Initial commit, squashed

roles/firewall/tasks/conntrackd.yml

@@ -0,0 +1,36 @@
+- name: Install conntrack-tools
+  package:
+    name: conntrack-tools
+
+# Ensure the module is loaded before setting sysctl values.
+- name: Autoload nf_conntrack
+  lineinfile:
+    dest: /etc/modules-load.d/netfilter.conf
+    line: nf_conntrack
+    create: yes
+
+# Set required sysctl values.
+- name: Set sysctl values for conntrackd
+  copy:
+    dest: /etc/sysctl.d/
+    src: conntrackd.conf
+
+- name: Set up conntrackd
+  template:
+    dest: /etc/conntrackd/conntrackd.conf
+    src: conntrackd.conf.j2
+    mode: 0644
+  notify: restart conntrackd
+
+- name: Run conntrackd in default VRF
+  lineinfile:
+    dest: /etc/conf.d/conntrackd
+    line: 'vrf="default"'
+    regexp: '^vrf='
+  notify: restart conntrackd
+
+- name: Enable conntrackd
+  service:
+    name: conntrackd
+    enabled: yes
+    state: started