ISTI-ansible-roles
/
ansible-roles
4
0
Fork 3
Code Issues Pull Requests Releases Wiki Activity

library/roles/ubuntu-deb-general: There is now a specific role that manages the kernel ipv6 status.

This commit is contained in:
Andrea Dell'Amico 2016-10-11 17:40:22 +02:00
parent e32757dd39
commit 3ee895d56a
5 changed files with 2 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ubuntu-deb-general/defaults/main.yml
View File

@ -90,10 +90,6 @@ pki_subdirs:
- certs
- keys
disable_ipv6: True
ipv6_sysctl_value: 1
ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf
# Install our /etc/resolv.conf
install_resolvconf: True

3
ubuntu-deb-general/meta/main.yml
View File

@ -1,8 +1,9 @@
---
dependencies:
- role: '../../library/roles/deb-apt-setup'
- role: '../../library/roles/timezone'
- role: '../../library/roles/deb-set-hostname'
- role: '../../library/roles/deb-set-locale'
- role: '../../library/roles/timezone'
- role: '../../library/roles/linux-kernel-sysctl'
- role: '../../library/roles/sshd_config'
- role: '../../library/roles/fail2ban'

31
ubuntu-deb-general/tasks/disable-ipv6-old-servers.yml
View File

@ -1,31 +0,0 @@
---
- file: dest=/etc/modprobe.d/00-ipv6-disable.conf state=absent
when: is_debian_less_than6
tags:
- ipv6
- file: dest=/etc/modutils/disable-ipv6 state=absent
when: is_debian_less_than6
tags:
- ipv6
- file: dest=/etc/sysctl.d/10-ipv6-disable.conf state=absent
when: is_debian_less_than6
tags:
- ipv6
- lineinfile: name=/etc/modprobe.d/aliases regexp="^alias net-pf-10.*$" line="alias net-pf-10 off"
when: is_debian_less_than6
tags:
- ipv6
- lineinfile: name=/etc/modprobe.d/aliases regexp="^alias ipv6.*$" line="alias ipv6 off"
when: is_debian_less_than6
tags:
- ipv6
- action: down_ipv6_addresses action=remove
when: is_debian_less_than6
tags:
- ipv6

4
ubuntu-deb-general/tasks/main.yml
View File

@ -5,10 +5,6 @@
- include: packages.yml
- include: ntp.yml
- include: remove-unneeded-pkgs.yml
- include: manage-ipv6-status.yml
when: is_not_debian_less_than_6
- include: disable-ipv6-old-servers.yml
when: disable_ipv6
- include: denyhost.yml
when: is_debian_7_or_older
- include: denyhost.yml

28
ubuntu-deb-general/tasks/manage-ipv6-status.yml
View File

@ -1,28 +0,0 @@
---
- name: Ensure that the /etc/sysctl.d directory exists
file: path=/etc/sysctl.d state=directory
when: is_not_debian_less_than_6
tags: ipv6
- name: Disable the in kernel ipv6 support
sysctl: name={{ item }} value=1 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
with_items:
- net.ipv6.conf.all.disable_ipv6
- net.ipv6.conf.default.disable_ipv6
- net.ipv6.conf.lo.disable_ipv6
when:
- is_not_debian_less_than_6
- disable_ipv6
tags: ipv6
- name: enable the in kernel ipv6 support
sysctl: name={{ item }} value=0 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
with_items:
- net.ipv6.conf.all.disable_ipv6
- net.ipv6.conf.default.disable_ipv6
- net.ipv6.conf.lo.disable_ipv6
when:
- is_not_debian_less_than_6
- not disable_ipv6
tags: ipv6