openstack/ansible-hardening
Code Issues Proposed changes

Make sysctl configuration path configurable

Browse Source 
Defaults to /etc/sysctl.conf to retain current behavior

Change-Id: Ie78ccc10bd129bccdd21b4b8e95e51a7f47d9e2f
This commit is contained in:
Daniel 'f0o' Preussker 2025-01-19 07:51:34 +00:00
parent f97af47301
commit b46f4809c8
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -412,3 +412,5 @@ security_contrib_enabled: no
# DANGER: SYSTEM. This will cause downtime for any services that depend on # DANGER: SYSTEM. This will cause downtime for any services that depend on
# DANGER: IPv6 network connectivity. # DANGER: IPv6 network connectivity.
security_contrib_disable_ipv6: no # C-00001 security_contrib_disable_ipv6: no # C-00001
security_sysctl_file: "{{ openstack_sysctl_file | default('/etc/sysctl.conf') }}"

1
tasks/rhel7stig/kernel.yml
View File

@ -31,6 +31,7 @@
name: "{{ item.name }}" name: "{{ item.name }}"
value: "{{ item.value }}" value: "{{ item.value }}"
state: "{{ item.enabled | ternary('present', 'absent') }}" state: "{{ item.enabled | ternary('present', 'absent') }}"
sysctl_file: "{{ security_sysctl_file }}"
reload: yes reload: yes
when: when:
- item.enabled | bool - item.enabled | bool