
# 先拉取下节点的ansible setup信息,起到缓存效果,否则后续when 判断可能失败
|
||
- name: 缓存ansilbe setup信息
|
||
setup: gather_subset=min
|
||
|
||
# 删除默认安装
|
||
- name: 删除ubuntu默认安装
|
||
when: ansible_distribution == "Ubuntu"
|
||
apt: name={{ item }} state=absent
|
||
with_items:
|
||
- ufw
|
||
- lxd
|
||
- lxd-client
|
||
- lxcfs
|
||
- lxc-common
|
||
|
||
# 删除默认安装
|
||
- name: 删除centos默认安装
|
||
when: ansible_distribution == "CentOS"
|
||
yum: name={{ item }} state=absent
|
||
with_items:
|
||
- firewalld
|
||
- firewalld-filesystem
|
||
- python-firewall
|
||
|
||
- name: 关闭 selinux
|
||
shell: "setenforce 0 && echo SELINUX=disabled > /etc/selinux/config"
|
||
when: ansible_distribution == "CentOS"
|
||
ignore_errors: true
|
||
|
||
# 设置系统参数for k8s
|
||
# 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled
|
||
- name: 设置系统参数
|
||
copy: src=95-k8s-sysctl.conf dest=/etc/sysctl.d/95-k8s-sysctl.conf
|
||
|
||
- name: 加载br_netfilter模块
|
||
modprobe: name=br_netfilter state=present
|
||
#shell: "modprobe br_netfilter"
|
||
|
||
- name: 生效系统参数
|
||
shell: "sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"
|
||
ignore_errors: true
|