forked from evolix/ansible-roles
65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
---
|
|
- name: Install Evolix public repositry
|
|
ansible.builtin.include_role:
|
|
name: evolix/apt
|
|
tasks_from: evolix_public.yml
|
|
tags:
|
|
- vrrpd
|
|
|
|
- name: Install vrrpd packages
|
|
ansible.builtin.apt:
|
|
name: vrrpd=1.0-2.evolix
|
|
allow_unauthenticated: yes
|
|
state: present
|
|
tags:
|
|
- vrrpd
|
|
|
|
- name: Adjust sysctl config (except rp_filter)
|
|
ansible.posix.sysctl:
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
sysctl_file: /etc/sysctl.d/vrrpd.conf
|
|
sysctl_set: yes
|
|
state: present
|
|
loop:
|
|
- { name: 'net.ipv4.conf.all.arp_ignore', value: 1 }
|
|
- { name: 'net.ipv4.conf.all.arp_announce', value: 2 }
|
|
- { name: 'net.ipv4.ip_nonlocal_bind', value: 1 }
|
|
tags:
|
|
- vrrpd
|
|
|
|
- name: look if rp_filter is managed by minifirewall
|
|
ansible.builtin.command:
|
|
cmd: grep "SYSCTL_RP_FILTER=" /etc/default/minifirewall
|
|
failed_when: False
|
|
changed_when: False
|
|
check_mode: no
|
|
register: grep_sysctl_rp_filter_minifirewall
|
|
|
|
- name: Configure SYSCTL_RP_FILTER in minifirewall
|
|
ansible.builtin.lineinfile:
|
|
dest: "/etc/default/minifirewall"
|
|
line: "SYSCTL_RP_FILTER='0'"
|
|
regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
|
|
create: no
|
|
when: grep_sysctl_rp_filter_minifirewall.rc == 0
|
|
|
|
- name: Adjust sysctl config (only rp_filter)
|
|
ansible.posix.sysctl:
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
sysctl_file: /etc/sysctl.d/vrrpd.conf
|
|
sysctl_set: yes
|
|
state: present
|
|
loop:
|
|
- { name: 'net.ipv4.conf.default.rp_filter', value: 0 }
|
|
- { name: 'net.ipv4.conf.all.rp_filter', value: 0 }
|
|
when: grep_sysctl_rp_filter_minifirewall.rc != 0
|
|
tags:
|
|
- vrrpd
|
|
|
|
- name: Create VRRP address
|
|
ansible.builtin.include: ip.yml
|
|
loop: "{{ vrrp_addresses }}"
|
|
loop_control:
|
|
loop_var: "vrrp_address" |