2017-05-10 14:06:03 +02:00
|
|
|
---
|
2024-02-06 08:40:55 +01:00
|
|
|
|
2017-05-21 11:00:46 +02:00
|
|
|
- name: Install Evolix public repositry
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.include_role:
|
2019-11-29 14:00:25 +01:00
|
|
|
name: evolix/apt
|
2017-05-23 15:13:11 +02:00
|
|
|
tasks_from: evolix_public.yml
|
2022-04-22 09:32:37 +02:00
|
|
|
tags:
|
|
|
|
|
- vrrpd
|
2017-05-21 11:00:46 +02:00
|
|
|
|
2017-05-10 14:06:03 +02:00
|
|
|
- name: Install vrrpd packages
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.apt:
|
2017-05-10 14:06:03 +02:00
|
|
|
name: vrrpd=1.0-2.evolix
|
|
|
|
|
allow_unauthenticated: yes
|
|
|
|
|
state: present
|
|
|
|
|
tags:
|
2022-04-22 09:32:37 +02:00
|
|
|
- vrrpd
|
2017-05-10 14:06:03 +02:00
|
|
|
|
2023-11-29 09:23:22 +01:00
|
|
|
- name: install custom switch script
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
src: vrrp_switch.sh
|
|
|
|
|
dest: /etc/vrrpd/vrrp_switch
|
|
|
|
|
mode: "0700"
|
|
|
|
|
owner: "root"
|
|
|
|
|
group: "root"
|
|
|
|
|
force: "{{ vrrp_force_update_switch_script | bool | ternary('yes','no') }}"
|
|
|
|
|
|
2022-06-17 10:54:26 +02:00
|
|
|
- name: Adjust sysctl config (except rp_filter)
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.posix.sysctl:
|
2017-05-10 14:06:03 +02:00
|
|
|
name: "{{ item.name }}"
|
|
|
|
|
value: "{{ item.value }}"
|
2022-04-22 09:32:37 +02:00
|
|
|
sysctl_file: /etc/sysctl.d/vrrpd.conf
|
2017-05-10 14:06:03 +02:00
|
|
|
sysctl_set: yes
|
|
|
|
|
state: present
|
2021-05-04 14:18:40 +02:00
|
|
|
loop:
|
2021-08-27 11:01:26 +02:00
|
|
|
- { name: 'net.ipv4.conf.all.arp_ignore', value: 1 }
|
|
|
|
|
- { name: 'net.ipv4.conf.all.arp_announce', value: 2 }
|
|
|
|
|
- { name: 'net.ipv4.ip_nonlocal_bind', value: 1 }
|
2017-05-10 14:06:03 +02:00
|
|
|
tags:
|
2022-04-22 09:32:37 +02:00
|
|
|
- vrrpd
|
2022-06-17 10:54:26 +02:00
|
|
|
|
|
|
|
|
- name: look if rp_filter is managed by minifirewall
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.command:
|
|
|
|
|
cmd: grep "SYSCTL_RP_FILTER=" /etc/default/minifirewall
|
2022-06-17 10:54:26 +02:00
|
|
|
failed_when: False
|
|
|
|
|
changed_when: False
|
|
|
|
|
check_mode: no
|
|
|
|
|
register: grep_sysctl_rp_filter_minifirewall
|
|
|
|
|
|
|
|
|
|
- name: Configure SYSCTL_RP_FILTER in minifirewall
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2022-06-17 10:54:26 +02:00
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SYSCTL_RP_FILTER='0'"
|
|
|
|
|
regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: grep_sysctl_rp_filter_minifirewall.rc == 0
|
|
|
|
|
|
|
|
|
|
- name: Adjust sysctl config (only rp_filter)
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.posix.sysctl:
|
2022-06-17 10:54:26 +02:00
|
|
|
name: "{{ item.name }}"
|
|
|
|
|
value: "{{ item.value }}"
|
|
|
|
|
sysctl_file: /etc/sysctl.d/vrrpd.conf
|
|
|
|
|
sysctl_set: yes
|
|
|
|
|
state: present
|
|
|
|
|
loop:
|
|
|
|
|
- { name: 'net.ipv4.conf.default.rp_filter', value: 0 }
|
|
|
|
|
- { name: 'net.ipv4.conf.all.rp_filter', value: 0 }
|
|
|
|
|
when: grep_sysctl_rp_filter_minifirewall.rc != 0
|
|
|
|
|
tags:
|
|
|
|
|
- vrrpd
|
|
|
|
|
|
|
|
|
|
- name: Create VRRP address
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.include: ip.yml
|
2022-06-17 10:54:26 +02:00
|
|
|
loop: "{{ vrrp_addresses }}"
|
|
|
|
|
loop_control:
|
2024-02-06 08:40:55 +01:00
|
|
|
loop_var: "vrrp_address"
|
