ansible-roles/vrrpd/tasks/main.yml

---
- name: Install Evolix public repositry
  import_role:
    name: evolix/apt
    tasks_from: evolix_public.yml
  tags:
    - vrrpd

- name: Install vrrpd packages
  apt:
    name: vrrpd=1.0-2.evolix
    allow_unauthenticated: yes
    state: present
  tags:
    - vrrpd

- name: Adjust sysctl config (except rp_filter)
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    sysctl_file: /etc/sysctl.d/vrrpd.conf
    sysctl_set: yes
    state: present
  loop:
    - { name: 'net.ipv4.conf.all.arp_ignore', value: 1 }
    - { name: 'net.ipv4.conf.all.arp_announce', value: 2 }
    - { name: 'net.ipv4.ip_nonlocal_bind', value: 1 }
  tags:
    - vrrpd

- name: look if rp_filter is managed by minifirewall
  command: grep "SYSCTL_RP_FILTER=" /etc/default/minifirewall
  failed_when: False
  changed_when: False
  check_mode: no
  register: grep_sysctl_rp_filter_minifirewall

- name: Configure SYSCTL_RP_FILTER in minifirewall
  lineinfile:
    dest: "/etc/default/minifirewall"
    line: "SYSCTL_RP_FILTER='0'"
    regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
    create: no
  when: grep_sysctl_rp_filter_minifirewall.rc == 0

- name: Adjust sysctl config (only rp_filter)
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    sysctl_file: /etc/sysctl.d/vrrpd.conf
    sysctl_set: yes
    state: present
  loop:
    - { name: 'net.ipv4.conf.default.rp_filter', value: 0 }
    - { name: 'net.ipv4.conf.all.rp_filter', value: 0 }
  when: grep_sysctl_rp_filter_minifirewall.rc != 0
  tags:
    - vrrpd

- name: Create VRRP address
  include_tasks: ip.yml
  loop: "{{ vrrp_addresses }}"
  loop_control:
    loop_var: "vrrp_address"