dfritz/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

turn off RAs more explicitly

Browse Source
This commit is contained in:
Donavan Fritz 2025-01-02 11:58:23 -06:00
parent d442ac232e
commit d64128a2e1
2 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
compute/playbook-host-proxmox.yaml
View File

@ -1,7 +1,7 @@
--- ---
- name: Configure Network and DNS settings on Proxmox Host - name: Configure Network and DNS settings on Proxmox Host
hosts: hosts:
- "host20*" - "host2*"
become: true become: true
tasks: tasks:
@ -37,6 +37,15 @@
notify: restart networking notify: restart networking
when: inventory_hostname.startswith('host2') when: inventory_hostname.startswith('host2')
- name: Configure sysctl settings
template:
src: sysctl.conf.j2
dest: /etc/sysctl.d/fritzlab.conf
owner: root
group: root
mode: '0644'
notify: reload sysctl
- name: Configure resolv.conf for DNS settings - name: Configure resolv.conf for DNS settings
template: template:
src: resolv.conf.j2 src: resolv.conf.j2
@ -124,20 +133,13 @@
path: /mnt/iso-images/template/iso path: /mnt/iso-images/template/iso
state: directory state: directory
- name: Ensure Container Templates mount point directory exists in sjc001
when: "'sjc001' in ansible_host"
ansible.builtin.file:
path: /mnt/container-templates/cache
state: directory
- name: Insert/update NFS mount block in /etc/fstab in sjc001 - name: Insert/update NFS mount block in /etc/fstab in sjc001
when: "'sjc001' in ansible_host" when: "'sjc001' in ansible_host"
notify: reload fstab notify: reload fstab
ansible.builtin.blockinfile: ansible.builtin.blockinfile:
path: /etc/fstab path: /etc/fstab
block: | block: |
nas001.sjc001.fritzlab.net:/mnt/main/iso /mnt/iso-images/template/iso nfs4 rw 0 0 # nas001.sjc001.fritzlab.net:/mnt/main/iso /mnt/iso-images/template/iso nfs4 rw 0 0
nas001.sjc001.fritzlab.net:/mnt/main/container-templates /mnt/container-templates/cache nfs4 rw 0 0
marker: "# {mark} ANSIBLE MANAGED BLOCK for NFS mounts" marker: "# {mark} ANSIBLE MANAGED BLOCK for NFS mounts"
backup: yes backup: yes
@ -161,3 +163,5 @@
state: restarted state: restarted
- name: reload fstab - name: reload fstab
command: mount -a command: mount -a
- name: reload sysctl
command: sysctl --system

10
compute/templates/sysctl.conf.j2 Normal file
View File

@ -0,0 +1,10 @@
#
# This file is managed by Ansible, do not edit manually.
#
# disable IPv6 Router Advertisement for all VLANs except 206 (the mgmt vlan)
{% for vlan_id, vlan_name in vlans.items() %}
{% if not vlan_id == 206 %}
net.ipv6.conf.vmbr{{ vlan_id }}.accept_ra = 0
{% endif %}
{% endfor %}