955c6f6b4a
* Fix cgroups cmdline path * Add check and variable so that we write to the correct file * Add LSB release checks. This is untested atm. * Break test into multiple lines so that we can pass lint checks * Flip logic on its head and check for existence only rather than content per contributor suggestion --------- Co-authored-by: Techno Tim <timothystewart6@gmail.com>
50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
---
|
|
- name: Test for cmdline path
|
|
stat:
|
|
path: /boot/firmware/cmdline.txt
|
|
register: boot_cmdline_path
|
|
failed_when: false
|
|
changed_when: false
|
|
|
|
- name: Set cmdline path based on Debian version and command result
|
|
set_fact:
|
|
cmdline_path: >-
|
|
{{
|
|
(
|
|
boot_cmdline_path.stat.exists and
|
|
ansible_facts.lsb.description | default('') is match('Debian.*(?!(bookworm|sid))')
|
|
) | ternary(
|
|
'/boot/firmware/cmdline.txt',
|
|
'/boot/cmdline.txt'
|
|
)
|
|
}}
|
|
|
|
- name: Activating cgroup support
|
|
lineinfile:
|
|
path: "{{ cmdline_path }}"
|
|
regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'
|
|
line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
|
|
backrefs: true
|
|
notify: reboot
|
|
|
|
- name: Install iptables
|
|
apt:
|
|
name: iptables
|
|
state: present
|
|
|
|
- name: Flush iptables before changing to iptables-legacy
|
|
iptables:
|
|
flush: true
|
|
|
|
- name: Changing to iptables-legacy
|
|
community.general.alternatives:
|
|
path: /usr/sbin/iptables-legacy
|
|
name: iptables
|
|
register: ip4_legacy
|
|
|
|
- name: Changing to ip6tables-legacy
|
|
community.general.alternatives:
|
|
path: /usr/sbin/ip6tables-legacy
|
|
name: ip6tables
|
|
register: ip6_legacy
|