diff --git a/linux-kernel-sysctl/defaults/main.yml b/linux-kernel-sysctl/defaults/main.yml new file mode 100644 index 00000000..b7d5f4ff --- /dev/null +++ b/linux-kernel-sysctl/defaults/main.yml @@ -0,0 +1,12 @@ +--- +sysctl_custom_file: /etc/sysctl.d/90-custom-values.conf +sysctl_opts_reload: yes +sysctl_custom_file_state: present + +# Only name and value are mandatory. The others have defaults +systemctl_custom_options: + - { name: 'net.nf_conntrack_max', value: '32768', sysctlfile: '{{ sysctl_custom_file }}', sysctl_reload: '{{ sysctl_opts_reload }}', sysctlfile_state: '{{ sysctl_custom_file_state }}' } + +disable_ipv6: True +ipv6_sysctl_value: 1 +ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf diff --git a/linux-kernel-sysctl/tasks/main.yml b/linux-kernel-sysctl/tasks/main.yml new file mode 100644 index 00000000..0c9918ba --- /dev/null +++ b/linux-kernel-sysctl/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- block: + - name: Ensure that the /etc/sysctl.d directory exists + file: path=/etc/sysctl.d state=directory owner=root group=root + + - name: Disable the in kernel ipv6 support + sysctl: name={{ item }} value=1 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present + with_items: + - net.ipv6.conf.all.disable_ipv6 + - net.ipv6.conf.default.disable_ipv6 + - net.ipv6.conf.lo.disable_ipv6 + when: disable_ipv6 + + - name: enable the in kernel ipv6 support + sysctl: name={{ item }} value=0 sysctl_file={{ ipv6_sysctl_file }} reload=yes state=present + with_items: + - net.ipv6.conf.all.disable_ipv6 + - net.ipv6.conf.default.disable_ipv6 + - net.ipv6.conf.lo.disable_ipv6 + when: not disable_ipv6 + + - name: Set the custom sysctl values + sysctl: name={{ item.name }} value={{ item.value }} sysctl_file={{ item.sysctlfile | default ('/etc/sysctl.d/90-custom-values.conf') }} reload={{ item.sysctl_reload | default('yes') }} state={{ item.sysctlfile_state | default('present') }} + with_items: '{{ systemctl_custom_options }}' + + tags: [ 'sysctl', 'kernel' ]