iiab/roles/2-common/tasks/main.yml

# Common OS-Level Additions & Mods (that only need to be performed once)

- name: ...IS BEGINNING ==========================================
  command: echo

- name: Create IIAB directory structure ("file layout")
  include_tasks: fl.yml

- include_tasks: pylib.yml

- include_tasks: centos.yml
  when: ansible_distribution == "CentOS"

- include_tasks: fedora.yml
  when: ansible_distribution == "Fedora"

- include_tasks: prep.yml
  when: not is_debuntu

- include_tasks: xo.yml
  when: xo_model != "none" or osbuilder is defined

- include_tasks: packages.yml
- include_tasks: iptables.yml

- sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present

- sysctl:
    name: net.ipv4.conf.default.rp_filter
    value: '1'
    state: present

- sysctl:
    name: net.ipv4.conf.default.accept_source_route
    value: '0'
    state: present

- sysctl:
    name: kernel.sysrq
    value: '1'
    state: present

- sysctl:
    name: kernel.core_uses_pid
    value: '1'
    state: present

- sysctl:
    name: net.ipv4.tcp_syncookies
    value: '1'
    state: present

- sysctl:
    name: kernel.shmmax
    value: '268435456'
    state: present

# IPv6 disabled

- sysctl:
    name: net.ipv6.conf.all.disable_ipv6
    value: '1'
    state: present

- sysctl:
    name: net.ipv6.conf.default.disable_ipv6
    value: '1'
    state: present

- sysctl:
    name: net.ipv6.conf.lo.disable_ipv6
    value: '1'
    state: present

- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
  template:
    dest: /etc/profile.d/zzz_iiab.sh
    src: zzz_iiab.sh

- include_tasks: net_mods.yml
  when: not is_debuntu and not is_F18

- include_tasks: udev.yml
- include_tasks: iiab-startup.yml

- name: Recording STAGE 2 HAS COMPLETED ==========================
  lineinfile:
    dest: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=2'
    state: present