From e32757dd3985f2db68c47136057a673dced1838b Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 11 Oct 2016 17:37:33 +0200
Subject: [PATCH] library/roles/linux-kernel-sysctl: Role that sets arbitrary
 kernel parameters. Only ipv6 is explicitly managed.

---
 linux-kernel-sysctl/defaults/main.yml | 12 ++++++++++++
 linux-kernel-sysctl/tasks/main.yml    | 26 ++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 linux-kernel-sysctl/defaults/main.yml
 create mode 100644 linux-kernel-sysctl/tasks/main.yml

diff --git a/linux-kernel-sysctl/defaults/main.yml b/linux-kernel-sysctl/defaults/main.yml
new file mode 100644
index 00000000..b7d5f4ff
--- /dev/null
+++ b/linux-kernel-sysctl/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+sysctl_custom_file: /etc/sysctl.d/90-custom-values.conf
+sysctl_opts_reload: yes
+sysctl_custom_file_state: present
+
+# Only name and value are mandatory. The others have defaults
+systemctl_custom_options:
+  - { name: 'net.nf_conntrack_max', value: '32768', sysctlfile: '{{ sysctl_custom_file }}', sysctl_reload: '{{ sysctl_opts_reload }}', sysctlfile_state: '{{ sysctl_custom_file_state }}' }
+
+disable_ipv6: True
+ipv6_sysctl_value: 1
+ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf
diff --git a/linux-kernel-sysctl/tasks/main.yml b/linux-kernel-sysctl/tasks/main.yml
new file mode 100644
index 00000000..0c9918ba
--- /dev/null
+++ b/linux-kernel-sysctl/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- block:
+    - name: Ensure that the /etc/sysctl.d directory exists
+      file: path=/etc/sysctl.d state=directory owner=root group=root
+
+    - name: Disable the in kernel ipv6 support
+      sysctl: name={{ item }} value=1 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
+      with_items:
+        - net.ipv6.conf.all.disable_ipv6
+        - net.ipv6.conf.default.disable_ipv6
+        - net.ipv6.conf.lo.disable_ipv6
+      when: disable_ipv6
+
+    - name: enable the in kernel ipv6 support
+      sysctl: name={{ item }} value=0 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present
+      with_items:
+        - net.ipv6.conf.all.disable_ipv6
+        - net.ipv6.conf.default.disable_ipv6
+        - net.ipv6.conf.lo.disable_ipv6
+      when: not disable_ipv6
+
+    - name: Set the custom sysctl values
+      sysctl: name={{ item.name }} value={{ item.value }} sysctl_file={{ item.sysctlfile | default ('/etc/sysctl.d/90-custom-values.conf') }} reload={{ item.sysctl_reload | default('yes') }} state={{ item.sysctlfile_state | default('present') }}
+      with_items: '{{ systemctl_custom_options }}'
+
+  tags: [ 'sysctl', 'kernel' ]