最爱喝酸奶
最爱喝酸奶

ansible-playbook部署K8S集群

通过ansible-playbook,以Kubeadm方式部署K8S高可用集群。

kubernetes安装目录:  /etc/kubernetes/

KubeConfig: ~/.kube/config

主机说明:

系统 ip 角色 cpu 内存 hostname
CentOS 7.7 192.168.30.128 master >=2 >=2G master1
CentOS 7.7 192.168.30.129 master >=2 >=2G master2
CentOS 7.7 192.168.30.130 node >=2 >=2G node1
CentOS 7.7 192.168.30.131 node >=2 >=2G node2
CentOS 7.7 192.168.30.132 node >=2 >=2G node3

准备

  • 将所有部署k8s集群的主机分组:
# vim /etc/ansible/hosts

[master]
192.168.30.128 hostname=master1

[add_master]
192.168.30.129 hostname=master2

[add_node]
192.168.30.130 hostname=node1
192.168.30.131 hostname=node2
192.168.30.132 hostname=node3
  • 创建管理目录:
# mkdir -p kubeadm_k8s/roles/{docker_install,init_install,master_install,node_install,addons_install}/{files,handlers,meta,tasks,templates,vars}

# cd kubeadm_k8s/

说明:

files:存放需要同步到异地服务器的源码文件及配置文件; 
handlers:当资源发生变化时需要进行的操作,若没有此目录可以不建或为空; 
meta:存放说明信息、说明角色依赖等信息,可留空; 
tasks:K8S 安装过程中需要进行执行的任务; 
templates:用于执行 K8S 安装的模板文件,一般为脚本; 
vars:本次安装定义的变量

# tree .

.
├── k8s.yml
└── roles
    ├── addons_install
    │   ├── files
    │   ├── handlers
    │   ├── meta
    │   ├── tasks
    │   │   ├── calico.yml
    │   │   ├── dashboard.yml
    │   │   └── main.yml
    │   ├── templates
    │   │   ├── calico-rbac-kdd.yaml
    │   │   ├── calico.yaml
    │   │   └── dashboard-all.yaml
    │   └── vars
    │       └── main.yml
    ├── docker_install
    │   ├── files
    │   ├── handlers
    │   ├── meta
    │   ├── tasks
    │   │   ├── install.yml
    │   │   ├── main.yml
    │   │   └── prepare.yml
    │   ├── templates
    │   │   ├── daemon.json
    │   │   ├── kubernetes.conf
    │   │   └── kubernetes.repo
    │   └── vars
    │       └── main.yml
    ├── init_install
    │   ├── files
    │   ├── handlers
    │   ├── meta
    │   ├── tasks
    │   │   ├── install.yml
    │   │   └── main.yml
    │   ├── templates
    │   │   ├── check-apiserver.sh
    │   │   ├── keepalived-master.conf
    │   │   └── kubeadm-config.yaml
    │   └── vars
    │       └── main.yml
    ├── master_install
    │   ├── files
    │   ├── handlers
    │   ├── meta
    │   ├── tasks
    │   │   ├── install.yml
    │   │   └── main.yml
    │   ├── templates
    │   │   ├── check-apiserver.sh
    │   │   └── keepalived-backup.conf
    │   └── vars
    │       └── main.yml
    └── node_install
        ├── files
        ├── handlers
        ├── meta
        ├── tasks
        │   ├── install.yml
        │   └── main.yml
        ├── templates
        └── vars
            └── main.yml

36 directories, 29 files
  • 创建安装入口文件,用来调用roles:
# vim k8s.yml

---
- hosts: all
  remote_user: root
  gather_facts: True

  roles:
    - docker_install

- hosts: master
  remote_user: root
  gather_facts: True

  roles:
    - init_install

- hosts: add_master
  remote_user: root
  gather_facts: True

  roles:
    - master_install
    
- hosts: add_node
  remote_user: root
  gather_facts: True

  roles:
    - node_install
    
- hosts: master
  remote_user: root
  gather_facts: True

  roles:
    - addons_install

docker部分

  • 创建docker入口文件,用来调用docker_install:
# vim docker.yml

#用于批量安装Docker
- hosts: all
  remote_user: root
  gather_facts: True

  roles:
    - docker_install
  • 创建变量:
# vim roles/docker_install/vars/main.yml

#定义docker安装中的变量
SOURCE_DIR: /software
VERSION: 1.14.0-0
  • 创建模板文件:

docker配置daemon.json

# vim roles/docker_install/templates/daemon.json

{  
    "registry-mirrors": ["http://f1361db2.m.daocloud.io"],
    "exec-opts":["native.cgroupdriver=systemd"]
}

系统环境kubernetes.conf

# vim roles/docker_install/templates/kubernetes.conf

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100

repo文件kubernetes.repo

# vim roles/docker_install/templates/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  • 环境准备prepare.yml:
# vim roles/docker_install/tasks/prepare.yml

- name: 关闭firewalld 
  service: name=firewalld state=stopped enabled=no
  
- name: 临时关闭 selinux
  shell: "setenforce 0"
  failed_when: false

- name: 永久关闭 selinux
  lineinfile:
    dest: /etc/selinux/config
    regexp: "^SELINUX="
    line: "SELINUX=disabled"

- name: 添加EPEL仓库
  yum: name=epel-release state=latest

- name: 安装常用软件包
  yum:
    name:
      - vim
      - lrzsz
      - net-tools
      - wget
      - curl
      - bash-completion
      - rsync
      - gcc
      - unzip
      - git
      - iptables
      - conntrack
      - ipvsadm
      - ipset
      - jq
      - sysstat
      - libseccomp
    state: latest

- name: 更新系统
  shell: "yum update -y --exclude kubeadm,kubelet,kubectl"
  ignore_errors: yes
  args:
    warn: False
    
- name: 配置iptables
  shell: "iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT"

- name: 关闭swap
  shell: "swapoff -a && sed -i '/swap/s/^\\(.*\\)$/#\\1/g' /etc/fstab"
  
- name: 系统配置
  template: src=kubernetes.conf dest=/etc/sysctl.d/kubernetes.conf

- name: 加载br_netfilter
  shell: "modprobe br_netfilter"

- name: 生效配置
  shell: "sysctl -p /etc/sysctl.d/kubernetes.conf"
  • docker安装install.yml:
# vim roles/docker_install/tasks/install.yml

- name: 创建software目录
  file: name={{ SOURCE_DIR }} state=directory

- name: 更改hostname
  raw: "echo {{ hostname }} > /etc/hostname"

- name: 更改生效
  shell: "hostname {{ hostname }}"

- name: 设置本地dns
  shell: "if [ `grep '{{ ansible_ssh_host }} {{ hostname }}' /etc/hosts |wc -l` -eq 0 ]; then echo {{ ansible_ssh_host }} {{ hostname }} >> /etc/hosts; fi"

- name: 下载repo文件
  shell: "if [ ! -f /etc/yum.repos.d/docker.repo ]; then curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo; fi"

- name: 生成缓存
  shell: "yum makecache fast"
  args:
    warn: False

- name: 安装docker-ce
  yum: 
    name: docker-ce
    state: latest

- name: 启动docker并开机启动
  service:
    name: docker
    state: started
    enabled: yes
    
- name: 配置docker
  template: src=daemon.json dest=/etc/docker/daemon.json

- name: 重启docker
  service:
    name: docker
    state: restarted
    
- name: 配置kubernetes源
  template: src=kubernetes.repo dest=/etc/yum.repos.d/kubernetes.repo

- name: 安装kubernetes-cni
  yum: 
    name: kubernetes-cni
    state: latest  

- name: 安装kubeadm、kubelet、kubectl
  shell: "yum install -y kubeadm-{{ VERSION }} kubelet-{{ VERSION }} kubectl-{{ VERSION }} --disableexcludes=kubernetes"
  args:
    warn: False

- name: 启动kubelet并开机启动
  service:
    name: kubelet
    state: started
    enabled: yes
  • 引用文件main.yml:
# vim roles/docker_install/tasks/main.yml

#引用prepare、install模块
- include: prepare.yml
- include: install.yml

init部分

  • 创建init入口文件,用来调用init_install:
# vim init.yml

#用于初始化k8s集群
- hosts: master
  remote_user: root
  gather_facts: True

  roles:
    - init_install
  • 创建变量:
# vim roles/init_install/vars/main.yml

#定义初始化k8s集群中的变量

#kubernetes版本
VERSION: v1.14.0
#Pod网段
POD_CIDR: 172.10.0.0/16
#master虚拟ip(建议为同网段地址)
MASTER_VIP: 192.168.30.188
#keepalived用到的网卡接口名
VIP_IF: ens33

SOURCE_DIR: /software
Cluster_Num: "{{ groups['all'] | length }}"
Virtual_Router_ID: 68
  • 创建模板文件:

keepalived master配置文件 keepalived-master.conf

# vim roles/init_install/templates/keepalived-master.conf

! Configuration File for keepalived
global_defs {
    router_id keepalive-master
}

vrrp_script check_apiserver {
    script "/etc/keepalived/check-apiserver.sh"
    interval 3
    weight -{{ Cluster_Num }}
}

vrrp_instance VI-kube-master {
    state MASTER
    interface {{ VIP_IF }}
    virtual_router_id {{ Virtual_Router_ID }}
    priority 100
    dont_track_primary
    advert_int 3
    virtual_ipaddress {
        {{ MASTER_VIP }}
    }
    track_script {
        check_apiserver
    }
}

keepalived检查脚本 check-apiserver.sh

# vim roles/init_install/templates/check-apiserver.sh

#!/bin/sh

netstat -lntp |grep 6443 || exit 1

kubeadm配置文件 kubeadm-config.yaml

# vim roles/init_install/templates/kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: {{ VERSION }}
controlPlaneEndpoint: "{{ MASTER_VIP }}:6443"
networking:
    # This CIDR is a Calico default. Substitute or remove for your CNI provider.
    podSubnet: "{{ POD_CIDR }}"
imageRepository: registry.cn-hangzhou.aliyuncs.com/imooc
  • 集群初始化install.yml:
# vim roles/init_install/tasks/install.yml

- name: 安装keepalived
  yum: name=keepalived state=present

- name: 拷贝keepalived配置文件
  template: src=keepalived-master.conf dest=/etc/keepalived/keepalived.conf
  
- name: 拷贝keepalived检查脚本
  template: src=check-apiserver.sh dest=/etc/keepalived/check-apiserver.sh mode=0755

- name: 启动keepalived并开机启动
  service:
    name: keepalived
    state: started
    enabled: yes

- name: 拷贝kubeadm配置文件
  template: src=kubeadm-config.yaml dest={{ SOURCE_DIR }}

- name: 集群初始化准备1
  shell: "swapoff -a && kubeadm reset -f"

- name: 集群初始化准备2
  shell: "systemctl daemon-reload && systemctl restart kubelet"
  
- name: 集群初始化准备3
  shell: "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X"

- name: 拉取kube-scheduler镜像
  shell: "docker pull registry.cn-hangzhou.aliyuncs.com/imooc/kube-scheduler:{{ VERSION }}"

- name: 集群初始化
  shell: "kubeadm init --config={{ SOURCE_DIR }}/kubeadm-config.yaml --experimental-upload-certs &>{{ SOURCE_DIR }}/token.txt"

- name: 获取master的token
  shell: "grep -B2 'experimental-control-plane' {{ SOURCE_DIR }}/token.txt > {{ SOURCE_DIR }}/master.sh"

- name: 获取node的token
  shell: "grep -A1 'kubeadm join' {{ SOURCE_DIR }}/token.txt |tail -2 > {{ SOURCE_DIR }}/node.sh"

- name: 分发master.sh
  shell: "ansible all -m copy -a 'src={{ SOURCE_DIR }}/master.sh dest={{ SOURCE_DIR }} mode=0755'"
  args:
    warn: False
    
- name: 分发node.sh
  shell: "ansible all -m copy -a 'src={{ SOURCE_DIR }}/node.sh dest={{ SOURCE_DIR }} mode=0755'"
  args:
    warn: False

- name: 创建 $HOME/.kube 目录
  file: name=$HOME/.kube state=directory
  
- name: 拷贝KubeConfig
  copy: src=/etc/kubernetes/admin.conf dest=$HOME/.kube/config owner=root group=root

- name: kubectl命令补全1
  shell: "kubectl completion bash > $HOME/.kube/completion.bash.inc"
 
- name: kubectl命令补全2
  shell: "if [ `grep 'source $HOME/.kube/completion.bash.inc' $HOME/.bash_profile |wc -l` -eq 0 ]; then echo 'source $HOME/.kube/completion.bash.inc' >> $HOME/.bash_profile; fi"
  
- name: 生效配置
  shell: "source $HOME/.bash_profile"
  ignore_errors: yes
  • 引用文件main.yml:
# vim roles/init_install/tasks/main.yml

#引用install模块
- include: install.yml

master部分

  • 创建master入口文件,用来调用master_install:
# vim master.yml

#用于集群新增master
- hosts: add_master
  remote_user: root
  gather_facts: True

  roles:
    - master_install
  • 创建变量:
# vim roles/master_install/vars/main.yml

#定义新增master到集群中的变量

#注意与keepalived master一致
#master虚拟ip(建议为同网段地址)
MASTER_VIP: 192.168.30.188
#keepalived用到的网卡接口名
VIP_IF: ens33

SOURCE_DIR: /software
Cluster_Num: "{{ groups['all'] | length }}"
Virtual_Router_ID: 68
  • 创建模板文件:

keepalived backup配置文件 keepalived-backup.conf

# vim roles/master_install/templates/keepalived-backup.conf

! Configuration File for keepalived
global_defs {
    router_id keepalive-backup
}

vrrp_script check_apiserver {
    script "/etc/keepalived/check-apiserver.sh"
    interval 3
    weight -{{ Cluster_Num }}
}

vrrp_instance VI-kube-master {
    state BACKUP
    interface {{ VIP_IF }}
    virtual_router_id {{ Virtual_Router_ID }}
    priority 99
    dont_track_primary
    advert_int 3
    virtual_ipaddress {
        {{ MASTER_VIP }}
    }
    track_script {
        check_apiserver
    }
}

keepalived检查脚本 check-apiserver.sh

# vim roles/master_install/templates/check-apiserver.sh

#!/bin/sh

netstat -lntp |grep 6443 || exit 1
  • 添加master到集群install.yml:
# vim roles/master_install/tasks/install.yml

- name: 安装keepalived
  yum: name=keepalived state=present

- name: 拷贝keepalived配置文件
  template: src=keepalived-backup.conf dest=/etc/keepalived/keepalived.conf
  
- name: 拷贝keepalived检查脚本
  template: src=check-apiserver.sh dest=/etc/keepalived/check-apiserver.sh mode=0755

- name: 启动keepalived并开机启动
  service:
    name: keepalived
    state: started
    enabled: yes

- name: 集群初始化准备1
  shell: "swapoff -a && kubeadm reset -f"

- name: 集群初始化准备2
  shell: "systemctl daemon-reload && systemctl restart kubelet"
  
- name: 集群初始化准备3
  shell: "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X"
  
- name: 集群增加master
  script: "{{ SOURCE_DIR }}/master.sh"
  
- name: 创建 $HOME/.kube 目录
  file: name=$HOME/.kube state=directory
  
- name: 拷贝KubeConfig
  copy: src=/etc/kubernetes/admin.conf dest=$HOME/.kube/config owner=root group=root

- name: kubectl命令补全1
  shell: "kubectl completion bash > $HOME/.kube/completion.bash.inc"
 
- name: kubectl命令补全2
  shell: "if [ `grep 'source $HOME/.kube/completion.bash.inc' $HOME/.bash_profile |wc -l` -eq 0 ]; then echo 'source $HOME/.kube/completion.bash.inc' >> $HOME/.bash_profile; fi"
  
- name: 生效配置
  shell: "source $HOME/.bash_profile"
  ignore_errors: yes
  
- name: 删除master的token
  file: name={{ SOURCE_DIR }}/master.sh state=absent

- name: 删除node的token
  file: name={{ SOURCE_DIR }}/node.sh state=absent
  • 引用文件main.yml:
# vim roles/master_install/tasks/main.yml

#引用install模块
- include: install.yml

node部分

  • 创建node入口文件,用来调用node_install:
# vim node.yml

#用于集群增加node
- hosts: add_node
  remote_user: root
  gather_facts: True

  roles:
    - node_install
  • 创建变量:
# vim roles/node_install/vars/main.yml

#定义新增node到集群中的变量

SOURCE_DIR: /software
  • 添加node到集群install.yml:
# vim roles/node_install/tasks/install.yml

- name: 集群初始化准备1
  shell: "swapoff -a && kubeadm reset -f"

- name: 集群初始化准备2
  shell: "systemctl daemon-reload && systemctl restart kubelet"
  
- name: 集群初始化准备3
  shell: "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X"
  
- name: 集群增加node
  script: "{{ SOURCE_DIR }}/node.sh"

- name: 删除master的token
  file: name={{ SOURCE_DIR }}/master.sh state=absent

- name: 删除node的token
  file: name={{ SOURCE_DIR }}/node.sh state=absent
  • 引用文件main.yml:
# vim roles/node_install/tasks/main.yml

#引用install模块
- include: install.yml

addons部分

  • 创建addons入口文件,用来调用addons_install:
# vim addons.yml

#用于安装k8s集群插件
- hosts: master
  remote_user: root
  gather_facts: True

  roles:
    - addons_install
  • 创建变量:
# vim roles/addons_install/vars/main.yml

#定义k8s集群插件安装中的变量

#Pod网段
POD_CIDR: 172.10.0.0/16

SOURCE_DIR: /software
  • 创建模板文件:

calico rbac配置文件 calico-rbac-kdd.yaml

# vim roles/addons_install/templates/calico-rbac-kdd.yaml

# Calico Version v3.1.3
# https://docs.projectcalico.org/v3.1/releases#v3.1.3
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: calico-node
rules:
  - apiGroups: [""]
    resources:
      - namespaces
    verbs:
      - get
      - list
      - watch
  - apiGroups: [""]
    resources:
      - pods/status
    verbs:
      - update
  - apiGroups: [""]
    resources:
      - pods
    verbs:
      - get
      - list
      - watch
      - patch
  - apiGroups: [""]
    resources:
      - services
    verbs:
      - get
  - apiGroups: [""]
    resources:
      - endpoints
    verbs:
      - get
  - apiGroups: [""]
    resources:
      - nodes
    verbs:
      - get
      - list
      - update
      - watch
  - apiGroups: ["extensions"]
    resources:
      - networkpolicies
    verbs:
      - get
      - list
      - watch
  - apiGroups: ["networking.k8s.io"]
    resources:
      - networkpolicies
    verbs:
      - watch
      - list
  - apiGroups: ["crd.projectcalico.org"]
    resources:
      - globalfelixconfigs
      - felixconfigurations
      - bgppeers
      - globalbgpconfigs
      - bgpconfigurations
      - ippools
      - globalnetworkpolicies
      - globalnetworksets
      - networkpolicies
      - clusterinformations
      - hostendpoints
    verbs:
      - create
      - get
      - list
      - update
      - watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: calico-node
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: calico-node
subjects:
- kind: ServiceAccount
  name: calico-node
  namespace: kube-system

calico配置文件 calico.yaml

# vim roles/addons_install/templates/calico.yaml

# Calico Version v3.1.3
# https://docs.projectcalico.org/v3.1/releases#v3.1.3
# This manifest includes the following component versions:
#   calico/node:v3.1.3
#   calico/cni:v3.1.3

# This ConfigMap is used to configure a self-hosted Calico installation.
kind: ConfigMap
apiVersion: v1
metadata:
  name: calico-config
  namespace: kube-system
data:
  # To enable Typha, set this to "calico-typha" *and* set a non-zero value for Typha replicas
  # below.  We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is
  # essential.
  typha_service_name: "calico-typha"

  # The CNI network configuration to install on each node.
  cni_network_config: |-
    {
      "name": "k8s-pod-network",
      "cniVersion": "0.3.0",
      "plugins": [
        {
          "type": "calico",
          "log_level": "info",
          "datastore_type": "kubernetes",
          "nodename": "__KUBERNETES_NODE_NAME__",
          "mtu": 1500,
          "ipam": {
            "type": "host-local",
            "subnet": "usePodCidr"
          },
          "policy": {
            "type": "k8s"
          },
          "kubernetes": {
            "kubeconfig": "__KUBECONFIG_FILEPATH__"
          }
        },
        {
          "type": "portmap",
          "snat": true,
          "capabilities": {"portMappings": true}
        }
      ]
    }

---

# This manifest creates a Service, which will be backed by Calico's Typha daemon.
# Typha sits in between Felix and the API server, reducing Calico's load on the API server.

apiVersion: v1
kind: Service
metadata:
  name: calico-typha
  namespace: kube-system
  labels:
    k8s-app: calico-typha
spec:
  ports:
    - port: 5473
      protocol: TCP
      targetPort: calico-typha
      name: calico-typha
  selector:
    k8s-app: calico-typha

---

# This manifest creates a Deployment of Typha to back the above service.

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: calico-typha
  namespace: kube-system
  labels:
    k8s-app: calico-typha
spec:
  # Number of Typha replicas.  To enable Typha, set this to a non-zero value *and* set the
  # typha_service_name variable in the calico-config ConfigMap above.
  #
  # We recommend using Typha if you have more than 50 nodes.  Above 100 nodes it is essential
  # (when using the Kubernetes datastore).  Use one replica for every 100-200 nodes.  In
  # production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade.
  replicas: 1
  revisionHistoryLimit: 2
  template:
    metadata:
      labels:
        k8s-app: calico-typha
      annotations:
        # This, along with the CriticalAddonsOnly toleration below, marks the pod as a critical
        # add-on, ensuring it gets priority scheduling and that its resources are reserved
        # if it ever gets evicted.
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      hostNetwork: true
      tolerations:
        # Mark the pod as a critical add-on for rescheduling.
        - key: CriticalAddonsOnly
          operator: Exists
      # Since Calico can't network a pod until Typha is up, we need to run Typha itself
      # as a host-networked pod.
      serviceAccountName: calico-node
      containers:
      - image: quay.io/calico/typha:v0.7.4
        name: calico-typha
        ports:
        - containerPort: 5473
          name: calico-typha
          protocol: TCP
        env:
          # Enable "info" logging by default.  Can be set to "debug" to increase verbosity.
          - name: TYPHA_LOGSEVERITYSCREEN
            value: "info"
          # Disable logging to file and syslog since those don't make sense in Kubernetes.
          - name: TYPHA_LOGFILEPATH
            value: "none"
          - name: TYPHA_LOGSEVERITYSYS
            value: "none"
          # Monitor the Kubernetes API to find the number of running instances and rebalance
          # connections.
          - name: TYPHA_CONNECTIONREBALANCINGMODE
            value: "kubernetes"
          - name: TYPHA_DATASTORETYPE
            value: "kubernetes"
          - name: TYPHA_HEALTHENABLED
            value: "true"
          # Uncomment these lines to enable prometheus metrics.  Since Typha is host-networked,
          # this opens a port on the host, which may need to be secured.
          #- name: TYPHA_PROMETHEUSMETRICSENABLED
          #  value: "true"
          #- name: TYPHA_PROMETHEUSMETRICSPORT
          #  value: "9093"
        livenessProbe:
          httpGet:
            path: /liveness
            port: 9098
          periodSeconds: 30
          initialDelaySeconds: 30
        readinessProbe:
          httpGet:
            path: /readiness
            port: 9098
          periodSeconds: 10

---

# This manifest installs the calico/node container, as well
# as the Calico CNI plugins and network config on
# each master and worker node in a Kubernetes cluster.
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: calico-node
  namespace: kube-system
  labels:
    k8s-app: calico-node
spec:
  selector:
    matchLabels:
      k8s-app: calico-node
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  template:
    metadata:
      labels:
        k8s-app: calico-node
      annotations:
        # This, along with the CriticalAddonsOnly toleration below,
        # marks the pod as a critical add-on, ensuring it gets
        # priority scheduling and that its resources are reserved
        # if it ever gets evicted.
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      hostNetwork: true
      tolerations:
        # Make sure calico/node gets scheduled on all nodes.
        - effect: NoSchedule
          operator: Exists
        # Mark the pod as a critical add-on for rescheduling.
        - key: CriticalAddonsOnly
          operator: Exists
        - effect: NoExecute
          operator: Exists
      serviceAccountName: calico-node
      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
      terminationGracePeriodSeconds: 0
      containers:
        # Runs calico/node container on each Kubernetes node.  This
        # container programs network policy and routes on each
        # host.
        - name: calico-node
          image: quay.io/calico/node:v3.1.3
          env:
            # Use Kubernetes API as the backing datastore.
            - name: DATASTORE_TYPE
              value: "kubernetes"
            # Enable felix info logging.
            - name: FELIX_LOGSEVERITYSCREEN
              value: "info"
            # Cluster type to identify the deployment type
            - name: CLUSTER_TYPE
              value: "k8s,bgp"
            # Disable file logging so `kubectl logs` works.
            - name: CALICO_DISABLE_FILE_LOGGING
              value: "true"
            # Set Felix endpoint to host default action to ACCEPT.
            - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
              value: "ACCEPT"
            # Disable IPV6 on Kubernetes.
            - name: FELIX_IPV6SUPPORT
              value: "false"
            # Set MTU for tunnel device used if ipip is enabled
            - name: FELIX_IPINIPMTU
              value: "1440"
            # Wait for the datastore.
            - name: WAIT_FOR_DATASTORE
              value: "true"
            # The default IPv4 pool to create on startup if none exists. Pod IPs will be
            # chosen from this range. Changing this value after installation will have
            # no effect. This should fall within `--cluster-cidr`.
            - name: CALICO_IPV4POOL_CIDR
              value: "{{ POD_CIDR }}"
            # Enable IPIP
            - name: CALICO_IPV4POOL_IPIP
              value: "Always"
            # Enable IP-in-IP within Felix.
            - name: FELIX_IPINIPENABLED
              value: "true"
            # Typha support: controlled by the ConfigMap.
            - name: FELIX_TYPHAK8SSERVICENAME
              valueFrom:
                configMapKeyRef:
                  name: calico-config
                  key: typha_service_name
            # Set based on the k8s node name.
            - name: NODENAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            # Auto-detect the BGP IP address.
            - name: IP
              value: "autodetect"
            - name: FELIX_HEALTHENABLED
              value: "true"
          securityContext:
            privileged: true
          resources:
            requests:
              cpu: 250m
          livenessProbe:
            httpGet:
              path: /liveness
              port: 9099
            periodSeconds: 10
            initialDelaySeconds: 10
            failureThreshold: 6
          readinessProbe:
            httpGet:
              path: /readiness
              port: 9099
            periodSeconds: 10
          volumeMounts:
            - mountPath: /lib/modules
              name: lib-modules
              readOnly: true
            - mountPath: /var/run/calico
              name: var-run-calico
              readOnly: false
            - mountPath: /var/lib/calico
              name: var-lib-calico
              readOnly: false
        # This container installs the Calico CNI binaries
        # and CNI network config file on each node.
        - name: install-cni
          image: quay.io/calico/cni:v3.1.3
          command: ["/install-cni.sh"]
          env:
            # Name of the CNI config file to create.
            - name: CNI_CONF_NAME
              value: "10-calico.conflist"
            # The CNI network config to install on each node.
            - name: CNI_NETWORK_CONFIG
              valueFrom:
                configMapKeyRef:
                  name: calico-config
                  key: cni_network_config
            # Set the hostname based on the k8s node name.
            - name: KUBERNETES_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - mountPath: /host/opt/cni/bin
              name: cni-bin-dir
            - mountPath: /host/etc/cni/net.d
              name: cni-net-dir
      volumes:
        # Used by calico/node.
        - name: lib-modules
          hostPath:
            path: /lib/modules
        - name: var-run-calico
          hostPath:
            path: /var/run/calico
        - name: var-lib-calico
          hostPath:
            path: /var/lib/calico
        # Used to install CNI.
        - name: cni-bin-dir
          hostPath:
            path: /opt/cni/bin
        - name: cni-net-dir
          hostPath:
            path: /etc/cni/net.d

# Create all the CustomResourceDefinitions needed for
# Calico policy and networking mode.
---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
   name: felixconfigurations.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: FelixConfiguration
    plural: felixconfigurations
    singular: felixconfiguration

---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: bgppeers.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: BGPPeer
    plural: bgppeers
    singular: bgppeer

---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: bgpconfigurations.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: BGPConfiguration
    plural: bgpconfigurations
    singular: bgpconfiguration

---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ippools.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: IPPool
    plural: ippools
    singular: ippool

---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: hostendpoints.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: HostEndpoint
    plural: hostendpoints
    singular: hostendpoint

---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: clusterinformations.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: ClusterInformation
    plural: clusterinformations
    singular: clusterinformation

---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: globalnetworkpolicies.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: GlobalNetworkPolicy
    plural: globalnetworkpolicies
    singular: globalnetworkpolicy

---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: globalnetworksets.crd.projectcalico.org
spec:
  scope: Cluster
  group: crd.projectcalico.org
  version: v1
  names:
    kind: GlobalNetworkSet
    plural: globalnetworksets
    singular: globalnetworkset

---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: networkpolicies.crd.projectcalico.org
spec:
  scope: Namespaced
  group: crd.projectcalico.org
  version: v1
  names:
    kind: NetworkPolicy
    plural: networkpolicies
    singular: networkpolicy

---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: calico-node
  namespace: kube-system

dashboard配置文件 dashboard-all.yaml

# vim roles/addons_install/templates/dashboard-all.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    # Allows editing resource and makes sure it is created first.
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard-settings
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard
  namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
    spec:
      priorityClassName: system-cluster-critical
      containers:
      - name: kubernetes-dashboard
        image: registry.cn-hangzhou.aliyuncs.com/imooc/kubernetes-dashboard-amd64:v1.8.3
        resources:
          limits:
            cpu: 100m
            memory: 300Mi
          requests:
            cpu: 50m
            memory: 100Mi
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          # PLATFORM-SPECIFIC ARGS HERE
          - --auto-generate-certificates
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
        - name: tmp-volume
          mountPath: /tmp
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard-minimal
  namespace: kube-system
rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
- apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    # Allows editing resource and makes sure it is created first.
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    # Allows editing resource and makes sure it is created first.
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard-key-holder
  namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - port: 443
    targetPort: 8443
    nodePort: 30005
  type: NodePort
  • coredns安装calico.yml:
# vim roles/addons_install/tasks/calico.yml

- name: 创建addons目录
  file: name=/etc/kubernetes/addons state=directory

- name: 拷贝calico-rbac-kdd.yaml
  template: src=calico-rbac-kdd.yaml dest=/etc/kubernetes/addons

- name: 拷贝calico.yaml
  template: src=calico.yaml dest=/etc/kubernetes/addons

- name: 拉取calico typha镜像
  shell: "ansible all -m shell -a 'docker pull registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-typha:v0.7.4'"

- name: tag calico typha镜像
  shell: "ansible all -m shell -a 'docker tag registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-typha:v0.7.4 quay.io/calico/typha:v0.7.4'"
  
- name: 拉取calico node镜像
  shell: "ansible all -m shell -a 'docker pull registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-node:v3.1.3'"

- name: tag calico node镜像
  shell: "ansible all -m shell -a 'docker tag registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-node:v3.1.3 quay.io/calico/node:v3.1.3'"

- name: 拉取calico cni镜像
  shell: "ansible all -m shell -a 'docker pull registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-cni:v3.1.3'"
  
- name: tag calico cni镜像
  shell: "ansible all -m shell -a 'docker tag registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-cni:v3.1.3 quay.io/calico/cni:v3.1.3'"
  
- name: 创建calico-rbac
  shell: "kubectl apply -f /etc/kubernetes/addons/calico-rbac-kdd.yaml"

- name: 部署calico
  shell: "kubectl apply -f /etc/kubernetes/addons/calico.yaml"
  • dashboard安装dashboard.yml:
# vim roles/addons_install/tasks/dashboard.yml

- name: 拷贝dashboard-all.yaml
  template: src=dashboard-all.yaml dest=/etc/kubernetes/addons

- name: 拉取dashboard镜像
  shell: "ansible all -m shell -a 'docker pull registry.cn-hangzhou.aliyuncs.com/imooc/kubernetes-dashboard-amd64:v1.8.3'"

- name: 部署dashboard
  shell: "kubectl apply -f /etc/kubernetes/addons/dashboard-all.yaml"
  
- name: 创建ServiceaAccount
  shell: "kubectl create sa dashboard-admin -n kube-system"

- name: 权限绑定
  shell: "kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin"

- name: 获取登录token
  shell: "ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}'); kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}' > {{ SOURCE_DIR }}/token.txt"
  register: token

- name: 显示token位置
  debug: var=token.cmd verbosity=0
  • 引用文件main.yml:
# vim roles/addons_install/tasks/main.yml

#引用calico、dashboard模块
- include: calico.yml
- include: dashboard.yml

安装测试

  • 执行安装:
# ansible-playbook k8s.yml

# kubectl get nodes

NAME      STATUS   ROLES    AGE     VERSION
master1   Ready    master   8m30s   v1.14.0
master2   Ready    master   6m38s   v1.14.0
node1     Ready    <none>   5m50s   v1.14.0
node2     Ready    <none>   5m49s   v1.14.0
node3     Ready    <none>   5m49s   v1.14.0

# kubectl get pods -n kube-system

NAME                                   READY   STATUS    RESTARTS   AGE
calico-node-9jqrh                      2/2     Running   0          19h
calico-node-brfb8                      2/2     Running   0          19h
calico-node-ncjxp                      2/2     Running   0          19h
calico-node-qsffm                      2/2     Running   0          19h
calico-node-smwq5                      2/2     Running   0          19h
calico-typha-666749994b-h99rr          1/1     Running   0          19h
coredns-8567978547-6fvmp               1/1     Running   1          19h
coredns-8567978547-q2rz5               1/1     Running   1          19h
etcd-master1                           1/1     Running   0          19h
etcd-master2                           1/1     Running   0          19h
kube-apiserver-master1                 1/1     Running   0          19h
kube-apiserver-master2                 1/1     Running   0          19h
kube-controller-manager-master1        1/1     Running   0          19h
kube-controller-manager-master2        1/1     Running   0          19h
kube-proxy-2wfnz                       1/1     Running   0          19h
kube-proxy-46gtf                       1/1     Running   0          19h
kube-proxy-mg87t                       1/1     Running   0          19h
kube-proxy-s5f5j                       1/1     Running   0          19h
kube-proxy-vqdhx                       1/1     Running   0          19h
kube-scheduler-master1                 1/1     Running   0          19h
kube-scheduler-master2                 1/1     Running   0          19h
kubernetes-dashboard-5bd4bfc87-rkvfh   1/1     Running   0          19h

使用火狐浏览器访问https://192.168.30.128:30005

ansible-playbook部署K8S集群_第1张图片

# cat /software/token.txt

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZHBudnoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYWU1N2I5MWItMTg0MC0xMWVhLTgzNzYtMDAwYzI5YzkwMDgxIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.xOSS0owznhpdN0DmALG04ehP7Xw-qYEjX8YQAHy8vA017UFvRxd8oH4EsfkGEkzLWC3kwWUWCxRs7yEVUgGzx7Rp2lJ5xceyga448Kffj9GOQapAF8J_2SP9j2tCll465GSKtjODJgpwnknJ8YqMt6mn-jH9Cn49ljf6rSHuyk2_2qf_PX2ioIKHTKyFLMD-6ci-tUpWHOEQdKlxi3K7LJek4qlJ04hKckcphHZf35YEnBDcB2uvWsW7P9k_2GIwXwjoPLAlidmk56WGtrCy9erZFg1W1aeVh7z9aqECKSs0Jnt-bafPaBwbqpjbkjhGKC8vznBslxO2STaiR0-j1A

ansible-playbook部署K8S集群_第2张图片

测试安装没有问题,注意kubernetes组件版本尽量一致。已存放至个人gitgub:ansible-playbook

你可能感兴趣的:(Ansible)

  • ansible的安装、使用 ytym00
    简介高度模块化,调用特定的模块,完成特定的任务,基于Yaml,来完成批量任务的模板化,来支持playbook。基于Python语言实现,主要使用Paramiko、PyYAML和JinJa2三个关键模块,部署简单(agentless),主从模式,支持自定义模块,支持playbook,幂等性:允许重复执行N次,没有变化时,只会执行第一次。特点:1、Configuration(cfengine,chef
  • Ubuntu Juju 与 Ansible的区别 xidianjiapei001 #Kubernetesubuntuansiblelinux云原生Juju
    JujuandAnsiblearebothpowerfultoolsusedformanagingandorchestratingITinfrastructureandapplications,buttheyhavedifferentapproachesandusecases.Here’sabreakdownofthekeydifferencesbetweenthem:1.ConceptualFo
  • ansible安全优化篇 happy_king_zi 运维自动化配置管理安全ansible安全devops
    一、安全概况对与一台全新安装的服务器,尤其是直接面向公网的服务器来说:最重要的一项配置就是安全配置。针对非授权连接和截取通信信息等攻击行为,避免攻击手段带来的危害,处理方法有以下方法:使用安全加密的通信方式——使用https加密传输;禁止root用户远程登录并充分利用sudo;移除非必需的软件,只开发需要用到的端口;遵守权限最小化原则;及时更新操作系统和软件——修复旧版本的bug,并使用新版本的最
  • Ansible架构介绍与安装 2401_86637445 ansible架构
    一、介绍Ansible什么是Ansible?Ansible是一款自动化运维工具,其主要功能是帮助运维实现IT工作的自动化、降低人为操作失误、提高业务自动化率、提升运维工作效率。实现了批量系统配置、批量程序部署、批量运行命令等功能。ansiblepuppetsaltstack主流的三种。ansible自动化运维工具被红帽收购阿里巴巴在用saltstackpython开发。无客户端,只需安装SSH、P
  • Linux学习-Ansible(一) 丢爸 Linuxlinux学习ansible
    环境-Rocky-Linux8.6安装部署Ansible#安装ansible[root@harboransible]#dnfinstall-yansible-core#查看安装信息[root@harboransible]#ansible-doc--versionansible-doc[core2.12.2]configfile=/root/ansible/ansible.cfgconfigured
  • Ansible简单部署与使用 大哥您好 Linuxansible数据库运维linux
    目录环境安装Ansibleaptinstallmarkupsafeerror配置Ansible创建个人目录ansible.cfghosts测试Ansibleping批量执行自定义命令环境Ubuntu20.04安装Ansibleaptinstallsudoaptinstallansiblemarkupsafeerror安装成功后,尝试运行ansible,部分环境下会有如下报错:ubuntu@ubun
  • Ansible自动化部署kubernetes集群 theo.wu kubernetesansible自动化
    机器环境介绍1.1.机器信息介绍IPhostnameapplicationCPUMemory192.168.204.129k8s-master01etcd,kube-apiserver,kube-controller-manager,kube-scheduler,kubelet,kube-proxy,containerd2C4G192.168.204.130k8s-worker01etcd,kub
  • Linux之ansible的playbook剧本(yaml文件) 小橞 linuxansible运维服务器
    playbook剧本一个剧本(即playbook),可以包含多个play每个play用于在指定的主机上,通过模块和参数执行相应的任务每个play可以包含多个任务。任务有模块和参数构成。paly要建立在ansible文件夹下才能使用因为yaml文件对格式要求很严格所有本人在编写时会设置一下vim编译器的一些功能格式setai:自动缩进setts=2:设置tab键缩进两个空格setet:将tab键转换
  • ansible_find模块 打败404 ansiblelinux
    found_files:changed:falsefiles:-path:/etc/yum.repos.d/example1.repomode:'0644'size:1542-path:/etc/yum.repos.d/example2.repomode:'0644'size:2842matched:21.find模块返回的格式2.在后面调用的时候按照相应的key取对应的value3.支持正则表达
  • ansible入门 打败404 运维linuxansible
    一、ansible简介1、ansible是什么?ansible是目前最受运维欢迎的自动化运维工具,基于Python开发,集合了众多运维工具(SaltStackpuppet、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于paramiko开发的,并且基于模块化工作,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模
  • 使用Ansible实现高效服务器配置管理的最佳实践 范范0825 ansible服务器运维
    使用Ansible实现高效服务器配置管理的最佳实践在现代IT运维中,服务器的配置管理是一个关键环节。传统的手动配置方法不仅耗时耗力,而且容易出错,特别是在规模庞大的服务器集群中,配置的一致性难以保证。Ansible作为一款无代理的自动化运维工具,通过其易用性和灵活性,提供了一种高效的服务器配置管理解决方案。本指南将从基础到高级应用,详细介绍使用Ansible实现高效服务器配置管理的最佳实践。目录什
  • 使用ansible的剧本制作salt-master与salt-minion的安装与启动服务过程 qq_42750608 linuxansibleansible
    虚拟机版本:RockyLinuxrelease8.6(GreenObsidian)准备几台虚拟机ipv4地址主机名192.168.137.13center192.168.137.14sp-1192.168.137.15sp-2192.168.137.16sp-3一、center主机的配置1.vim/etc/hosts127.0.0.1localhostlocalhost.localdomainlo
  • Ansible Tower与AWX:构建可视化的运维自动化解决方案 勤劳兔码农 运维ansible自动化
    AnsibleTower与AWX:构建可视化的运维自动化解决方案引言随着企业数字化转型的深入,运维自动化逐渐成为IT管理的重要组成部分。Ansible作为一种简单、灵活且功能强大的自动化工具,广泛应用于配置管理、应用部署和任务自动化中。然而,在大规模、复杂的企业环境中,单纯使用Ansible命令行来管理和执行任务,难以满足对自动化流程的可视化、可审计和权限管理等高级需求。为了解决这些问题,RedH
  • Ansible在CentOS下批量部署Nginx到Kubernetes集群 酱江奖 RHELzabbix自学ansiblecentosnginx
    在现代云计算环境中,Kubernetes(简称K8s)作为容器编排平台的标准,广泛应用于应用程序的管理和部署。Ansible作为一种自动化运维工具,可以帮助我们高效地完成各种任务,包括在Kubernetes集群上部署应用。本文将详细介绍如何在CentOS操作系统中使用Ansible来批量部署Nginx服务至Kubernetes环境,并通过具体示例说明每一步的操作。环境准备1.安装Ansible确保
  • 双vip高可用的MySQL集群 Hi,你好啊 数据库mysql数据库高可用
    文章目录项目介绍项目架构项目环境项目步骤环境准备Ansible服务器部署1、安装Ansible2、配置免密登录3、修改Ansible的主机清单Prometheus部署1、下载软件包2、二进制安装PrometheusServer3、通过服务管理Prometheus4、安装node_exporter5、安装mysqld_exporter6、添加被监控的服务器部署MySQL集群(基于GTID的半同步)1
  • 【DevOps工具篇】使用Ansible部署Keycloak oauth2proxy 和 单点登录(SSO)设置 小涵 DevOps企业级项目实战devopsansible运维ldapkeycloakproxyoauth
    【DevOps工具篇】使用Ansible部署Keycloakoauth2proxy和单点登录(SSO)设置目录【DevOps工具篇】使用Ansible部署Keycloakoauth2proxy和单点登录(SSO)设置Ansible基础知识部署Keycloak创建OIDC-客户端创建oauth2proxy部署顶级AnsiblePlaybookHost.iniplaybook.yaml推荐超级课程:D
  • ansible register 之用法 图灵AI云 ansibleansibleregister
    ansibleregister这个功能非常有用。当我们需要判断对执行了某个操作或者某个命令后,如何做相应的响应处理(执行其他ansible语句),则一般会用到register。举个例子:我们需要判断sda6是否存在,如果存在了就执行一些相应的脚本,则可以为该判断注册一个register变量,并用它来判断是否存在,存在返回succeeded,失败就是failed.-name:Createaregis
  • linux自动化运维之ansible实战 浓黑的daidai 运维自动化ansible
    ansible基础介绍优点-相比于saltatack和puppet,没有客户端,更轻量级-只是一个工具,可以很容易实现分布式拓展-更强的远程执行命令特点-模块化-支持自定义模块,可以用任何语言编写模块-基于python语言实现-部署简单,基于python和ssh,agentless,无需代理-安全安装yum安装首先安装epel源:yuminstallepel-release-y下载ansible:
  • ansible实战自动化运维项目 清风 001 Linux系统运维
    Ansible是一个强大的自动化工具,广泛应用于配置管理、应用部署、任务自动化和IT环境编排。在实际生产环境中,Ansible可以帮助运维团队高效地管理服务器、应用和服务。以下是一个详细的Ansible自动化运维项目的生产实际案例,包括代码和详细讲解。项目背景假设我们有一个Web应用,需要在多台服务器上进行部署和配置。我们使用Ansible来自动化以下任务:安装必要的软件包。部署应用代码。配置和启
  • python自动化运维项目实战_全网稀缺的Python/Django/Ansible Playbook自动化运维项目实战视频课程... weixin_39977642 python自动化运维项目实战
    配置文件properties比yml优先级高SpringBoot使用一个全句的配置文件,配置文件名是固定的;application.propertiesapplication.yml配置文件的作用:修改SpringBoot自动配置的默认值,SpringBoot在底层都给我们自动配置好了。YAML,是/不是一个标记语言标记语言:以前的配置文件:xxx.xmlyaml:以数据为中心,比json、xml
  • ansible自动化运维 芷阳99 自动化运维运维ansible自动化
    1、ansble介绍ansble为一款批量化处理系统配置的服务,对批量化系统部署、批量程序部署、批量运行命令、批量修改服务、批量安装软件包、批量修改配置等诸多功能。ansible基于SSH架构,含有丰富的模块,支持win、路由器、交换机远程操作。查看playbook的网址:https://galaxy.ansible.com2、ansble部署环境准备ansible:192.168.4.10nod
  • ansible自动化运维项目 不会代码的小林 运维
    Ansible是一个基于Python开发的开源自动化运维工具,它通过其模块化的架构和强大的功能,实现了配置管理、批量系统配置、程序部署和运行命令等任务,旨在帮助运维工程师提高工作效能并减少重复性劳动。下面将深入探讨Ansible在自动化运维项目中的具体应用和优势:Ansible的基础架构与组件核心组件:Ansible的运作依赖于几个关键组件,包括连接插件、主机清单、模块、插件以及剧本。其中,连接插
  • ansible自动化运维项目 shiming8879 运维ansible自动化
    在MySQL中创建数据库和表是数据库管理的基础步骤,它们构成了数据存储和操作的基础结构。下面,我将详细介绍如何在MySQL中创建数据库和表,包括创建数据库的基本语法、设计表的考虑因素、表的创建过程、数据类型和约束的使用等,力求内容详尽且不少于2000字。一、创建数据库在MySQL中,数据库是一个创建简单的操作,使用CREATEDATABASE语句即可完成。这个语句允许你指定数据库的名称,并可选地指
  • 使用Ansible进行自动化运维 weixin_58606202 运维ansible自动化
    引言简介自动化运维在现代IT基础架构管理中扮演着重要角色。通过自动化,我们可以提高效率、减少人为错误和加速部署流程。本篇文章将深入介绍如何使用Ansible这款强大的工具来实现自动化运维,帮助你简化服务器管理和配置任务。什么是Ansible?Ansible是一款开源的自动化工具,基于Python开发,不需要在被管理的节点上安装任何客户端代理。它采用一种简洁的YAML格式来编写配置文件,通过SSH协
  • Ansible基础安装与配置 powerx_yc pythonshell开发工具
    ==========================================================================================二、Ansible基础安装与配置==========================================================================================1、An
  • 使用Ansible-playbook 自建CA,并签发客户端IP证书 运维小弟| srebro.cn 运维ansible网络ssl
    使用Ansible-playbook自建CA,并签发客户端IP证书需求使用Ansible-playbook来签发客户端IP证书签发单个IP地址,比如脚本中使用{{inventory_hostname}}来获取主机的IP地址作为证书签发地址----name:GenerateandsignclientIPcertificatehosts:nginxbecome:truevars:#CAsettings
  • paramiko CryptographyDeprecationWarning weixin_34228387
    报错如图:解决:importwarningswarnings.filterwarnings(action='ignore',module='.*paramiko.*')复制代码详细可以看:github.com/ansible/ans…
  • 执行ansible报CryptographyDeprecationWarning rockstics ansiblepython开发语言
    现象:执行ansible报CryptographyDeprecationWarning/usr/local/lib/python3.6/site-packages/ansible/parsing/vault/init.py:44:CryptographyDeprecationWarning:Python3.6isnolongersupportedbythePythoncoreteam.Theref
  • 探索Ansible自动化运维:提高效率的关键工具 一个代码猎人 笔记本自动化部署/运维运维ansible自动化
    探索Ansible自动化运维:提高效率的关键工具在现代IT环境中,自动化已经成为提高效率、减少错误和优化资源利用的重要手段。作为一款领先的开源自动化工具,Ansible在运维、配置管理和应用部署等方面得到了广泛应用。本文将介绍Ansible的核心概念,并通过一个实际项目示例,展示如何利用Ansible来实现自动化运维。1.Ansible简介Ansible是由RedHat开发的一款自动化工具,旨在简
  • ansible详解 husterlichf ansibleansible
    一、语法usage:ansible[-h][--version][-v][-b][--become-methodBECOME_METHOD][--become-userBECOME_USER][-K|--become-password-fileBECOME_PASSWORD_FILE][-iINVENTORY][--list-hosts][-lSUBSET][-PPOLL_INTERVAL][-B
  • java工厂模式 3213213333332132 java抽象工厂
    工厂模式有 1、工厂方法 2、抽象工厂方法。 下面我的实现是抽象工厂方法, 给所有具体的产品类定一个通用的接口。 package 工厂模式; /** * 航天飞行接口 * * @Description * @author FuJianyong * 2015-7-14下午02:42:05 */ public interface SpaceF
  • nginx频率限制+python测试 ronin47 nginx 频率 python
           部分内容参考:http://www.abc3210.com/2013/web_04/82.shtml 首先说一下遇到这个问题是因为网站被攻击,阿里云报警,想到要限制一下访问频率,而不是限制ip(限制ip的方案稍后给出)。nginx连接资源被吃空返回状态码是502,添加本方案限制后返回599,与正常状态码区别开。步骤如下:
  • java线程和线程池的使用 dyy_gusi ThreadPoolthreadRunnabletimer
    java线程和线程池 一、创建多线程的方式     java多线程很常见,如何使用多线程,如何创建线程,java中有两种方式,第一种是让自己的类实现Runnable接口,第二种是让自己的类继承Thread类。其实Thread类自己也是实现了Runnable接口。具体使用实例如下: 1、通过实现Runnable接口方式 1 2
  • Linux 171815164 linux
    ubuntu kernel http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1.2-unstable/ 安卓sdk代理 mirrors.neusoft.edu.cn        80 输入法和jdk sudo apt-get install fcitx su
  • Tomcat JDBC Connection Pool g21121 Connection
           Tomcat7 抛弃了以往的DBCP 采用了新的Tomcat Jdbc Pool 作为数据库连接组件,事实上DBCP已经被Hibernate 所抛弃,因为他存在很多问题,诸如:更新缓慢,bug较多,编译问题,代码复杂等等。        Tomcat Jdbc P
  • 敲代码的一点想法 永夜-极光 java随笔感想
                  入门学习java编程已经半年了,一路敲代码下来,现在也才1w+行代码量,也就菜鸟水准吧,但是在整个学习过程中,我一直在想,为什么很多培训老师,网上的文章都是要我们背一些代码?比如学习Arraylist的时候,教师就让我们先参考源代码写一遍,然
  • jvm指令集 程序员是怎么炼成的 jvm 指令集
    转自:http://blog.csdn.net/hudashi/article/details/7062675#comments       将值推送至栈顶时 const ldc  push   load指令 const系列 该系列命令主要负责把简单的数值类型送到栈顶。(从常量池或者局部变量push到栈顶时均使用) 0x02 &nbs
  • Oracle字符集的查看查询和Oracle字符集的设置修改 aijuans oracle
    本文主要讨论以下几个部分:如何查看查询oracle字符集、 修改设置字符集以及常见的oracle utf8字符集和oracle exp 字符集问题。 一、什么是Oracle字符集 Oracle字符集是一个字节数据的解释的符号集合,有大小之分,有相互的包容关系。ORACLE 支持国家语言的体系结构允许你使用本地化语言来存储,处理,检索数据。它使数据库工具,错误消息,排序次序,日期,时间,货
  • png在Ie6下透明度处理方法 antonyup_2006 css浏览器FirebugIE
    由于之前到深圳现场支撑上线,当时为了解决个控件下载,我机器上的IE8老报个错,不得以把ie8卸载掉,换个Ie6,问题解决了,今天出差回来,用ie6登入另一个正在开发的系统,遇到了Png图片的问题,当然升级到ie8(ie8自带的开发人员工具调试前端页面JS之类的还是比较方便的,和FireBug一样,呵呵),这个问题就解决了,但稍微做了下这个问题的处理。 我们知道PNG是图像文件存储格式,查询资
  • 表查询常用命令高级查询方法(二) 百合不是茶 oracle分页查询分组查询联合查询
    ----------------------------------------------------分组查询 group by    having   --平均工资和最高工资   select avg(sal)平均工资,max(sal)  from emp ;  --每个部门的平均工资和最高工资
  • uploadify3.1版本参数使用详解 bijian1013 JavaScriptuploadify3.1
    使用:     绑定的界面元素<input id='gallery'type='file'/>$("#gallery").uploadify({设置参数,参数如下}); 设置的属性: id: jQuery(this).attr('id'),//绑定的input的ID langFile: 'http://ww
  • 精通Oracle10编程SQL(17)使用ORACLE系统包 bijian1013 oracle数据库plsql
    /* *使用ORACLE系统包 */ --1.DBMS_OUTPUT --ENABLE:用于激活过程PUT,PUT_LINE,NEW_LINE,GET_LINE和GET_LINES的调用 --语法:DBMS_OUTPUT.enable(buffer_size in integer default 20000); --DISABLE:用于禁止对过程PUT,PUT_LINE,NEW
  • 【JVM一】JVM垃圾回收日志 bit1129 垃圾回收
    将JVM垃圾回收的日志记录下来,对于分析垃圾回收的运行状态,进而调整内存分配(年轻代,老年代,永久代的内存分配)等是很有意义的。JVM与垃圾回收日志相关的参数包括: -XX:+PrintGC -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCDateStamps -Xloggc -XX:+PrintGC 通
  • Toast使用 白糖_ toast
    Android中的Toast是一种简易的消息提示框,toast提示框不能被用户点击,toast会根据用户设置的显示时间后自动消失。     创建Toast 两个方法创建Toast makeText(Context context, int resId, int duration)     参数:context是toast显示在
  • angular.identity boyitech AngularJSAngularJS API
    angular.identiy 描述: 返回它第一参数的函数. 此函数多用于函数是编程. 使用方法: angular.identity(value); 参数详解: Param Type Details value * to be returned. 返回值: 传入的value 实例代码: <!DOCTYPE HTML>
  • java-两整数相除,求循环节 bylijinnan java
    import java.util.ArrayList; import java.util.List; public class CircleDigitsInDivision { /** * 题目:求循环节,若整除则返回NULL,否则返回char*指向循环节。先写思路。函数原型:char*get_circle_digits(unsigned k,unsigned j)
  • Java 日期 周 年 Chen.H javaC++cC#
    /** * java日期操作(月末、周末等的日期操作) * * @author * */ public class DateUtil { /** */ /** * 取得某天相加(减)後的那一天 * * @param date * @param num *
  • [高考与专业]欢迎广大高中毕业生加入自动控制与计算机应用专业 comsci 计算机
          不知道现在的高校还设置这个宽口径专业没有,自动控制与计算机应用专业,我就是这个专业毕业的,这个专业的课程非常多,既要学习自动控制方面的课程,也要学习计算机专业的课程,对数学也要求比较高.....如果有这个专业,欢迎大家报考...毕业出来之后,就业的途径非常广.....      以后
  • 分层查询(Hierarchical Queries) daizj oracle递归查询层次查询
    Hierarchical Queries If a table contains hierarchical data, then you can select rows in a hierarchical order using the hierarchical query clause: hierarchical_query_clause::= start with condi
  • 数据迁移 daysinsun 数据迁移
    最近公司在重构一个医疗系统,原来的系统是两个.Net系统,现需要重构到java中。数据库分别为SQL Server和Mysql,现需要将数据库统一为Hana数据库,发现了几个问题,但最后通过努力都解决了。 1、原本通过Hana的数据迁移工具把数据是可以迁移过去的,在MySQl里面的字段为TEXT类型的到Hana里面就存储不了了,最后不得不更改为clob。 2、在数据插入的时候有些字段特别长
  • C语言学习二进制的表示示例 dcj3sjt126com cbasic
    进制的表示示例 # include <stdio.h> int main(void) { int i = 0x32C; printf("i = %d\n", i); /* printf的用法 %d表示以十进制输出 %x或%X表示以十六进制的输出 %o表示以八进制输出 */ return 0; }
  • NsTimer 和 UITableViewCell 之间的控制 dcj3sjt126com ios
    情况是这样的: 一个UITableView, 每个Cell的内容是我自定义的 viewA viewA上面有很多的动画, 我需要添加NSTimer来做动画, 由于TableView的复用机制, 我添加的动画会不断开启, 没有停止, 动画会执行越来越多.   解决办法: 在配置cell的时候开始动画, 然后在cell结束显示的时候停止动画   查找cell结束显示的代理
  • MySql中case when then 的使用 fanxiaolong casewhenthenend
    select "主键", "项目编号", "项目名称","项目创建时间", "项目状态","部门名称","创建人" union (select pp.id as "主键", pp.project_number as &
  • Ehcache(01)——简介、基本操作 234390216 cacheehcache简介CacheManagercrud
    Ehcache简介 目录 1       CacheManager 1.1      构造方法构建 1.2      静态方法构建 2       Cache 2.1&
  • 最容易懂的javascript闭包学习入门 jackyrong JavaScript
    http://www.ruanyifeng.com/blog/2009/08/learning_javascript_closures.html 闭包(closure)是Javascript语言的一个难点,也是它的特色,很多高级应用都要依靠闭包实现。 下面就是我的学习笔记,对于Javascript初学者应该是很有用的。 一、变量的作用域 要理解闭包,首先必须理解Javascript特殊
  • 提升网站转化率的四步优化方案 php教程分享 数据结构PHP数据挖掘Google活动
    网站开发完成后,我们在进行网站优化最关键的问题就是如何提高整体的转化率,这也是营销策略里最最重要的方面之一,并且也是网站综合运营实例的结果。文中分享了四大优化策略:调查、研究、优化、评估,这四大策略可以很好地帮助用户设计出高效的优化方案。 PHP开发的网站优化一个网站最关键和棘手的是,如何提高整体的转化率,这是任何营销策略里最重要的方面之一,而提升网站转化率是网站综合运营实力的结果。今天,我就分
  • web开发里什么是HTML5的WebSocket? naruto1990 Webhtml5浏览器socket
    当前火起来的HTML5语言里面,很多学者们都还没有完全了解这语言的效果情况,我最喜欢的Web开发技术就是正迅速变得流行的 WebSocket API。WebSocket 提供了一个受欢迎的技术,以替代我们过去几年一直在用的Ajax技术。这个新的API提供了一个方法,从客户端使用简单的语法有效地推动消息到服务器。让我们看一看6个HTML5教程介绍里 的 WebSocket API:它可用于客户端、服
  • Socket初步编程——简单实现群聊 Everyday都不同 socket网络编程初步认识
    初次接触到socket网络编程,也参考了网络上众前辈的文章。尝试自己也写了一下,记录下过程吧:   服务端:(接收客户端消息并把它们打印出来)   public class SocketServer { private List<Socket> socketList = new ArrayList<Socket>(); public s
  • 面试:Hashtable与HashMap的区别(结合线程) toknowme
    昨天去了某钱公司面试,面试过程中被问道 Hashtable与HashMap的区别?当时就是回答了一点,Hashtable是线程安全的,HashMap是线程不安全的,说白了,就是Hashtable是的同步的,HashMap不是同步的,需要额外的处理一下。   今天就动手写了一个例子,直接看代码吧 package com.learn.lesson001; import java
  • MVC设计模式的总结 xp9802 设计模式mvc框架IOC
    随着Web应用的商业逻辑包含逐渐复杂的公式分析计算、决策支持等,使客户机越 来越不堪重负,因此将系统的商业分离出来。单独形成一部分,这样三层结构产生了。 其中‘层’是逻辑上的划分。 三层体系结构是将整个系统划分为如图2.1所示的结构[3] (1)表现层(Presentation layer):包含表示代码、用户交互GUI、数据验证。 该层用于向客户端用户提供GUI交互,它允许用户
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他