forked from ISTI-ansible-roles/ansible-roles
library/roles/ubuntu-deb-general: There is now a specific role that manages the kernel ipv6 status.
This commit is contained in:
parent
e32757dd39
commit
3ee895d56a
|
@ -90,10 +90,6 @@ pki_subdirs:
|
|||
- certs
|
||||
- keys
|
||||
|
||||
disable_ipv6: True
|
||||
ipv6_sysctl_value: 1
|
||||
ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf
|
||||
|
||||
# Install our /etc/resolv.conf
|
||||
install_resolvconf: True
|
||||
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: '../../library/roles/deb-apt-setup'
|
||||
- role: '../../library/roles/timezone'
|
||||
- role: '../../library/roles/deb-set-hostname'
|
||||
- role: '../../library/roles/deb-set-locale'
|
||||
- role: '../../library/roles/timezone'
|
||||
- role: '../../library/roles/linux-kernel-sysctl'
|
||||
- role: '../../library/roles/sshd_config'
|
||||
- role: '../../library/roles/fail2ban'
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
---
|
||||
- file: dest=/etc/modprobe.d/00-ipv6-disable.conf state=absent
|
||||
when: is_debian_less_than6
|
||||
tags:
|
||||
- ipv6
|
||||
|
||||
- file: dest=/etc/modutils/disable-ipv6 state=absent
|
||||
when: is_debian_less_than6
|
||||
tags:
|
||||
- ipv6
|
||||
|
||||
- file: dest=/etc/sysctl.d/10-ipv6-disable.conf state=absent
|
||||
when: is_debian_less_than6
|
||||
tags:
|
||||
- ipv6
|
||||
|
||||
- lineinfile: name=/etc/modprobe.d/aliases regexp="^alias net-pf-10.*$" line="alias net-pf-10 off"
|
||||
when: is_debian_less_than6
|
||||
tags:
|
||||
- ipv6
|
||||
|
||||
- lineinfile: name=/etc/modprobe.d/aliases regexp="^alias ipv6.*$" line="alias ipv6 off"
|
||||
when: is_debian_less_than6
|
||||
tags:
|
||||
- ipv6
|
||||
|
||||
- action: down_ipv6_addresses action=remove
|
||||
when: is_debian_less_than6
|
||||
tags:
|
||||
- ipv6
|
||||
|
|
@ -5,10 +5,6 @@
|
|||
- include: packages.yml
|
||||
- include: ntp.yml
|
||||
- include: remove-unneeded-pkgs.yml
|
||||
- include: manage-ipv6-status.yml
|
||||
when: is_not_debian_less_than_6
|
||||
- include: disable-ipv6-old-servers.yml
|
||||
when: disable_ipv6
|
||||
- include: denyhost.yml
|
||||
when: is_debian_7_or_older
|
||||
- include: denyhost.yml
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
---
|
||||
- name: Ensure that the /etc/sysctl.d directory exists
|
||||
file: path=/etc/sysctl.d state=directory
|
||||
when: is_not_debian_less_than_6
|
||||
tags: ipv6
|
||||
|
||||
- name: Disable the in kernel ipv6 support
|
||||
sysctl: name={{ item }} value=1 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
|
||||
with_items:
|
||||
- net.ipv6.conf.all.disable_ipv6
|
||||
- net.ipv6.conf.default.disable_ipv6
|
||||
- net.ipv6.conf.lo.disable_ipv6
|
||||
when:
|
||||
- is_not_debian_less_than_6
|
||||
- disable_ipv6
|
||||
tags: ipv6
|
||||
|
||||
- name: enable the in kernel ipv6 support
|
||||
sysctl: name={{ item }} value=0 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
|
||||
with_items:
|
||||
- net.ipv6.conf.all.disable_ipv6
|
||||
- net.ipv6.conf.default.disable_ipv6
|
||||
- net.ipv6.conf.lo.disable_ipv6
|
||||
when:
|
||||
- is_not_debian_less_than_6
|
||||
- not disable_ipv6
|
||||
tags: ipv6
|
||||
|
Loading…
Reference in New Issue