--- ####################### #### NETWORK TASKS #### ####################### - name: set static ipv6 for hosts lineinfile: path: /etc/sysconfig/network-scripts/ifcfg-eth0 line: {{ item.line }} regexp: {{ item.regexp }} with_items: - { regexp: "^IPV6INIT=", line: "IPV6INIT=yes" } - { regexp: "^IPV6AUTOCONF=", line: "IPV6AUTOCONF=no" } - { regexp: "^IPV6ADDR=", line: "IPV6ADDR={{ host_ipv6 }}"} - { regexp: "^IPV6_DEFAULTGW=", line: "IPV6_DEFAULTGW={{ network_default_gw }}"} - name: reboot reboot: ######################## #### FIREWALL TASKS #### ######################## # ## kubernetes requirements # - name: enable port 6443/tcp # firewalld: # port: 6443/tcp # permanent: yes # state: enabled # - name: enable port 10250/tcp # firewalld: # port: 10250/tcp # permanent: yes # state: enabled # - name: enable port 6443/udp # firewalld: # port: 6443/udp # permanent: yes # state: enabled # - name: enable port 10250/udp # firewalld: # port: 10250/udp # permanent: yes # state: enabled # ## reload firewalld after setting rules # - name: reload firewalld # shell: firewall-cmd --reload ###################### #### UPDATE TASKS #### ###################### - name: upgrade all packages yum: name: '*' state: latest ###################### #### KERNEL TASKS #### ###################### # TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module - name: import elrepo gpg key shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org - name: enable elrepo-release rpm shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm # - name: Add repository # yum_repository: # name: elrepo-kernel # description: elrepo-release # baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm - name: install mainline kernel shell: yum --enablerepo=elrepo-kernel install kernel-ml -y - name: set default kernel version in grub lineinfile: dest: /etc/default/grub regexp: "^GRUB_DEFAULT" line: "GRUB_DEFAULT=0" - name: write grub config shell: grub2-mkconfig -o /boot/grub2/grub.cfg #################### #### MAIN TASKS #### #################### - name: permanently disable selinux lineinfile: dest: /etc/sysconfig/selinux regexp: "^SELINUX=" line: "SELINUX=disabled" - name: temporarily disable swap shell: swapoff -a - name: permanently disable swap lineinfile: dest: /etc/fstab regexp: "^/dev/mapper/centos-swap" line: "# /dev/mapper/centos-swap swap swap defaults 0 0" - name: activate kernel module shell: modprobe br_netfilter - name: enable bridge-nf-call-iptables sysctl: name: net.bridge.bridge-nf-call-iptables value: 1 sysctl_set: yes state: present reload: yes - name: enable bridge-nf-call-ip6tables sysctl: name: net.bridge.bridge-nf-call-ip6tables value: 1 sysctl_set: yes state: present reload: yes - name: enable ipv6 default forwarding sysctl: name: net.ipv6.conf.default.forwarding value: 1 sysctl_set: yes state: present reload: yes - name: add docker-ce yum repository shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - name: copy kubernetes repo config copy: src: ../files/kubernetes.repo dest: /etc/yum.repos.d/kubernetes.repo - name: install packages yum: name: - yum-utils - device-mapper-persistent-data - lvm2 - docker-ce - kubelet - kubeadm - kubectl state: present - name: set cgroup lineinfile: dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf regexp: "^cgroup-driver=" line: "cgroup-driver=cgroupfs" - name: force systemd to reread configs and restart service kubelet systemd: name: docker enabled: yes state: restarted - name: force systemd to reread configs and restart service kubelet systemd: name: kubelet enabled: yes state: restarted daemon_reload: yes - name: reboot reboot: