86 lines
1.6 KiB
YAML
86 lines
1.6 KiB
YAML
---
|
|
- name: Install packages
|
|
package:
|
|
name:
|
|
- dnsmasq
|
|
- iptables
|
|
state: latest
|
|
|
|
|
|
- name: Template dnsmasq.d config file
|
|
template:
|
|
src: "etc/dnsmasq.d/bridge.j2"
|
|
dest: "/etc/dnsmasq.d/{{ lxc_host_bridge }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- Restart dnsmasq
|
|
|
|
|
|
- name: Template network interface config file
|
|
template:
|
|
src: "etc/network/interfaces.d/bridge.j2"
|
|
dest: "/etc/network/interfaces.d/{{ lxc_host_bridge }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
|
|
- name: dnsmasq should use /etc/resolv.conf
|
|
lineinfile:
|
|
path: /etc/default/dnsmasq
|
|
line: 'IGNORE_RESOLVCONF=yes'
|
|
regexp: '^\s*#*\s*IGNORE_RESOLVCONF=yes'
|
|
backup: yes
|
|
notify:
|
|
- Restart dnsmasq
|
|
|
|
|
|
- name: IPv4-Forwarding
|
|
sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
sysctl_file: /etc/sysctl.d/lxc.conf
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
|
|
- name: Disable lxc-net with systemd
|
|
when: ansible_service_mgr == "systemd"
|
|
block:
|
|
- name: Stop lxc-net service
|
|
systemd:
|
|
name: lxc-net
|
|
state: stopped
|
|
|
|
- name: Disable lxc-net service
|
|
systemd:
|
|
name: lxc-net
|
|
enabled: no
|
|
|
|
- name: Mask lxc-net service
|
|
systemd:
|
|
name: lxc-net
|
|
masked: yes
|
|
|
|
|
|
- name: Disable lxc-net without systemd
|
|
when: ansible_service_mgr != "systemd"
|
|
block:
|
|
- name: Disable lxc-net
|
|
service:
|
|
name: lxc-net
|
|
enabled: no
|
|
state: stopped
|
|
ignore_errors: yes
|
|
|
|
|
|
- name: "Bring up {{ lxc_host_bridge }}"
|
|
command: "ifup {{ lxc_host_bridge }}"
|
|
args:
|
|
creates: "/sys/devices/virtual/net/{{ lxc_host_bridge }}"
|
|
|
|
|