Skip to content

Instantly share code, notes, and snippets.

@bsod90
Created January 25, 2018 00:35
Show Gist options
  • Save bsod90/b5dda35413a4d4f1d2eaf72fd3b7b46d to your computer and use it in GitHub Desktop.
Save bsod90/b5dda35413a4d4f1d2eaf72fd3b7b46d to your computer and use it in GitHub Desktop.
---
- hosts: newnode
remote_user: root
become: yes
become_method: sudo
tasks:
- command: bash -c "uname -r | grep ^4."
register: kernelversion
ignore_errors: yes
- command: lxcfs --version
register: lxcfsexists
ignore_errors: yes
- name: disable selinux
command: setenforce Permissive
- name: disable selinux (persist)
command: sed 's/SELINUX=enforcing/SELINUX=disabled/g' -i /etc/sysconfig/selinux
- name: restart sshd
command: systemctl restart sshd
# upgrade kernel
- import_tasks: upgrade-kernel.yml
when: kernelversion.rc != 0
- name: add dm_thin_pool kernel module
command: echo "dm_thin_pool" > /etc/modules-load.d/dm_thin_pool.conf
- name: modprobe dm_thin_pool
command: modprobe dm_thin_pool
- name: format the SSD
filesystem:
fstype: ext4
dev: /dev/sda
force: yes
- name: create /var/lib/docker
file:
path: /var/lib/docker
state: directory
mode: 0755
- name: Mount SSD
mount:
path: /var/lib/docker
src: /dev/sda
fstype: ext4
state: present
- name: auto mount
command: mount -a && sleep 5
# install docker
- name: remove old docker version
yum:
name: "{{ item }}"
state: absent
with_items:
- docker
- docker-common
- container-selinux
- docker-selinux
- docker-engine
- name: install yum-utils
yum:
name: yum-utils
state: present
update_cache: yes
- name: enable docker repo
command: yum-config-manager --enable extras && yum-config-manager \
--add-repo https://download.docker.com/linux/centos/docker-ce.repo
- name: install packages
yum:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- automake
- docker-ce
- fuse
- fuse-devel
- fuse-libs
- git
- glusterfs-client
- htop
- libtool
- net-tools
- nfs-utils
- ntp
- pam-devel
- tcpdump
- vim
- wget
- name: add admin to docker group
user:
name: admin
groups: docker
append: yes
- name: allow insecure registry
copy:
src: daemon.json
dest: /etc/docker/
- name: enable docker service
command: systemctl enable docker
- name: start docker service
service:
name: docker
state: started
# install lxcfs
- name: install lxcfs
script: install_lxcfs
when: lxcfsexists.rc != 0
# install kubelet, kubectl and kubeadm
- name: add kubernetes repo
copy:
src: kubernetes.repo
dest: /etc/yum.repos.d/
- name: install kubectl
command: yum makecache fast && yum install -y kubectl
- name: install kubelet and kubeadm
yum:
name: "{{ item }}"
state: present
with_items:
- kubelet
- kubeadm
- kubernetes-cni
- name: enable kubelet service
command: systemctl enable kubelet
- name: start kubelet service
service:
name: kubelet
state: started
- name: stop firewalld
command: systemctl stop firewalld
ignore_errors: yes
- name: disable firewalld
command: systemctl disable firewalld
ignore_errors: yes
- name: update kubelet config
copy:
src: 10-kubeadm.conf
dest: /etc/systemd/system/kubelet.service.d/
- name: set up ntp sync
service:
name: ntpd
state: started
enabled: yes
- name: enable ntp
command: "timedatectl set-ntp true"
- name: soft limit on nofile
pam_limits:
domain: "root"
limit_type: soft
limit_item: nofile
value: 65536
- name: hard limit on nproc
pam_limits:
domain: "root"
limit_type: hard
limit_item: nofile
value: 65536
- name: soft limit on nofile
pam_limits:
domain: "admin"
limit_type: soft
limit_item: nofile
value: 65536
- name: hard limit on nofile
pam_limits:
domain: "admin"
limit_type: soft
limit_item: nofile
value: 65536
- name: soft limit on nproc
pam_limits:
dest: /etc/security/limits.d/20-nproc.conf
domain: "*"
limit_type: soft
limit_item: nproc
value: unlimited
- name: update sysctl
copy:
src: sysctl.conf
dest: /etc/
- name: load sysctl conf
command: "sysctl -p"
- name: kubeadm join
command: "{{join_command}}"
# upgrade kernel
- name: upgrade kernel step 1
command: rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
- name: upgrade kernel step 2
command: rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
ignore_errors: yes
- name: upgrade kernel step 3
command: yum --enablerepo=elrepo-kernel install -y kernel-lt
- name: remove old kernel 1
find:
path: /boot/
pattern: '*-3.10.*'
register: result
- name: remove old kernel 2
file:
path: "{{ item.path }}"
state: absent
with_items: "{{ result.files }}"
- name: update grub
command: grub2-mkconfig -o /boot/grub2/grub.cfg
- name: reboot to apply kernel
shell: sleep 5 && shutdown -r now "Ansible reboot"
async: 1
poll: 0
ignore_errors: yes
- name: wait for connection
local_action: wait_for
args:
host: "{{ inventory_hostname }}"
state: started
port: 22
delay: 120
timeout: 480
vars:
ansible_become: no
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment