Created
January 25, 2018 00:35
-
-
Save bsod90/b5dda35413a4d4f1d2eaf72fd3b7b46d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: newnode | |
remote_user: root | |
become: yes | |
become_method: sudo | |
tasks: | |
- command: bash -c "uname -r | grep ^4." | |
register: kernelversion | |
ignore_errors: yes | |
- command: lxcfs --version | |
register: lxcfsexists | |
ignore_errors: yes | |
- name: disable selinux | |
command: setenforce Permissive | |
- name: disable selinux (persist) | |
command: sed 's/SELINUX=enforcing/SELINUX=disabled/g' -i /etc/sysconfig/selinux | |
- name: restart sshd | |
command: systemctl restart sshd | |
# upgrade kernel | |
- import_tasks: upgrade-kernel.yml | |
when: kernelversion.rc != 0 | |
- name: add dm_thin_pool kernel module | |
command: echo "dm_thin_pool" > /etc/modules-load.d/dm_thin_pool.conf | |
- name: modprobe dm_thin_pool | |
command: modprobe dm_thin_pool | |
- name: format the SSD | |
filesystem: | |
fstype: ext4 | |
dev: /dev/sda | |
force: yes | |
- name: create /var/lib/docker | |
file: | |
path: /var/lib/docker | |
state: directory | |
mode: 0755 | |
- name: Mount SSD | |
mount: | |
path: /var/lib/docker | |
src: /dev/sda | |
fstype: ext4 | |
state: present | |
- name: auto mount | |
command: mount -a && sleep 5 | |
# install docker | |
- name: remove old docker version | |
yum: | |
name: "{{ item }}" | |
state: absent | |
with_items: | |
- docker | |
- docker-common | |
- container-selinux | |
- docker-selinux | |
- docker-engine | |
- name: install yum-utils | |
yum: | |
name: yum-utils | |
state: present | |
update_cache: yes | |
- name: enable docker repo | |
command: yum-config-manager --enable extras && yum-config-manager \ | |
--add-repo https://download.docker.com/linux/centos/docker-ce.repo | |
- name: install packages | |
yum: | |
name: "{{ item }}" | |
state: present | |
update_cache: yes | |
with_items: | |
- automake | |
- docker-ce | |
- fuse | |
- fuse-devel | |
- fuse-libs | |
- git | |
- glusterfs-client | |
- htop | |
- libtool | |
- net-tools | |
- nfs-utils | |
- ntp | |
- pam-devel | |
- tcpdump | |
- vim | |
- wget | |
- name: add admin to docker group | |
user: | |
name: admin | |
groups: docker | |
append: yes | |
- name: allow insecure registry | |
copy: | |
src: daemon.json | |
dest: /etc/docker/ | |
- name: enable docker service | |
command: systemctl enable docker | |
- name: start docker service | |
service: | |
name: docker | |
state: started | |
# install lxcfs | |
- name: install lxcfs | |
script: install_lxcfs | |
when: lxcfsexists.rc != 0 | |
# install kubelet, kubectl and kubeadm | |
- name: add kubernetes repo | |
copy: | |
src: kubernetes.repo | |
dest: /etc/yum.repos.d/ | |
- name: install kubectl | |
command: yum makecache fast && yum install -y kubectl | |
- name: install kubelet and kubeadm | |
yum: | |
name: "{{ item }}" | |
state: present | |
with_items: | |
- kubelet | |
- kubeadm | |
- kubernetes-cni | |
- name: enable kubelet service | |
command: systemctl enable kubelet | |
- name: start kubelet service | |
service: | |
name: kubelet | |
state: started | |
- name: stop firewalld | |
command: systemctl stop firewalld | |
ignore_errors: yes | |
- name: disable firewalld | |
command: systemctl disable firewalld | |
ignore_errors: yes | |
- name: update kubelet config | |
copy: | |
src: 10-kubeadm.conf | |
dest: /etc/systemd/system/kubelet.service.d/ | |
- name: set up ntp sync | |
service: | |
name: ntpd | |
state: started | |
enabled: yes | |
- name: enable ntp | |
command: "timedatectl set-ntp true" | |
- name: soft limit on nofile | |
pam_limits: | |
domain: "root" | |
limit_type: soft | |
limit_item: nofile | |
value: 65536 | |
- name: hard limit on nproc | |
pam_limits: | |
domain: "root" | |
limit_type: hard | |
limit_item: nofile | |
value: 65536 | |
- name: soft limit on nofile | |
pam_limits: | |
domain: "admin" | |
limit_type: soft | |
limit_item: nofile | |
value: 65536 | |
- name: hard limit on nofile | |
pam_limits: | |
domain: "admin" | |
limit_type: soft | |
limit_item: nofile | |
value: 65536 | |
- name: soft limit on nproc | |
pam_limits: | |
dest: /etc/security/limits.d/20-nproc.conf | |
domain: "*" | |
limit_type: soft | |
limit_item: nproc | |
value: unlimited | |
- name: update sysctl | |
copy: | |
src: sysctl.conf | |
dest: /etc/ | |
- name: load sysctl conf | |
command: "sysctl -p" | |
- name: kubeadm join | |
command: "{{join_command}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# upgrade kernel | |
- name: upgrade kernel step 1 | |
command: rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org | |
- name: upgrade kernel step 2 | |
command: rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm | |
ignore_errors: yes | |
- name: upgrade kernel step 3 | |
command: yum --enablerepo=elrepo-kernel install -y kernel-lt | |
- name: remove old kernel 1 | |
find: | |
path: /boot/ | |
pattern: '*-3.10.*' | |
register: result | |
- name: remove old kernel 2 | |
file: | |
path: "{{ item.path }}" | |
state: absent | |
with_items: "{{ result.files }}" | |
- name: update grub | |
command: grub2-mkconfig -o /boot/grub2/grub.cfg | |
- name: reboot to apply kernel | |
shell: sleep 5 && shutdown -r now "Ansible reboot" | |
async: 1 | |
poll: 0 | |
ignore_errors: yes | |
- name: wait for connection | |
local_action: wait_for | |
args: | |
host: "{{ inventory_hostname }}" | |
state: started | |
port: 22 | |
delay: 120 | |
timeout: 480 | |
vars: | |
ansible_become: no |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment