/
main.yml
44 lines (41 loc) · 3.6 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
---
# Will display a "normal" error at 1st run, see
# https://github.com/ansible/ansible/issues/6272
- name: Set sysctl for high BW servers
tags: sysctl
sudo: yes
sysctl: name="net.ipv4.ip_forward" value=0 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_syncookies" value=1 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.conf.default.forwarding" value=0 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.conf.default.proxy_arp" value=0 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.conf.default.send_redirects" value=1 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.conf.all.rp_filter" value=0 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.conf.all.send_redirects" value=0 sysctl_set=yes state=present reload=yes
sysctl: name="kernel.sysrq" value=1 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.icmp_echo_ignore_broadcasts" value=1 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.conf.all.accept_redirects" value=0 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.icmp_ignore_bogus_error_responses" value=1 sysctl_set=yes state=present reload=yes
sysctl: name="net.core.rmem_max" value=33554432 sysctl_set=yes state=present reload=yes
sysctl: name="net.core.wmem_max" value=33554432 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_rmem" value=4096 87380 33554432 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_wmem" value=4096 65536 33554432 sysctl_set=yes state=present reload=yes
sysctl: name="net.core.netdev_max_backlog" value=262144 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_no_metrics_save" value=1 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_moderate_rcvbuf" value=1 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_tw_recycle" value=1 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_max_orphans" value=262144 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_max_syn_backlog" value=262144 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_fin_timeout" value=4 sysctl_set=yes state=present reload=yes
sysctl: name="vm.min_free_kbytes" value=65536 sysctl_set=yes state=present reload=yes
sysctl: name="net.netfilter.nf_conntrack_tcp_timeout_established" value=7200 sysctl_set=yes state=present reload=yes
sysctl: name="net.netfilter.nf_conntrack_checksum" value=0 sysctl_set=yes state=present reload=yes
sysctl: name="net.netfilter.nf_conntrack_max" value=196608 sysctl_set=yes state=present reload=yes
sysctl: name="net.netfilter.nf_conntrack_tcp_timeout_syn_sent" value=15 sysctl_set=yes state=present reload=yes
sysctl: name="net.nf_conntrack_max" value=196608 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_keepalive_time" value=60 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_keepalive_intvl" value=10 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_keepalive_probes" value=3 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.ip_local_port_range" value=1025 65530 sysctl_set=yes state=present reload=yes
sysctl: name="net.core.somaxconn" value=20480 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_max_tw_buckets" value=2000000 sysctl_set=yes state=present reload=yes
sysctl: name="net.ipv4.tcp_timestamps" value=0 sysctl_set=yes state=present reload=yes