68 lines
1.8 KiB
YAML
68 lines
1.8 KiB
YAML
# Copyright 2019 The Kubernetes Authors.
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
---
|
|
- import_tasks: redhat.yml
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- import_tasks: debian.yml
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Configure PTP
|
|
lineinfile:
|
|
path: /etc/chrony/chrony.conf
|
|
create: yes
|
|
line: refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0
|
|
|
|
- name: Ensure makestep parameter set as per Azure recommendation
|
|
lineinfile:
|
|
path: /etc/chrony/chrony.conf
|
|
regexp: '^makestep'
|
|
line: makestep 1.0 -1
|
|
|
|
- name: Install iptables persistence
|
|
apt:
|
|
name: "{{ packages }}"
|
|
state: present
|
|
force_apt_get: yes
|
|
vars:
|
|
packages:
|
|
- iptables-persistent
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Block traffic to 168.63.129.16 port 80 for cve-2021-27075
|
|
copy:
|
|
src: files/etc/azure/iptables
|
|
dest: /etc/iptables/rules.v4
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Load iptable rules from file
|
|
community.general.iptables_state:
|
|
state: restored
|
|
path: /etc/iptables/rules.v4
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Install netbase and nfs-common
|
|
apt:
|
|
name: "{{ packages }}"
|
|
state: present
|
|
force_apt_get: yes
|
|
vars:
|
|
packages:
|
|
- netbase
|
|
- nfs-common
|
|
when: ansible_os_family == "Debian"
|