tripleo-ansible/tripleo_ansible/roles/tripleo_kernel/vars/main.yml

---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


tripleo_kernel_modules:
  br_netfilter: {}
  nf_conntrack: {}

tripleo_kernel_sysctl_settings:
  net.ipv4.tcp_keepalive_intvl:
    value: 1
  net.ipv4.tcp_keepalive_probes:
    value: 5
  net.ipv4.tcp_keepalive_time:
    value: 5
  net.ipv4.conf.default.send_redirects:
    value: 0
  net.ipv4.conf.all.send_redirects:
    value: 0
  net.ipv4.conf.all.arp_accept:
    value: 1
  net.ipv4.conf.default.accept_redirects:
    value: 0
  net.ipv4.conf.default.secure_redirects:
    value: 0
  net.ipv4.conf.all.secure_redirects:
    value: 0
  net.ipv4.conf.default.log_martians:
    value: 1
  net.ipv4.conf.all.log_martians:
    value: 1
  net.nf_conntrack_max:
    value: 500000
  net.netfilter.nf_conntrack_max:
    value: 500000
  net.ipv6.conf.all.accept_ra:
    value: 0
  net.ipv6.conf.default.accept_ra:
    value: 0
  net.ipv6.conf.all.autoconf:
    value: 0
  net.ipv6.conf.default.autoconf:
    value: 0
  net.ipv6.conf.default.accept_redirects:
    value: 0
  net.ipv6.conf.all.accept_redirects:
    value: 0
  net.ipv4.conf.all.arp_notify:
    value: 1
  net.ipv6.conf.all.ndisc_notify:
    value: 1
  net.core.netdev_max_backlog:
    value: 10000
  kernel.dmesg_restrict:
    value: 1
  fs.suid_dumpable:
    value: 0