diff --git a/auto-deploy/0-cci-deploy/hosts.ini b/auto-deploy/0-cci-deploy/hosts.ini
index cbfd55ae67efb85214a589d78be92997736e568a..41bc6c2e65d8881290e7c76639f617b37f9a8c0f 100644
--- a/auto-deploy/0-cci-deploy/hosts.ini
+++ b/auto-deploy/0-cci-deploy/hosts.ini
@@ -3,7 +3,7 @@
 cci-master
 
 [masters]
-; eulerpipeline管理面
+; compass-ci管理节点
 cci-master
 
 [all:vars]
@@ -13,5 +13,5 @@ es_nodes=["cci-master", "cci-master", "cci-master"]
 etcd_nodes=["cci-master", "cci-master", "cci-master"]
 redis_nodes=["cci-master", "cci-master", "cci-master", "cci-master", "cci-master", "cci-master"]
 rabbitmq_nodes=["cci-master"]
-; 指定一台节点作为eulerpipeline管理面
+; 指定masters中的一台节点作为compass-ci管理面
 cci_master_nodes=["cci-master"]
diff --git a/doc/user-guide/how-to-deploy.md b/doc/user-guide/how-to-deploy.md
index 2d046ad883dcbcde744ca1140768288f618257d1..c8baf8e11052f27733e7d5053a0768f795f53336 100644
--- a/doc/user-guide/how-to-deploy.md
+++ b/doc/user-guide/how-to-deploy.md
@@ -30,23 +30,20 @@ ETCD_USER=root          # 固定
 ETCD_PASSWORD=""        # 自动生成，无需填写
 ```
 
-### elasticsearch证书配置
-
-自动生成elastic-certificates.p12证书，并放置在`_conf/es-cert`下
-
-> 注意：该脚本需在联网环境下执行
-
-```
-cd _conf/_confgen
-./create_es_cert
-```
-
 ### 配置完所有信息，运行
 
 生成kubernetes配置文件
-
+prepare 需要两个参数 MASTER_IP MASTER_INTERFACE
+MASTER_IP: 是宿主机的ip，和其他执行机相互连通的ip，如172.168.x.x
+MASTER_INTERFACE: 是配置MASTER_IP所在的网卡，如enp125s0f0
+可使用ifconfig命令查询，命令输出结果如下
+...
+enp125s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
+        inet 172.168.x.x  netmask 255.255.0.0  broadcast 172.168.255.255
+...
+> 注意执行prepare脚本时，需要配置成自己环境的ip和网卡！！！
 ```shell
-./prepare
+./prepare 172.168.x.x enp125s0f0
 ```
 
 ## 二、镜像包准备
@@ -89,5 +86,5 @@ export ANSIBLE_HOST_KEY_CHECKING=False
 ansible all -m ping -i hosts.ini
 
 # 运行deploy-cci playbook，安装compass-ci服务
-ansible-playbook -i hosts.ini -e @variables.yml deploy-cci.yml
+ansible-playbook -i ../hosts-all.ini -i hosts.ini -e @variables.yml deploy-cci.yml
 ```
diff --git a/manifests/prepare b/manifests/prepare
index 06c5db15194912841759d6db835ebd3419e1939c..e07d1c9a5fd5184651a3d1e0fd73eb9ce7f24590 100755
--- a/manifests/prepare
+++ b/manifests/prepare
@@ -55,6 +55,13 @@ if [ ! -z $check_passwd ]; then
 	sed -i "s|^JWT_SECRET=.*|JWT_SECRET=${jwt_secret}|g"                $CONF_PATH/secret-service.env
 fi
 
+# create es cert
+pushd $CONF_PATH
+if [ ! -z $CONF_PATH/es-cert/elastic-certificates.p12 ]; then
+        sh create_es_cert
+fi
+popd
+
 # update yaml
 kubectl -n ems1 create secret generic secrets-env --from-env-file=$CONF_PATH/secret-service.env --dry-run=client -oyaml > $CONF_CHARTS_PATH/secret-env.yaml
 kubectl -n ems1 create secret generic es-cert --from-file=$CONF_PATH/es-cert/elastic-certificates.p12 --dry-run=client -oyaml > $CONF_CHARTS_PATH/secret-es-cert.yaml