Clean 2-common/tasks/main.yml

roles/2-common/tasks/main.yml

@@ -23,57 +23,21 @@
 - include_tasks: packages.yml
 - include_tasks: iptables.yml
 
-- sysctl:
+- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible
-    name: net.ipv4.ip_forward
+  sysctl:
-    value: '1'
+    name: "{{ item.name }}"
-    state: present
+    value: "{{ item.value }}"
-
+  with_items:
-- sysctl:
+    - { name: 'net.ipv4.ip_forward', value: '1' }
-    name: net.ipv4.conf.default.rp_filter
+    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
-    value: '1'
+    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
-    state: present
+    - { name: 'kernel.sysrq', value: '1' }
-
+    - { name: 'kernel.core_uses_pid', value: '1' }
-- sysctl:
+    - { name: 'net.ipv4.tcp_syncookies', value: '1' }
-    name: net.ipv4.conf.default.accept_source_route
+    - { name: 'kernel.shmmax', value: '268435456' }
-    value: '0'
+    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
-    state: present
+    - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
-
+    - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }
-- sysctl:
-    name: kernel.sysrq
-    value: '1'
-    state: present
-
-- sysctl:
-    name: kernel.core_uses_pid
-    value: '1'
-    state: present
-
-- sysctl:
-    name: net.ipv4.tcp_syncookies
-    value: '1'
-    state: present
-
-- sysctl:
-    name: kernel.shmmax
-    value: '268435456'
-    state: present
-
-# IPv6 disabled
-
-- sysctl:
-    name: net.ipv6.conf.all.disable_ipv6
-    value: '1'
-    state: present
-
-- sysctl:
-    name: net.ipv6.conf.default.disable_ipv6
-    value: '1'
-    state: present
-
-- sysctl:
-    name: net.ipv6.conf.lo.disable_ipv6
-    value: '1'
-    state: present
 
 - name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
   template:
@@ -91,4 +55,3 @@
     dest: "{{ iiab_env_file }}"
     regexp: '^STAGE=*'
     line: 'STAGE=2'
-    state: present