feat(ansible): ansible 优化

2026-02-10 12:20:17 +08:00
@@ -2,7 +2,7 @@
 #### install 集群安装相关
-参见 [install/README.md](install/README.md)
+参见 [install/README.md](install/README_MANUAL.md)
 #### apps 相关应用
@@ -57,9 +57,6 @@ export TAILSCALE_AUTH_KEY="tskey-auth-xxx"
 # 首次安装 (SSH 加固)
 export SSH_PASSWORD="your-root-password"
 # 单独添加节点时 (完整安装时自动获取)
 export K3S_SERVER_URL="https://10.0.0.1:6443"
 ```
 ### 3. 执行安装
@@ -161,18 +158,4 @@ ansible-playbook playbooks/site.yml -vvv
 ansible-playbook playbooks/site.yml --syntax-check
 ```
 ## 故障排查
 ```bash
 # K3s 状态
 systemctl status k3s
 journalctl -u k3s -f
 # Tailscale 状态
 tailscale status
 # 获取 Token
 cat /var/lib/rancher/k3s/server/node-token
 ```
@@ -5,12 +5,13 @@
 # ============================================
 tailscale_auth_key: "{{ lookup('env', 'TAILSCALE_AUTH_KEY') }}"
 # 高可用集群的 server_url 需要指向负载均衡器地址，单节点集群则指向自身
-ha_server_url: "{{ lookup('env', 'HA_SERVER_URL') }}"
+ha_server_url: "{{ lookup('env', 'HA_SERVER_URL') | default('', true) }}"
 # ============================================
 # K3s 配置
 # ============================================
-# k3s_token 和 k3s_server_url 由 site.yml 动态设置，此处仅定义版本
+# K3s Server URL (优先使用 HA_SERVER_URL，否则动态使用 init 节点地址)
 k3s_server_url: "{{ ha_server_url if (ha_server_url | length > 0) else '' }}"
 k3s_version: "v1.34.2+k3s1"
 # ETCD 配置
@@ -35,16 +35,62 @@ all:
    # Agent 节点 (Worker)
    agents:
      hosts:
        tce:
          ansible_host: tce.node.dev.cm
          node_hostname: tce
          node_region: cn-sh
          use_mirror: true
        tcd:
          ansible_host: tcd.node.dev.cm
          node_hostname: tcd
          node_region: cn-sh
          use_mirror: true
        tchk:
          ansible_host: tchk.node.dev.cm
          node_hostname: tchk
          node_region: cn-hk
          enable_lb: true
        tthk:
          ansible_host: tthk.node.dev.cm
          node_hostname: tthk
          node_region: cn-hk
          enable_lb: true
        alihk:
          ansible_host: alihk.node.dev.cm
          node_hostname: alihk
          node_region: cn-hk
          enable_lb: true
          netfilter_mode: nodivert
        alihka:
          ansible_host: alihka.node.dev.cm
          node_hostname: alihka
          node_region: cn-hk
          netfilter_mode: nodivert
        hwhk:
          ansible_host: hwhk.node.dev.cm
          node_hostname: hwhk
          node_region: cn-hk
          enable_lb: true
          netfilter_mode: nodivert
        hwsg:
          ansible_host: hwsg.node.dev.cm
          node_hostname: hwsg
          node_region: sg-sg
          netfilter_mode: nodivert
        hwa:
          ansible_host: hwa.node.dev.cm
          node_hostname: hwa
          node_region: cn-sh
          use_mirror: true
          netfilter_mode: nodivert
        clawhk:
          ansible_host: clawhk.node.dev.cm
          node_hostname: clawhk
          node_region: cn-hk
        clawjp:
          ansible_host: clawjp.node.dev.cm
          node_hostname: clawjp
          node_region: jp-tyo
    # 节点分组
    k3s_cluster:
@@ -70,12 +70,12 @@
    - name: Determine K3S_SERVER_URL
      ansible.builtin.set_fact:
        # 优先使用 HA_SERVER_URL 环境变量，否则使用 init 节点地址
-        k3s_server_url_or_ha: "{{ ha_server_url if (ha_server_url | length > 0) else 'https://' + hostvars[init_node].ansible_host + ':6443' }}"
+        k3s_server_url: "{{ ha_server_url if (ha_server_url | length > 0) else 'https://' + hostvars[init_node].ansible_host + ':6443' }}"
    - name: Set K3S_TOKEN and K3S_SERVER_URL for all hosts
      ansible.builtin.set_fact:
        k3s_token: "{{ k3s_token_content.content | b64decode | trim }}"
-        k3s_server_url: "{{ k3s_server_url_or_ha }}"
+        k3s_server_url: "{{ k3s_server_url }}"
      delegate_to: "{{ item }}"
      delegate_facts: true
      loop: "{{ groups['k3s_cluster'] }}"
@@ -101,7 +101,7 @@
  ansible.builtin.replace:
    path: "{{ playbook_dir }}/../kubeconfig.yaml"
    regexp: 'server: https://127\.0\.0\.1:6443'
-    replace: "server: {{ ha_server_url if (ha_server_url | default('') | length > 0) else 'https://' + ansible_host + ':6443' }}"
+    replace: "server: {{ k3s_server_url }}"
  delegate_to: localhost
  become: false
  when: cluster_init | default(false)
@@ -1,12 +0,0 @@
 # worker 工作节点
 server: "https://k3s.dev.cm:6443"
 token: "K1010dd6f0853e824cfaf417117f31a0d797a738aa2d4b9d01cd5972a9b084c81a0::server:e4836f1f469315fadd5b12c07d7fb10e"
 # 网络相关
 # WARN 阿里云、华为云因使用100网段作为dns等内部服务 需要关闭netfilter 否则会自动添加iptables规则导致无法访问dns
 # WARN 需要添加 extraArgs=--netfilter-mode=nodivert
 vpn-auth: "name=tailscale,joinKey=tskey-auth-kUMo6hWP9711CNTRL-oo21xakMTxCKJBWK8t9XxComm3fAFUvy"
 # 节点相关
 # 保留节点资源 根据节点做不同配置
 # kubelet-arg: "kube-reserved=cpu=1000m,memory=1Gi"
@@ -1,16 +0,0 @@
 # server 主节点
 cluster-init: true
 tls-san:
  - "k3s.dev.cm,k3s.fillcode.com"
 # 数据相关
 etcd-snapshot-retention: "1"
 etcd-snapshot-schedule-cron: "0 0 * * *"
 etcd-snapshot-compress: true
 # 网络相关
 vpn-auth: "name=tailscale,joinKey=tskey-auth-kUMo6hWP9711CNTRL-oo21xakMTxCKJBWK8t9XxComm3fAFUvy"
 # 组件相关
 disable:
  - traefik
@@ -1,17 +0,0 @@
 # server 从节点
 server: "https://tca:6443"
 token: "K1010dd6f0853e824cfaf417117f31a0d797a738aa2d4b9d01cd5972a9b084c81a0::server:e4836f1f469315fadd5b12c07d7fb10e"
 tls-san:
  - "k3s.dev.cm,k3s.fillcode.com"
 # 数据相关
 etcd-snapshot-retention: "1"
 etcd-snapshot-schedule-cron: "0 0 * * *"
 etcd-snapshot-compress: true
 # 网络相关
 vpn-auth: "name=tailscale,joinKey=tskey-auth-kUMo6hWP9711CNTRL-oo21xakMTxCKJBWK8t9XxComm3fAFUvy"
 # 组件相关
 disable:
  - traefik
@@ -1,15 +0,0 @@
 mirrors:
  "docker.io":
    endpoint:
      - "docker.1ms.run"
      - "docker.m.daocloud.io"
      - "mirror.ccs.tencentyun.com"
  "ghcr.io":
    endpoint:
      - "ghcr.m.daocloud.io"
  "registry.k8s.io":
    endpoint:
      - "k8s.m.daocloud.io"
  "quay.io":
    endpoint:
      - "quay.m.daocloud.io"