From 3ee895d56a61511c669c243ec60562234c52efa8 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 11 Oct 2016 17:40:22 +0200 Subject: [PATCH] library/roles/ubuntu-deb-general: There is now a specific role that manages the kernel ipv6 status. --- ubuntu-deb-general/defaults/main.yml | 4 --- ubuntu-deb-general/meta/main.yml | 3 +- .../tasks/disable-ipv6-old-servers.yml | 31 ------------------- ubuntu-deb-general/tasks/main.yml | 4 --- .../tasks/manage-ipv6-status.yml | 28 ----------------- 5 files changed, 2 insertions(+), 68 deletions(-) delete mode 100644 ubuntu-deb-general/tasks/disable-ipv6-old-servers.yml delete mode 100644 ubuntu-deb-general/tasks/manage-ipv6-status.yml diff --git a/ubuntu-deb-general/defaults/main.yml b/ubuntu-deb-general/defaults/main.yml index c4b8ed9..0d06e09 100644 --- a/ubuntu-deb-general/defaults/main.yml +++ b/ubuntu-deb-general/defaults/main.yml @@ -90,10 +90,6 @@ pki_subdirs: - certs - keys -disable_ipv6: True -ipv6_sysctl_value: 1 -ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf - # Install our /etc/resolv.conf install_resolvconf: True diff --git a/ubuntu-deb-general/meta/main.yml b/ubuntu-deb-general/meta/main.yml index dbe7332..d306f27 100644 --- a/ubuntu-deb-general/meta/main.yml +++ b/ubuntu-deb-general/meta/main.yml @@ -1,8 +1,9 @@ --- dependencies: - role: '../../library/roles/deb-apt-setup' - - role: '../../library/roles/timezone' - role: '../../library/roles/deb-set-hostname' - role: '../../library/roles/deb-set-locale' + - role: '../../library/roles/timezone' + - role: '../../library/roles/linux-kernel-sysctl' - role: '../../library/roles/sshd_config' - role: '../../library/roles/fail2ban' diff --git a/ubuntu-deb-general/tasks/disable-ipv6-old-servers.yml b/ubuntu-deb-general/tasks/disable-ipv6-old-servers.yml deleted file mode 100644 index 18a6dcc..0000000 --- a/ubuntu-deb-general/tasks/disable-ipv6-old-servers.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- file: dest=/etc/modprobe.d/00-ipv6-disable.conf state=absent - when: is_debian_less_than6 - tags: - - ipv6 - -- file: dest=/etc/modutils/disable-ipv6 state=absent - when: is_debian_less_than6 - tags: - - ipv6 - -- file: dest=/etc/sysctl.d/10-ipv6-disable.conf state=absent - when: is_debian_less_than6 - tags: - - ipv6 - -- lineinfile: name=/etc/modprobe.d/aliases regexp="^alias net-pf-10.*$" line="alias net-pf-10 off" - when: is_debian_less_than6 - tags: - - ipv6 - -- lineinfile: name=/etc/modprobe.d/aliases regexp="^alias ipv6.*$" line="alias ipv6 off" - when: is_debian_less_than6 - tags: - - ipv6 - -- action: down_ipv6_addresses action=remove - when: is_debian_less_than6 - tags: - - ipv6 - diff --git a/ubuntu-deb-general/tasks/main.yml b/ubuntu-deb-general/tasks/main.yml index 5187d29..63f8cc2 100644 --- a/ubuntu-deb-general/tasks/main.yml +++ b/ubuntu-deb-general/tasks/main.yml @@ -5,10 +5,6 @@ - include: packages.yml - include: ntp.yml - include: remove-unneeded-pkgs.yml -- include: manage-ipv6-status.yml - when: is_not_debian_less_than_6 -- include: disable-ipv6-old-servers.yml - when: disable_ipv6 - include: denyhost.yml when: is_debian_7_or_older - include: denyhost.yml diff --git a/ubuntu-deb-general/tasks/manage-ipv6-status.yml b/ubuntu-deb-general/tasks/manage-ipv6-status.yml deleted file mode 100644 index 26b6a20..0000000 --- a/ubuntu-deb-general/tasks/manage-ipv6-status.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Ensure that the /etc/sysctl.d directory exists - file: path=/etc/sysctl.d state=directory - when: is_not_debian_less_than_6 - tags: ipv6 - -- name: Disable the in kernel ipv6 support - sysctl: name={{ item }} value=1 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present - with_items: - - net.ipv6.conf.all.disable_ipv6 - - net.ipv6.conf.default.disable_ipv6 - - net.ipv6.conf.lo.disable_ipv6 - when: - - is_not_debian_less_than_6 - - disable_ipv6 - tags: ipv6 - -- name: enable the in kernel ipv6 support - sysctl: name={{ item }} value=0 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present - with_items: - - net.ipv6.conf.all.disable_ipv6 - - net.ipv6.conf.default.disable_ipv6 - - net.ipv6.conf.lo.disable_ipv6 - when: - - is_not_debian_less_than_6 - - not disable_ipv6 - tags: ipv6 -