library/roles/linux-kernel-sysctl: Role that sets arbitrary kernel parameters. Only ipv6 is explicitly managed.

linux-kernel-sysctl/defaults/main.yml

@@ -0,0 +1,12 @@
+---
+sysctl_custom_file: /etc/sysctl.d/90-custom-values.conf
+sysctl_opts_reload: yes
+sysctl_custom_file_state: present
+
+# Only name and value are mandatory. The others have defaults
+systemctl_custom_options:
+  - { name: 'net.nf_conntrack_max', value: '32768', sysctlfile: '{{ sysctl_custom_file }}', sysctl_reload: '{{ sysctl_opts_reload }}', sysctlfile_state: '{{ sysctl_custom_file_state }}' }
+
+disable_ipv6: True
+ipv6_sysctl_value: 1
+ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf

linux-kernel-sysctl/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+- block:
+    - name: Ensure that the /etc/sysctl.d directory exists
+      file: path=/etc/sysctl.d state=directory owner=root group=root
+
+    - name: Disable the in kernel ipv6 support
+      sysctl: name={{ item }} value=1 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
+      with_items:
+        - net.ipv6.conf.all.disable_ipv6
+        - net.ipv6.conf.default.disable_ipv6
+        - net.ipv6.conf.lo.disable_ipv6
+      when: disable_ipv6
+
+    - name: enable the in kernel ipv6 support
+      sysctl: name={{ item }} value=0 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
+      with_items:
+        - net.ipv6.conf.all.disable_ipv6
+        - net.ipv6.conf.default.disable_ipv6
+        - net.ipv6.conf.lo.disable_ipv6
+      when: not disable_ipv6
+
+    - name: Set the custom sysctl values
+      sysctl: name={{ item.name }} value={{ item.value }} sysctl_file={{ item.sysctlfile | default ('/etc/sysctl.d/90-custom-values.conf') }} reload={{ item.sysctl_reload | default('yes') }} state={{ item.sysctlfile_state | default('present') }}
+      with_items: '{{ systemctl_custom_options }}'
+
+  tags: [ 'sysctl', 'kernel' ]