kubeasz/roles/prepare/tasks/common.yml

# 禁用系统swap
- name: 禁用系统 swap
  shell: "swapoff -a && sysctl -w vm.swappiness=0"
  ignore_errors: true

- name: 删除fstab swap 相关配置
  lineinfile:
    path: /etc/fstab
    regexp: 'swap'
    state: absent
    backup: 'yes'

- name: 加载内核模块
  modprobe: name={{ item }} state=present
  with_items:
    - br_netfilter
    - ip_vs
    - ip_vs_rr
    - ip_vs_wrr
    - ip_vs_sh
    - nf_conntrack_ipv4    # kernel < 4.19 
    - nf_conntrack         # kernel >= 4.19
  ignore_errors: true

- name: 启用systemd自动加载模块服务
  service: name=systemd-modules-load enabled=yes

- name: 增加内核模块开机加载配置
  template: src=10-k8s-modules.conf.j2 dest=/etc/modules-load.d/10-k8s-modules.conf

# 设置系统参数for k8s
# 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled
- name: 设置系统参数
  template: src=95-k8s-sysctl.conf.j2 dest=/etc/sysctl.d/95-k8s-sysctl.conf

- name: 生效系统参数
  shell: "sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"
  ignore_errors: true

- name: 设置系统 ulimits
  template: src=30-k8s-ulimits.conf.j2 dest=/etc/security/limits.d/30-k8s-ulimits.conf

- name: 把SCTP列入内核模块黑名单
  copy: src=sctp.conf dest=/etc/modprobe.d/sctp.conf

# 优化设置 journal 日志相关
- name: 准备 journal 日志相关目录
  file: name={{ item }} state=directory
  with_items:
  - "/etc/systemd/journald.conf.d"
  - "/var/log/journal"

- name: 优化设置 journal 日志
  template: src=95-k8s-journald.conf.j2 dest=/etc/systemd/journald.conf.d/95-k8s-journald.conf

- name: 重启 journald 服务
  service: name=systemd-journald state=restarted