diff --git a/pkg/controllers/clusterops/controller.go b/pkg/controllers/clusterops/controller.go
index 289dc4c740..d3d5144d6a 100644
--- a/pkg/controllers/clusterops/controller.go
+++ b/pkg/controllers/clusterops/controller.go
@@ -355,7 +355,7 @@ func (c *Controller) FetchGlobalManifestImageTag() string {
 func (c *Controller) NewKubesprayJob(clusterOps *clusteroperationv1alpha1.ClusterOperation, serviceAccountName string) *batchv1.Job {
 	BackoffLimit := int32(0)
 	DefaultMode := int32(0o700)
-	PrivatekeyMode := int32(0o400)
+	PrivatekeyMode := int32(0o600)
 	jobName := c.GenerateJobName(clusterOps)
 	namespace := util.GetCurrentNSOrDefault()
 	job := &batchv1.Job{
@@ -393,8 +393,8 @@ func (c *Controller) NewKubesprayJob(clusterOps *clusteroperationv1alpha1.Cluste
 								},
 								{
 									Name:      "hosts-conf",
-									MountPath: "/conf/hosts.yml",
-									SubPath:   "hosts.yml",
+									MountPath: "/captain/inventory/inventory",
+									SubPath:   "inventory",
 								},
 								{
 									Name:      "vars-conf",
@@ -449,7 +449,6 @@ func (c *Controller) NewKubesprayJob(clusterOps *clusteroperationv1alpha1.Cluste
 					Name:      "ssh-auth",
 					MountPath: "/auth/ssh-privatekey",
 					SubPath:   "ssh-privatekey",
-					ReadOnly:  true,
 				})
 		}
 		job.Spec.Template.Spec.Volumes = append(job.Spec.Template.Spec.Volumes,
@@ -696,7 +695,7 @@ func (c *Controller) injectCustomAction(clusterOps *clusteroperationv1alpha1.Clu
 		}
 	}
 	defaultMode := int32(0o700)
-	pathPrefix := "/kubespray"
+	pathPrefix := "/captain"
 	if actionType == clusteroperationv1alpha1.ShellActionType {
 		pathPrefix = "/bin"
 	}
diff --git a/pkg/util/entrypoint/entrypoint.go b/pkg/util/entrypoint/entrypoint.go
index b46f8adf0e..a23b673c68 100644
--- a/pkg/util/entrypoint/entrypoint.go
+++ b/pkg/util/entrypoint/entrypoint.go
@@ -95,7 +95,8 @@ func (ep *EntryPoint) buildPlaybookCmd(action, extraArgs string, isPrivateKey, b
 			return "", ArgsError{fmt.Sprintf("unknown playbook type, the currently supported ranges include: %s", ep.Actions.Playbooks.List)}
 		}
 	}
-	playbookCmd := "ansible-playbook -i /conf/hosts.yml -b --become-user root -e \"@/conf/group_vars.yml\""
+	playbookCmd := "ansible-playbook -i inventory/inventory --extra-vars @/conf/group_vars.yml --flush-cache"
+
 	if isPrivateKey {
 		playbookCmd = fmt.Sprintf("%s --private-key /auth/ssh-privatekey", playbookCmd)
 	}
@@ -105,7 +106,8 @@ func (ep *EntryPoint) buildPlaybookCmd(action, extraArgs string, isPrivateKey, b
 	if action == RemoveNodePB {
 		playbookCmd = fmt.Sprintf("%s -e \"skip_confirmation=true\"", playbookCmd)
 	}
-	playbookCmd = fmt.Sprintf("%s /kubespray/%s", playbookCmd, action)
+
+	playbookCmd = fmt.Sprintf("%s %s", playbookCmd, action)
 	if len(extraArgs) > 0 {
 		playbookCmd = fmt.Sprintf("%s %s", playbookCmd, extraArgs)
 	}