c12s-kubespray/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
Kenichi Omichi c6f6940459
Fix warning of "Enable ip forwarding" (#6953)
The task outputs the following warning:

  TASK [kubernetes/preinstall : Enable ip forwarding]
  [WARNING]: The value 1 (type int) in a string field was converted
  to u'1' (type string). If this does not look like what you expect,
  quote the entire value to ensure it does not change.
2020-11-27 03:54:49 -08:00

76 lines
1.8 KiB
YAML

---
# Todo : selinux configuration
- name: Confirm selinux deployed
stat:
path: /etc/selinux/config
when:
- ansible_os_family == "RedHat"
- "'Amazon' not in ansible_distribution"
register: slc
- name: Set selinux policy
selinux:
policy: targeted
state: "{{ preinstall_selinux_state }}"
when:
- ansible_os_family == "RedHat"
- "'Amazon' not in ansible_distribution"
- slc.stat.exists
changed_when: False
tags:
- bootstrap-os
- name: Disable IPv6 DNS lookup
lineinfile:
dest: /etc/gai.conf
line: "precedence ::ffff:0:0/96 100"
state: present
create: yes
backup: yes
when:
- disable_ipv6_dns
- not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]
tags:
- bootstrap-os
- name: Stat sysctl file configuration
stat:
path: "{{ sysctl_file_path }}"
register: sysctl_file_stat
tags:
- bootstrap-os
- name: Change sysctl file path to link source if linked
set_fact:
sysctl_file_path: "{{ sysctl_file_stat.stat.lnk_source }}"
when:
- sysctl_file_stat.stat.islnk is defined
- sysctl_file_stat.stat.islnk
tags:
- bootstrap-os
- name: Make sure sysctl file path folder exists
file:
name: "{{ sysctl_file_path | dirname }}"
state: directory
- name: Enable ip forwarding
sysctl:
sysctl_file: "{{ sysctl_file_path }}"
name: net.ipv4.ip_forward
value: "1"
state: present
reload: yes
- name: Ensure kube-bench parameters are set
sysctl:
sysctl_file: /etc/sysctl.d/bridge-nf-call.conf
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
reload: yes
with_items:
- { name: vm.overcommit_memory, value: 1 }
- { name: kernel.panic, value: 10 }
- { name: kernel.panic_on_oops, value: 1 }
when: kubelet_protect_kernel_defaults|bool