2018-09-06 22:26:57 +08:00
|
|
|
---
|
2018-08-23 22:51:52 +08:00
|
|
|
# Todo : selinux configuration
|
|
|
|
- name: Confirm selinux deployed
|
|
|
|
stat:
|
|
|
|
path: /etc/selinux/config
|
2019-11-11 23:05:41 +08:00
|
|
|
when:
|
|
|
|
- ansible_os_family == "RedHat"
|
|
|
|
- "'Amazon' not in ansible_distribution"
|
2018-08-23 22:51:52 +08:00
|
|
|
register: slc
|
|
|
|
|
|
|
|
- name: Set selinux policy
|
|
|
|
selinux:
|
|
|
|
policy: targeted
|
|
|
|
state: "{{ preinstall_selinux_state }}"
|
|
|
|
when:
|
|
|
|
- ansible_os_family == "RedHat"
|
2019-11-11 23:05:41 +08:00
|
|
|
- "'Amazon' not in ansible_distribution"
|
2019-04-17 23:42:03 +08:00
|
|
|
- slc.stat.exists
|
2018-08-23 22:51:52 +08:00
|
|
|
changed_when: False
|
|
|
|
tags:
|
|
|
|
- bootstrap-os
|
|
|
|
|
|
|
|
- name: Disable IPv6 DNS lookup
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/gai.conf
|
|
|
|
line: "precedence ::ffff:0:0/96 100"
|
|
|
|
state: present
|
2020-06-12 15:55:55 +08:00
|
|
|
create: yes
|
2018-08-23 22:51:52 +08:00
|
|
|
backup: yes
|
|
|
|
when:
|
|
|
|
- disable_ipv6_dns
|
2020-08-28 17:28:53 +08:00
|
|
|
- not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]
|
2018-08-23 22:51:52 +08:00
|
|
|
tags:
|
|
|
|
- bootstrap-os
|
|
|
|
|
|
|
|
- name: Stat sysctl file configuration
|
|
|
|
stat:
|
2019-05-03 05:24:21 +08:00
|
|
|
path: "{{ sysctl_file_path }}"
|
2018-08-23 22:51:52 +08:00
|
|
|
register: sysctl_file_stat
|
|
|
|
tags:
|
|
|
|
- bootstrap-os
|
|
|
|
|
|
|
|
- name: Change sysctl file path to link source if linked
|
|
|
|
set_fact:
|
2019-05-03 05:24:21 +08:00
|
|
|
sysctl_file_path: "{{ sysctl_file_stat.stat.lnk_source }}"
|
2018-08-23 22:51:52 +08:00
|
|
|
when:
|
|
|
|
- sysctl_file_stat.stat.islnk is defined
|
|
|
|
- sysctl_file_stat.stat.islnk
|
|
|
|
tags:
|
|
|
|
- bootstrap-os
|
|
|
|
|
2018-12-18 17:39:25 +08:00
|
|
|
- name: Make sure sysctl file path folder exists
|
|
|
|
file:
|
|
|
|
name: "{{ sysctl_file_path | dirname }}"
|
|
|
|
state: directory
|
|
|
|
|
2018-08-23 22:51:52 +08:00
|
|
|
- name: Enable ip forwarding
|
|
|
|
sysctl:
|
2019-05-03 05:24:21 +08:00
|
|
|
sysctl_file: "{{ sysctl_file_path }}"
|
2018-08-23 22:51:52 +08:00
|
|
|
name: net.ipv4.ip_forward
|
|
|
|
value: 1
|
|
|
|
state: present
|
|
|
|
reload: yes
|