library/roles/ubuntu-deb-general: There is now a specific role that manages the kernel ipv6 status.
This commit is contained in:
Andrea Dell'Amico
parent
e32757dd39
commit
3ee895d56a
|
|
@ -90,10 +90,6 @@ pki_subdirs:
|
||||||
- certs
|
- certs
|
||||||
- keys
|
- keys
|
||||||
|
|
||||||
disable_ipv6: True
|
|
||||||
ipv6_sysctl_value: 1
|
|
||||||
ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf
|
|
||||||
|
|
||||||
# Install our /etc/resolv.conf
|
# Install our /etc/resolv.conf
|
||||||
install_resolvconf: True
|
install_resolvconf: True
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,9 @@
|
||||||
---
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: '../../library/roles/deb-apt-setup'
|
- role: '../../library/roles/deb-apt-setup'
|
||||||
- role: '../../library/roles/timezone'
|
|
||||||
- role: '../../library/roles/deb-set-hostname'
|
- role: '../../library/roles/deb-set-hostname'
|
||||||
- role: '../../library/roles/deb-set-locale'
|
- role: '../../library/roles/deb-set-locale'
|
||||||
|
- role: '../../library/roles/timezone'
|
||||||
|
- role: '../../library/roles/linux-kernel-sysctl'
|
||||||
- role: '../../library/roles/sshd_config'
|
- role: '../../library/roles/sshd_config'
|
||||||
- role: '../../library/roles/fail2ban'
|
- role: '../../library/roles/fail2ban'
|
||||||
|
|
|
||||||
|
|
@ -1,31 +0,0 @@
|
||||||
---
|
|
||||||
- file: dest=/etc/modprobe.d/00-ipv6-disable.conf state=absent
|
|
||||||
when: is_debian_less_than6
|
|
||||||
tags:
|
|
||||||
- ipv6
|
|
||||||
|
|
||||||
- file: dest=/etc/modutils/disable-ipv6 state=absent
|
|
||||||
when: is_debian_less_than6
|
|
||||||
tags:
|
|
||||||
- ipv6
|
|
||||||
|
|
||||||
- file: dest=/etc/sysctl.d/10-ipv6-disable.conf state=absent
|
|
||||||
when: is_debian_less_than6
|
|
||||||
tags:
|
|
||||||
- ipv6
|
|
||||||
|
|
||||||
- lineinfile: name=/etc/modprobe.d/aliases regexp="^alias net-pf-10.*$" line="alias net-pf-10 off"
|
|
||||||
when: is_debian_less_than6
|
|
||||||
tags:
|
|
||||||
- ipv6
|
|
||||||
|
|
||||||
- lineinfile: name=/etc/modprobe.d/aliases regexp="^alias ipv6.*$" line="alias ipv6 off"
|
|
||||||
when: is_debian_less_than6
|
|
||||||
tags:
|
|
||||||
- ipv6
|
|
||||||
|
|
||||||
- action: down_ipv6_addresses action=remove
|
|
||||||
when: is_debian_less_than6
|
|
||||||
tags:
|
|
||||||
- ipv6
|
|
||||||
|
|
||||||
|
|
@ -5,10 +5,6 @@
|
||||||
- include: packages.yml
|
- include: packages.yml
|
||||||
- include: ntp.yml
|
- include: ntp.yml
|
||||||
- include: remove-unneeded-pkgs.yml
|
- include: remove-unneeded-pkgs.yml
|
||||||
- include: manage-ipv6-status.yml
|
|
||||||
when: is_not_debian_less_than_6
|
|
||||||
- include: disable-ipv6-old-servers.yml
|
|
||||||
when: disable_ipv6
|
|
||||||
- include: denyhost.yml
|
- include: denyhost.yml
|
||||||
when: is_debian_7_or_older
|
when: is_debian_7_or_older
|
||||||
- include: denyhost.yml
|
- include: denyhost.yml
|
||||||
|
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
||||||
---
|
|
||||||
- name: Ensure that the /etc/sysctl.d directory exists
|
|
||||||
file: path=/etc/sysctl.d state=directory
|
|
||||||
when: is_not_debian_less_than_6
|
|
||||||
tags: ipv6
|
|
||||||
|
|
||||||
- name: Disable the in kernel ipv6 support
|
|
||||||
sysctl: name={{ item }} value=1 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
|
|
||||||
with_items:
|
|
||||||
- net.ipv6.conf.all.disable_ipv6
|
|
||||||
- net.ipv6.conf.default.disable_ipv6
|
|
||||||
- net.ipv6.conf.lo.disable_ipv6
|
|
||||||
when:
|
|
||||||
- is_not_debian_less_than_6
|
|
||||||
- disable_ipv6
|
|
||||||
tags: ipv6
|
|
||||||
|
|
||||||
- name: enable the in kernel ipv6 support
|
|
||||||
sysctl: name={{ item }} value=0 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
|
|
||||||
with_items:
|
|
||||||
- net.ipv6.conf.all.disable_ipv6
|
|
||||||
- net.ipv6.conf.default.disable_ipv6
|
|
||||||
- net.ipv6.conf.lo.disable_ipv6
|
|
||||||
when:
|
|
||||||
- is_not_debian_less_than_6
|
|
||||||
- not disable_ipv6
|
|
||||||
tags: ipv6
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue