7c632352a0
The behaviour of the `include` module is badly defined (it try to choose between statically importing the tasks and dynamically including them) and can cause problems depending on any number of constraints (mostly if it choose the wrong behaviour). Replace it with the `import_tasks` (always statically import tasks) unless the `include` is in a loop in which case we replace it with `include_tasks` (always dynamically include tasks).
65 lines
1.6 KiB
YAML
65 lines
1.6 KiB
YAML
---
|
|
- name: Install Evolix public repositry
|
|
import_role:
|
|
name: evolix/apt
|
|
tasks_from: evolix_public.yml
|
|
tags:
|
|
- vrrpd
|
|
|
|
- name: Install vrrpd packages
|
|
apt:
|
|
name: vrrpd=1.0-2.evolix
|
|
allow_unauthenticated: yes
|
|
state: present
|
|
tags:
|
|
- vrrpd
|
|
|
|
- name: Adjust sysctl config (except rp_filter)
|
|
sysctl:
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
sysctl_file: /etc/sysctl.d/vrrpd.conf
|
|
sysctl_set: yes
|
|
state: present
|
|
loop:
|
|
- { name: 'net.ipv4.conf.all.arp_ignore', value: 1 }
|
|
- { name: 'net.ipv4.conf.all.arp_announce', value: 2 }
|
|
- { name: 'net.ipv4.ip_nonlocal_bind', value: 1 }
|
|
tags:
|
|
- vrrpd
|
|
|
|
- name: look if rp_filter is managed by minifirewall
|
|
command: grep "SYSCTL_RP_FILTER=" /etc/default/minifirewall
|
|
failed_when: False
|
|
changed_when: False
|
|
check_mode: no
|
|
register: grep_sysctl_rp_filter_minifirewall
|
|
|
|
- name: Configure SYSCTL_RP_FILTER in minifirewall
|
|
lineinfile:
|
|
dest: "/etc/default/minifirewall"
|
|
line: "SYSCTL_RP_FILTER='0'"
|
|
regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
|
|
create: no
|
|
when: grep_sysctl_rp_filter_minifirewall.rc == 0
|
|
|
|
- name: Adjust sysctl config (only rp_filter)
|
|
sysctl:
|
|
name: "{{ item.name }}"
|
|
value: "{{ item.value }}"
|
|
sysctl_file: /etc/sysctl.d/vrrpd.conf
|
|
sysctl_set: yes
|
|
state: present
|
|
loop:
|
|
- { name: 'net.ipv4.conf.default.rp_filter', value: 0 }
|
|
- { name: 'net.ipv4.conf.all.rp_filter', value: 0 }
|
|
when: grep_sysctl_rp_filter_minifirewall.rc != 0
|
|
tags:
|
|
- vrrpd
|
|
|
|
- name: Create VRRP address
|
|
include_tasks: ip.yml
|
|
loop: "{{ vrrp_addresses }}"
|
|
loop_control:
|
|
loop_var: "vrrp_address"
|