diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2018-08-27 20:36:21 +0200 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-08-27 20:37:42 +0200 |
commit | 1c9619633840a0e7588a5fdf6996faddf32e8090 (patch) | |
tree | 940c220b53d451d8d3316341c4a111db53ce7bad /ansible | |
parent | 9881c25ef9d70c442bf486f85381022432600984 (diff) | |
download | infra-1c9619633840a0e7588a5fdf6996faddf32e8090.tar.gz infra-1c9619633840a0e7588a5fdf6996faddf32e8090.tar.bz2 infra-1c9619633840a0e7588a5fdf6996faddf32e8090.tar.xz infra-1c9619633840a0e7588a5fdf6996faddf32e8090.zip |
o Disable IPv6 in LXC containers.
o Create LXC configuration from Ansible vars.
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/host_vars/knot.yml | 9 | ||||
-rw-r--r-- | ansible/knot.yml | 4 | ||||
-rw-r--r-- | ansible/roles/lxc-host/tasks/main.yml | 23 | ||||
-rw-r--r-- | ansible/roles/lxc-machine/handlers/main.yml | 6 | ||||
-rw-r--r-- | ansible/roles/lxc-machine/tasks/main.yml | 11 |
5 files changed, 53 insertions, 0 deletions
diff --git a/ansible/host_vars/knot.yml b/ansible/host_vars/knot.yml new file mode 100644 index 0000000..ec97b6a --- /dev/null +++ b/ansible/host_vars/knot.yml @@ -0,0 +1,9 @@ +lxc_containers: + sz-prod: + ipv4: + address: 10.0.3.3/24 + gateway: 10.0.3.1 + sz-test: + ipv4: + address: 10.0.3.4/24 + gateway: 10.0.3.1 diff --git a/ansible/knot.yml b/ansible/knot.yml index 136c9b3..05207b8 100644 --- a/ansible/knot.yml +++ b/ansible/knot.yml @@ -10,3 +10,7 @@ import_role: name=mosquitto-server tags: mosquitto-server become: true + - name: lxc-host + import_role: name=lxc-host + tags: lxc-host + become: true diff --git a/ansible/roles/lxc-host/tasks/main.yml b/ansible/roles/lxc-host/tasks/main.yml new file mode 100644 index 0000000..a043d4c --- /dev/null +++ b/ansible/roles/lxc-host/tasks/main.yml @@ -0,0 +1,23 @@ +--- +#- debug: +# msg: key="{{ item.key }}", ipv4="{{ item.value.ipv4 }}" +# with_dict: "{{ lxc_containers }}" +- name: Set IPv4 address + lineinfile: + path: "/var/lib/lxc/{{ item.key }}/config" + regexp: "lxc.network.ipv4 *=" + line: "lxc.network.ipv4 = {{ item.value.ipv4.address }}" + with_dict: "{{ lxc_containers }}" +- name: Set IPv4 gateway + lineinfile: + path: "/var/lib/lxc/{{ item.key }}/config" + regexp: "lxc.network.ipv4.gateway *=" + line: "lxc.network.ipv4.gateway = {{ item.value.ipv4.gateway }}" + insertafter: "lxc.network.ipv4 *=" + with_dict: "{{ lxc_containers }}" +- name: Set logfile + lineinfile: + path: "/var/lib/lxc/{{ item.key }}/config" + regexp: "lxc.logfile *=" + line: "lxc.logfile = /var/lib/lxc/{{ item.key }}/{{ item.key }}.log" + with_dict: "{{ lxc_containers }}" diff --git a/ansible/roles/lxc-machine/handlers/main.yml b/ansible/roles/lxc-machine/handlers/main.yml new file mode 100644 index 0000000..3f96231 --- /dev/null +++ b/ansible/roles/lxc-machine/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart sysctl + service: + name: systemd-sysctl.service + state: restarted + diff --git a/ansible/roles/lxc-machine/tasks/main.yml b/ansible/roles/lxc-machine/tasks/main.yml index 24d64c8..626428c 100644 --- a/ansible/roles/lxc-machine/tasks/main.yml +++ b/ansible/roles/lxc-machine/tasks/main.yml @@ -10,5 +10,16 @@ install_recommends: no with_items: - systemd-cron + - ca-certificates + - unzip + - sudo + +- name: disable ipv6 + tags: + - disable-ipv6 + copy: + dest: /etc/sysctl.d/99-disable-ipv6.conf + content: net.ipv6.conf.all.disable_ipv6=1 + notify: restart sysctl # TODO: unattended upgrades, postfix client |