From 37ed5dd39300ee573f80b4d76b18f49bf5b7b4cc Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 1 Sep 2020 14:08:39 +0200 Subject: [PATCH] evolinux-base: swappiness is customizable --- CHANGELOG.md | 1 + evolinux-base/defaults/main.yml | 3 ++- evolinux-base/tasks/kernel.yml | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e06a8da..968fc212 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The **patch** part changes incrementally at each release. ### Added +* evolinux-base: swappiness is customizable * tomcat: root directory owner/group are configurable ### Changed diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml index 2a85ecc5..98ff43ef 100644 --- a/evolinux-base/defaults/main.yml +++ b/evolinux-base/defaults/main.yml @@ -50,7 +50,8 @@ evolinux_kernel_include: True evolinux_kernel_reboot_after_panic: True evolinux_kernel_disable_tcp_timestamps: True -evolinux_kernel_reduce_swapiness: True +evolinux_kernel_customize_swappiness: True +evolinux_kernel_swappiness: 20 evolinux_kernel_cve20165696: True # fstab diff --git a/evolinux-base/tasks/kernel.yml b/evolinux-base/tasks/kernel.yml index 9dc66c42..95912855 100644 --- a/evolinux-base/tasks/kernel.yml +++ b/evolinux-base/tasks/kernel.yml @@ -32,14 +32,14 @@ reload: yes when: evolinux_kernel_disable_tcp_timestamps -- name: Reduce the swapiness +- name: Customize the swappiness sysctl: name: vm.swappiness - value: 20 + value: "{{ evolinux_kernel_swappiness }}" sysctl_file: "{{ evolinux_kernel_sysctl_path }}" state: present reload: yes - when: evolinux_kernel_reduce_swapiness + when: evolinux_kernel_customize_swappiness - name: Patch for TCP stack vulnerability CVE-2016-5696 sysctl: