v0.0.4

2024-07-03 19:35:21 +00:00
parent b8348de27a
commit 5ac7e482ea
12 changed files with 106 additions and 12 deletions
--- a/roles/ericomeehan.configure_network/tasks/Debian_firewall.yml
+++ b/roles/ericomeehan.configure_network/tasks/Debian_firewall.yml
@@ -1,5 +1,10 @@
 ---
 # tasks file for Debian_firewall
+- name: Copy nftables configuration template
+  template:
+    src: "nftables.conf.j2"
+    dest: /etc/nftables.con
+
 - name: Enable nftables
  service:
    name: nftables
--- a/roles/ericomeehan.configure_network/templates/nftables.conf.j2
+++ b/roles/ericomeehan.configure_network/templates/nftables.conf.j2
@@ -0,0 +1,18 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority filter;
+    {% for port in open_ports %}
+    iifname "{{ port.interface }}" {{ port.protocol }} dport {{ port.port }} accept
+    {% endfor %}
+	}
+	chain forward {
+		type filter hook forward priority filter;
+	}
+	chain output {
+		type filter hook output priority filter;
+	}
+}
--- a/roles/ericomeehan.save_initial_configuration/tasks/dump_debconf_db.yml
+++ b/roles/ericomeehan.save_initial_configuration/tasks/dump_debconf_db.yml
@@ -4,12 +4,20 @@
  apt:
    name: debconf-utils
    state: present
+
+- name: Check if /root/preseed.txt exists
+  stat:
+    path: /root/preseed.txt
+  register: preseed_file
      
 - name: Create preseed file
  command: echo "#_preseed_V1" > /root/preseed.txt
+  when: not preseed_file.stat.exists

 - name: Append installer's debconf database to the file
  command: debconf-get-selections --installer >> /root/preseed.txt
+  when: not preseed_file.stat.exists

 - name: Append debconf database to the file
  command: debconf-get-selections >> /root/preseed.txt
+  when: not preseed_file.stat.exists
--- a/roles/geerlingguy.containerd/defaults/main.yml
+++ b/roles/geerlingguy.containerd/defaults/main.yml
@@ -12,7 +12,7 @@ containerd_config_default_write: true

 # Set systemd as cgroup driver in config.toml
 # Only use with containerd_config_default_write: true
-containerd_config_cgroup_driver_systemd: true
+containerd_config_cgroup_driver_systemd: false

 # Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed.
 docker_apt_release_channel: stable
--- a/roles/geerlingguy.kubernetes/defaults/main.yml
+++ b/roles/geerlingguy.kubernetes/defaults/main.yml
@@ -12,7 +12,7 @@ kubernetes_packages:
 kubernetes_version: '1.25'
 kubernetes_version_rhel_package: '1.25.1'

-kubernetes_role: "{{ kubernetes_role }}"
+kubernetes_role: control_plane

 # This is deprecated. Please use kubernetes_config_kubelet_configuration instead.
 kubernetes_kubelet_extra_args: ""
@@ -23,7 +23,7 @@ kubernetes_allow_pods_on_control_plane: true
 kubernetes_pod_network:
  # Flannel CNI.
  cni: 'flannel'
-  cidr: '10.{{ ipv4_subnet }}.0.0/16'
+  cidr: '10.244.0.0/16'
  # Calico CNI.
  # cni: 'calico'
  # cidr: '192.168.0.0/16'