Update IPv6 configuration
This commit is contained in:
parent
a0a303e96e
commit
df4eaa1ba8
|
@ -10,5 +10,5 @@
|
|||
- auth
|
||||
- csc-packages
|
||||
- general-use
|
||||
- ipv6-disable-ra-privacy
|
||||
- static-ipv6
|
||||
- cleanup
|
||||
|
|
|
@ -14,6 +14,6 @@
|
|||
- general-use
|
||||
- general-use-gui
|
||||
- audio-client
|
||||
- ipv6-disable-ra-privacy
|
||||
- static-ipv6
|
||||
- kill-user-processes
|
||||
- cleanup
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
roles:
|
||||
- common
|
||||
- core
|
||||
- static-ipv6
|
||||
- generate-hosts
|
||||
- auth
|
||||
- csc-packages
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
roles:
|
||||
- common
|
||||
- core
|
||||
- static-ipv6
|
||||
- hardware
|
||||
- virtualization-host
|
||||
- generate-hosts
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
# IPv6 Privacy Extensions (RFC 4941)
|
||||
# ---
|
||||
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
|
||||
# to use in autoconfiguration. Privacy extensions allow using a randomly
|
||||
# generated IPv6 address, which increases privacy.
|
||||
#
|
||||
# Acceptable values:
|
||||
# 0 - don’t use privacy extensions.
|
||||
# 1 - generate privacy addresses
|
||||
# 2 - prefer privacy addresses and use them over the normal addresses.
|
||||
net.ipv6.conf.all.use_tempaddr = 0
|
||||
net.ipv6.conf.default.use_tempaddr = 0
|
|
@ -1,9 +0,0 @@
|
|||
- name: copy over ipv6 kernel configs
|
||||
copy: src={{ item.src }} dest={{ item.dest }}
|
||||
with_items:
|
||||
- { src: '10-ipv6-privacy.conf', dest: '/etc/sysctl.d/10-ipv6-privacy.conf' }
|
||||
|
||||
- name: Template disable ra
|
||||
template: src={{ item.src }} dest={{ item.dest }}
|
||||
with_items:
|
||||
- { src: '10-ipv6-disable-ra.conf', dest: '/etc/sysctl.d/10-ipv6-disable-ra.conf' }
|
|
@ -0,0 +1,11 @@
|
|||
# Disable autoconf
|
||||
net.ipv6.conf.all.autoconf=0
|
||||
net.ipv6.conf.default.autoconf=0
|
||||
|
||||
# Stop accepting router advertisments
|
||||
net.ipv6.conf.all.accept_ra=0
|
||||
net.ipv6.conf.default.accept_ra=0
|
||||
|
||||
# Do not use temporary addresses
|
||||
net.ipv6.conf.all.use_tempaddr=0
|
||||
net.ipv6.conf.default.use_tempaddr=0
|
|
@ -0,0 +1,7 @@
|
|||
- name: copy over ipv6 kernel configuration
|
||||
copy: src={{ item.src }} dest={{ item.dest }}
|
||||
with_items:
|
||||
- { src: '10-ipv6.conf', dest: '/etc/sysctl.d/10-ipv6.conf' }
|
||||
|
||||
- name: update ipv6 kernel configuration
|
||||
command: 'sysctl -w net.ipv6.conf.all.autoconf=0 net.ipv6.conf.default.autoconf=0 net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 net.ipv6.conf.all.use_tempaddr=0 net.ipv6.conf.default.use_tempaddr=0'
|
Loading…
Reference in New Issue