Compare commits
No commits in common. "2f02f1eb2c55b608ae8630178e874565ce0b298a" and "998f2b05982c721ea9ff2d5a2b18dbab466e2289" have entirely different histories.
2f02f1eb2c
...
998f2b0598
5 changed files with 42 additions and 64 deletions
|
|
@ -65,6 +65,7 @@
|
|||
- acl
|
||||
- git
|
||||
- iproute2
|
||||
- logrotate
|
||||
- nftables
|
||||
- procps
|
||||
- rsync
|
||||
|
|
@ -97,11 +98,33 @@
|
|||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Enable QEMU guest agent
|
||||
when: is_virtual
|
||||
block:
|
||||
- name: Install QEMU guest agent package
|
||||
package:
|
||||
name: qemu-guest-agent
|
||||
|
||||
- name: Enable QEMU guest agent service
|
||||
service:
|
||||
name: qemu-guest-agent
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: Install automatic upgrade script
|
||||
copy:
|
||||
dest: /etc/periodic/weekly/
|
||||
src: unattended-upgrade
|
||||
mode: 0755
|
||||
|
||||
- name: Configure log rotation for automatic upgrades
|
||||
copy:
|
||||
dest: /etc/logrotate.d/unattended-upgrade
|
||||
src: unattended-upgrade.logrotate
|
||||
mode: 0644
|
||||
|
||||
- name: Set authorized SSH keys
|
||||
authorized_key:
|
||||
user: root
|
||||
exclusive: true
|
||||
key: "{{ ssh_keys | join('\n') }}"
|
||||
|
||||
- when: is_virtual
|
||||
include_tasks: vm.yml
|
||||
|
|
|
|||
|
|
@ -1,25 +0,0 @@
|
|||
- name: Install QEMU guest agent package
|
||||
package:
|
||||
name: qemu-guest-agent
|
||||
|
||||
- name: Enable QEMU guest agent service
|
||||
service:
|
||||
name: qemu-guest-agent
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: Install logrotate
|
||||
package:
|
||||
name: logrotate
|
||||
|
||||
- name: Install automatic upgrade script
|
||||
copy:
|
||||
dest: /etc/periodic/weekly/
|
||||
src: unattended-upgrade
|
||||
mode: "0755"
|
||||
|
||||
- name: Configure log rotation for automatic upgrades
|
||||
copy:
|
||||
dest: /etc/logrotate.d/unattended-upgrade
|
||||
src: unattended-upgrade.logrotate
|
||||
mode: "0644"
|
||||
|
|
@ -1,20 +1,10 @@
|
|||
{# Loopback interface must be present so create it here if none is defined in inventory. #}
|
||||
{% if not interfaces | selectattr("name", "==", "lo") %}
|
||||
{# Loopback interface must be present so define it here if none exists. #}
|
||||
{% if interfaces | rejectattr("name", "==", "lo") %}
|
||||
auto lo
|
||||
iface lo
|
||||
|
||||
{% endif -%}
|
||||
|
||||
{# Define VRFs. #}
|
||||
{% for vrf in interfaces | selectattr("vrf") | map(attribute="vrf.name") %}
|
||||
auto {{ vrf }}
|
||||
iface {{ vrf }}
|
||||
pre-up ip link add $IFACE type vrf table {{ 100 + loop.index }}
|
||||
up ip link set dev $IFACE up
|
||||
post-down ip link del $IFACE
|
||||
|
||||
{% endfor -%}
|
||||
|
||||
{# Skip disabled and OOB management interfaces. #}
|
||||
{# For VMs we have to set the attribute manually (to false) so rejectattr works. #}
|
||||
{% for iface in interfaces
|
||||
|
|
@ -23,10 +13,6 @@ iface {{ vrf }}
|
|||
| selectattr('enabled') %}
|
||||
auto {{ iface.name }}
|
||||
iface {{ iface.name }}
|
||||
{% if iface.vrf %}
|
||||
requires {{ iface.vrf.name }}
|
||||
pre-up ip link set $IFACE master {{ iface.vrf.name }}
|
||||
{% endif %}
|
||||
{% if iface.mtu %}
|
||||
mtu {{ iface.mtu }}
|
||||
{% endif %}
|
||||
|
|
@ -37,17 +23,13 @@ iface {{ iface.name }}
|
|||
{% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
|
||||
{% set gateway = prefix.custom_fields.gateway.address %}
|
||||
{% if gateway is defined and gateway != address.address %}
|
||||
{% if iface.vrf %}
|
||||
up ip route add default via {{ gateway | ipaddr('address') }} {% if iface.vrf.name %}vrf {{ iface.vrf.name }}{% endif +%}
|
||||
{% else %}
|
||||
gateway {{ gateway | ipaddr('address') }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor -%}
|
||||
|
||||
{# disable SLAAC if we have a manually set IPv6 address #}
|
||||
{% if iface.ip_addresses | selectattr("family.value", "==", 6) and iface.name != "lo" %}
|
||||
{% if iface.ip_addresses | selectattr("family.value", "==", 6) %}
|
||||
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
|
||||
{% endif %}
|
||||
|
||||
|
|
|
|||
|
|
@ -89,6 +89,19 @@
|
|||
include_tasks: firewall.yml
|
||||
when: not is_proxmox # proxmox has its own firewall configuration
|
||||
|
||||
- name: Install automatic upgrade package
|
||||
package:
|
||||
name: unattended-upgrades
|
||||
|
||||
- name: Configure automatic upgrades
|
||||
lineinfile:
|
||||
path: /etc/apt/apt.conf.d/20auto-upgrades
|
||||
create: yes
|
||||
line: '{{ item }}'
|
||||
loop:
|
||||
- 'APT::Periodic::Update-Package-Lists "1";'
|
||||
- 'APT::Periodic::Unattended-Upgrade "1";'
|
||||
|
||||
- name: Run SSH instance in management VRF
|
||||
when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt')
|
||||
block:
|
||||
|
|
@ -111,6 +124,3 @@
|
|||
name: sshd@mgmt
|
||||
enabled: yes
|
||||
notify: reboot
|
||||
|
||||
- when: is_virtual
|
||||
include_tasks: vm.yml
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
- name: Install automatic upgrade package
|
||||
package:
|
||||
name: unattended-upgrades
|
||||
|
||||
- name: Configure automatic upgrades
|
||||
lineinfile:
|
||||
path: /etc/apt/apt.conf.d/20auto-upgrades
|
||||
create: yes
|
||||
line: '{{ item }}'
|
||||
loop:
|
||||
- 'APT::Periodic::Update-Package-Lists "1";'
|
||||
- 'APT::Periodic::Unattended-Upgrade "1";'
|
||||
Loading…
Add table
Add a link
Reference in a new issue