2016-11-07 14:00:57 +01:00
|
|
|
---
|
2017-03-30 15:33:23 +02:00
|
|
|
|
|
|
|
- name: Reboot after panic
|
2016-11-07 14:00:57 +01:00
|
|
|
sysctl:
|
|
|
|
name: "{{ item.name }}"
|
|
|
|
value: "{{ item.value }}"
|
2017-03-30 15:33:23 +02:00
|
|
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
2016-11-07 14:00:57 +01:00
|
|
|
state: present
|
|
|
|
reload: yes
|
|
|
|
with_items:
|
2017-03-30 15:33:23 +02:00
|
|
|
- { name: kernel.panic_on_oops, value: 1 }
|
|
|
|
- { name: kernel.panic, value: 60 }
|
2016-11-07 14:00:57 +01:00
|
|
|
when: evolinux_kernel_reboot_after_panic
|
|
|
|
|
2017-03-30 15:33:23 +02:00
|
|
|
- name: Don't reboot after panic
|
|
|
|
sysctl:
|
|
|
|
name: "{{ item }}"
|
|
|
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
|
|
|
state: absent
|
|
|
|
reload: yes
|
|
|
|
with_items:
|
|
|
|
- kernel.panic_on_oops
|
|
|
|
- kernel.panic
|
|
|
|
when: not evolinux_kernel_reboot_after_panic
|
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
- name: Disable net.ipv4.tcp_timestamps
|
|
|
|
sysctl:
|
|
|
|
name: net.ipv4.tcp_timestamps
|
|
|
|
value: 0
|
2017-03-30 15:33:23 +02:00
|
|
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
2016-11-07 14:00:57 +01:00
|
|
|
state: present
|
|
|
|
reload: yes
|
|
|
|
when: evolinux_kernel_disable_tcp_timestamps
|
|
|
|
|
|
|
|
- name: Reduce the swapiness
|
|
|
|
sysctl:
|
|
|
|
name: vm.swappiness
|
|
|
|
value: 20
|
2017-03-30 15:33:23 +02:00
|
|
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
2016-11-07 14:00:57 +01:00
|
|
|
state: present
|
|
|
|
reload: yes
|
|
|
|
when: evolinux_kernel_reduce_swapiness
|
|
|
|
|
|
|
|
- name: Patch for TCP stack vulnerability CVE-2016-5696
|
|
|
|
sysctl:
|
|
|
|
name: net.ipv4.tcp_challenge_ack_limit
|
|
|
|
value: 1073741823
|
2017-03-30 15:33:23 +02:00
|
|
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
2016-11-07 14:00:57 +01:00
|
|
|
state: present
|
|
|
|
reload: yes
|
|
|
|
when: evolinux_kernel_cve20165696
|
2017-01-03 17:02:23 +01:00
|
|
|
|
|
|
|
- meta: flush_handlers
|