ansible-install-k8s 之 1 初始化环境

简介: ansible-install-k8s 之 1 初始化环境

安装配置ansible

安装

dnf install -y ansible

配置

echo "[defaults]" >> /etc/ansible/ansible.cfg
echo "host_key_checking = false" >>/etc/ansible/ansible.cfg
ansible-playbook 结构 /root 目录下

复制代码
├── deplyment
│ └── install_k8s_os_init.yml
├── hosts
├── roles
│ └── init
│ ├── files
│ │ ├── epel.repo
│ │ ├── ipvs_br_netfilter.conf
│ │ ├── limits.conf
│ │ ├── k8s.conf
│ │ ├── hosts
│ │ ├── rocky-addons.repo
│ │ ├── rocky-devel.repo
│ │ ├── rocky-extras.repo
│ │ └── rocky.repo
│ ├── tasks
│ │ └── main.yml
│ └── templates
复制代码
部署命令:

ansible-playbook -i hosts deplyment/install_k8s_os_init.yml
各个文件内容

install_k8s_osinit.yml


  • hosts: init
    roles:
    • ../roles/init
      epel.repo

复制代码
[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch/
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever

[epel-debuginfo]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug
baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/$basearch/debug/
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Source
baseurl=https://mirrors.aliyun.com/epel/$releasever/Everything/source/tree/
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1
复制代码
ipvs_br_netfilter.conf

复制代码
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
br_netfilter
复制代码
limits.conf

复制代码

/etc/security/limits.conf

  • hard nproc 655360
  • hard nofile 655360
    root hard nproc 655360
    root hard nofile 655360

    End of file

    复制代码
    k8s.conf

net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
hosts

复制代码
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

k8s-dep

192.168.0.200 k8s-dep-200

k8s-master

192.168.0.201 k8s-m1-c1-201
192.168.0.202 k8s-m2-c2-202
192.168.0.203 k8s-m3-c3-203

k8s-node

192.168.0.204 k8s-n1-204
192.168.0.205 k8s-n2-205
192.168.0.206 k8s-n3-206
复制代码
rocky-addons.repo

复制代码

rocky-addons.repo

[highavailability]
name=Rocky Linux $releasever - High Availability
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/HighAvailability/$basearch/os/
gpgcheck=1
enabled=0
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[highavailability-debuginfo]
name=Rocky Linux $releasever - High Availability - Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/HighAvailability/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[highavailability-source]
name=Rocky Linux $releasever - High Availability - Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/HighAvailability/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[resilientstorage]
name=Rocky Linux $releasever - Resilient Storage
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/ResilientStorage/$basearch/os/
gpgcheck=1
enabled=0
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[resilientstorage-debuginfo]
name=Rocky Linux $releasever - Resilient Storage - Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/ResilientStorage/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[resilientstorage-source]
name=Rocky Linux $releasever - Resilient Storage - Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/ResilientStorage/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
[nfv]
name=Rocky Linux $releasever - NFV
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/NFV/$basearch/os/
gpgcheck=1
enabled=0
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[nfv-debuginfo]
name=Rocky Linux $releasever - NFV Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/NFV/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[nfv-source]
name=Rocky Linux $releasever - NFV Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/NFV/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[rt]
name=Rocky Linux $releasever - Realtime
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/RT/$basearch/os/
gpgcheck=1
enabled=0
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[rt-debuginfo]
name=Rocky Linux $releasever - Realtime Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/RT/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[rt-source]
name=Rocky Linux $releasever - Realtime Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/RT/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[sap]
name=Rocky Linux $releasever - SAP
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAP/$basearch/os/
gpgcheck=1
enabled=0
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[sap-debuginfo]
name=Rocky Linux $releasever - SAP Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAP/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[sap-source]
name=Rocky Linux $releasever - SAP Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAP/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[saphana]
name=Rocky Linux $releasever - SAPHANA
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAPHANA/$basearch/os/
gpgcheck=1
enabled=0
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[saphana-debuginfo]
name=Rocky Linux $releasever - SAPHANA Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAPHANA/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[saphana-source]
name=Rocky Linux $releasever - SAPHANA Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/SAPHANA/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
复制代码
rocky-devel.repo

复制代码

rocky-devel.repo

[devel]
name=Rocky Linux $releasever - Devel WARNING! FOR BUILDROOT ONLY DO NOT LEAVE ENABLED
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/devel/$basearch/os/
gpgcheck=1
enabled=0
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[devel-debuginfo]
name=Rocky Linux $releasever - Devel Debug WARNING! FOR BUILDROOT ONLY DO NOT LEAVE ENABLED
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/devel/$basearch/debug/tree/
gpgcheck=1
enabled=0
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

{spa.maiip8.com]
{spa.yny100.com]
{spa.yunguotong.com]
{spa.ningmengblock.com]
{spa.cshicl.com]
{spa.v6799.com]
{spa.inuantong.com]
{spa.ketzx.com]
[devel-source]
name=Rocky Linux $releasever - Devel Source WARNING! FOR BUILDROOT ONLY DO NOT LEAVE ENABLED
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/devel/source/tree/
gpgcheck=1
enabled=0
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
复制代码
rocky-extras.repo

复制代码

rocky-extras.repo

[extras]
name=Rocky Linux $releasever - Extras
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/extras/$basearch/os/
gpgcheck=1
enabled=1
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[extras-debuginfo]
name=Rocky Linux $releasever - Extras Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/extras/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[extras-source]
name=Rocky Linux $releasever - Extras Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/extras/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[plus]
name=Rocky Linux $releasever - Plus
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/plus/$basearch/os/
gpgcheck=1
enabled=0
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[plus-debuginfo]
name=Rocky Linux $releasever - Plus - Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/plus/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[plus-source]
name=Rocky Linux $releasever - Plus - Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/plus/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
复制代码
rocky.repo

复制代码

rocky.repo

[baseos]
name=Rocky Linux $releasever - BaseOS
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/BaseOS/$basearch/os/
gpgcheck=1
enabled=1
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[baseos-debuginfo]
name=Rocky Linux $releasever - BaseOS - Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/BaseOS/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[baseos-source]
name=Rocky Linux $releasever - BaseOS - Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/BaseOS/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[appstream]
name=Rocky Linux $releasever - AppStream
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/AppStream/$basearch/os/
gpgcheck=1
enabled=1
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[appstream-debuginfo]
name=Rocky Linux $releasever - AppStream - Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/AppStream/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[appstream-source]
name=Rocky Linux $releasever - AppStream - Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/AppStream/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[crb]
name=Rocky Linux $releasever - CRB
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/CRB/$basearch/os/
gpgcheck=1
enabled=0
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[crb-debuginfo]
name=Rocky Linux $releasever - CRB - Debug
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/CRB/$basearch/debug/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[crb-source]
name=Rocky Linux $releasever - CRB - Source
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/CRB/source/tree/
gpgcheck=1
enabled=0
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
复制代码
main.yml

复制代码

  • name: 关闭firewalld
    systemd: name=firewalld state=stopped enabled=no
  • name: 关闭selinux
    selinux: state=disabled
  • name: 关闭swap
    lineinfile:
    dest: /etc/fstab
    regexp: ".*swap"
    line: ""
  • name: 即时生效
    shell: setenforce 0 ; swapoff -a
  • name: 修改主机名
    shell: hostnamectl set-hostname { { hostname }}
  • name: 配置UTF8
    shell: localectl set-locale LANG=en_US.UTF-8
  • name: 配置24小时制
    shell: localectl set-locale LC_TIME=en_GB.UTF-8
  • name: 配置时区
    shell: timedatectl set-timezone Asia/Shanghai
  • name: 拷贝时区
    copy: src=/usr/share/zoneinfo/Asia/Shanghai dest=/etc/localtime
  • name: 配置hosts主机解析
    copy: src=hosts dest=/etc/ mode=0644 force=yes
  • name: 配置阿里源-base-and-epel
    copy: src={ { item }} dest=/etc/yum.repos.d/ mode=0644 force=yes
    with_items:
    {spa.life-log-happy.com]
    {spa.nyanhanten.com]
    {spa.cncowboy.com]
    {spa.dbtd1688.com]
    {spa.votesmart2017.com]
    {spa.brookschandler.com]
    {spa.guzhiyush.top]
    {spa.daguan33.com]
    {spa.wuten888.com]
    • rocky.repo
    • rocky-addons.repo
    • rocky-devel.repo
    • rocky-extras.repo
    • epel.repo
  • name: 安装常用工具包rpm
    dnf: name={ { item }} state=present disable_gpg_check=yes
    loop:
    • vim
    • bridge-utils
    • iftop
    • tree
    • net-tools
    • telnet
    • ipvsadm
    • ansible
    • bash-complete
    • lrzsz
    • wget
    • curl
    • iotop
    • tcpdump
    • lsof
    • zip
    • unzip
    • gcc
    • make
    • chrony
  • name: 配置时间同步chrony
    lineinfile:
    dest: /etc/chrony.conf
    regexp: '2.rocky.pool.ntp.org'
    line: 'ntp1.aliyun.com'
  • name: 重启时间同步chrony
    systemd: name=chronyd state=restarted enabled=yes
  • name: 配置内核加载 ipvs br_netfilter
    copy: src=ipvs_br_netfilter.conf /etc/modules-load.d/ mode=0644 force=yes
  • name: 配置文件句柄
    copy: src=limits.conf dest=/etc/security/ mode=0644 force=yes
  • name: 配置k8s内核参数
    copy: src=k8s.conf dest=/etc/sysctl.d/ mode=0644 force=yes
    复制代码

本文来自博客园,站在巨人的肩膀上,坚持开源精神,遵循开源协议:Apache Licene 2.0协议。

分类: 13 自动化

相关实践学习
通过Ingress进行灰度发布
本场景您将运行一个简单的应用,部署一个新的应用用于新的发布,并通过Ingress能力实现灰度发布。
容器应用与集群管理
欢迎来到《容器应用与集群管理》课程,本课程是“云原生容器Clouder认证“系列中的第二阶段。课程将向您介绍与容器集群相关的概念和技术,这些概念和技术可以帮助您了解阿里云容器服务ACK/ACK Serverless的使用。同时,本课程也会向您介绍可以采取的工具、方法和可操作步骤,以帮助您了解如何基于容器服务ACK Serverless构建和管理企业级应用。 学习完本课程后,您将能够: 掌握容器集群、容器编排的基本概念 掌握Kubernetes的基础概念及核心思想 掌握阿里云容器服务ACK/ACK Serverless概念及使用方法 基于容器服务ACK Serverless搭建和管理企业级网站应用
相关文章
|
1月前
|
Kubernetes 容器 Perl
【赵渝强老师】K8s中Pod中的初始化容器
Kubernetes的Pod包含业务容器、基础容器、初始化容器和临时容器。初始化容器在业务容器前运行,用于执行必要的初始化任务。本文介绍了初始化容器的作用、配置方法及优势,并提供了一个示例。
|
7月前
|
存储 数据采集 Kubernetes
一文详解K8s环境下Job类日志采集方案
本文介绍了K8s中Job和Cronjob控制器用于非常驻容器编排的场景,以及Job容器的特点:增删频率高、生命周期短和突发并发大。文章重点讨论了Job日志采集的关键考虑点,包括容器发现速度、开始采集延时和弹性支持,并对比了5种采集方案:DaemonSet采集、Sidecar采集、ECI采集、同容器采集和独立存储采集。对于短生命周期Job,建议使用Sidecar或ECI采集,通过调整参数确保数据完整性。对于突发大量Job,需要关注服务端资源限制和采集容器的资源调整。文章总结了不同场景下的推荐采集方案,并指出iLogtail和SLS未来可能的优化方向。
|
7月前
|
Kubernetes 搜索推荐 网络协议
使用 kubeadm 部署 Kubernetes 集群(三)kubeadm 初始化 k8s 证书过期解决方案
使用 kubeadm 部署 Kubernetes 集群(三)kubeadm 初始化 k8s 证书过期解决方案
404 8
|
3月前
|
Kubernetes Linux Docker
在centos7上搭建k8s环境
在centos7上搭建k8s环境
|
4月前
|
jenkins Linux 持续交付
在Linux中,如何使用Jenkins和Ansible进行虚拟化环境的自动化和持续集成/持续部署(CI/CD)?
在Linux中,如何使用Jenkins和Ansible进行虚拟化环境的自动化和持续集成/持续部署(CI/CD)?
|
4月前
|
Kubernetes 监控 Shell
在K8S中,我们公司用户反应pod连接数非常多,希望看一下这些连接都是什么信息?什么状态?怎么排查?容器里面没有集成bash环境、网络工具,怎么处理?
在K8S中,我们公司用户反应pod连接数非常多,希望看一下这些连接都是什么信息?什么状态?怎么排查?容器里面没有集成bash环境、网络工具,怎么处理?
|
5月前
|
Kubernetes 负载均衡 调度
k8s初始化pod-pod标签
k8s初始化pod-pod标签
53 1
|
5月前
|
Kubernetes Linux 调度
k8s环境设置-pod下载及重启策略
k8s环境设置-pod下载及重启策略
57 1
|
4月前
|
消息中间件 Kubernetes 数据库
在k8S中,初始化容器(init container)概念原理是什么?
在k8S中,初始化容器(init container)概念原理是什么?
|
4月前
|
人工智能 Kubernetes 持续交付
Kubernetes环境下基于微服务架构的容器化AI应用部署与管理最佳实践
【8月更文第19天】随着AI技术的快速发展,越来越多的企业开始将AI应用部署到生产环境。然而,AI应用往往包含大量的组件和服务,这使得其部署和管理变得非常复杂。微服务架构和容器化技术(如Docker)结合Kubernetes集群管理,为解决这些问题提供了强大的工具。本文将介绍如何在Kubernetes环境中部署和管理基于微服务架构的容器化AI应用。
226 0
下一篇
DataWorks