system-config/playbooks/service-review.yaml

- hosts: "review:!disabled"
  name: "Configure gerrit"
  roles:
    - iptables
    - install-docker
    - gerrit

# NOTE(ianw) 2021-04-09 This is a workaround for RA leaks seen in
# vexxhost which is currently unresolved. This pins the ipv6 config
# and ensures we don't listen to RA's.  See:
#  http://lists.opendev.org/pipermail/service-discuss/2021-April/000200.html
#  https://launchpad.net/bugs/1844712
# We do not want this to be created when we are testing gerrit.
- hosts: "review02.opendev.org"
  tasks:
    - name: Install RA rejection
      when: gerrit_under_test is not defined or not gerrit_under_test
      copy:
        dest: '/etc/netplan/50-cloud-init.yaml'
        owner: 'root'
        group: 'root'
        mode: '0644'
        content: |
          network:
            version: 2
            ethernets:
              ens3:
                dhcp4: true
                dhcp6: false
                accept-ra: false
                addresses:
                  - '2604:e100:1:0:f816:3eff:fe52:22de/64'
                routes:
                  - to: '::/0'
                    via: '2604:e100:1:0::1'
                    metric: 100
                  - to: '::/0'
                    via: '2604:e100:1:0::2'
                    metric: 100
                match:
                    macaddress: fa:16:3e:52:22:de
                mtu: 1500
                set-name: ens3