From d64128a2e1d7c5076c4b1bbe0e6c0c6a46bc7576 Mon Sep 17 00:00:00 2001
From: Donavan Fritz <dfritz@netflix.com>
Date: Thu, 2 Jan 2025 11:58:23 -0600
Subject: [PATCH] turn off RAs more explicitly

---
 compute/playbook-host-proxmox.yaml | 22 +++++++++++++---------
 compute/templates/sysctl.conf.j2   | 10 ++++++++++
 2 files changed, 23 insertions(+), 9 deletions(-)
 create mode 100644 compute/templates/sysctl.conf.j2

diff --git a/compute/playbook-host-proxmox.yaml b/compute/playbook-host-proxmox.yaml
index 0847162..52a8bc0 100644
--- a/compute/playbook-host-proxmox.yaml
+++ b/compute/playbook-host-proxmox.yaml
@@ -1,7 +1,7 @@
 ---
 - name: Configure Network and DNS settings on Proxmox Host
   hosts:
-    - "host20*"
+    - "host2*"
   become: true
 
   tasks:
@@ -37,6 +37,15 @@
       notify: restart networking
       when: inventory_hostname.startswith('host2')
 
+    - name: Configure sysctl settings
+      template:
+        src: sysctl.conf.j2
+        dest: /etc/sysctl.d/fritzlab.conf
+        owner: root
+        group: root
+        mode: '0644'
+      notify: reload sysctl
+
     - name: Configure resolv.conf for DNS settings
       template:
         src: resolv.conf.j2
@@ -124,20 +133,13 @@
         path: /mnt/iso-images/template/iso
         state: directory
 
-    - name: Ensure Container Templates mount point directory exists in sjc001
-      when: "'sjc001' in ansible_host"
-      ansible.builtin.file:
-        path: /mnt/container-templates/cache
-        state: directory
-
     - name: Insert/update NFS mount block in /etc/fstab in sjc001
       when: "'sjc001' in ansible_host"
       notify: reload fstab
       ansible.builtin.blockinfile:
         path: /etc/fstab
         block: |
-          nas001.sjc001.fritzlab.net:/mnt/main/iso                   /mnt/iso-images/template/iso     nfs4 rw 0 0
-          nas001.sjc001.fritzlab.net:/mnt/main/container-templates   /mnt/container-templates/cache   nfs4 rw 0 0
+          # nas001.sjc001.fritzlab.net:/mnt/main/iso                   /mnt/iso-images/template/iso     nfs4 rw 0 0
         marker: "# {mark} ANSIBLE MANAGED BLOCK for NFS mounts"
         backup: yes
 
@@ -161,3 +163,5 @@
         state: restarted
     - name: reload fstab
       command: mount -a
+    - name: reload sysctl
+      command: sysctl --system
diff --git a/compute/templates/sysctl.conf.j2 b/compute/templates/sysctl.conf.j2
new file mode 100644
index 0000000..1ffc665
--- /dev/null
+++ b/compute/templates/sysctl.conf.j2
@@ -0,0 +1,10 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+# disable IPv6 Router Advertisement for all VLANs except 206 (the mgmt vlan)
+{% for vlan_id, vlan_name in vlans.items() %}
+{% if not vlan_id == 206 %}
+net.ipv6.conf.vmbr{{ vlan_id }}.accept_ra = 0
+{% endif %}
+{% endfor %}