dbs_sysctl_config is an hash (closes #14)

Author: HanXHX

defaults/main.yml

@@ -29,7 +29,7 @@ dbs_set_timezone: true
 dbs_set_ntp: true
 
 # -------------------------
-# Alternatives 
+# Alternatives
 # -------------------------
 dbs_alternative_editor: '/usr/bin/vim.basic'
 dbs_alternative_awk: '/usr/bin/gawk'
@@ -56,58 +56,58 @@ dbs_groups: []
 dbs_sysctl_config:
 ### IMPROVE SYSTEM MEMORY MANAGEMENT ###
 # Increase size of file handles and inode cache
-  - { key: 'fs.file-max', value: '2097152' }
+  'fs.file-max': '2097152'
 # Do less swapping
-  - { key: 'vm.swappiness', value: '10' }
-  - { key: 'vm.dirty_ratio', value: '60' }
-  - { key: 'vm.dirty_background_ratio', value: '2' }
+  'vm.swappiness': '10'
+  'vm.dirty_ratio': '60'
+  'vm.dirty_background_ratio': '2'
 ### GENERAL NETWORK SECURITY OPTIONS ###
 # Number of times SYNACKs for passive TCP connection.
-  - { key: 'net.ipv4.tcp_synack_retries', value: '2' }
+  'net.ipv4.tcp_synack_retries': '2'
 # Allowed local port range
-  - { key: 'net.ipv4.ip_local_port_range', value: '2000 65535' }
+  'net.ipv4.ip_local_port_range': '2000 65535'
 # Protect Against TCP Time-Wait
-  - { key: 'net.ipv4.tcp_rfc1337', value: '1' }
+  'net.ipv4.tcp_rfc1337': '1'
 # Decrease the time default value for tcp_fin_timeout connection
-  - { key: 'net.ipv4.tcp_fin_timeout', value: '15' }
+  'net.ipv4.tcp_fin_timeout': '15'
 # Decrease the time default value for connections to keep alive
-  - { key: 'net.ipv4.tcp_keepalive_time', value: '300' }
-  - { key: 'net.ipv4.tcp_keepalive_probes', value: '5' }
-  - { key: 'net.ipv4.tcp_keepalive_intvl', value: '15' }
-# Resist SYN flood attack 
-  - { key: 'net.ipv4.tcp_syncookies', value: '1' }
+  'net.ipv4.tcp_keepalive_time': '300'
+  'net.ipv4.tcp_keepalive_probes': '5'
+  'net.ipv4.tcp_keepalive_intvl': '15'
+# Resist SYN flood attack
+  'net.ipv4.tcp_syncookies': '1'
 ### TUNING NETWORK PERFORMANCE ###
 # Default Socket Receive Buffer
-  - { key: 'net.core.rmem_default', value: '31457280' }
+  'net.core.rmem_default': '31457280'
 # Maximum Socket Receive Buffer
-  - { key: 'net.core.rmem_max', value: '12582912' }
+  'net.core.rmem_max': '12582912'
 # Default Socket Send Buffer
-  - { key: 'net.core.wmem_default', value: '31457280' }
+  'net.core.wmem_default': '31457280'
 # Maximum Socket Send Buffer
-  - { key: 'net.core.wmem_max', value: '12582912' }
+  'net.core.wmem_max': '12582912'
 # Increase number of incoming connections
-  - { key: 'net.core.somaxconn', value: '65536' }
+  'net.core.somaxconn': '65536'
 # Increase number of incoming connections backlog
-  - { key: 'net.core.netdev_max_backlog', value: '65536' }
+  'net.core.netdev_max_backlog': '65536'
 # Increase the maximum amount of option memory buffers
-  - { key: 'net.core.optmem_max', value: '25165824' }
+  'net.core.optmem_max': '25165824'
 # Increase the maximum total buffer-space allocatable
 # This is measured in units of pages (4096 bytes)
-  - { key: 'net.ipv4.tcp_mem', value: '65536 131072 262144' }
-  - { key: 'net.ipv4.udp_mem', value: '65536 131072 262144' }
+  'net.ipv4.tcp_mem': '65536 131072 262144'
+  'net.ipv4.udp_mem': '65536 131072 262144'
 # Increase the read-buffer space allocatable
-  - { key: 'net.ipv4.tcp_rmem', value: '8192 87380 16777216' }
-  - { key: 'net.ipv4.udp_rmem_min', value: '16384' }
+  'net.ipv4.tcp_rmem': '8192 87380 16777216'
+  'net.ipv4.udp_rmem_min': '16384'
 # Increase the write-buffer-space allocatable
-  - { key: 'net.ipv4.tcp_wmem', value: '8192 65536 16777216' }
-  - { key: 'net.ipv4.udp_wmem_min', value: '16384' }
+  'net.ipv4.tcp_wmem': '8192 65536 16777216'
+  'net.ipv4.udp_wmem_min': '16384'
 # Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
-  - { key: 'net.ipv4.tcp_max_tw_buckets', value: '1440000' }
-# Disable this feature.... dangerous :)
-  - { key: 'net.ipv4.tcp_tw_recycle', value: '0' }
+  'net.ipv4.tcp_max_tw_buckets': '1440000'
+# Disable this feature.... dangerous ':)
+  'net.ipv4.tcp_tw_recycle': '0'
 # Reuse TIME-WAIT state for outgoing connexion (safe)
-  - { key: 'net.ipv4.tcp_tw_reuse', value: '1' }
+  'net.ipv4.tcp_tw_reuse': '1'
 # Increase system IP port limits to allow for more connections
-  - { key: 'net.ipv4.tcp_window_scaling', value: '1' }
+  'net.ipv4.tcp_window_scaling': '1'
 # number of packets to keep in backlog before the kernel starts dropping them
-  - { key: 'net.ipv4.tcp_max_syn_backlog', value: '3240000' }
+  'net.ipv4.tcp_max_syn_backlog': '3240000'

tasks/system.yml

@@ -21,5 +21,5 @@
     value='{{ item.value }}'
     sysctl_file=/etc/sysctl.d/ansible.conf
     state=present
-  with_items: "{{ dbs_sysctl_config }}"
+  with_dict: "{{ dbs_sysctl_config }}"