1.高可用Kubernetes集群规划
| 角色 |
机器名 |
机器配置 |
操作系统 |
ip地址 |
安装软件 |
| ansible |
ansible-server.example.local |
2C2G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.100 |
ansible |
| master1 |
k8s-master01.example.local |
2C4G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.101 |
chrony-client、docker、kubeadm 、kubelet、kubectl |
| master2 |
k8s-master02.example.local |
2C4G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.102 |
chrony-client、docker、kubeadm 、kubelet、kubectl |
| master3 |
k8s-master03.example.local |
2C4G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.103 |
chrony-client、docker、kubeadm 、kubelet、kubectl |
| ha1 |
k8s-ha01.example.local |
2C2G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.104 |
chrony-server、haproxy、keepalived |
| ha2 |
k8s-ha02.example.local |
2C2G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.105 |
chrony-server、haproxy、keepalived |
| harbor1 |
k8s-harbor01.example.local |
2C2G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.106 |
chrony-client、docker、docker-compose、harbor |
| harbor2 |
k8s-harbor02.example.local |
2C2G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.107 |
chrony-client、docker、docker-compose、harbor |
| node1 |
k8s-node01.example.local |
2C4G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.108 |
chrony-client、docker、kubeadm 、kubelet |
| node2 |
k8s-node02.example.local |
2C4G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.109 |
chrony-client、docker、kubeadm 、kubelet |
| node3 |
k8s-node03.example.local |
2C4G |
CentOS 7.9/Ubuntu 18.04 |
172.31.3.110 |
chrony-client、docker、kubeadm 、kubelet |
2.安装ansible和配置
2.1 安装ansible
[root@ansible-server ~]
[root@ansible-server ~]
ansible 2.9.25
config file = /data/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
root@ubuntu1804:~
root@ubuntu1804:~
root@ubuntu1804:~
root@ubuntu1804:~
root@ubuntu1804:~
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.17 (default, Feb 27 2021, 15:10:58) [GCC 7.5.0]
2.2 配置ansible
[root@ansible-server ~]
[root@ansible-server ~]
[root@ansible-server ansible]
[defaults]
inventory = ./inventory
forks = 10
roles_path = ./roles
remote_user = root
[root@ansible-server ansible]
[master]
172.31.3.101 hname=k8s-master01
172.31.3.102 hname=k8s-master02
172.31.3.103 hname=k8s-master03
[ha]
172.31.3.104 hname=k8s-ha01
172.31.3.105 hname=k8s-ha02
[harbor]
172.31.3.106 hname=k8s-harbor01
172.31.3.107 hname=k8s-harbor02
[node]
172.31.3.108 hname=k8s-node01
172.31.3.109 hname=k8s-node02
172.31.3.110 hname=k8s-node03
[all:vars]
domain=example.local
[k8s_cluster:children]
master
node
[chrony_server:children]
ha
[chrony_client:children]
master
node
harbor
[keepalives_master]
172.31.3.104
[keepalives_backup]
172.31.3.105
[haproxy:children]
ha
[master01]
172.31.3.101
3.设置客户端网卡名和ip
[root@172 ~]
************************************************************
* 初始化脚本菜单 *
* 1.禁用SELinux 12.修改IP地址和网关地址 *
* 2.关闭防火墙 13.设置主机名 *
* 3.优化SSH 14.设置PS1和系统环境变量 *
* 4.设置系统别名 15.禁用SWAP *
* 5.1-4全设置 16.优化内核参数 *
* 6.设置vimrc配置文件 17.优化资源限制参数 *
* 7.设置软件包仓库 18.Ubuntu设置root用户登录 *
* 8.Minimal安装建议安装软件 19.Ubuntu卸载无用软件包 *
* 9.安装邮件服务并配置邮件 20.重启系统 *
* 10.更改SSH端口号 21.退出 *
* 11.修改网卡名 *
************************************************************
请选择相应的编号(1-21): 11
Rocky 8.5 网卡名已修改成功,请重新启动系统后才能生效!
************************************************************
* 初始化脚本菜单 *
* 1.禁用SELinux 12.修改IP地址和网关地址 *
* 2.关闭防火墙 13.设置主机名 *
* 3.优化SSH 14.设置PS1和系统环境变量 *
* 4.设置系统别名 15.禁用SWAP *
* 5.1-4全设置 16.优化内核参数 *
* 6.设置vimrc配置文件 17.优化资源限制参数 *
* 7.设置软件包仓库 18.Ubuntu设置root用户登录 *
* 8.Minimal安装建议安装软件 19.Ubuntu卸载无用软件包 *
* 9.安装邮件服务并配置邮件 20.重启系统 *
* 10.更改SSH端口号 21.退出 *
* 11.修改网卡名 *
************************************************************
请选择相应的编号(1-21): 12
请输入IP地址:172.31.0.101
IP 172.31.0.101 available!
请输入子网掩码位数:21
请输入网关地址:172.31.0.2
IP 172.31.0.2 available!
Rocky 8.5 IP地址和网关地址已修改成功,请重新启动系统后生效!
************************************************************
* 初始化脚本菜单 *
* 1.禁用SELinux 12.修改IP地址和网关地址 *
* 2.关闭防火墙 13.设置主机名 *
* 3.优化SSH 14.设置PS1和系统环境变量 *
* 4.设置系统别名 15.禁用SWAP *
* 5.1-4全设置 16.优化内核参数 *
* 6.设置vimrc配置文件 17.优化资源限制参数 *
* 7.设置软件包仓库 18.Ubuntu设置root用户登录 *
* 8.Minimal安装建议安装软件 19.Ubuntu卸载无用软件包 *
* 9.安装邮件服务并配置邮件 20.重启系统 *
* 10.更改SSH端口号 21.退出 *
* 11.修改网卡名 *
************************************************************
请选择相应的编号(1-21): 21
[C:\~]$ ssh [email protected]
Connecting to 172.31.7.3:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 4.15.0-156-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Mon Dec 27 13:56:42 CST 2021
System load: 0.17 Processes: 193
Usage of /: 2.1% of 91.17GB Users logged in: 1
Memory usage: 10% IP address for ens33: 172.31.7.3
Swap usage: 0%
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
19 updates can be applied immediately.
18 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
New release '20.04.3 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Mon Dec 27 13:56:31 2021
/usr/bin/xauth: file /home/raymond/.Xauthority does not exist
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
raymond@ubuntu1804:~$ bash reset.sh
************************************************************
* 初始化脚本菜单 *
* 1.禁用SELinux 12.修改IP地址和网关地址 *
* 2.关闭防火墙 13.设置主机名 *
* 3.优化SSH 14.设置PS1和系统环境变量 *
* 4.设置系统别名 15.禁用SWAP *
* 5.1-4全设置 16.优化内核参数 *
* 6.设置vimrc配置文件 17.优化资源限制参数 *
* 7.设置软件包仓库 18.Ubuntu设置root用户登录 *
* 8.Minimal安装建议安装软件 19.Ubuntu卸载无用软件包 *
* 9.安装邮件服务并配置邮件 20.重启系统 *
* 10.更改SSH端口号 21.退出 *
* 11.修改网卡名 *
************************************************************
请选择相应的编号(1-21): 18
请输入密码: 123456
[sudo] password for raymond: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Ubuntu 18.04 root用户登录已设置完成,请重新登录后生效!
************************************************************
* 初始化脚本菜单 *
* 1.禁用SELinux 12.修改IP地址和网关地址 *
* 2.关闭防火墙 13.设置主机名 *
* 3.优化SSH 14.设置PS1和系统环境变量 *
* 4.设置系统别名 15.禁用SWAP *
* 5.1-4全设置 16.优化内核参数 *
* 6.设置vimrc配置文件 17.优化资源限制参数 *
* 7.设置软件包仓库 18.Ubuntu设置root用户登录 *
* 8.Minimal安装建议安装软件 19.Ubuntu卸载无用软件包 *
* 9.安装邮件服务并配置邮件 20.重启系统 *
* 10.更改SSH端口号 21.退出 *
* 11.修改网卡名 *
************************************************************
请选择相应的编号(1-21): 21
raymond@ubuntu1804:~$ exit
logout
Connection closed.
Disconnected from remote host(172.31.7.3:22) at 13:57:16.
Type `help' to learn how to use Xshell prompt.
[C:\~]$ ssh [email protected]
Connecting to 172.31.7.3:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 4.15.0-156-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Mon Dec 27 13:57:47 CST 2021
System load: 0.06 Processes: 199
Usage of /: 2.1% of 91.17GB Users logged in: 1
Memory usage: 11% IP address for ens33: 172.31.7.3
Swap usage: 0%
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
19 updates can be applied immediately.
18 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
New release '20.04.3 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
/usr/bin/xauth: file /root/.Xauthority does not exist
root@ubuntu1804:~
root@ubuntu1804:~
************************************************************
* 初始化脚本菜单 *
* 1.禁用SELinux 12.修改IP地址和网关地址 *
* 2.关闭防火墙 13.设置主机名 *
* 3.优化SSH 14.设置PS1和系统环境变量 *
* 4.设置系统别名 15.禁用SWAP *
* 5.1-4全设置 16.优化内核参数 *
* 6.设置vimrc配置文件 17.优化资源限制参数 *
* 7.设置软件包仓库 18.Ubuntu设置root用户登录 *
* 8.Minimal安装建议安装软件 19.Ubuntu卸载无用软件包 *
* 9.安装邮件服务并配置邮件 20.重启系统 *
* 10.更改SSH端口号 21.退出 *
* 11.修改网卡名 *
************************************************************
请选择相应的编号(1-21): 11
Ubuntu 18.04 网卡名已修改成功,请重新启动系统后才能生效!
************************************************************
* 初始化脚本菜单 *
* 1.禁用SELinux 12.修改IP地址和网关地址 *
* 2.关闭防火墙 13.设置主机名 *
* 3.优化SSH 14.设置PS1和系统环境变量 *
* 4.设置系统别名 15.禁用SWAP *
* 5.1-4全设置 16.优化内核参数 *
* 6.设置vimrc配置文件 17.优化资源限制参数 *
* 7.设置软件包仓库 18.Ubuntu设置root用户登录 *
* 8.Minimal安装建议安装软件 19.Ubuntu卸载无用软件包 *
* 9.安装邮件服务并配置邮件 20.重启系统 *
* 10.更改SSH端口号 21.退出 *
* 11.修改网卡名 *
************************************************************
请选择相应的编号(1-21): 12
请输入IP地址:172.31.0.103
IP 172.31.0.103 available!
请输入子网掩码位数:21
请输入网关地址:172.31.0.2
IP 172.31.0.2 available!
Ubuntu 18.04 IP地址和网关地址已修改成功,请重新启动系统后生效!
************************************************************
* 初始化脚本菜单 *
* 1.禁用SELinux 12.修改IP地址和网关地址 *
* 2.关闭防火墙 13.设置主机名 *
* 3.优化SSH 14.设置PS1和系统环境变量 *
* 4.设置系统别名 15.禁用SWAP *
* 5.1-4全设置 16.优化内核参数 *
* 6.设置vimrc配置文件 17.优化资源限制参数 *
* 7.设置软件包仓库 18.Ubuntu设置root用户登录 *
* 8.Minimal安装建议安装软件 19.Ubuntu卸载无用软件包 *
* 9.安装邮件服务并配置邮件 20.重启系统 *
* 10.更改SSH端口号 21.退出 *
* 11.修改网卡名 *
************************************************************
请选择相应的编号(1-21): 21
4.实现基于key验证的脚本
[root@ansible-server ansible]
COLOR="echo -e \\033[01;31m"
END='\033[0m'
NET_NAME=`ip addr |awk -F"[: ]" '/^2: e.*/{print $3}'`
IP=`ip addr show ${
NET_NAME}| awk -F" +|/" '/global/{print $3}'`
export SSHPASS=123456
HOSTS="
172.31.3.101
172.31.3.102
172.31.3.103
172.31.3.104
172.31.3.105
172.31.3.106
172.31.3.107
172.31.3.108
172.31.3.109
172.31.3.110"
os(){
OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`
}
ssh_key_push(){
rm -f ~/.ssh/id_rsa*
ssh-keygen -f /root/.ssh/id_rsa -P '' &> /dev/null
if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;then
rpm -q sshpass &> /dev/null || {
${COLOR}"安装sshpass软件包"${END};yum -y install sshpass &> /dev/null; }
else
dpkg -S sshpass &> /dev/null || {
${COLOR}"安装sshpass软件包"${END};apt -y install sshpass &> /dev/null; }
fi
sshpass -e ssh-copy-id -o StrictHostKeyChecking=no ${IP} &> /dev/null
[ $? -eq 0 ] && echo ${IP} is finished || echo ${IP} is false
for i in ${HOSTS};do
sshpass -e scp -o StrictHostKeyChecking=no -r /root/.ssh root@${i}: &> /dev/null
[ $? -eq 0 ] && echo ${i} is finished || echo ${i} is false
done
for i in ${HOSTS};do
scp /root/.ssh/known_hosts ${i}:.ssh/ &> /dev/null
[ $? -eq 0 ] && echo ${i} is finished || echo ${i} is false
done
}
main(){
os
ssh_key_push
}
main
[root@ansible-server ansible]
172.31.3.100 is finished
172.31.3.101 is finished
172.31.3.102 is finished
172.31.3.103 is finished
172.31.3.104 is finished
172.31.3.105 is finished
172.31.3.106 is finished
172.31.3.107 is finished
172.31.3.108 is finished
172.31.3.109 is finished
172.31.3.110 is finished
172.31.3.101 is finished
172.31.3.102 is finished
172.31.3.103 is finished
172.31.3.104 is finished
172.31.3.105 is finished
172.31.3.106 is finished
172.31.3.107 is finished
172.31.3.108 is finished
172.31.3.109 is finished
172.31.3.110 is finished
5.系统初始化
[root@ansible-server ansible]
[root@ansible-server ansible]
[root@ansible-server reset]
files tasks templates vars
[root@ansible-server reset]
[root@ansible-server reset]
[root@ansible-server reset]
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
[root@ansible-server reset]
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack_ipv4
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
[root@ansible-server reset]
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
[root@ansible-server reset]
[BaseOS]
name=BaseOS
{
% if ansible_distribution =="Rocky" %}
baseurl=https://{
{
ROCKY_URL }}/rocky/$releasever/BaseOS/$basearch/os/
{
% elif ansible_distribution=="CentOS" %}
baseurl=https://{
{
URL }}/centos/$releasever/BaseOS/$basearch/os/
{
% endif %}
gpgcheck=1
{
% if ansible_distribution =="Rocky" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
{
% elif ansible_distribution=="CentOS" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{
% endif %}
[AppStream]
name=AppStream
{
% if ansible_distribution =="Rocky" %}
baseurl=https://{
{
ROCKY_URL }}/rocky/$releasever/AppStream/$basearch/os/
{
% elif ansible_distribution=="CentOS" %}
baseurl=https://{
{
URL }}/centos/$releasever/AppStream/$basearch/os/
{
% endif %}
gpgcheck=1
{
% if ansible_distribution =="Rocky" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
{
% elif ansible_distribution=="CentOS" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{
% endif %}
[extras]
name=extras
{
% if ansible_distribution =="Rocky" %}
baseurl=https://{
{
ROCKY_URL }}/rocky/$releasever/extras/$basearch/os/
{
% elif ansible_distribution=="CentOS" %}
baseurl=https://{
{
URL }}/centos/$releasever/extras/$basearch/os/
{
% endif %}
gpgcheck=1
{
% if ansible_distribution =="Rocky" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
{
% elif ansible_distribution=="CentOS" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{
% endif %}
{
% if ansible_distribution =="Rocky" %}
[plus]
{
% elif ansible_distribution=="CentOS" %}
[centosplus]
{
% endif %}
{
% if ansible_distribution =="Rocky" %}
name=plus
{
% elif ansible_distribution=="CentOS" %}
name=centosplus
{
% endif %}
{
% if ansible_distribution =="Rocky" %}
baseurl=https://{
{
ROCKY_URL }}/rocky/$releasever/plus/$basearch/os/
{
% elif ansible_distribution=="CentOS" %}
baseurl=https://{
{
URL }}/centos/$releasever/centosplus/$basearch/os/
{
% endif %}
gpgcheck=1
{
% if ansible_distribution =="Rocky" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
{
% elif ansible_distribution=="CentOS" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{
% endif %}
[PowerTools]
name=PowerTools
{
% if ansible_distribution =="Rocky" %}
baseurl=https://{
{
ROCKY_URL }}/rocky/$releasever/PowerTools/$basearch/os/
{
% elif ansible_distribution=="CentOS" %}
baseurl=https://{
{
URL }}/centos/$releasever/PowerTools/$basearch/os/
{
% endif %}
gpgcheck=1
{
% if ansible_distribution =="Rocky" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
{
% elif ansible_distribution=="CentOS" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{
% endif %}
[epel]
name=epel
{
% if ansible_distribution =="Rocky" %}
baseurl=https://{
{
ROCKY_URL }}/fedora/epel/$releasever/Everything/$basearch/
{
% elif ansible_distribution=="CentOS" %}
baseurl=https://{
{
URL }}/epel/$releasever/Everything/$basearch/
{
% endif %}
gpgcheck=1
{
% if ansible_distribution =="Rocky" %}
gpgkey=https://{
{
ROCKY_URL }}/fedora/epel/RPM-GPG-KEY-EPEL-$releasever
{
% elif ansible_distribution=="CentOS" %}
gpgkey=https://{
{
URL }}/epel/RPM-GPG-KEY-EPEL-$releasever
{
% endif %}
[root@ansible-server reset]
[base]
name=base
baseurl=https://{
{
URL }}/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever
[extras]
name=extras
baseurl=https://{
{
URL }}/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever
[updates]
name=updates
baseurl=https://{
{
URL }}/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever
[centosplus]
name=centosplus
baseurl=https://{
{
URL }}/centos/$releasever/centosplus/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever
[epel]
name=epel
baseurl=https://{
{
URL }}/epel/$releasever/$basearch/
gpgcheck=1
gpgkey=https://{
{
URL }}/epel/RPM-GPG-KEY-EPEL-$releasever
[root@ansible-server reset]
deb http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }} main restricted universe multiverse
deb-src http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }} main restricted universe multiverse
deb http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }}-security main restricted universe multiverse
deb-src http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }}-security main restricted universe multiverse
deb http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }}-updates main restricted universe multiverse
deb-src http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }}-updates main restricted universe multiverse
deb http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }}-proposed main restricted universe multiverse
deb-src http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }}-proposed main restricted universe multiverse
deb http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }}-backports main restricted universe multiverse
deb-src http://{
{
URL }}/ubuntu/ {
{
ansible_distribution_release }}-backports main restricted universe multiverse
[root@ansible-server reset]
VIP: 172.31.3.188
HARBOR_DOMAIN: harbor.raymonds.cc
ROCKY_URL: mirrors.ustc.edu.cn
URL: mirrors.cloud.tencent.com
[root@ansible-server reset]
- name: set hostname
hostname:
name: "{
{ hname }}.{
{ domain }}"
[root@ansible-server reset]
- name: set hosts file
lineinfile:
path: "/etc/hosts"
line: "{
{ item }} {
{hostvars[item].ansible_hostname}}.{
{ domain }} {
{hostvars[item].ansible_hostname}}"
loop:
"{
{ play_hosts }}"
- name: set hosts file2
lineinfile:
path: "/etc/hosts"
line: "{
{ item }}"
loop:
- "{
{ VIP }} k8s-lb"
- "{
{ VIP }} {
{ HARBOR_DOMAIN }}"
[root@ansible-server reset]
- name: disable selinux
replace:
path: /etc/sysconfig/selinux
regexp: '^(SELINUX=).*'
replace: '\1disabled'
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
[root@ansible-server reset]
- name: disable firewall
systemd:
name: firewalld
state: stopped
enabled: no
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: disable ufw
systemd:
name: ufw
state: stopped
enabled: no
when:
- ansible_distribution=="Ubuntu"
[root@ansible-server reset]
- name: disable NetworkManager
systemd:
name: NetworkManager
state: stopped
enabled: no
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
[root@ansible-server reset]
- name: disable swap
replace:
path: /etc/fstab
regexp: '^(UUID=.*swap.*)'
replace: '#\1'
[root@ansible-server reset]
- name: set limit
shell:
cmd: ulimit -SHn 65535
- name: set limits.conf file
lineinfile:
path: "/etc/security/limits.conf"
line: "{
{ item }}"
loop:
- "* soft nofile 655360"
- "* hard nofile 131072"
- "* soft nproc 655350"
- "* hard nproc 655350"
- "* soft memlock unlimited"
- "* hard memlock unlimited"
[root@ansible-server reset]
- name: optimization sshd disable UseDNS
replace:
path: /etc/ssh/sshd_config
regexp: '^#(UseDNS).*'
replace: '\1 no'
- name: optimization sshd diaable CentOS or Rocky GSSAPIAuthentication
replace:
path: /etc/ssh/sshd_config
regexp: '^(GSSAPIAuthentication).*'
replace: '\1 no'
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: optimization sshd diaable Ubuntu GSSAPIAuthentication
replace:
path: /etc/ssh/sshd_config
regexp: '^#(GSSAPIAuthentication).*'
replace: '\1 no'
notify:
- restart sshd
when:
- ansible_distribution=="Ubuntu"
[root@ansible-server reset]
- name: set CentOS or Rocky alias
lineinfile:
path: ~/.bashrc
line: "{
{ item }}"
loop:
- "alias cdnet=\"cd /etc/sysconfig/network-scripts\""
- "alias vie0=\"vim /etc/sysconfig/network-scripts/ifcfg-eth0\""
- "alias vie1=\"vim /etc/sysconfig/network-scripts/ifcfg-eth1\""
- "alias scandisk=\"echo '- - -' > /sys/class/scsi_host/host0/scan;echo '- - -' > /sys/class/scsi_host/host1/scan;echo '- - -' > /sys/class/scsi_host/host2/scan\""
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: set Ubuntu alias
lineinfile:
path: ~/.bashrc
line: "{
{ item }}"
loop:
- "alias cdnet=\"cd /etc/netplan\""
- "alias scandisk=\"echo '- - -' > /sys/class/scsi_host/host0/scan;echo '- - -' > /sys/class/scsi_host/host1/scan;echo '- - -' > /sys/class/scsi_host/host2/scan\""
when:
- ansible_distribution=="Ubuntu"
[root@ansible-server reset]
- name: find CentOS or Rocky repo files
find:
paths: /etc/yum.repos.d/
patterns: "*.repo"
register: FILENAME
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: delete CentOS or Rocky repo files
file:
path: "{
{ item.path }}"
state: absent
with_items: "{
{ FILENAME.files }}"
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: set CentOS8 or Rocky8 Mirror warehouse
template:
src: yum8.repo.j2
dest: /etc/yum.repos.d/base.repo
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- ansible_distribution_major_version=="8"
- name: set CentOS7 Mirror warehouse
template:
src: yum7.repo.j2
dest: /etc/yum.repos.d/base.repo
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
- name: set Ubuntu Mirror warehouse
template:
src: apt.list.j2
dest: /etc/apt/sources.list
when:
- ansible_distribution=="Ubuntu"
- name: delete lock files
file:
path: "{
{ item }}"
state: absent
loop:
- /var/lib/dpkg/lock
- /var/lib/apt/lists/lock
- /var/cache/apt/archives/lock
when:
- ansible_distribution=="Ubuntu"
- name: apt update
apt:
update_cache: yes
force: yes
when:
- ansible_distribution=="Ubuntu"
[root@ansible-server reset]
- name: install Centos or Rocky package
yum:
name: vim,tree,lrzsz,wget,jq,psmisc,net-tools,telnet,git
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: install Ubuntu package
apt:
name: tree,lrzsz,jq
force: yes
when:
- ansible_distribution=="Ubuntu"
[root@ansible-server reset]
- name: update CentOS7
yum:
name: '*'
state: latest
exclude: kernel*
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
- name: copy CentOS7 kernel files
copy:
src: "{
{ item }}"
dest: /tmp
loop:
- kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm
- kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
- name: Finding RPM files
find:
paths: "/tmp"
patterns: "*.rpm"
register: RPM_RESULT
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
- name: Install RPM
yum:
name: "{
{ item.path }}"
with_items: "{
{ RPM_RESULT.files }}"
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
- name: delete kernel files
file:
path: "{
{ item.path }}"
state: absent
with_items: "{
{ RPM_RESULT.files }}"
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
- name: set grub
shell:
cmd: grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg; grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
[root@ansible-server reset]
- name: install CentOS or Rocky ipvsadm
yum:
name: ipvsadm,ipset,sysstat,conntrack,libseccomp
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- inventory_hostname in groups.k8s_cluster
- name: install Ubuntu ipvsadm
apt:
name: ipvsadm,ipset,sysstat,conntrack,libseccomp-dev
force: yes
when:
- ansible_distribution=="Ubuntu"
- inventory_hostname in groups.k8s_cluster
[root@ansible-server reset]
- name: configuration load_mod
shell:
cmd: |
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
when:
- inventory_hostname in groups.k8s_cluster
- name: configuration load_mod kernel ge4.19
shell:
cmd: modprobe -- nf_conntrack
when:
- (ansible_distribution=="CentOS" and ansible_distribution_major_version=="7") or (ansible_distribution=="Ubuntu" and ansible_distribution_major_version=="20")
- inventory_hostname in groups.k8s_cluster
- name: configuration load_mod kernel lt4.19
shell:
cmd: modprobe -- nf_conntrack_ipv4
when:
- ((ansible_distribution=="CentOS" or ansible_distribution=="Rocky") and ansible_distribution_major_version=="8") or (ansible_distribution=="Ubuntu" and ansible_distribution_major_version=="18")
- inventory_hostname in groups.k8s_cluster
- name: Copy ge4.19_ipvs.conf file
copy:
src: ge4.19_ipvs.conf
dest: /etc/modules-load.d/ipvs.conf
when:
- (ansible_distribution=="CentOS" and ansible_distribution_major_version=="7") or (ansible_distribution=="Ubuntu" and ansible_distribution_major_version=="20")
- inventory_hostname in groups.k8s_cluster
- name: Copy lt4.19_ipvs.conf file
copy:
src: lt4.19_ipvs.conf
dest: /etc/modules-load.d/ipvs.conf
when:
- ((ansible_distribution=="CentOS" or ansible_distribution=="Rocky") and ansible_distribution_major_version=="8") or (ansible_distribution=="Ubuntu" and ansible_distribution_major_version=="18")
- inventory_hostname in groups.k8s_cluster
- name: start systemd-modules-load service
systemd:
name: systemd-modules-load
state: started
enabled: yes
when:
- inventory_hostname in groups.k8s_cluster
[root@ansible-server reset]
- name: copy k8s.conf file
copy:
src: k8s.conf
dest: /etc/sysctl.d/
- name: Load kernel config
shell:
cmd: "sysctl --system"
[root@ansible-server reset]
- name: reboot system
reboot:
[root@ansible-server reset]
- include: set_hostname.yml
- include: set_hosts.yml
- include: disable_selinux.yml
- include: disable_firewall.yml
- include: disable_networkmanager.yml
- include: disable_swap.yml
- include: set_limits.yml
- include: optimization_sshd.yml
- include: set_alias.yml
- include: set_mirror.yml
- include: install_package.yml
- include: set_centos7_kernel.yml
- include: install_ipvsadm.yml
- include: set_ipvs.yml
- include: set_k8s_kernel.yml
- include: reboot_system.yml
[root@ansible-server reset]
[root@ansible-server ansible]
roles/reset/
├── files
│ ├── ge4.19_ipvs.conf
│ ├── k8s.conf
│ ├── kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm
│ ├── kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm
│ └── lt4.19_ipvs.conf
├── tasks
│ ├── disable_firewall.yml
│ ├── disable_networkmanager.yml
│ ├── disable_selinux.yml
│ ├── disable_swap.yml
│ ├── install_ipvsadm.yml
│ ├── install_package.yml
│ ├── main.yml
│ ├── optimization_sshd.yml
│ ├── reboot_system.yml
│ ├── set_alias.yml
│ ├── set_centos7_kernel.yml
│ ├── set_hostname.yml
│ ├── set_hosts.yml
│ ├── set_ipvs.yml
│ ├── set_k8s_kernel.yml
│ ├── set_limits.yml
│ └── set_mirror.yml
├── templates
│ ├── apt.list.j2
│ ├── yum7.repo.j2
│ └── yum8.repo.j2
└── vars
└── main.yml
4 directories, 26 files
[root@ansible-server ansible]
---
- hosts: all
roles:
- role: reset
[root@ansible-server ansible]