Commit 2418b9d1 authored by Maciej Delmanowski's avatar Maciej Delmanowski

Merge branch 'drybjed-remove-accept_ra'

parents 097d3379 23ff2113
Pipeline #19428628 passed with stages
in 6 minutes and 6 seconds
......@@ -103,6 +103,13 @@ Removed
- The ``debops-contrib.kernel_module`` Ansible role has been removed; it was
replaced by the new :ref:`debops.kmod` Ansible role.
- [debops.ferm] The ``ferm-forward`` hook script in the
:file:`/etc/network/if-pre-up.d/` directory has been removed (existing
instances will be cleaned up). Recent changes in the :ref:`debops.ferm` role
broke idempotency with the :ref:`debops.ifupdown` role, and it was determined
that the functionality provided by the hook is no longer needed, recent OS
releases should deal with it adequately.
`debops v0.7.0`_ - 2018-02-11
-----------------------------
......
......@@ -23,6 +23,12 @@
from __future__ import (absolute_import, division, print_function)
from operator import itemgetter
try:
unicode = unicode
except ImportError:
# py3
unicode = str
__metaclass__ = type
......
......@@ -173,22 +173,10 @@
when: ferm__register_sysctl.changed | bool
tags: [ 'role::ferm:rules' ]
- name: Ensure that /etc/network/if-pre-up.d exists
- name: Remove deprecated ifupdown hook
file:
path: '/etc/network/if-pre-up.d'
state: 'directory'
owner: 'root'
group: 'root'
mode: '0755'
- name: Configure forwarding in ifupdown if enabled
template:
src: 'etc/network/if-pre-up.d/ferm-forward.j2'
dest: '/etc/network/if-pre-up.d/ferm-forward'
owner: 'root'
group: 'root'
mode: '0755'
tags: [ 'role::ferm:rules' ]
path: '/etc/network/if-pre-up.d/ferm-forward'
state: 'absent'
- name: Disable ferm after changes when requested
lineinfile:
......
#!/bin/bash
# {{ ansible_managed }}
ferm_enabled="{{ ferm__enabled | bool | lower }}"
ferm_forward="{{ ferm__forward | bool | lower }}"
ferm_ipv6_enabled="{{ 'true' if ('ip6' in ferm__domains) else 'false' }}"
readarray -t ferm_interfaces <<< "{{ (ferm__external_interfaces|d([])|list + ferm__internal_interfaces|d([])|list) | join(' ') }}"
if [ "${ferm_enabled}" = "true" ] && [ "${ferm_forward}" = "true" ] && [ "${ferm_ipv6_enabled}" = "true" ] ; then
for interface in "${ferm_interfaces[@]}" ; do
if [ "${IFACE}" = "${interface}" ] ; then
# Force Router Advertisement support on a given interface
sysctl -w "net.ipv6.conf.${IFACE}.accept_ra=2"
fi
done
fi
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment