25 k8s 主机参数初始化

1、 主机参数初始化

- name: "ccse内核升级初始化配置"
  hosts: paas   # hosts文件模块名
  tasks:
    - name: "创建docker用户" 
      user: name={{ item.name }} password={{ item.dockerpass | password_hash('sha512') }} state=present  update_password=always
      with_items:
      - { name: 'docker', dockerpass: 'Dcos!$#4' }
      tags:
      - add user docker    
    - name: "增加普通用户的sudo权限" 
      lineinfile:
        backup: yes
        dest: /etc/sudoers
        line: "docker   ALL=(ALL)    NOPASSWD: ALL"
      tags:
      - add sudoers
    - name: "刷limits及其他配置"
      copy:
       src: limits.conf  # limits.conf参数见下文
       dest: /etc/security/
       backup: yes
    - name: "sysctl参数"
      lineinfile:
        backup: yes
        dest:  /etc/sysctl.conf
        line: "{{ item }}"
      with_items:
       - net.ipv4.tcp_syncookies=0
       - net.ipv4.tcp_tw_recycle=0
       - net.ipv4.tcp_tw_reuse=1
       - net.ipv4.ip_local_port_range=1024 65535
       - net.ipv4.tcp_max_tw_buckets=180000
       - kernel.pid_max=100000
       - net.core.somaxconn=32768
       - vm.max_map_count=262144
       - vm.overcommit_memory=0
       - net.bridge.bridge-nf-call-iptables=1
       - net.ipv4.ip_forward=1
       - net.ipv4.conf.all.rp_filter=1
      tags:
      - update sysctl.conf
    - name: "sysctl参数生效"
      command: "sysctl -p"
      ignore_errors: yes
      tags:
      - sysctl -p
    - name: "临时iptables防火墙"
      command: "sudo systemctl stop iptables"
      ignore_errors: yes
      tags:
      - iptables
    - name: "永久iptables防火墙"
      command: "sudo systemctl disable iptables"
      ignore_errors: yes
      tags:
      - dis iptables
    - name: "关闭firewalld防火墙"
      shell: sudo systemctl stop firewalld
      shell: sudo systemctl disable firewalld
    - name: "更新ccse.repo源"
      copy:
        src: ccse.repo   #  ccse.repo 源见下文
        dest: /etc/yum.repos.d/ 
    - name: "安装ntp时间服务器"
      yum:
        name: ntp
        state: present
    - name: "拷贝ntp.conf文件"
      shell: sudo cp /etc/ntp{,.bak}
      shell: sudo sed -i '/server [0-3].centos.pool.ntp.org iburst/ s/^\(.*\)$/#\1/g' /etc/ntp.conf
      shell: sudo sed -i '1a server 10.128.252.8 iburst' /etc/ntp.conf 
    - name: "启动ntp时间服务器"
      systemd:
        name: ntpd.service
        state: restarted
        enabled: yes
    - name: "删除114网段的dns配置"
      shell: sudo sed -i 's/nameserver 114.114.114.114/#nameserver 114.114.114.114/g' /etc/resolv.conf
    - name: '跨网络包校验特性'
      shell: sudo ethtool -K bond0 tx of
      shell: sudo ethtool -K bond0 tx of > /etc/rc.local
      ignore_errors: yes

2、内核参数初始化

- name: "ccse内核升级初始化配置"
  hosts: paas   #hosts文件模块名
  tasks:
    - name: "安装 kernel 4.19内核"
      yum:
        name: /root/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm
        state: present
      tags:
      - install kernel
    - name: "save-->0"
      lineinfile: dest=/etc/default/grub regexp=^GRUB_DEFAULT line=GRUB_DEFAULT=0
      tags:
      - save0
    - name: "更新kernel参数"
      command: grub2-mkconfig -o /boot/grub2/grub.cfg
      tags:
      - mkconfig
    - name: "重启机器,内核生效"
      command: reboot
      tags:
      - reboot

3、主机参数化相关文件说明

# 1、limits.conf  用户连接限制数
cat limits.conf
root - nofile 65536
root - core 65536 
root - nproc 65536 
root - stack 65536 
# 2、自己搭建的.repo  yum源配置
cat ccse.repo
[k8s]
name=Centos local yum repo for k8s
baseurl=ftp://yum源/pub/Centos76
gpgcheck=0