Commit 40a083de authored by Pietsch, Martin's avatar Pietsch, Martin

added persistent kernel option settings

parent 2c81bab6
......@@ -5,7 +5,7 @@ This role configures and upgrades a FreeBSD system. Furthermore, it creates a mi
For the creation of jail container it is possible to define special rules for devices to be seen by them. An example is:
function_packages:
- name: "example.service"
* name: "example.service"
container: true
container_options:
exec.start: "/bin/sh /etc/rc"
......@@ -15,7 +15,7 @@ function_packages:
securelevel: "3"
devfs_ruleset: "5"
devfs_rules:
- "add path deviceXY unhide"
* "add path deviceXY unhide"
path: /var/jails/$name
The list *devfs_rules* contains a devfs rule that enables the *deviceXY* to the container. It is also nessecary to set the container option *devfs_ruleset*.
......@@ -27,51 +27,56 @@ Requirement
User defined variables
----------------------
- hostname: inventory hostname, needed for creation of answer file
- network
- keymap
- locale
* hostname: inventory hostname, needed for creation of answer file
* network
* keymap
* locale
Variables
---------
- freebsd_install_home_mirror:
- description:
- home URL of install packages of FreeBSD
- default: ftp://ftp.freebsd.org/pub/FreeBSD/releases
* freebsd_install_home_mirror:
* description:
* home URL of install packages of FreeBSD
* default: ftp://ftp.freebsd.org/pub/FreeBSD/releases
- freebsd_install_local_mirror:
- description:
- local URL of install packages of FreeBSD
- default: ""
* freebsd_install_local_mirror:
* description:
* local URL of install packages of FreeBSD
* default: ""
* freebsd_kernel_options:
* description:
* This option is a list of tuples (name, value) of kernel options with their value.
* default: look at vars/main.yml
Connection plugins
------------------
- sshjail
* sshjail
Filter plugins
--------------
- ip_in_range
- regex_filter_list
* ip_in_range
* regex_filter_list
Module
------
- jail
* jail
Roles
-----
- package.pf
- package.packaging.pkgng
* package.pf
* package.packaging.pkgng
Tools
-----
- git
- unarchive
* git
* unarchive
Processes
=========
......@@ -91,6 +96,7 @@ configure
---------
1. execute basic system configuration
2. set persistent kernel options
2. set network configuration for IPv4 and IPv6
3. restart network interfaces, if necessary
4. set DNS configuration
......
......@@ -3,6 +3,16 @@
name: system
tasks_from: configure
- name: configure persistent kernel options
lineinfile:
path: /etc/sysctl.conf
regexp: "{{ '^%s=' | format(_freebsd_kernel_option.name) }}"
line: "{{ '%s=%s' | format(_freebsd_kernel_option.name, _freebsd_kernel_option.value) }}"
loop: "{{ freebsd_kernel_options }}"
loop_control:
loop_var: _freebsd_kernel_option
notify: "reload FreeBSD kernel options"
- name: collect all DHCP ranges
set_fact:
dhcp_ranges: >-
......
......@@ -3,3 +3,7 @@ package_packages: {
"freebsd" : ["gtar", "git"]
}
freebsd_kernel_options:
- name: "net.inet.tcp.rfc1323" # Disable TCP timestamps (NVT: 1.3.6.1.4.1.25623.1.0.80091)
value: "0"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment