From 8ba9c0081a6089c84eded64b8ae76c858742d34a Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Thu, 30 Mar 2017 15:33:23 +0200
Subject: [PATCH] evolinux: finer grained kernel configuration

---
 evolinux-base/tasks/kernel.yml | 26 +++++++++++++++++++-------
 evolinux-base/vars/main.yml    |  2 ++
 2 files changed, 21 insertions(+), 7 deletions(-)
 create mode 100644 evolinux-base/vars/main.yml

diff --git a/evolinux-base/tasks/kernel.yml b/evolinux-base/tasks/kernel.yml
index 895db5ef..10f0c00b 100644
--- a/evolinux-base/tasks/kernel.yml
+++ b/evolinux-base/tasks/kernel.yml
@@ -1,21 +1,33 @@
 ---
-- name: Enable reboot after panic
+
+- name: Reboot after panic
   sysctl:
     name: "{{ item.name }}"
     value: "{{ item.value }}"
-    sysctl_file: /etc/sysctl.d/evolinux.conf
+    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
     state: present
     reload: yes
   with_items:
-    - { name: kernel.panic_on_oops, value: 1 }
-    - { name: kernel.panic, value: 60 }
+  - { name: kernel.panic_on_oops, value: 1 }
+  - { name: kernel.panic, value: 60 }
   when: evolinux_kernel_reboot_after_panic
 
+- name: Don't reboot after panic
+  sysctl:
+    name: "{{ item }}"
+    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
+    state: absent
+    reload: yes
+  with_items:
+  - kernel.panic_on_oops
+  - kernel.panic
+  when: not evolinux_kernel_reboot_after_panic
+
 - name: Disable net.ipv4.tcp_timestamps
   sysctl:
     name: net.ipv4.tcp_timestamps
     value: 0
-    sysctl_file: /etc/sysctl.d/evolinux.conf
+    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
     state: present
     reload: yes
   when: evolinux_kernel_disable_tcp_timestamps
@@ -24,7 +36,7 @@
   sysctl:
     name: vm.swappiness
     value: 20
-    sysctl_file: /etc/sysctl.d/evolinux.conf
+    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
     state: present
     reload: yes
   when: evolinux_kernel_reduce_swapiness
@@ -33,7 +45,7 @@
   sysctl:
     name: net.ipv4.tcp_challenge_ack_limit
     value: 1073741823
-    sysctl_file: /etc/sysctl.d/evolinux.conf
+    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
     state: present
     reload: yes
   when: evolinux_kernel_cve20165696
diff --git a/evolinux-base/vars/main.yml b/evolinux-base/vars/main.yml
new file mode 100644
index 00000000..e16146d1
--- /dev/null
+++ b/evolinux-base/vars/main.yml
@@ -0,0 +1,2 @@
+---
+evolinux_kernel_sysctl_path: /etc/sysctl.d/evolinux.conf