From 5c870d18dace0f95fb2135d6d383377aaccd8b4c Mon Sep 17 00:00:00 2001
From: Matthias Riegler <me@xvzf.tech>
Date: Sun, 29 Sep 2019 00:19:18 +0200
Subject: [PATCH] CentOS/RHEL compatibility for Ansible roles

- Setting IPv4 & IPv6 forwarding
- Setting `sysctl:net.bridge.bridge-nf-call-iptables` and `bridge-nf-call-ip6tables` to enabled since it is disabled by default on some CentOS systems
---
 contrib/ansible/README.md                   |  2 +-
 contrib/ansible/roles/prereq/tasks/main.yml | 35 +++++++++++++++++++++
 contrib/ansible/site.yml                    |  1 +
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 contrib/ansible/roles/prereq/tasks/main.yml

diff --git a/contrib/ansible/README.md b/contrib/ansible/README.md
index 55e9dc98d8..223e15dbfb 100644
--- a/contrib/ansible/README.md
+++ b/contrib/ansible/README.md
@@ -8,7 +8,7 @@ Build a Kubernetes cluster using Ansible with k3s. The goal is easily install a
 
 - [X] Debian 
 - [ ] Ubuntu 
-- [ ] CentOS 
+- [X] CentOS 
 
 on processor architecture:
 
diff --git a/contrib/ansible/roles/prereq/tasks/main.yml b/contrib/ansible/roles/prereq/tasks/main.yml
new file mode 100644
index 0000000000..f29796af6d
--- /dev/null
+++ b/contrib/ansible/roles/prereq/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- name: Set SELinux to disabled state
+  selinux:
+    state: disabled
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+ - name: Enable IPv4 forwarding
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+    reload: yes
+
+ - name: Enable IPv6 forwarding
+  sysctl:
+    name: net.ipv6.conf.all.forwarding
+    value: "1"
+    state: present
+    reload: yes
+
+ - name: Set bridge-nf-call-iptables (just to be sure)
+  sysctl:
+    name: net.bridge.bridge-nf-call-iptables
+    value: "1"
+    state: present
+    reload: yes
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+ - name: Set bridge-nf-call-ip6tables (just to be sure)
+  sysctl:
+    name: net.bridge.bridge-nf-call-iptables
+    value: "1"
+    state: present
+    reload: yes
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
diff --git a/contrib/ansible/site.yml b/contrib/ansible/site.yml
index f815c5cccf..70c3b758ba 100644
--- a/contrib/ansible/site.yml
+++ b/contrib/ansible/site.yml
@@ -4,6 +4,7 @@
   gather_facts: yes
   become: yes
   roles:
+    - { role: prereq }
     - { role: download }
     - { role: raspbian }