Emergency Patch + Experiment to help surface which of the 10 sysctl tweaks are need/necessary

roles/2-common/tasks/main.yml

@@ -21,21 +21,21 @@
 - include_tasks: packages.yml
 - include_tasks: iptables.yml
 
-- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible
-  sysctl:
-    name: "{{ item.name }}"
-    value: "{{ item.value }}"
-  with_items:
-    - { name: 'net.ipv4.ip_forward', value: '1' }
-    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
-    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
-    - { name: 'kernel.sysrq', value: '1' }
-    - { name: 'kernel.core_uses_pid', value: '1' }
-    - { name: 'net.ipv4.tcp_syncookies', value: '1' }
-    - { name: 'kernel.shmmax', value: '268435456' }
-    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
-    - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
-    - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }
+#- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible
+#  sysctl:
+#    name: "{{ item.name }}"
+#    value: "{{ item.value }}"
+#  with_items:
+#    - { name: 'net.ipv4.ip_forward', value: '1' }
+#    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
+#    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
+#    - { name: 'kernel.sysrq', value: '1' }
+#    - { name: 'kernel.core_uses_pid', value: '1' }
+#    - { name: 'net.ipv4.tcp_syncookies', value: '1' }
+#    - { name: 'kernel.shmmax', value: '268435456' }
+#    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
+#    - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
+#    - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }
 
 - name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
   template: