16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
# File 'manifests/init.pp', line 16
class linux_disable_ipv6 (
Boolean $disable_ipv6 = true,
Array[String] $interfaces = ['all'],
) {
case $facts['os']['family'] {
'RedHat': {
case $facts['os']['release']['major'] {
'7': {
# Following the second method, using sysctl
# Validation
if $disable_ipv6 and $interfaces == [] {
fail("No interfaces specified. You probably want 'all'")
}
$all_ifaces = ($facts['networking']['interfaces'].keys + ['all']).sort
$ifaces = $interfaces.sort
$bad_ifaces = $ifaces - $all_ifaces
if $bad_ifaces != [] {
fail("Specified interfaces do not exist on host: ${bad_ifaces}")
}
# Only runs after notify
exec { 'sysctl -p':
command => 'cat /etc/sysctl.d/*.conf | sysctl -p -',
path => '/sbin:/bin:/usr/sbin:/usr/bin',
refreshonly => true,
notify => Exec['dracut -f'],
}
# Only runs after notify
exec { 'dracut -f':
command => 'dracut -f',
path => '/sbin:/bin:/usr/sbin:/usr/bin',
refreshonly => true,
}
# Create sysctl configuration file and notify Exec['sysctl -p']
$disable_ipv6_num = Integer($disable_ipv6)
file { 'ipv6.conf':
ensure => file,
content => template('linux_disable_ipv6/sysctl.d_ipv6.conf.erb'),
group => 'root',
mode => '0644',
owner => 'root',
path => '/etc/sysctl.d/ipv6.conf',
notify => Exec['sysctl -p'],
}
# Update /etc/netconfig to prevent rpc* messages: https://access.redhat.com/solutions/2963091
if $disable_ipv6 {
$netconfig = '-'
} else {
$netconfig = 'v'
}
file_line { 'netconfig-udp6':
line => "udp6 tpi_clts ${netconfig} inet6 udp - -",
match => '^udp6',
path => '/etc/netconfig',
}
file_line { 'netconfig-tcp6':
line => "tcp6 tpi_cots_ord ${netconfig} inet6 tcp - -",
match => '^tcp6',
path => '/etc/netconfig',
}
# Update /etc/sysconfig/network
file_line { 'sysconfig':
line => "NETWORKING_IPV6=${bool2str($disable_ipv6, 'no', 'yes')}",
match => '^NETWORKING_IPV6=',
path => '/etc/sysconfig/network',
}
# Update hosts file with localhost entry
if ($disable_ipv6 and ( lo in $interfaces or 'all' in $interfaces)) {
$hosts_ensure = 'absent'
$hosts_match_for_absence = true
} else {
$hosts_ensure = 'present'
$hosts_match_for_absence = false
}
file_line { 'hosts':
ensure => $hosts_ensure,
path => '/etc/hosts',
match => '^::1',
line => '::1 localhost localhost.localdomain localhost6 localhost6.localdomain6',
match_for_absence => $hosts_match_for_absence,
}
}
default: {
fail("linux_disable_ipv6 supports RedHat like systems with major release of 7 and you have ${facts['os']['release']['full']}")
}
}
}
default: {
fail("linux_disable_ipv6 supports osfamily RedHat. Detected osfamily is ${facts['os']['family']}")
}
}
}
|