ClusterAPI.imageBuilder/ansible/roles/providers/tasks/azure.yml

# Copyright 2019 The Kubernetes Authors.

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: redhat.yml
  when: ansible_os_family == "RedHat"

- import_tasks: debian.yml
  when: ansible_os_family == "Debian"

- name: Configure PTP
  lineinfile:
    path: /etc/chrony/chrony.conf
    create: yes
    line: refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0

- name: Ensure makestep parameter set as per Azure recommendation
  lineinfile:
    path: /etc/chrony/chrony.conf
    regexp: '^makestep'
    line: makestep 1.0 -1

- name: Install iptables persistence
  apt:
    name: "{{ packages }}"
    state: present
    force_apt_get: yes
  vars:
    packages:
      - iptables-persistent
  when: ansible_os_family == "Debian"

- name: Block traffic to 168.63.129.16 port 80 for cve-2021-27075
  copy:
    src: files/etc/azure/iptables
    dest: /etc/iptables/rules.v4
    owner: root
    group: root
    mode: 0644
  when: ansible_os_family == "Debian"

- name: Load iptable rules from file
  community.general.iptables_state:
    state: restored
    path: /etc/iptables/rules.v4
  when: ansible_os_family == "Debian"

- name: Install netbase and nfs-common
  apt:
    name: "{{ packages }}"
    state: present
    force_apt_get: yes
  vars:
    packages:
    - netbase
    - nfs-common
  when: ansible_os_family == "Debian"
Test dependencies 2023-02-22 20:24:42 +00:00			`# Copyright 2019 The Kubernetes Authors.`

			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`

			`# http://www.apache.org/licenses/LICENSE-2.0`

			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`---`
			`- import_tasks: redhat.yml`
			`when: ansible_os_family == "RedHat"`

			`- import_tasks: debian.yml`
			`when: ansible_os_family == "Debian"`

			`- name: Configure PTP`
			`lineinfile:`
			`path: /etc/chrony/chrony.conf`
			`create: yes`
			`line: refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0`

			`- name: Ensure makestep parameter set as per Azure recommendation`
			`lineinfile:`
			`path: /etc/chrony/chrony.conf`
			`regexp: '^makestep'`
			`line: makestep 1.0 -1`

			`- name: Install iptables persistence`
			`apt:`
			`name: "{{ packages }}"`
			`state: present`
			`force_apt_get: yes`
			`vars:`
			`packages:`
			`- iptables-persistent`
			`when: ansible_os_family == "Debian"`

			`- name: Block traffic to 168.63.129.16 port 80 for cve-2021-27075`
			`copy:`
			`src: files/etc/azure/iptables`
			`dest: /etc/iptables/rules.v4`
			`owner: root`
			`group: root`
			`mode: 0644`
			`when: ansible_os_family == "Debian"`

			`- name: Load iptable rules from file`
			`community.general.iptables_state:`
			`state: restored`
			`path: /etc/iptables/rules.v4`
			`when: ansible_os_family == "Debian"`

			`- name: Install netbase and nfs-common`
			`apt:`
			`name: "{{ packages }}"`
			`state: present`
			`force_apt_get: yes`
			`vars:`
			`packages:`
			`- netbase`
			`- nfs-common`
			`when: ansible_os_family == "Debian"`