forked from easzlab/kubeasz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
130 lines (114 loc) · 3.48 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
- name: prepare some dirs
file: name={{ item }} state=directory
with_items:
- "{{ bin_dir }}"
- "{{ ca_dir }}"
- /root/.kube
- name: 写入环境变量$PATH
lineinfile:
dest: ~/.bashrc
state: present
regexp: 'kubeasz'
line: 'export PATH={{ bin_dir }}:$PATH # generated by kubeasz'
- name: 下载证书工具 CFSSL和 kubectl
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- cfssl
- cfssl-certinfo
- cfssljson
- kubectl
tags: upgrade_k8s
# 删除默认安装
- name: 删除ubuntu默认安装
when: ansible_distribution == "Ubuntu"
apt: name={{ item }} state=absent
with_items:
- ufw
- lxd
- lxd-client
- lxcfs
- lxc-common
# Ubuntu 安装基础软件包
- name: 安装 ubuntu基础软件
when: ansible_distribution == "Ubuntu"
apt: name={{ item }} state=latest
with_items:
- nfs-common # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- conntrack # network connection cleanup 用到
- block:
- name: 删除centos默认安装
yum: name={{ item }} state=absent
with_items:
- firewalld
- python-firewall
- firewalld-filesystem
- name: 添加EPEL仓库
yum: name=epel-release state=latest
- name: 安装基础软件包
yum: name={{ item }} state=latest
with_items:
- psmisc # 安装psmisc 才能使用命令killall,它在keepalive的监测脚本中使用到
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- name: 临时关闭 selinux
shell: "setenforce 0"
failed_when: false
- name: 永久关闭 selinux
lineinfile:
dest: /etc/selinux/config
regexp: "^SELINUX="
line: "SELINUX=disabled"
when: ansible_distribution == "CentOS"
# 安装通用软件包
- name: 安装系统通用软件
package: name={{ item }} state=latest
with_items:
- jq # 轻量JSON处理程序,安装docker查询镜像需要
- socat # 用于port forwarding
- bash-completion # bash命令补全工具,需要重新登录服务器生效
- rsync # 文件同步工具,分发证书等配置文件需要
- ipset
- ipvsadm
- name: 安装kubeconfig配置文件
synchronize: src=/root/.kube/config dest=/root/.kube/config
delegate_to: "{{ groups.deploy[0] }}"
- name: 分发CA 证书
synchronize: src={{ ca_dir }}/{{ item }} dest={{ ca_dir }}/{{ item }}
with_items:
- ca.pem
- ca-key.pem
- ca.csr
- ca-config.json
delegate_to: "{{ groups.deploy[0] }}"
- name: 添加 kubectl 命令自动补全
lineinfile:
dest: ~/.bashrc
state: present
regexp: 'kubectl completion'
line: 'source <(kubectl completion bash)'
# 禁用系统swap
- name: 禁用系统 swap
shell: "swapoff -a && sysctl -w vm.swappiness=0"
ignore_errors: true
- name: 删除fstab swap 相关配置
lineinfile:
path: /etc/fstab
regexp: 'swap'
state: absent
backup: 'yes'
# 设置系统参数for k8s
# 消除docker info 警告WARNING: bridge-nf-call-ip[6]tables is disabled
- name: 设置系统参数
copy: src=95-k8s-sysctl.conf dest=/etc/sysctl.d/95-k8s-sysctl.conf
- name: 加载内核模块
modprobe: name={{ item }} state=present
with_items:
- br_netfilter
- ip_vs
- ip_vs_rr
- ip_vs_wrr
- ip_vs_sh
- nf_conntrack_ipv4
ignore_errors: true
- name: 生效系统参数
shell: "sysctl -p /etc/sysctl.d/95-k8s-sysctl.conf"
ignore_errors: true