ansible-install-k8s 之 1 初始化环境
# 安装配置ansible
# 安装 dnf install -y ansible # 配置 echo "[defaults]" >> /etc/ansible/ansible.cfg echo "host_key_checking = false" >>/etc/ansible/ansible.cfg
ansible-playbook 结构 /root 目录下
├── deplyment │ └── install_k8s_os_init.yml ├── hosts ├── roles │ └── init │ ├── files │ │ ├── epel.repo │ │ ├── ipvs_br_netfilter.conf │ │ ├── limits.conf │ │ ├── k8s.conf │ │ ├── hosts │ │ ├── rocky-addons.repo │ │ ├── rocky-devel.repo │ │ ├── rocky-extras.repo │ │ └── rocky.repo │ ├── tasks │ │ └── main.yml │ └── templates
部署命令:
ansible-playbook -i hosts deplyment/install_k8s_os_init.yml
各个文件内容
install_k8s_osinit.yml
---
- hosts: init
roles:
- ../roles/init
epel.repo
[epel] name=Extra Packages for Enterprise Linux $releasever - $basearch baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch/ enabled=1 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever [epel-debuginfo] name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch/debug/ enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever gpgcheck=1 [epel-source] name=Extra Packages for Enterprise Linux $releasever - $basearch - Source baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/source/tree/ enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever gpgcheck=1
ipvs_br_netfilter.conf
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
br_netfilter
limits.conf
# /etc/security/limits.conf * hard nproc 655360 * hard nofile 655360 root hard nproc 655360 root hard nofile 655360 # End of file
k8s.conf
net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1
hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 #k8s-dep 192.168.0.200 k8s-dep-200 #k8s-master 192.168.0.201 k8s-m1-c1-201 192.168.0.202 k8s-m2-c2-202 192.168.0.203 k8s-m3-c3-203 #k8s-node 192.168.0.204 k8s-n1-204 192.168.0.205 k8s-n2-205 192.168.0.206 k8s-n3-206
rocky-addons.repo
# rocky-addons.repo [highavailability] name=Rocky Linux $releasever - High Availability baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/HighAvailability/$basearch/os/ gpgcheck=1 enabled=0 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [highavailability-debuginfo] name=Rocky Linux $releasever - High Availability - Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/HighAvailability/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [highavailability-source] name=Rocky Linux $releasever - High Availability - Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/HighAvailability/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [resilientstorage] name=Rocky Linux $releasever - Resilient Storage baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/ResilientStorage/$basearch/os/ gpgcheck=1 enabled=0 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [resilientstorage-debuginfo] name=Rocky Linux $releasever - Resilient Storage - Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/ResilientStorage/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [resilientstorage-source] name=Rocky Linux $releasever - Resilient Storage - Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/ResilientStorage/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [nfv] name=Rocky Linux $releasever - NFV baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/NFV/$basearch/os/ gpgcheck=1 enabled=0 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [nfv-debuginfo] name=Rocky Linux $releasever - NFV Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/NFV/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [nfv-source] name=Rocky Linux $releasever - NFV Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/NFV/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [rt] name=Rocky Linux $releasever - Realtime baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/RT/$basearch/os/ gpgcheck=1 enabled=0 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [rt-debuginfo] name=Rocky Linux $releasever - Realtime Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/RT/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [rt-source] name=Rocky Linux $releasever - Realtime Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/RT/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [sap] name=Rocky Linux $releasever - SAP baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAP/$basearch/os/ gpgcheck=1 enabled=0 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [sap-debuginfo] name=Rocky Linux $releasever - SAP Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAP/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [sap-source] name=Rocky Linux $releasever - SAP Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAP/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [saphana] name=Rocky Linux $releasever - SAPHANA baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAPHANA/$basearch/os/ gpgcheck=1 enabled=0 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [saphana-debuginfo] name=Rocky Linux $releasever - SAPHANA Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAPHANA/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [saphana-source] name=Rocky Linux $releasever - SAPHANA Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAPHANA/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
rocky-devel.repo
# rocky-devel.repo [devel] name=Rocky Linux $releasever - Devel WARNING! FOR BUILDROOT ONLY DO NOT LEAVE ENABLED baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/devel/$basearch/os/ gpgcheck=1 enabled=0 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [devel-debuginfo] name=Rocky Linux $releasever - Devel Debug WARNING! FOR BUILDROOT ONLY DO NOT LEAVE ENABLED baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/devel/$basearch/debug/tree/ gpgcheck=1 enabled=0 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [devel-source] name=Rocky Linux $releasever - Devel Source WARNING! FOR BUILDROOT ONLY DO NOT LEAVE ENABLED baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/devel/source/tree/ gpgcheck=1 enabled=0 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
rocky-extras.repo
# rocky-extras.repo [extras] name=Rocky Linux $releasever - Extras baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/extras/$basearch/os/ gpgcheck=1 enabled=1 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [extras-debuginfo] name=Rocky Linux $releasever - Extras Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/extras/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [extras-source] name=Rocky Linux $releasever - Extras Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/extras/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [plus] name=Rocky Linux $releasever - Plus baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/plus/$basearch/os/ gpgcheck=1 enabled=0 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [plus-debuginfo] name=Rocky Linux $releasever - Plus - Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/plus/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [plus-source] name=Rocky Linux $releasever - Plus - Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/plus/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
rocky.repo
# rocky.repo [baseos] name=Rocky Linux $releasever - BaseOS baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/BaseOS/$basearch/os/ gpgcheck=1 enabled=1 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [baseos-debuginfo] name=Rocky Linux $releasever - BaseOS - Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/BaseOS/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [baseos-source] name=Rocky Linux $releasever - BaseOS - Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/BaseOS/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [appstream] name=Rocky Linux $releasever - AppStream baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/AppStream/$basearch/os/ gpgcheck=1 enabled=1 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [appstream-debuginfo] name=Rocky Linux $releasever - AppStream - Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/AppStream/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [appstream-source] name=Rocky Linux $releasever - AppStream - Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/AppStream/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [crb] name=Rocky Linux $releasever - CRB baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/CRB/$basearch/os/ gpgcheck=1 enabled=0 countme=1 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [crb-debuginfo] name=Rocky Linux $releasever - CRB - Debug baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/CRB/$basearch/debug/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 [crb-source] name=Rocky Linux $releasever - CRB - Source baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/CRB/source/tree/ gpgcheck=1 enabled=0 metadata_expire=6h gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
main.yml
---
- name: 关闭firewalld
systemd: name=firewalld state=stopped enabled=no
- name: 关闭selinux
selinux: state=disabled
- name: 关闭swap
lineinfile:
dest: /etc/fstab
regexp: ".*swap"
line: ""
- name: 即时生效
shell: setenforce 0 ; swapoff -a
- name: 修改主机名
shell: hostnamectl set-hostname {{ hostname }}
- name: 配置UTF8
shell: localectl set-locale LANG=en_US.UTF-8
- name: 配置24小时制
shell: localectl set-locale LC_TIME=en_GB.UTF-8
- name: 配置时区
shell: timedatectl set-timezone Asia/Shanghai
- name: 拷贝时区
copy: src=/usr/share/zoneinfo/Asia/Shanghai dest=/etc/localtime
- name: 配置hosts主机解析
copy: src=hosts dest=/etc/ mode=0644 force=yes
- name: 配置阿里源-base-and-epel
copy: src={{ item }} dest=/etc/yum.repos.d/ mode=0644 force=yes
with_items:
- rocky.repo
- rocky-addons.repo
- rocky-devel.repo
- rocky-extras.repo
- epel.repo
- name: 安装常用工具包rpm
dnf: name={{ item }} state=present disable_gpg_check=yes
loop:
- vim
- bridge-utils
- iftop
- tree
- net-tools
- telnet
- ipvsadm
- ansible
- bash-complete
- lrzsz
- wget
- curl
- iotop
- tcpdump
- lsof
- zip
- unzip
- gcc
- make
- chrony
- name: 配置时间同步chrony
lineinfile:
dest: /etc/chrony.conf
regexp: '2.rocky.pool.ntp.org'
line: 'ntp1.aliyun.com'
- name: 重启时间同步chrony
systemd: name=chronyd state=restarted enabled=yes
- name: 配置内核加载 ipvs br_netfilter
copy: src=ipvs_br_netfilter.conf /etc/modules-load.d/ mode=0644 force=yes
- name: 配置文件句柄
copy: src=limits.conf dest=/etc/security/ mode=0644 force=yes
- name: 配置k8s内核参数
copy: src=k8s.conf dest=/etc/sysctl.d/ mode=0644 force=yes
本文来自博客园,站在巨人的肩膀上,坚持开源精神,遵循开源协议:Apache Licene 2.0协议。
浙公网安备 33010602011771号