b077a49e1f
* Change to FQCN with ansible-lint fixer Since ansible-base 2.10 (later ansible-core), FQCN is the new way to go. Updated .ansible-lint with a production profile and removed fqcn in skip_list. Updated .yamllint with rules needed. Ran ansible-lint --fix=all, then manually applied some minor changes. * Changed octal value in molecule/ipv6/prepare.yml
50 lines
1.3 KiB
YAML
50 lines
1.3 KiB
YAML
---
|
|
- name: Test for cmdline path
|
|
ansible.builtin.stat:
|
|
path: /boot/firmware/cmdline.txt
|
|
register: boot_cmdline_path
|
|
failed_when: false
|
|
changed_when: false
|
|
|
|
- name: Set cmdline path based on Debian version and command result
|
|
ansible.builtin.set_fact:
|
|
cmdline_path: >-
|
|
{{
|
|
(
|
|
boot_cmdline_path.stat.exists and
|
|
ansible_facts.lsb.description | default('') is match('Debian.*(?!(bookworm|sid))')
|
|
) | ternary(
|
|
'/boot/firmware/cmdline.txt',
|
|
'/boot/cmdline.txt'
|
|
)
|
|
}}
|
|
|
|
- name: Activating cgroup support
|
|
ansible.builtin.lineinfile:
|
|
path: "{{ cmdline_path }}"
|
|
regexp: ^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$
|
|
line: \1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory
|
|
backrefs: true
|
|
notify: reboot
|
|
|
|
- name: Install iptables
|
|
ansible.builtin.apt:
|
|
name: iptables
|
|
state: present
|
|
|
|
- name: Flush iptables before changing to iptables-legacy
|
|
ansible.builtin.iptables:
|
|
flush: true
|
|
|
|
- name: Changing to iptables-legacy
|
|
community.general.alternatives:
|
|
path: /usr/sbin/iptables-legacy
|
|
name: iptables
|
|
register: ip4_legacy
|
|
|
|
- name: Changing to ip6tables-legacy
|
|
community.general.alternatives:
|
|
path: /usr/sbin/ip6tables-legacy
|
|
name: ip6tables
|
|
register: ip6_legacy
|