improve sysctl-setup for Ubuntu

2025-08-01 13:49:01 +02:00 · 2022-12-08 17:24:20 -05:00 · 2022-12-08 17:24:20 -05:00 · 2bb01f3a05
commit 2bb01f3a05
parent 4a4c88b6b8
1 changed files with 31 additions and 19 deletions
--- a/tasks/sysctl-setup.yml
+++ b/tasks/sysctl-setup.yml
@ -1,21 +1,33 @@
 ---
- name: Ensure procps is installed.
-  package:
-    name: "{{ procps_package }}"
-    state: present
-  when: >
-    ansible_distribution != 'Debian'
-    or ansible_distribution_major_version | int < 10
+- block:
+  
+  - name: Enable br_netfilter module
+    modprobe:
+      name: br_netfilter
+      state: present
+  
+  - name: Ensure procps is installed.
+    package:
+      name: "{{ procps_package }}"
+      state: present
+    when: >
+      ansible_distribution != 'Debian'
+      or ansible_distribution_major_version | int < 10

-# See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic
- name: Let iptables see bridged traffic.
-  sysctl:
-    name: "{{ item }}"
-    value: '1'
-    state: present
-  loop:
-    - net.bridge.bridge-nf-call-iptables
-    - net.bridge.bridge-nf-call-ip6tables
-  when: >
-    ansible_distribution != 'Debian'
-    or ansible_distribution_major_version | int < 10
+  # See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic
+  - name: Let iptables see bridged traffic.
+    sysctl:
+      name: "{{ item }}"
+      value: '1'
+      state: present
+    loop:
+      - net.ipv4.ip_forward
+      - net.bridge.bridge-nf-call-iptables
+      - net.bridge.bridge-nf-call-ip6tables
+    when: >
+      ansible_distribution != 'Debian'
+      or ansible_distribution_major_version | int < 10
+      
+  become: yes
+  become_user: root
+  become_method: sudo