调整去掉delegate_to deploy节点的任务

Author: gjmzj

11.harbor.yml

@@ -3,7 +3,7 @@
 
 - hosts: harbor
   roles:
-  - { role: chrony, when: "hostvars[groups.deploy[0]]['NTP_ENABLED'] == 'yes' and NEW_INSTALL == 'yes'" }
+  - { role: chrony, when: "NEW_INSTALL == 'yes' and groups['chrony']|length > 0" }
   - { role: prepare, when: "NEW_INSTALL == 'yes'" }
   - { role: docker, when: "NEW_INSTALL == 'yes'" }
   - { role: harbor, when: "NEW_INSTALL == 'yes'" }
@@ -19,10 +19,10 @@
   - kube-node
   tasks:
   - name: Define 'harbor_host', a domain name
-    set_fact: harbor_host="{{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }}"
+    set_fact: harbor_host={{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }}
 
   - name: Define 'harbor_host', an IP Addr
-    set_fact: harbor_host="{{ groups['harbor'][0] }}"
+    set_fact: harbor_host={{ groups['harbor'][0] }}
     when: hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == ''
 
   - block:  

roles/calico/tasks/main.yml

@@ -1,45 +1,38 @@
-- block:
-    - name: 在deploy 节点创建相关目录
-      file: name={{ item }} state=directory
-      with_items:
-      - /etc/calico/ssl
-      - /opt/kube/kube-system/calico
-
-    - name: 创建calico 证书请求
-      template: src=calico-csr.json.j2 dest=/etc/calico/ssl/calico-csr.json
-    
-    - name: 创建 calico证书和私钥
-      shell: "cd /etc/calico/ssl && {{ bin_dir }}/cfssl gencert \
-            -ca={{ ca_dir }}/ca.pem \
-            -ca-key={{ ca_dir }}/ca-key.pem \
-            -config={{ ca_dir }}/ca-config.json \
-            -profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico"
-    
-    - name: get calico-etcd-secrets info
-      shell: "{{ bin_dir }}/kubectl get secrets -n kube-system"
-      register: secrets_info
-    
-    - name: 创建 calico-etcd-secrets
-      shell: "cd /etc/calico/ssl && \
-            {{ bin_dir }}/kubectl create secret generic -n kube-system calico-etcd-secrets \
-            --from-file=etcd-ca={{ ca_dir }}/ca.pem \
-            --from-file=etcd-key=calico-key.pem \
-            --from-file=etcd-cert=calico.pem"
-      when: '"calico-etcd-secrets" not in secrets_info.stdout'
-    
-    - name: 配置 calico DaemonSet yaml文件
-      template: src=calico-{{ calico_ver_main }}.yaml.j2 dest=/opt/kube/kube-system/calico/calico.yaml
-    
-  delegate_to: "{{ groups.deploy[0] }}"
-  run_once: true
-    
-- name: node 节点创建calico 相关目录
+- name: 在节点创建相关目录
   file: name={{ item }} state=directory
   with_items:
   - /etc/calico/ssl
   - /etc/cni/net.d
   - /opt/kube/images 
+  - /opt/kube/kube-system
 
+- name: 创建calico 证书请求
+  template: src=calico-csr.json.j2 dest=/etc/calico/ssl/calico-csr.json
+
+- name: 创建 calico证书和私钥
+  shell: "cd /etc/calico/ssl && {{ bin_dir }}/cfssl gencert \
+        -ca={{ ca_dir }}/ca.pem \
+        -ca-key={{ ca_dir }}/ca-key.pem \
+        -config={{ ca_dir }}/ca-config.json \
+        -profile=kubernetes calico-csr.json | {{ bin_dir }}/cfssljson -bare calico"
+
+- name: get calico-etcd-secrets info
+  shell: "{{ bin_dir }}/kubectl get secrets -n kube-system"
+  register: secrets_info
+  run_once: true
+
+- name: 创建 calico-etcd-secrets
+  shell: "cd /etc/calico/ssl && \
+        {{ bin_dir }}/kubectl create secret generic -n kube-system calico-etcd-secrets \
+        --from-file=etcd-ca={{ ca_dir }}/ca.pem \
+        --from-file=etcd-key=calico-key.pem \
+        --from-file=etcd-cert=calico.pem"
+  when: '"calico-etcd-secrets" not in secrets_info.stdout'
+  run_once: true
+
+- name: 配置 calico DaemonSet yaml文件
+  template: src=calico-{{ calico_ver_main }}.yaml.j2 dest=/opt/kube/kube-system/calico.yaml
+    
 # 【可选】推送离线docker 镜像，可以忽略执行错误
 - block:
     - name: 检查是否已下载离线calico镜像
@@ -79,8 +72,7 @@
 
 # 只需单节点执行一次
 - name: 运行 calico网络
-  shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/calico/ && sleep 5"
-  delegate_to: "{{ groups.deploy[0] }}"
+  shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/calico.yaml"
   run_once: true
 
 # 删除原有cni配置
@@ -96,13 +88,6 @@
   #- loopback
   - calicoctl
 
-- name: 分发 calico 证书
-  synchronize: src=/etc/calico/ssl/{{ item }} dest=/etc/calico/ssl/{{ item }}
-  with_items:
-  - calico.pem
-  - calico-key.pem
-  delegate_to: "{{ groups.deploy[0] }}"
-
 - name: 准备 calicoctl配置文件
   template: src=calicoctl.cfg.j2 dest=/etc/calico/calicoctl.cfg
 
@@ -111,7 +96,6 @@
   shell: "{{ bin_dir }}/kubectl get pod -n kube-system -o wide|grep 'calico-node'|grep ' {{ inventory_hostname }} '|awk '{print $3}'"
   register: pod_status
   until: pod_status.stdout == "Running"
-  delegate_to: "{{ groups.deploy[0] }}"
   retries: 15
   delay: 15
   ignore_errors: true

roles/cilium/tasks/main.yml

@@ -1,28 +1,22 @@
-- name: 在deploy 节点创建cilium 相关目录
-  file: name=/opt/kube/kube-system/cilium state=directory
-  delegate_to: "{{ groups.deploy[0] }}"
-  run_once: true
-    
-- name: 配置 cilium DaemonSet yaml文件
-  template: src=cilium.yaml.j2 dest=/opt/kube/kube-system/cilium/cilium.yaml
-  tags: reconf  
-  delegate_to: "{{ groups.deploy[0] }}"
-  run_once: true
-
 - name: 转换内核版本为浮点数
   set_fact:
      KERNEL_VER: "{{ ansible_kernel.split('-')[0].split('.')[0]|int + ansible_kernel.split('-')[0].split('.')[1]|int/100 }}"
 
 - name: 检查内核版本>4.9
   fail: msg="kernel {{ ansible_kernel }} is too old for cilium installing"
   when: "KERNEL_VER|float <= 4.09"
-  
+
 - name: node 节点创建cilium 相关目录
   file: name={{ item }} state=directory
   with_items:
   - /etc/cni/net.d
   - /var/run/cilium
-  - /opt/kube/images 
+  - /opt/kube/images
+  - /opt/kube/kube-system
+    
+- name: 配置 cilium DaemonSet yaml文件
+  template: src=cilium.yaml.j2 dest=/opt/kube/kube-system/cilium.yaml
+  tags: reconf
 
 - name: Optional-Mount BPF FS
   mount:
@@ -70,8 +64,7 @@
 
 # 只需单节点执行一次
 - name: 运行 cilium网络
-  shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/cilium/ && sleep 5"
-  delegate_to: "{{ groups.deploy[0] }}"
+  shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/cilium.yaml"
   run_once: true
 
 # 删除原有cni配置
@@ -83,7 +76,6 @@
   shell: "{{ bin_dir }}/kubectl get pod -n kube-system -o wide|grep 'cilium'|grep ' {{ inventory_hostname }} '|awk '{print $3}'"
   register: pod_status
   until: pod_status.stdout == "Running"
-  delegate_to: "{{ groups.deploy[0] }}"
   retries: 15
   delay: 8
   ignore_errors: true

roles/cilium/templates/cilium-csr.json.j2

@@ -1,15 +1,13 @@
-- name: 创建相关目录
-  file: name=/opt/kube/kube-system state=directory
-
-- name: 配置 flannel DaemonSet yaml文件
-  template: src=kube-flannel.yaml.j2 dest=/opt/kube/kube-system/flannel.yaml
-    
-- name: 创建flannel cni 相关目录
+- name: 创建flannel 相关目录
   file: name={{ item }} state=directory
   with_items:
   - /etc/cni/net.d
   - /opt/kube/images
+  - /opt/kube/kube-system
 
+- name: 配置 flannel DaemonSet yaml文件
+  template: src=kube-flannel.yaml.j2 dest=/opt/kube/kube-system/flannel.yaml
+    
 - name: 下载flannel cni plugins
   copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
   with_items:
@@ -58,7 +56,7 @@
 
 # 只需单节点执行一次
 - name: 运行 flannel网络
-  shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/flannel.yaml && sleep 5"
+  shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/flannel.yaml"
   run_once: true
 
 # 删除原有cni配置

roles/flannel/tasks/main.yml

@@ -25,12 +25,11 @@
       shell: "{{ bin_dir }}/docker load -i /data/harbor/harbor.{{ HARBOR_VER }}.tar.gz"
 
     - name: 分发证书相关
-      synchronize: src={{ ca_dir }}/{{ item }} dest={{ ca_dir }}/{{ item }}
+      copy: src={{ base_dir }}/.cluster/ssl/{{ item }} dest={{ ca_dir }}/{{ item }}
       with_items:
       - ca.pem
       - ca-key.pem
       - ca-config.json
-      delegate_to: "{{ groups.deploy[0] }}"
 
     - name: 创建harbor证书请求
       template: src=harbor-csr.json.j2 dest={{ ca_dir }}/harbor-csr.json

roles/harbor/tasks/main.yml

@@ -1,21 +1,15 @@
-- block:
-    - name: 在deploy 节点创建相关目录
-      file: name=/opt/kube/kube-ovn state=directory
-
-    - name: 配置 kube-ovn.yaml 文件
-      template: src=kube-ovn.yaml.j2 dest=/opt/kube/kube-ovn/kube-ovn.yaml
-
-    - name: 配置 ovn.yaml 文件
-      template: src=ovn.yaml.j2 dest=/opt/kube/kube-ovn/ovn.yaml
-
-  delegate_to: "{{ groups.deploy[0] }}"
-  run_once: true
-    
 - name: 创建相关目录
   file: name={{ item }} state=directory
   with_items:
   - /etc/cni/net.d
   - /opt/kube/images
+  - /opt/kube/kube-ovn
+
+- name: 配置 kube-ovn.yaml 文件
+  template: src=kube-ovn.yaml.j2 dest=/opt/kube/kube-ovn/kube-ovn.yaml
+
+- name: 配置 ovn.yaml 文件
+  template: src=ovn.yaml.j2 dest=/opt/kube/kube-ovn/ovn.yaml
 
 # 【可选】推送离线镜像，可以忽略执行错误
 - block:
@@ -59,7 +53,6 @@
   shell: "{{ bin_dir }}/kubectl label node {{ OVN_DB_NODE }} kube-ovn/role=master --overwrite && \
 	{{ bin_dir }}/kubectl apply -f /opt/kube/kube-ovn/ovn.yaml && sleep 5 && \
 	{{ bin_dir }}/kubectl apply -f /opt/kube/kube-ovn/kube-ovn.yaml"
-  delegate_to: "{{ groups.deploy[0] }}"
   run_once: true
 
 # 删除原有cni配置
@@ -71,8 +64,6 @@
   shell: "{{ bin_dir }}/kubectl get pod -n kube-ovn -o wide|grep 'kube-ovn-cni'|grep ' {{ inventory_hostname }} '|awk '{print $3}'"
   register: pod_status
   until: pod_status.stdout == "Running"
-  delegate_to: "{{ groups.deploy[0] }}"
   retries: 15
   delay: 8
   ignore_errors: true
-

roles/kube-ovn/tasks/main.yml

@@ -1,18 +1,13 @@
-- block:
-    - name: 在deploy 节点创建相关目录
-      file: name=/opt/kube/kube-system/kube-router state=directory
-
-    - name: 准备配置 kube-router DaemonSet (without IPVS)
-      template: src=kuberouter.yaml.j2 dest=/opt/kube/kube-system/kube-router/kuberouter.yaml
-  delegate_to: "{{ groups.deploy[0] }}"
-  run_once: true
-    
 - name: 创建cni 和kube-router 相关目录
   file: name={{ item }} state=directory
   with_items:
   - /etc/cni/net.d
   - /opt/kube/images
+  - /opt/kube/kube-system
 
+- name: 准备配置 kube-router DaemonSet (without IPVS)
+  template: src=kuberouter.yaml.j2 dest=/opt/kube/kube-system/kuberouter.yaml
+    
 - name: 下载cni plugins
   copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
   with_items:
@@ -63,8 +58,7 @@
 
 # 只需单节点执行一次
 - name: 运行 kube-router DaemonSet
-  shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/kube-router/ && sleep 5"
-  delegate_to: "{{ groups.deploy[0] }}"
+  shell: "{{ bin_dir }}/kubectl apply -f /opt/kube/kube-system/kuberouter.yaml"
   run_once: true
 
 # 删除原有cni配置
@@ -76,8 +70,6 @@
   shell: "{{ bin_dir }}/kubectl get pod -n kube-system -o wide|grep 'kube-router'|grep ' {{ inventory_hostname }} '|awk '{print $3}'"
   register: pod_status
   until: pod_status.stdout == "Running"
-  delegate_to: "{{ groups.deploy[0] }}"
   retries: 15
   delay: 8
   ignore_errors: true
-