ansible_role_systemparameters

Overview Versions Insights

Ansible role filemanager

Managing sysctl, kernel modules and limits configuration.

Build Status

License

MIT / BSD

Author Information

Requirements

  • Ensure sufficient privileged permissions to manage /etc/sysctl.conf and files in /etc/sysctl.d/.
  • Ensure sufficient privileged permissions to manage files in /etc/modprobe.d/ and /etc/modules-load.d/.

Dependencies

N/A

Compatibility

Compatible with the following list of operating systems:

  • CentOS 7
  • CentOS 8
  • RHEL 7.x
  • RHEL 8.x

Role Variables

Variable name Description
role_systemparameters_sysctl_list Combined list of other lists that start with the name role_systemparameters_sysctl_list_. Each list contains files and parameters to manage.
role_systemparameters_modprobe_list Combined list of other lists that start with the name role_systemparameters_modprobe_list_. Each list contains files and parameters to manage.
role_systemparameters_kernelmodules_list Combined list of other lists that start with the name role_systemparameters_kernelmodules_list_. Each list contains files and parameters to manage.
role_systemparameters_limits_list Combined list of other lists that start with the name role_systemparameters_limits_list_. Each list contains files and parameters to manage.

Keep in mind that the list contain raw values for each line of the configuration. Please refer to the documentation of each specific part for further guidance. From this role point of view it only deploys the files from containing the raw parameters. This role does not contain any specific logic to help configuring each property. It just deploys files from the variable definitions given through the inventory.

Example Playbook

---
- name: Managing sysctl, kernel modules and limits configuration
  become: False
  gather_facts: False
  tasks:
    - import_role:
        name: ansible_role_systemparameters
      vars:
        role_systemparameters_sysctl_list_some_profile_01:
          - dest: /etc/sysctl.d/CIS.conf
            src: generic_conf_file.j2
            state: present
            owner: root
            group: root
            mode: '0644'
            parameters:
              - 'fs.suid_dumpable = 0'
              - 'kernel.randomize_va_space = 2'
              - 'net.ipv4.ip_forward = 0'
              - 'net.ipv4.conf.all.send_redirects = 0'
              - 'net.ipv4.conf.default.send_redirects = 0'
              - 'net.ipv4.conf.all.accept_source_route = 0'
              - 'net.ipv4.conf.default.accept_source_route = 0'
              - 'net.ipv4.conf.all.accept_redirects = 0'
              - 'net.ipv4.conf.default.accept_redirects = 0'
              - 'net.ipv4.conf.all.secure_redirects = 0'
              - 'net.ipv4.conf.default.secure_redirects = 0'
              - 'net.ipv4.conf.all.log_martians = 1'
              - 'net.ipv4.conf.default.log_martians = 1'
              - 'net.ipv4.icmp_echo_ignore_broadcasts = 1'
              - 'net.ipv4.icmp_ignore_bogus_error_responses = 1'
              - 'net.ipv4.conf.all.rp_filter = 1'
              - 'net.ipv4.conf.default.rp_filter = 1'
              - 'net.ipv4.tcp_syncookies = 1'
              - 'net.ipv6.conf.all.accept_ra = 0'
              - 'net.ipv6.conf.default.accept_ra = 0'
              - 'net.ipv6.conf.all.accept_redirects = 0'
              - 'net.ipv6.conf.default.accept_redirects = 0'
        role_systemparameters_modprobe_list_some_profile_01:
          - dest: /etc/modprobe.d/CIS.conf
            src: generic_conf_file.j2
            state: present
            owner: root
            group: root
            mode: '0644'
            parameters:
              - 'install cramfs /bin/true'
              - 'install freevxfs /bin/true'
              - 'install jffs2 /bin/true'
              - 'install hfs /bin/true'
              - 'install hfsplus /bin/true'
              - 'install squashfs /bin/true'
              - 'install udf /bin/true'
              - 'install vfat /bin/true'
              - 'install usb-storage /bin/true'
              - 'install firewire-core /bin/true'
              - 'install dccp /bin/true'
              - 'install sctp /bin/true'
              - 'install rds /bin/true'
              - 'install tipc /bin/true'
        role_systemparameters_kernelmodules_list_some_profile_01:
          - dest: /etc/modules-load.d/sample_configuration.conf
            src: generic_conf_file.j2
            state: present
            owner: root
            group: root
            mode: '0644'
            parameters:
              - '# Sample line'
        role_systemparameters_limits_list_some_profile_01:
          - dest: /etc/security/limits.d/CIS.conf
            src: generic_conf_file.j2
            state: present
            owner: root
            group: root
            mode: '0644'
            parameters:
              - '* hard core 0'

...

Useful shell commands

N/A

Additional documentation resources

N/A

Testing with Molecule

This role is locally tested with the use of Molecule, the configuration is located at: molecule/default.
The Molecule tests are run (using the docker driver) on Dockerhub images built for this purpose:

CI/CD with Travis CI

This role uses Travis CI to run online tests with the use of Molecule and pushes notifications to import the role into Ansible Galaxy once the tests are successful. The Travis CI configuration is located at the root of the Ansible role .travis.yml

About

Managing sysctl and kernel modules.

role kernel manage modprobe modules parameters sysctl
Install
ansible-galaxy install Caseraw/ansible_role_systemparameters
GitHub repository
0 stars
0 forks
1 open issues
License
Unknown
Downloads
21
Owner
Kasra
DevOps | RHCA | Red Hat Accelerator