From 9cc4a9faabec9c7346a55362cb3807a5116e41c6 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sun, 20 Mar 2022 22:08:44 +0100 Subject: [PATCH] feat: add option kernel_ipv4_ping_group_range --- defaults/main.yml | 4 +++- handlers/main.yml | 2 +- tasks/main.yml | 2 +- templates/etc/sysctl.d/local.conf.j2 | 6 +++++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 4d8bf00..e2dbeec 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,7 +5,9 @@ kernel_disable_modules: kernel_blacklist_modules: - firewire-core +# @var kernel_ipv4_ping_group_range: $ "_unset" +# @var kernel_ipv4_ping_group_range:example: $ "0 2000000" + kernel_namespace_support_enabled: False kernel_coredump_enabled: True - kernel_cgroup_v2_enabled: False diff --git a/handlers/main.yml b/handlers/main.yml index 7569876..d118017 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -5,7 +5,7 @@ become: True become_user: root -- name: reboot machine +- name: Reboot server reboot: reboot_timeout: 600 listen: __kernel_server_restart diff --git a/tasks/main.yml b/tasks/main.yml index db6e2f4..c631ab2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,7 @@ --- - include_tasks: kernel.yml - include_tasks: coredump.yml - when: not kernel_coredump_enabled + when: not (kernel_coredump_enabled | bool) - include_tasks: cgroup.yml when: - ansible_os_family | lower == "redhat" diff --git a/templates/etc/sysctl.d/local.conf.j2 b/templates/etc/sysctl.d/local.conf.j2 index 3e6a4aa..e34a930 100644 --- a/templates/etc/sysctl.d/local.conf.j2 +++ b/templates/etc/sysctl.d/local.conf.j2 @@ -66,6 +66,10 @@ net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 -{% if kernel_namespace_support_enabled %} +{% if kernel_namespace_support_enabled | bool %} user.max_user_namespaces = 15076 {% endif %} + +{% if kernel_ipv4_ping_group_range is defined %} +net.ipv4.ping_group_range={{ kernel_ipv4_ping_group_range }} +{% endif %}