Update IPv6 configuration
This commit is contained in:
parent
a0a303e96e
commit
df4eaa1ba8
|
@ -10,5 +10,5 @@
|
||||||
- auth
|
- auth
|
||||||
- csc-packages
|
- csc-packages
|
||||||
- general-use
|
- general-use
|
||||||
- ipv6-disable-ra-privacy
|
- static-ipv6
|
||||||
- cleanup
|
- cleanup
|
||||||
|
|
|
@ -14,6 +14,6 @@
|
||||||
- general-use
|
- general-use
|
||||||
- general-use-gui
|
- general-use-gui
|
||||||
- audio-client
|
- audio-client
|
||||||
- ipv6-disable-ra-privacy
|
- static-ipv6
|
||||||
- kill-user-processes
|
- kill-user-processes
|
||||||
- cleanup
|
- cleanup
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
roles:
|
roles:
|
||||||
- common
|
- common
|
||||||
- core
|
- core
|
||||||
|
- static-ipv6
|
||||||
- generate-hosts
|
- generate-hosts
|
||||||
- auth
|
- auth
|
||||||
- csc-packages
|
- csc-packages
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
roles:
|
roles:
|
||||||
- common
|
- common
|
||||||
- core
|
- core
|
||||||
|
- static-ipv6
|
||||||
- hardware
|
- hardware
|
||||||
- virtualization-host
|
- virtualization-host
|
||||||
- generate-hosts
|
- generate-hosts
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
# IPv6 Privacy Extensions (RFC 4941)
|
|
||||||
# ---
|
|
||||||
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
|
|
||||||
# to use in autoconfiguration. Privacy extensions allow using a randomly
|
|
||||||
# generated IPv6 address, which increases privacy.
|
|
||||||
#
|
|
||||||
# Acceptable values:
|
|
||||||
# 0 - don’t use privacy extensions.
|
|
||||||
# 1 - generate privacy addresses
|
|
||||||
# 2 - prefer privacy addresses and use them over the normal addresses.
|
|
||||||
net.ipv6.conf.all.use_tempaddr = 0
|
|
||||||
net.ipv6.conf.default.use_tempaddr = 0
|
|
|
@ -1,9 +0,0 @@
|
||||||
- name: copy over ipv6 kernel configs
|
|
||||||
copy: src={{ item.src }} dest={{ item.dest }}
|
|
||||||
with_items:
|
|
||||||
- { src: '10-ipv6-privacy.conf', dest: '/etc/sysctl.d/10-ipv6-privacy.conf' }
|
|
||||||
|
|
||||||
- name: Template disable ra
|
|
||||||
template: src={{ item.src }} dest={{ item.dest }}
|
|
||||||
with_items:
|
|
||||||
- { src: '10-ipv6-disable-ra.conf', dest: '/etc/sysctl.d/10-ipv6-disable-ra.conf' }
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
# Disable autoconf
|
||||||
|
net.ipv6.conf.all.autoconf=0
|
||||||
|
net.ipv6.conf.default.autoconf=0
|
||||||
|
|
||||||
|
# Stop accepting router advertisments
|
||||||
|
net.ipv6.conf.all.accept_ra=0
|
||||||
|
net.ipv6.conf.default.accept_ra=0
|
||||||
|
|
||||||
|
# Do not use temporary addresses
|
||||||
|
net.ipv6.conf.all.use_tempaddr=0
|
||||||
|
net.ipv6.conf.default.use_tempaddr=0
|
|
@ -0,0 +1,7 @@
|
||||||
|
- name: copy over ipv6 kernel configuration
|
||||||
|
copy: src={{ item.src }} dest={{ item.dest }}
|
||||||
|
with_items:
|
||||||
|
- { src: '10-ipv6.conf', dest: '/etc/sysctl.d/10-ipv6.conf' }
|
||||||
|
|
||||||
|
- name: update ipv6 kernel configuration
|
||||||
|
command: 'sysctl -w net.ipv6.conf.all.autoconf=0 net.ipv6.conf.default.autoconf=0 net.ipv6.conf.all.accept_ra=0 net.ipv6.conf.default.accept_ra=0 net.ipv6.conf.all.use_tempaddr=0 net.ipv6.conf.default.use_tempaddr=0'
|
Loading…
Reference in New Issue