evolinux-base: compact multiple systctl tasks into one

2018-08-20 16:08:45 +02:00 · 2018-08-20 16:08:45 +02:00 · b6fa349394
parent 5721282a9f
commit b6fa349394
1 changed files with 8 additions and 27 deletions
--- a/evolinux-base/tasks/kernel.yml
+++ b/evolinux-base/tasks/kernel.yml
@ -50,36 +50,17 @@
    reload: yes
  when: evolinux_kernel_cve20165696

- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
+- name: Patch for TCP stack vulnerability CVE-2018-5391 (FragmentSmack)
  sysctl:
-    name: net.ipv4.ipfrag_low_thresh
-    value: 196608
-    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
-    state: present
-    reload: yes
-
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
-  sysctl:
-    name: net.ipv6.ip6frag_low_thresh
-    value: 196608
-    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
-    state: present
-    reload: yes
-
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
-  sysctl:
-    name: net.ipv4.ipfrag_high_thresh
-    value: 262144
-    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
-    state: present
-    reload: yes
-
- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
-  sysctl:
-    name: net.ipv6.ip6frag_high_thresh
-    value: 262144
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
    state: present
    reload: yes
+  with_items:
+    - { name: "net.ipv4.ipfrag_low_thresh",   value: 196608 }
+    - { name: "net.ipv6.ip6frag_low_thresh",  value: 196608 }
+    - { name: "net.ipv4.ipfrag_high_thresh",  value: 262144 }
+    - { name: "net.ipv6.ip6frag_high_thresh", value: 262144 }

 - meta: flush_handlers