-
Notifications
You must be signed in to change notification settings - Fork 739
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom sysctl #50
Comments
The sysctl vars aren't meant to be overwritten. If you really want to, you could either change the vars in the vars-file or try putting the whole sysctl.yml content into the defaults/main.yml and overwrite it then. Make sure to empty the vars/sysctl.yml before, or remove the first tasks in the tasks/sysctl.yml. Also what variable do you want to overwrite? |
Disable IPv4 traffic forwarding.net.ipv4.ip_forward: 1 I'm using your role (and ssh also) for all my instances, including firewalls/gateways |
I'm not sure yet, but possible there is something else incompatible with ipvs, didn't finish testing yet |
I'll see if I can put the sysctl-variables in the defaults-file, so it's overwriteable. |
It would be great! |
I hesitate to change this, because if you want to overwrite a single hash in the sysctl dict like this:
you'll overwrite the whole dict, no only the single hash, meaning only the Now I see multiple options here:
Right now I prefer the first or last option. What do you think @chris-rock? Let the user overwrite dict variables and then possibly break the whole sysctl-dict or keep it the way it currently is and be less modifiable? |
On alternate branch https://github.com/hardening-io/ansible-os-hardening/tree/mv_sysctl_to_defaults I moved the variables to the defaults and changed the docs. What do you guys think? |
Hi Sebastian, Good CAUTION section From one point of view having the dict with sysctl for all installations is If all the values is separated (like os_auth_*, it's not a dict by some Did I miss something? On Thursday, October 29, 2015, Sebastian Gumprich notifications@github.com
GOD! Save As! |
Hi @fitz123, So I read #18 again and the reasons for doing it the way it currently is were:
and:
I still think theses are good reasons and I'd like to keep the dict that way.
Since the work for no. 2 is already done I'm in favor of this. @fitz123, @chris-rock what do you think? PS: |
+1 Simply moving the nested dict into Using the new Ansible filter to combine dicts is a great idea, but would force users of the role to start using Ansible 2—and it's a bit early to make it a hard requirement. |
Resolved via #67; OK to close. |
add modes to template and file tasks
Hi there!
Is there any way to rewrite some sysctl values? You're using /var, it's most prioritize variables.
I'm not sure how to make vars as "default", not mandatory, to be able change them in host/group vars
The text was updated successfully, but these errors were encountered: