evolinux: finer grained kernel configuration

This commit is contained in:
Jérémy Lecour 2017-03-30 15:33:23 +02:00 committed by Jérémy Lecour
parent 4eab8c319a
commit 8ba9c0081a
2 changed files with 21 additions and 7 deletions

View File

@ -1,21 +1,33 @@
--- ---
- name: Enable reboot after panic
- name: Reboot after panic
sysctl: sysctl:
name: "{{ item.name }}" name: "{{ item.name }}"
value: "{{ item.value }}" value: "{{ item.value }}"
sysctl_file: /etc/sysctl.d/evolinux.conf sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present state: present
reload: yes reload: yes
with_items: with_items:
- { name: kernel.panic_on_oops, value: 1 } - { name: kernel.panic_on_oops, value: 1 }
- { name: kernel.panic, value: 60 } - { name: kernel.panic, value: 60 }
when: evolinux_kernel_reboot_after_panic when: evolinux_kernel_reboot_after_panic
- name: Don't reboot after panic
sysctl:
name: "{{ item }}"
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: absent
reload: yes
with_items:
- kernel.panic_on_oops
- kernel.panic
when: not evolinux_kernel_reboot_after_panic
- name: Disable net.ipv4.tcp_timestamps - name: Disable net.ipv4.tcp_timestamps
sysctl: sysctl:
name: net.ipv4.tcp_timestamps name: net.ipv4.tcp_timestamps
value: 0 value: 0
sysctl_file: /etc/sysctl.d/evolinux.conf sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present state: present
reload: yes reload: yes
when: evolinux_kernel_disable_tcp_timestamps when: evolinux_kernel_disable_tcp_timestamps
@ -24,7 +36,7 @@
sysctl: sysctl:
name: vm.swappiness name: vm.swappiness
value: 20 value: 20
sysctl_file: /etc/sysctl.d/evolinux.conf sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present state: present
reload: yes reload: yes
when: evolinux_kernel_reduce_swapiness when: evolinux_kernel_reduce_swapiness
@ -33,7 +45,7 @@
sysctl: sysctl:
name: net.ipv4.tcp_challenge_ack_limit name: net.ipv4.tcp_challenge_ack_limit
value: 1073741823 value: 1073741823
sysctl_file: /etc/sysctl.d/evolinux.conf sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present state: present
reload: yes reload: yes
when: evolinux_kernel_cve20165696 when: evolinux_kernel_cve20165696

View File

@ -0,0 +1,2 @@
---
evolinux_kernel_sysctl_path: /etc/sysctl.d/evolinux.conf