- name: Basic Setup
hosts: all ## run on all hosts
gather_facts: false
become: true ## means become sudo or superuser
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: Wait 200 seconds for port 22 to become open and contain "OpenSSH"
ansible.builtin.wait_for:
port: 22
host: "{{ (ansible_ssh_host|default(ansible_host))|default(inventory_hostname) }}"
search_regex: OpenSSH
delay: 10
timeout: 200
vars:
ansible_connection: local
- name: Set a hostname
ansible.builtin.hostname:
name: "{{ node_hostname }}"
- name: Copy /etc/hosts template
ansible.builtin.copy:
backup: true
src: ./files/hosts
dest: /tmp/hosts
- name: Insert/Update configuration using a local file and validate it
ansible.builtin.blockinfile:
block: "{{ lookup('file', './files/hosts') }}"
path: /etc/hosts
backup: yes
- name: Disable swap on all nodes
ansible.builtin.shell: swapoff -a
- name: kernel module prerequesites
ansible.builtin.shell:
cmd: |
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
- name: add overlay module
community.general.modprobe:
name: overlay
state: present
- name: add br_netfilter module
community.general.modprobe:
name: br_netfilter
state: present
- name: sysctl params required by setup
ansible.builtin.shell:
cmd: |
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
- name: apply sysctl params without reboot
ansible.builtin.shell: sysctl --system
- name: create containerd config file
ansible.builtin.shell: mkdir -p /etc/containerd && touch /etc/containerd/config.toml
- name: Install containerd pre-reqs
ansible.builtin.apt:
pkg:
- apt-transport-https
- ca-certificates
- curl
- gnupg
- lsb-release
- name: add docker GPG key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Repository
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu jammy stable
state: present
- name: Update apt and install docker-ce
apt:
name: docker-ce
state: latest
update_cache: true
- name: Install containerd.io
ansible.builtin.apt:
pkg:
- containerd.io
- name: Enable containerd
ansible.builtin.systemd: ## it is like doing "sudo systemctl enable containerd"
name: containerd
daemon_reload: yes
state: started
enabled: yes
- name: Setup containerd to use systemd as cgroup
ansible.builtin.copy:
backup: true
src: ./files/containerd-config.toml
dest: /etc/containerd/config.toml
- name: Restart service cron, in all cases, also issue daemon-reload to pick up config changes
ansible.builtin.systemd:
state: restarted
daemon_reload: yes
name: containerd
## NOTE: kubeadm stuff
- name: Download Google Cloud's public key
ansible.builtin.apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
- name: Add kubernetes repo
ansible.builtin.apt_repository:
repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
state: present
filename: kubernetes
- name: Install kubadm, kubectl, kubelet
ansible.builtin.apt:
pkg:
- kubelet
- kubeadm
- kubectl
- name: hold kubectl,kubeadm,kubelet packages
ansible.builtin.shell: apt-mark hold kubelet kubectl kubeadm
- name: Setup Control Plane Node
hosts: master
become: true
tasks:
- name: init kubeadm
ansible.builtin.shell: sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --control-plane-endpoint "{{ansible_host}}:6443" ## here we specify --control-plane-endpoint because we want to advertise our mster node using the public ip of master node
- name: create ~/.kube directory
ansible.builtin.file:
path: ~/.kube
state: directory
mode: "0755"
- name: copy kubeconfig file
shell: sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
- name: set the correct permission on kubeconfig file
shell: sudo chown $(id -u):$(id -g) $HOME/.kube/config
- name: install flannel
ansible.builtin.shell: kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/v0.20.2/Documentation/kube-flannel.yml
- name: Copy kubeconfig file locally ## We copy the kubeconfig file locally to our machine because the kubeconfig file create above lives inside of ec2 instances and if we want to interacewt with the cluster locally we save the kubeconfigfile locally to our machine.
ansible.builtin.fetch:
src: $HOME/.kube/config
dest: /tmp/kubeconfig/
flat: yes
- name: Generate join token for worker nodes
ansible.builtin.shell: sudo kubeadm token create --print-join-command
register: join_node_token
- name: Save join command as variable
ansible.builtin.set_fact:
join_node: "{{ join_node_token.stdout_lines[0] }}"
- name: Setup Worker Nodes
hosts: workers
become: true
tasks:
- name: add worker nodes to cluster
shell: "sudo {{ hostvars['control_plane'].join_node }}"
这里是 ansible playbook 文件。 我不明白我错过了什么
我可以访问私钥文件
这更多是一个 Linux 问题,但你的 ansible 用户通常应该在
/etc/sudoers
中有一个像这样的条目。这将授予该用户 sudo 权限,而无需密码。
ansible_user ALL=(ALL) NOPASSWD:ALL
在 AWS 的 EC2 服务器上,您将在
/etc/sudoers.d/90-cloud-init-users
中看到这一点。