This role helps with managing kernel parameters from Ansible variables. For example, it allows to change parameters at
runtime with Ansible's [sysctl][ansible-builtin-sysctl] module or edit files in /etc/sysctl.d/ with lineinfile module. Role variable sysctl_config defines a list of tasks which will be run by this role.
Each task calls an Ansible module similar to tasks in roles or playbooks except that only few keywords such as when are supported. For example, to enable forwarding of incoming IPv4 packets aka
routing, define variable sysctl_config in group_vars or host_vars as such:
sysctl_config:
- # Enable forwarding of IPv4 packets at runtime
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
state: present
sysctl_file: /etc/sysctl.d/10-ip-forward.conf
sysctl_set: true
- # Enable forwarding of IPv4 packets after reboots
ansible.builtin.copy:
content: |
# 2021 Jakob Meng, <[email protected]>
net.ipv4.ip_forward = 1
dest: /etc/sysctl.d/10-ip-forward.confWhen this role is executed, it will run all tasks listed in sysctl_config one after another.
Tested OS images
- Cloud image (
amd64) of Debian 10 (Buster) - Cloud image (
amd64) of Debian 11 (Bullseye) - Cloud image (
amd64) of Debian 12 (Bookworm) - Cloud image (
amd64) of Debian 13 (Trixie) - Cloud image (
amd64) of CentOS 7 (Core) - Cloud image (
amd64) of CentOS 8 (Stream) - Cloud image (
amd64) of CentOS 9 (Stream) - Cloud image (
amd64) of Fedora Cloud Base 40 - Cloud image (
amd64) of Ubuntu 18.04 LTS (Bionic Beaver) - Cloud image (
amd64) of Ubuntu 20.04 LTS (Focal Fossa) - Cloud image (
amd64) of Ubuntu 22.04 LTS (Jammy Jellyfish) - Cloud image (
amd64) of Ubuntu 24.04 LTS (Noble Numbat)
Available on Ansible Galaxy in Collection jm1.cloudy.
This role uses module(s) from collection jm1.ansible. To install this collection you may follow
the steps described in README.md using the provided requirements.yml.
| Name | Default value | Required | Description |
|---|---|---|---|
sysctl_config |
[] |
false | List of tasks to run 1 2 3, e.g. to update kernel parameters Ansible's [sysctl][ansible-builtin-sysctl] module |
None.
- hosts: all
become: true
vars:
# Variables are listed here for convenience and illustration.
# In a production setup, variables would be defined e.g. in
# group_vars and/or host_vars of an Ansible inventory.
# Ref.:
# https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html
# https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
sysctl_config:
- # Enable forwarding of IPv4 packets at runtime
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
state: present
sysctl_file: /etc/sysctl.d/10-ip-forward.conf
sysctl_set: true
- # Enable forwarding of IPv4 packets after reboots
ansible.builtin.copy:
content: |
# 2021 Jakob Meng, <[email protected]>
net.ipv4.ip_forward = 1
dest: /etc/sysctl.d/10-ip-forward.conf
roles:
- name: Manage kernel parameters
role: jm1.cloudy.sysctl
tags: ["jm1.cloudy.sysctl"]For instructions on how to run Ansible playbooks have look at Ansible's Getting Started Guide.
GNU General Public License v3.0 or later
See LICENSE.md to see the full text.
Jakob Meng @jm1 (github, galaxy, web)
Footnotes
-
Useful Ansible modules in this context could be
blockinfile,copy,file,lineinfile,sysctlandtemplate. ↩ -
Tasks will be executed with
jm1.ansible.execute_modulewhich supports keywordwhenonly. ↩ -
Tasks will be executed with
jm1.ansible.execute_modulewhich supports modules and action plugins only. Some Ansible modules such asansible.builtin.metaandansible.builtin.{include,import}_{playbook,role,tasks}are core features of Ansible, in fact not implemented as modules and thus cannot be called fromjm1.ansible.execute_module. Doing so causes Ansible to raise errors such asMODULE FAILURE\nSee stdout/stderr for the exact error. In addition, Ansible does not support free-form parameters for arbitrary modules, so for example, change from- debug: msg=""to- debug: { msg: "" }. ↩