forked from evolix/ansible-roles
40 lines
1,002 B
YAML
40 lines
1,002 B
YAML
|
---
|
||
|
- name: Enable reboot after panic
|
||
|
sysctl:
|
||
|
name: "{{ item.name }}"
|
||
|
value: "{{ item.value }}"
|
||
|
sysctl_file: /etc/sysctl.d/evolinux.conf
|
||
|
state: present
|
||
|
reload: yes
|
||
|
with_items:
|
||
|
- { name: kernel.panic_on_oops, value: 1 }
|
||
|
- { name: kernel.panic, value: 60 }
|
||
|
when: evolinux_kernel_reboot_after_panic
|
||
|
|
||
|
- name: Disable net.ipv4.tcp_timestamps
|
||
|
sysctl:
|
||
|
name: net.ipv4.tcp_timestamps
|
||
|
value: 0
|
||
|
sysctl_file: /etc/sysctl.d/evolinux.conf
|
||
|
state: present
|
||
|
reload: yes
|
||
|
when: evolinux_kernel_disable_tcp_timestamps
|
||
|
|
||
|
- name: Reduce the swapiness
|
||
|
sysctl:
|
||
|
name: vm.swappiness
|
||
|
value: 20
|
||
|
sysctl_file: /etc/sysctl.d/evolinux.conf
|
||
|
state: present
|
||
|
reload: yes
|
||
|
when: evolinux_kernel_reduce_swapiness
|
||
|
|
||
|
- name: Patch for TCP stack vulnerability CVE-2016-5696
|
||
|
sysctl:
|
||
|
name: net.ipv4.tcp_challenge_ack_limit
|
||
|
value: 1073741823
|
||
|
sysctl_file: /etc/sysctl.d/evolinux.conf
|
||
|
state: present
|
||
|
reload: yes
|
||
|
when: evolinux_kernel_cve20165696
|