181 lines
4.3 KiB
YAML
181 lines
4.3 KiB
YAML
---
|
|
#######################
|
|
#### NETWORK TASKS ####
|
|
#######################
|
|
|
|
- name: set static ipv6 for hosts
|
|
lineinfile:
|
|
path: /etc/sysconfig/network-scripts/ifcfg-eth0
|
|
line: {{ item.line }}
|
|
regexp: {{ item.regexp }}
|
|
with_items:
|
|
- { regexp: "^IPV6INIT=", line: "IPV6INIT=yes" }
|
|
- { regexp: "^IPV6AUTOCONF=", line: "IPV6AUTOCONF=no" }
|
|
- { regexp: "^IPV6ADDR=", line: "IPV6ADDR={{ host_ipv6 }}"}
|
|
- { regexp: "^IPV6_DEFAULTGW=", line: "IPV6_DEFAULTGW={{ network_default_gw }}"}
|
|
|
|
- name: reboot
|
|
reboot:
|
|
|
|
########################
|
|
#### FIREWALL TASKS ####
|
|
########################
|
|
|
|
# ## kubernetes requirements
|
|
|
|
# - name: enable port 6443/tcp
|
|
# firewalld:
|
|
# port: 6443/tcp
|
|
# permanent: yes
|
|
# state: enabled
|
|
|
|
# - name: enable port 10250/tcp
|
|
# firewalld:
|
|
# port: 10250/tcp
|
|
# permanent: yes
|
|
# state: enabled
|
|
|
|
# - name: enable port 6443/udp
|
|
# firewalld:
|
|
# port: 6443/udp
|
|
# permanent: yes
|
|
# state: enabled
|
|
|
|
# - name: enable port 10250/udp
|
|
# firewalld:
|
|
# port: 10250/udp
|
|
# permanent: yes
|
|
# state: enabled
|
|
|
|
# ## reload firewalld after setting rules
|
|
|
|
# - name: reload firewalld
|
|
# shell: firewall-cmd --reload
|
|
|
|
######################
|
|
#### UPDATE TASKS ####
|
|
######################
|
|
|
|
- name: upgrade all packages
|
|
yum:
|
|
name: '*'
|
|
state: latest
|
|
|
|
######################
|
|
#### KERNEL TASKS ####
|
|
######################
|
|
|
|
|
|
# TODO: get rid of inline http_proxy and fetch repo with the yum-repository ansible module
|
|
- name: import elrepo gpg key
|
|
shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
|
|
|
|
- name: enable elrepo-release rpm
|
|
shell: rpm -httpproxy http://[2001:470:6d:22c::1]:3128 -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
|
|
|
|
# - name: Add repository
|
|
# yum_repository:
|
|
# name: elrepo-kernel
|
|
# description: elrepo-release
|
|
# baseurl: http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
|
|
|
|
- name: install mainline kernel
|
|
shell: yum --enablerepo=elrepo-kernel install kernel-ml -y
|
|
|
|
- name: set default kernel version in grub
|
|
lineinfile:
|
|
dest: /etc/default/grub
|
|
regexp: "^GRUB_DEFAULT"
|
|
line: "GRUB_DEFAULT=0"
|
|
|
|
- name: write grub config
|
|
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
|
|
|
|
####################
|
|
#### MAIN TASKS ####
|
|
####################
|
|
|
|
- name: permanently disable selinux
|
|
lineinfile:
|
|
dest: /etc/sysconfig/selinux
|
|
regexp: "^SELINUX="
|
|
line: "SELINUX=disabled"
|
|
|
|
- name: temporarily disable swap
|
|
shell: swapoff -a
|
|
|
|
- name: permanently disable swap
|
|
lineinfile:
|
|
dest: /etc/fstab
|
|
regexp: "^/dev/mapper/centos-swap"
|
|
line: "# /dev/mapper/centos-swap swap swap defaults 0 0"
|
|
|
|
- name: activate kernel module
|
|
shell: modprobe br_netfilter
|
|
|
|
- name: enable bridge-nf-call-iptables
|
|
sysctl:
|
|
name: net.bridge.bridge-nf-call-iptables
|
|
value: 1
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
- name: enable bridge-nf-call-ip6tables
|
|
sysctl:
|
|
name: net.bridge.bridge-nf-call-ip6tables
|
|
value: 1
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
- name: enable ipv6 default forwarding
|
|
sysctl:
|
|
name: net.ipv6.conf.default.forwarding
|
|
value: 1
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
- name: add docker-ce yum repository
|
|
shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
|
|
|
|
|
|
- name: copy kubernetes repo config
|
|
copy:
|
|
src: ../files/kubernetes.repo
|
|
dest: /etc/yum.repos.d/kubernetes.repo
|
|
|
|
- name: install packages
|
|
yum:
|
|
name:
|
|
- yum-utils
|
|
- device-mapper-persistent-data
|
|
- lvm2
|
|
- docker-ce
|
|
- kubelet
|
|
- kubeadm
|
|
- kubectl
|
|
state: present
|
|
|
|
- name: set cgroup
|
|
lineinfile:
|
|
dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
|
|
regexp: "^cgroup-driver="
|
|
line: "cgroup-driver=cgroupfs"
|
|
|
|
- name: force systemd to reread configs and restart service kubelet
|
|
systemd:
|
|
name: docker
|
|
enabled: yes
|
|
state: restarted
|
|
|
|
- name: force systemd to reread configs and restart service kubelet
|
|
systemd:
|
|
name: kubelet
|
|
enabled: yes
|
|
state: restarted
|
|
daemon_reload: yes
|
|
|
|
- name: reboot
|
|
reboot: |