turn off RAs more explicitly

2025-01-02 11:58:23 -06:00 · 2025-01-02 11:58:23 -06:00 · d64128a2e1
commit d64128a2e1
parent d442ac232e
2 changed files with 23 additions and 9 deletions
--- a/compute/playbook-host-proxmox.yaml
+++ b/compute/playbook-host-proxmox.yaml
@ -1,7 +1,7 @@
 ---
 - name: Configure Network and DNS settings on Proxmox Host
  hosts:
-    - "host20*"
+    - "host2*"
  become: true

  tasks:
@ -37,6 +37,15 @@
      notify: restart networking
      when: inventory_hostname.startswith('host2')

+    - name: Configure sysctl settings
+      template:
+        src: sysctl.conf.j2
+        dest: /etc/sysctl.d/fritzlab.conf
+        owner: root
+        group: root
+        mode: '0644'
+      notify: reload sysctl
+
    - name: Configure resolv.conf for DNS settings
      template:
        src: resolv.conf.j2
@ -124,20 +133,13 @@
        path: /mnt/iso-images/template/iso
        state: directory

-    - name: Ensure Container Templates mount point directory exists in sjc001
-      when: "'sjc001' in ansible_host"
-      ansible.builtin.file:
-        path: /mnt/container-templates/cache
-        state: directory
-
    - name: Insert/update NFS mount block in /etc/fstab in sjc001
      when: "'sjc001' in ansible_host"
      notify: reload fstab
      ansible.builtin.blockinfile:
        path: /etc/fstab
        block: |
-          nas001.sjc001.fritzlab.net:/mnt/main/iso                   /mnt/iso-images/template/iso     nfs4 rw 0 0
-          nas001.sjc001.fritzlab.net:/mnt/main/container-templates   /mnt/container-templates/cache   nfs4 rw 0 0
+          # nas001.sjc001.fritzlab.net:/mnt/main/iso                   /mnt/iso-images/template/iso     nfs4 rw 0 0
        marker: "# {mark} ANSIBLE MANAGED BLOCK for NFS mounts"
        backup: yes

@ -161,3 +163,5 @@
        state: restarted
    - name: reload fstab
      command: mount -a
+    - name: reload sysctl
+      command: sysctl --system
--- a/compute/templates/sysctl.conf.j2
+++ b/compute/templates/sysctl.conf.j2
@ -0,0 +1,10 @@
+#
+# This file is managed by Ansible, do not edit manually.
+#
+
+# disable IPv6 Router Advertisement for all VLANs except 206 (the mgmt vlan)
+{% for vlan_id, vlan_name in vlans.items() %}
+{% if not vlan_id == 206 %}
+net.ipv6.conf.vmbr{{ vlan_id }}.accept_ra = 0
+{% endif %}
+{% endfor %}