Puppet Class: sysctl

Inherits:: sysctl::params

Defined in:: manifests/init.pp

Overview

Class: sysctl

concat order: 00: base 58: custom settings banner 59: custom settings

Parameters:

manage_service (Any) (defaults to: true)
manage_docker_service (Any) (defaults to: false)
disable_ipv6 (Any) (defaults to: true)
sysrq (Any) (defaults to: false)
core_uses_pid (Any) (defaults to: true)
ipv4_tcp_syncookies (Any) (defaults to: true)
disable_netfilter_on_bridges (Any) (defaults to: true)
execshield (Any) (defaults to: true)
randomize_va_space (Any) (defaults to: true)
suid_dumpable (Any) (defaults to: false)
shmall (Any) (defaults to: '4294967296')
shmmax (Any) (defaults to: '68719476736')
msgmax (Any) (defaults to: '65536')
msgmnb (Any) (defaults to: '65536')
ipv4_ip_forward (Any) (defaults to: false)
ipv4_icmp_echo_ignore_broadcasts (Any) (defaults to: true)
ipv4_icmp_ignore_bogus_error_responses (Any) (defaults to: true)
ipv4_all_log_martians (Any) (defaults to: true)
ipv4_default_log_martians (Any) (defaults to: true)
ipv4_all_accept_source_route (Any) (defaults to: false)
ipv4_default_accept_source_route (Any) (defaults to: false)
ipv4_all_rp_filter (Any) (defaults to: true)
ipv4_default_rp_filter (Any) (defaults to: true)
ipv4_all_accept_redirects (Any) (defaults to: false)
ipv4_default_accept_redirects (Any) (defaults to: false)
ipv4_all_secure_redirects (Any) (defaults to: false)
ipv4_default_secure_redirects (Any) (defaults to: false)
ipv4_all_send_redirects (Any) (defaults to: false)
ipv4_default_send_redirects (Any) (defaults to: false)

# File 'manifests/init.pp', line 8

class sysctl(
              $manage_service                         = true,
              $manage_docker_service                  = false,
              $disable_ipv6                           = true,
              $sysrq                                  = false,
              $core_uses_pid                          = true,
              $ipv4_tcp_syncookies                    = true,
              $disable_netfilter_on_bridges           = true,
              $execshield                             = true,
              $randomize_va_space                     = true,
              $suid_dumpable                          = false,
              $shmall                                 = '4294967296',
              $shmmax                                 = '68719476736',
              $msgmax                                 = '65536',
              $msgmnb                                 = '65536',
              $ipv4_ip_forward                        = false,
              $ipv4_icmp_echo_ignore_broadcasts       = true,
              $ipv4_icmp_ignore_bogus_error_responses = true,
              $ipv4_all_log_martians                  = true,
              $ipv4_default_log_martians              = true,
              $ipv4_all_accept_source_route           = false,
              $ipv4_default_accept_source_route       = false,
              $ipv4_all_rp_filter                     = true,
              $ipv4_default_rp_filter                 = true,
              $ipv4_all_accept_redirects              = false,
              $ipv4_default_accept_redirects          = false,
              $ipv4_all_secure_redirects              = false,
              $ipv4_default_secure_redirects          = false,
              $ipv4_all_send_redirects                = false,
              $ipv4_default_send_redirects            = false,
            ) inherits sysctl::params {

  Exec{
    path => '/usr/sbin:/usr/bin:/sbin:/bin',
  }

  concat { '/etc/sysctl.conf':
    ensure => 'present',
    owner  => 'root',
    group  => 'root',
    mode   => '0644',
    notify => Class['sysctl::service'],
  }

  concat::fragment{ 'base sysctl':
    target  => '/etc/sysctl.conf',
    content => template("${module_name}/sysctlbase.erb"),
    order   => '00',
  }

  class { 'sysctl::service':
    manage_service        => $manage_service,
    manage_docker_service => $manage_docker_service,
  }

}