From 5ef6f886e49dbaedbad851d119a9aa0b5906de77 Mon Sep 17 00:00:00 2001 From: Murat Aybars <39916128+aybarsm@users.noreply.github.com> Date: Sat, 13 Jul 2024 15:16:51 +0100 Subject: [PATCH] Role: network :: consolidation phase #1 --- roles/ansible/vars/main.yml | 12 +++ roles/auth/tasks/ssh.yml | 2 +- roles/network/defaults/main.yml | 83 +++++++++++++++++++ roles/network/handlers/main.yml | 76 +++++++++++++++++ roles/network/meta/main.yml | 0 roles/network/tasks/hosts.yml | 9 ++ roles/network/tasks/interfaces.yml | 20 +++++ roles/network/tasks/main.yml | 32 +++++++ roles/network/tasks/sysctl.yml | 16 ++++ roles/network/tasks/systemd.yml | 42 ++++++++++ roles/network/templates/etc/hosts.j2 | 15 ++++ .../templates/etc/network/interfaces.j2 | 48 +++++++++++ .../templates/etc/systemd/network/unit.j2 | 8 ++ roles/network/vars/main.yml | 65 +++++++++++++++ roles/posix/tasks/sysctl.yml | 2 +- 15 files changed, 428 insertions(+), 2 deletions(-) create mode 100644 roles/network/defaults/main.yml create mode 100644 roles/network/handlers/main.yml create mode 100644 roles/network/meta/main.yml create mode 100644 roles/network/tasks/hosts.yml create mode 100644 roles/network/tasks/interfaces.yml create mode 100644 roles/network/tasks/main.yml create mode 100644 roles/network/tasks/sysctl.yml create mode 100644 roles/network/tasks/systemd.yml create mode 100644 roles/network/templates/etc/hosts.j2 create mode 100644 roles/network/templates/etc/network/interfaces.j2 create mode 100644 roles/network/templates/etc/systemd/network/unit.j2 create mode 100644 roles/network/vars/main.yml diff --git a/roles/ansible/vars/main.yml b/roles/ansible/vars/main.yml index cae4b75..7f0b17d 100644 --- a/roles/ansible/vars/main.yml +++ b/roles/ansible/vars/main.yml @@ -30,6 +30,18 @@ __ansible__config: apt_key: uniques: ['keyserver', 'url', 'id', 'file' ,'data'] aliases: {} + find: + required: ['paths'] + aliases: + excludes: ['exclude'] + paths: ['name', 'path'] + patterns: ['pattern'] + posix: + sysctl: + required: ['name', 'value'] + aliases: + name: ['key'] + value: ['val'] community: general: sudoers: diff --git a/roles/auth/tasks/ssh.yml b/roles/auth/tasks/ssh.yml index 72aa949..655a413 100644 --- a/roles/auth/tasks/ssh.yml +++ b/roles/auth/tasks/ssh.yml @@ -1,4 +1,5 @@ --- +# TODO: Renew SSH host keys only once - name: Apply ssh daemon configuration become: true ansible.builtin.template: @@ -42,4 +43,3 @@ when: - auth__ssh_changes_strategy.module is defined - auth__ssh_changes_strategy.immediate | default(false) | bool - \ No newline at end of file diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml new file mode 100644 index 0000000..336d31e --- /dev/null +++ b/roles/network/defaults/main.yml @@ -0,0 +1,83 @@ +network__role_enabled: false + +network__manage_systemd: false +network__manage_interfaces: false +network__manage_sysctl: false +network__manage_hosts: false + +network__default: [] +network__group: [] +network__host: [] + +##### BEGIN: network systemd vars +# Ensures system manager is systemd - ansible_service_mgr == "systemd" +network__systemd_ensure_service_manager: true +network__systemd_apply_changes: false +network__systemd_backup: true +network__systemd_cleanup: false +network__systemd_cleanup_use_regex: true +# Naming scheme to be used with aybarsm.linux.grub role to avoid kernel naming conflicts +# i.e. grub cmdline :: net.naming-scheme=v252 +# Consult: https://manpages.debian.org/bookworm/systemd/systemd.net-naming-scheme.7.en.html +network__systemd_naming_scheme: "v252" +network__systemd_dir: /etc/systemd/network +network__systemd_template: etc/systemd/network/unit.j2 +network__systemd_change_strategy: +# Available modules: systemd_service +# Set module other than available options to disable applying changes + module: systemd_service +# immediate can be true or false (Flushes the handlers immediately) + immediate: false +# Use name for service or systemd_service module + name: 'systemd-networkd.service' + state: reloaded +##### END: network systemd vars + +##### BEGIN: network interfaces vars +network__interfaces_file: /etc/network/interfaces +# Keep the loopback interface in the file +network__interfaces_keep_lo: true +# The location of the source line in the file (controversial topic) +network__interfaces_source_position: bottom +network__interfaces_source_line: "source /etc/network/interfaces.d/*" + +network__interfaces_backup: true +network__interfaces_template: etc/network/interfaces.j2 + +# iface XXX inet {manual|static|dhcp} +# Manual method only INCLUDES selected options whereas static and dhcp methods EXCLUDES selected options +network__interfaces_manual_includes: [] +network__interfaces_static_excludes: [] +network__interfaces_dhcp_excludes: [ + 'address', 'netmask', 'gateway', 'broadcast', 'network', 'dns-nameservers', 'dns-search', + 'dns-domain', 'dns-domain-search', 'dns-options', 'dns-sortlist', 'dns-opts'] + +network__interfaces_change_strategy: +# Available modules: service, systemd_service, or command +# Set module other than available options to disable applying changes + module: service +# immediate can be true or false (Flushes the handlers immediately) + immediate: false +# Use name for service or systemd_service module + name: 'networking.service' +# Use cmd for command module +# cmd: ifreload -a + state: restarted +##### END: network interfaces vars + +##### BEGIN: network sysctl vars +# No specific configuration is required for sysctl +##### END: network sysctl vars + +##### BEGIN: network hosts vars +network__hosts_file: /etc/hosts +network__hosts_template: etc/hosts.j2 +network__hosts_backup: true + +# If enabled, the ansible inventory will be collected automatically +# and will be appended to the list of hosts, when ansible_host (ip address) is defined. +# ip: ansible_host, hostname: inventory_hostname_short, fqdn: inventory_hostname +network__hosts_auto_discovery: false +# Consult https://docs.ansible.com/ansible/latest/inventory_guide/intro_patterns.html for more information +network__hosts_auto_discovery_inventories: 'webservers:&atlanta' +##### END: network hosts vars \ No newline at end of file diff --git a/roles/network/handlers/main.yml b/roles/network/handlers/main.yml new file mode 100644 index 0000000..bba5575 --- /dev/null +++ b/roles/network/handlers/main.yml @@ -0,0 +1,76 @@ +--- +- name: Apply network interfaces changes via systemd service module + become: true + ansible.builtin.systemd_service: + daemon_reexec: "{{ service.daemon_reexec | default(omit) | bool }}" + daemon_reload: "{{ service.daemon_reload | default(omit) | bool }}" + enabled: "{{ service.enabled | default(omit) | bool }}" + force: "{{ service.force | default(omit) | bool }}" + masked: "{{ service.masked | default(omit) | bool }}" + name: "{{ service.name }}" + no_block : "{{ service.no_block | default(omit) | bool }}" + scope: "{{ service.scope | default(omit) }}" + state: "{{ service.state | default(omit) }}" + vars: + service: "{{ network__interfaces_change_strategy | aybarsm.helper.replace_aliases(__ansible__config.modules.ansible.builtin.systemd_service.aliases) }}" + register: network__interfaces_apply_changes_systemd_service + listen: "network__interfaces_apply_changes" + when: + - network__interfaces_change_strategy.module is defined + - network__interfaces_change_strategy.module == 'systemd_service' + +- name: Apply network interfaces changes via service module + become: true + ansible.builtin.service: + arguments: "{{ service.arguments | default(omit) }}" + enabled: "{{ service.enabled | default(omit) }}" + name: "{{ service.name }}" + pattern: "{{ service.pattern | default(omit) }}" + runlevel: "{{ service.runlevel | default(omit) }}" + sleep: "{{ service.sleep | default(omit) }}" + state: "{{ service.state | default(omit) }}" + use: "{{ service.use | default(omit) }}" + vars: + service: "{{ network__interfaces_change_strategy | aybarsm.helper.replace_aliases(__ansible__config.modules.ansible.builtin.service.aliases) }}" + register: network__interfaces_apply_changes_service + listen: "network__interfaces_apply_changes" + when: + - network__interfaces_change_strategy.module is defined + - network__interfaces_change_strategy.module == 'service' + +- name: Apply network interfaces changes via command module + become: true + ansible.builtin.command: + chdir: "{{ network__interfaces_change_strategy.chdir | default(omit) }}" + cmd: "{{ network__interfaces_change_strategy.cmd }}" + creates: "{{ network__interfaces_change_strategy.creates | default(omit) }}" + removes: "{{ network__interfaces_change_strategy.removes | default(omit) }}" + stdin: "{{ network__interfaces_change_strategy.stdin | default(omit) }}" + stdin_add_newline: "{{ network__interfaces_change_strategy.stdin_add_newline | default(omit) }}" + strip_empty_ends: "{{ network__interfaces_change_strategy.strip_empty_ends | default(omit) }}" + changed_when: true + register: network__interfaces_apply_changes_command + listen: "network__interfaces_apply_changes" + when: + - network__interfaces_change_strategy.module is defined + - network__interfaces_change_strategy.module == 'command' + +- name: Apply systemd network changes via systemd service module + become: true + ansible.builtin.systemd_service: + daemon_reexec: "{{ service.daemon_reexec | default(omit) | bool }}" + daemon_reload: "{{ service.daemon_reload | default(omit) | bool }}" + enabled: "{{ service.enabled | default(omit) | bool }}" + force: "{{ service.force | default(omit) | bool }}" + masked: "{{ service.masked | default(omit) | bool }}" + name: "{{ service.name }}" + no_block : "{{ service.no_block | default(omit) | bool }}" + scope: "{{ service.scope | default(omit) }}" + state: "{{ service.state | default(omit) }}" + vars: + service: "{{ network__systemd_change_strategy | aybarsm.helper.replace_aliases(__ansible__config.modules.ansible.builtin.systemd_service.aliases) }}" + register: network__systemd_apply_changes_systemd_service + listen: "network__systemd_apply_changes" + when: + - network__systemd_change_strategy.module is defined + - network__systemd_change_strategy.module == 'systemd_service' \ No newline at end of file diff --git a/roles/network/meta/main.yml b/roles/network/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/network/tasks/hosts.yml b/roles/network/tasks/hosts.yml new file mode 100644 index 0000000..7d67f65 --- /dev/null +++ b/roles/network/tasks/hosts.yml @@ -0,0 +1,9 @@ +--- +- name: Deploy network hosts file configuration + become: true + ansible.builtin.template: + src: "{{ network__hosts_template }}" + dest: "{{ network__hosts_file }}" + backup: "{{ network__hosts_backup | default(omit) | bool }}" + when: (network__hosts_all_ipv4 | default([]) | length > 0) or (network__hosts_all_ipv6 | default([]) | length > 0) + register: network__hosts_deploy diff --git a/roles/network/tasks/interfaces.yml b/roles/network/tasks/interfaces.yml new file mode 100644 index 0000000..b98ec2e --- /dev/null +++ b/roles/network/tasks/interfaces.yml @@ -0,0 +1,20 @@ +--- +- name: Deploy network interfaces file configuration + become: true + ansible.builtin.template: + src: "{{ network__interfaces_template }}" + dest: "{{ network__interfaces_file }}" + backup: "{{ network__interfaces_backup | default(omit) | bool }}" + mode: "0644" + when: + - network__interfaces_all | type_debug == 'list' + - network__interfaces_all | length > 0 + register: network__interfaces_deploy + notify: "network__interfaces_apply_changes" + +- name: Apply network interfaces file changes + ansible.builtin.meta: 'flush_handlers' + when: + - network__interfaces_change_strategy.module is defined + - network__interfaces_change_strategy.module in __network_interfaces_available_change_modules + - network__interfaces_change_strategy.immediate | default(false) | bool diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml new file mode 100644 index 0000000..9a4f20e --- /dev/null +++ b/roles/network/tasks/main.yml @@ -0,0 +1,32 @@ +--- +# Required for configuration management +- name: Load aybarsm ansible role main variables + ansible.builtin.include_vars: ../ansible/vars/main.yml + +- name: Include systemd network tasks + ansible.builtin.include_tasks: + file: systemd.yml + when: + - network__role_enabled | default(false) | bool + - network__manage_systemd | default(false) | bool + +- name: Include interfaces tasks + ansible.builtin.include_tasks: + file: interfaces.yml + when: + - network__role_enabled | default(false) | bool + - network__manage_interfaces | default(false) | bool + +- name: Include posix sysctl tasks + ansible.builtin.include_tasks: + file: sysctl.yml + when: + - network__role_enabled | default(false) | bool + - network__manage_sysctl | default(false) | bool + +- name: Include hosts tasks + ansible.builtin.include_tasks: + file: hosts.yml + when: + - network__role_enabled | default(false) | bool + - network__manage_hosts | default(false) | bool \ No newline at end of file diff --git a/roles/network/tasks/sysctl.yml b/roles/network/tasks/sysctl.yml new file mode 100644 index 0000000..2c5dbf5 --- /dev/null +++ b/roles/network/tasks/sysctl.yml @@ -0,0 +1,16 @@ +--- +- name: Deploy posix sysctl configuration + become: true + ansible.posix.sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + ignoreerrors: "{{ item.ignoreerrors | default(omit) | bool }}" + reload: "{{ item.reload | default(omit) | bool }}" + state: "{{ item.state | default(omit) }}" + sysctl_file: "{{ item.sysctl_file | default(omit) }}" + sysctl_set: "{{ item.sysctl_set | default(omit) | bool }}" + loop: "{{ network__sysctl_all }}" + register: network__sysctl_deploy + when: + - network__sysctl_all | type_debug == 'list' + - network__sysctl_all | length > 0 diff --git a/roles/network/tasks/systemd.yml b/roles/network/tasks/systemd.yml new file mode 100644 index 0000000..f4d91e8 --- /dev/null +++ b/roles/network/tasks/systemd.yml @@ -0,0 +1,42 @@ +--- +- name: Find unexpected systemd-network unit files + become: true + ansible.builtin.find: + paths: "{{ network__systemd_dir }}" + patterns: "{{ network__systemd_cleanup_patterns | default(omit) }}" + use_regex: "{{ network__systemd_cleanup_use_regex | default(omit) | bool }}" + register: network__systemd_find_cleanup_files + when: network__systemd_cleanup | default(false) | bool + +- name: Remove unexpected systemd-network unit files + become: true + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: "{{ network__systemd_find_cleanup_files.files | map(attribute='path') }}" + register: systemd__network_cleanup_files + notify: network__systemd_apply_changes + when: + - network__systemd_cleanup | default(false) | bool + - network__systemd_find_cleanup_files.files | length > 0 + +- name: Deploy systemd-network unit files + become: true + ansible.builtin.template: + src: "{{ network__systemd_template }}" + dest: "{{ network__systemd_dir }}/{{ item.name }}" + backup: "{{ network__systemd_backup | default(omit) | bool }}" + mode: "0644" + loop: "{{ network__systemd_all }}" + register: systemd__network_deploy + notify: network__systemd_apply_changes + when: + - network__systemd_all | type_debug == 'list' + - network__systemd_all | length > 0 + +- name: Apply network systemd changes + ansible.builtin.meta: 'flush_handlers' + when: + - network__systemd_change_strategy.moduele is defined + - network__systemd_change_strategy.module in __network_systemd_available_change_modules + - network__systemd_change_strategy.immediate | default(false) | bool \ No newline at end of file diff --git a/roles/network/templates/etc/hosts.j2 b/roles/network/templates/etc/hosts.j2 new file mode 100644 index 0000000..de4d63b --- /dev/null +++ b/roles/network/templates/etc/hosts.j2 @@ -0,0 +1,15 @@ +127.0.0.1 localhost.localdomain localhost +{% for ipv4_host in network__hosts_all_ipv4 %} +{{ ipv4_host.ip }} {{ ipv4_host.fqdn }} {{ ipv4_host.hostname }} +{% endfor %} + +# The following lines are desirable for IPv6 capable hosts +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts +{% for ipv6_host in network__hosts_all_ipv6 %} +{{ ipv6_host.ip }} {{ ipv6_host.fqdn }} {{ ipv6_host.hostname }} +{% endfor %} \ No newline at end of file diff --git a/roles/network/templates/etc/network/interfaces.j2 b/roles/network/templates/etc/network/interfaces.j2 new file mode 100644 index 0000000..ded3602 --- /dev/null +++ b/roles/network/templates/etc/network/interfaces.j2 @@ -0,0 +1,48 @@ +{{ ansible_managed | comment }} + +{% if network__interfaces_source_position == 'top' %} +{{ network__interfaces_source_line }} + +{% endif %} +{% if network__interfaces_keep_lo | bool %} +# The loopback network interface +auto lo +iface lo inet loopback +{% endif %} + +{% for iface in network__interfaces_all %} +{% if 'mount' in iface and iface.mount != 'None' %} +{{ iface.mount }} {{ iface.name }} +{% endif %} +{% for addr_family in ['inet', 'inet6'] %} +{% if addr_family in iface %} +{% set ifaceMethod = iface[addr_family] | selectattr('name', 'equalto', 'method') | map(attribute='value') | first | default('') %} +{% if ifaceMethod in ['static', 'dhcp', 'manual'] %} +{% set ifaceParamsExclude = ['method'] %} +{% set ifaceParamsInclude = [] %} +{% if ifaceMethod == 'static' %} +{% set ifaceParamsExclude = ifaceParamsExclude + (network__interfaces_static_excludes | default([])) %} +{% elif ifaceMethod == 'dhcp' %} +{% set ifaceParamsExclude = ifaceParamsExclude + (network__interfaces_dhcp_excludes | default([])) %} +{% elif ifaceMethod == 'manual' %} +{% set ifaceParamsInclude = ifaceParamsInclude + (network__interfaces_manual_includes | default([])) %} +{% endif %} +{% set ifaceParams = iface[addr_family] %} +{% if ifaceParamsInclude | length > 0 %} +{% set ifaceParams = ifaceParams | selectattr('name', 'in', ifaceParamsInclude) %} +{% endif %} +{% if ifaceParamsExclude | length > 0 %} +{% set ifaceParams = ifaceParams | rejectattr('name', 'in', ifaceParamsExclude) %} +{% endif %} +iface {{ iface.name }} {{ addr_family }} {{ ifaceMethod }} +{% if ifaceParams | length > 0 %} +{{ ifaceParams | aybarsm.helper.to_querystring('name', 'value', ' ', '\n') | indent(4, true) }} +{% endif %} +{% endif %} + +{% endif %} +{% endfor %} +{% endfor %} +{% if network__interfaces_source_position != 'top' %} +{{ network__interfaces_source_line }} +{% endif %} \ No newline at end of file diff --git a/roles/network/templates/etc/systemd/network/unit.j2 b/roles/network/templates/etc/systemd/network/unit.j2 new file mode 100644 index 0000000..dbe78e2 --- /dev/null +++ b/roles/network/templates/etc/systemd/network/unit.j2 @@ -0,0 +1,8 @@ +{{ ansible_managed | comment }} + +{% for section in item.children %} +{% set sectionName = ('[' if (section.name | first) != '[' else '') + (section.name | title) + (']' if (section.name | last) != ']' else '') %} +{{ sectionName }} +{{ section.children | aybarsm.helper.to_querystring('name', 'value', '=', '\n') }} + +{% endfor %} \ No newline at end of file diff --git a/roles/network/vars/main.yml b/roles/network/vars/main.yml new file mode 100644 index 0000000..34c96a7 --- /dev/null +++ b/roles/network/vars/main.yml @@ -0,0 +1,65 @@ +##### BEGIN: network systemd vars +__network_systemd_available_change_modules: ['systemd_service'] + +network__systemd_all: "{{ (network__host + network__group + network__default) | + selectattr('type', 'defined') | selectattr('type', 'equalto', 'systemd') | + selectattr('name', 'defined') | selectattr('name', 'search', '\\.(network|link|netdev)$') | selectattr('children', 'defined') | + aybarsm.helper.unique_recursive(attributes='name', recurse='children') }}" + +__network__systemd_names: "{{ network__systemd_all | map(attribute='name') }}" +# Escape file names defined in network__systemd_all +__network__systemd_cleanup_regex: + - "^({{ __network__systemd_names | select('match', '.*\\.link$') | map('replace', '.link', '') | join('|') }})\\.link$" + - "^({{ __network__systemd_names | select('match', '.*\\.netdev$') | map('replace', '.netdev', '') | join('|') }})\\.netdev$" + - "^({{ __network__systemd_names | select('match', '.*\\.network$') | map('replace', '.network', '') | join('|') }})\\.network$" +# Escape backup files: + - "^.*\\.\\d+\\.\\d{4}-\\d{2}-\\d{2}@\\d{2}:\\d{2}:\\d{2}~$" + +# Join regex expressions +network__systemd_cleanup_patterns: ["(?!{{ __network__systemd_cleanup_regex | join('|') }})"] +##### END: network systemd vars + +##### BEGIN: network interfaces vars +__network_interfaces_available_change_modules: ['service', 'systemd_service', 'command'] + +network__interfaces_all: "{{ + [(network__default | selectattr('type', 'defined') | selectattr('type', 'equalto', 'interface') | selectattr('name', 'defined')), + (network__group | selectattr('type', 'defined') | selectattr('type', 'equalto', 'interface') | selectattr('name', 'defined')), + (network__host | selectattr('type', 'defined') | selectattr('type', 'equalto', 'interface') | selectattr('name', 'defined'))] | + community.general.lists_mergeby('name', recursive=true, list_merge='prepend') | + aybarsm.helper.unique_recursive(attributes='name', recurse='inet') | aybarsm.helper.unique_recursive(attributes='name', recurse='inet6') }}" +##### END: network interfaces vars + +##### BEGIN: network sysctl vars +network__sysctl_all: "{{ (network__host + network__group + network__default) | + selectattr('type', 'defined') | selectattr('type', 'equalto', 'sysctl') | + aybarsm.helper.replace_aliases(__ansible__config.modules.ansible.posix.sysctl.aliases) | + selectattr('name', 'defined') | selectattr('value', 'defined') | unique(attribute='name') }}" +##### END: network sysctl vars + +##### BEGIN: network hosts vars +__network__hosts_auto_discovered: >- + {%- if (network__hosts_auto_discovery | default(false) | bool) and network__hosts_auto_discovery_inventories is defined and network__hosts_auto_discovery_inventories | length > 0 -%} + {%- set inventory_lookup = lookup('ansible.builtin.inventory_hostnames', network__hosts_auto_discovery_inventories) -%} + {%- if inventory_lookup | length > 0 -%} + {%- set inventory_hosts = inventory_lookup | split(',') -%} + {%- set discovered_hosts = dict(hostvars) | aybarsm.helper.only_with(inventory_hosts) | dict2items | selectattr('value.ansible_host', 'defined') -%} + {%- set ips = discovered_hosts | map(attribute='value.ansible_host') -%} + {%- set hostnames = discovered_hosts | map(attribute='value.inventory_hostname_short') -%} + {%- set fqdns = discovered_hosts | map(attribute='value.inventory_hostname') -%} + {%- set auto_discovered = {'ip': ips, 'hostname': hostnames, 'fqdn': fqdns} | aybarsm.helper.to_list_of_dicts({'type': 'host'}) -%} + {%- endif -%} + {%- else -%} + {%- set auto_discovered = [] -%} + {%- endif -%} + {{ auto_discovered }} + +network__hosts_all: "{{ (network__host + network__group + network__default + __network__hosts_auto_discovered) | + selectattr('type', 'defined') | selectattr('type', 'equalto', 'host') | + selectattr('ip', 'defined') | selectattr('hostname', 'defined') | + aybarsm.helper.replace_aliases({'fqdn': ['hostname']}) | + aybarsm.helper.unique_recursive(attributes=['ip', 'hostname', 'fqdn']) }}" + +network__hosts_all_ipv4: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv4') }}" +network__hosts_all_ipv6: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv6') }}" +##### END: network hosts vars \ No newline at end of file diff --git a/roles/posix/tasks/sysctl.yml b/roles/posix/tasks/sysctl.yml index 163fea3..b64f495 100644 --- a/roles/posix/tasks/sysctl.yml +++ b/roles/posix/tasks/sysctl.yml @@ -9,7 +9,7 @@ state: "{{ item.state | default(omit) }}" sysctl_file: "{{ item.sysctl_file | default(omit) }}" sysctl_set: "{{ item.sysctl_set | default(omit) | bool }}" - loop: "{{ posix__sysctl_all }}" + loop: "{{ network__sysctl_all }}" register: posix__sysctl_apply when: - posix__sysctl_all | type_debug == 'list'