Ansible Sysctl

In Linux, the sysctl interface allows us to modify the kernel parameters at runtime, a handy feature for adjusting the system-level components.

You can find the list of available parameters in the /proc/sys directory. To ensure persistence across reboots, we must save the modifications to a file that is typically located in /etc/sysctl.conf or the files in the /etc/sysctl.d/ directory.

Ansible, an automation tool, allows us to interact with the sysctl interface using the “posix.sysctl” module. This module is part of “ansible.posix” collection which contains a comprehensive set of tools and features for interacting with Posix systems.

Ansible Sysctl Module

The Ansible sysctl module provides a mechanism to manage these kernel parameters, whether for temporary or persistent changes.

We can use this module to use the sysctl entries and perform a /sbin/sysctl -p command after the configuration as defined.

Module Parameters

The sysctl module has several parameters that allows us to configure its behavior and functionalities:

name – This is the dot-separated sysctl entry name, e.g., net.ipv4.ip_forward.

value – It specifies the value that you want to set for the specified sysctl entry.

state:

• present – It ensures that the sysctl value is set (default).
• absent – It ensures that the sysctl value is not set.

reload – It determines whether to reload (or restart) sysctl with the new value after setting. The default is yes.

sysctl_file – It sets the path to the file to use instead of /etc/sysctl.conf for persisting changes. This can be useful when working with systems that use the /etc/sysctl.d/ directory structure.

ignoreerrors – You can use this parameter if you want the task to ignore the errors while setting the sysctl value. The default value is set no.

The list are the parameters that we can use to configure the sysctl module in Ansible.

Practical Examples:

Let us explore some basic examples of using the sysctl module to configure various kernel featurs.

Example 1: Enable the IP Forwarding

The following example demonstrates how we can use this module to enable the IP forwarding by editing the kernel parameters as follows:

NOTE: Since we are modifying the system kernel parameters, you must provide the root password when running the playbook.

This should enable the IPv4 forwarding and reload the changes on the target systems.

Example 2: Disable the ICMP Redirects

To turn off a feature, we can use the state absent parameter. An example playbook is as follows:

This playbook should disable the ICMP redirects and reload the changes.

Example 3: Setting Multiple Parameters

We can also configure multiple parameters at once using a basic Ansible loop as demonstrated in the following example playbook:

The previous playbook should set the defined parameters to the configured value. In this case, the playbook should enable the IP forward and disable the ICMP redirects in a single playbook.

Example 4: Removing a Parameter Setting

We can also remove a previously set parameter using the absent parameter as illustrated in the following example playbook:

Setting the state to absent forces Ansible to remove the parameter from the kernel configuration.

Example 5: Specifying a Different Sysctl File

Sometimes, you may encounter such systems where the sysctl uses the /etc/sysctl.d/ directory. To specify the configuration file that you wish to use, you can take advantage of the sysctl_file parameter as demonstrated in the following playbook example:

This defines a custom path to the configuration file.

Conclusion

As shown in this tutorial, the sysctl module in Ansible offers a simple but reliable method for managing and configuring the kernel parameters. Whether setting new values, removing existing values, or reloading the kernel parameters, the sysctl module will be handy.