From b46f4809c800b32e6f94e22bd9b5886f7d90c329 Mon Sep 17 00:00:00 2001
From: Daniel 'f0o' Preussker <f0o@devilcode.org>
Date: Sun, 19 Jan 2025 07:51:34 +0000
Subject: [PATCH] Make sysctl configuration path configurable Defaults to
 /etc/sysctl.conf to retain current behavior

Change-Id: Ie78ccc10bd129bccdd21b4b8e95e51a7f47d9e2f
---
 defaults/main.yml          | 2 ++
 tasks/rhel7stig/kernel.yml | 1 +
 2 files changed, 3 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index c61b4eae..8c2ed9ee 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -412,3 +412,5 @@ security_contrib_enabled: no
 # DANGER: SYSTEM. This will cause downtime for any services that depend on
 # DANGER: IPv6 network connectivity.
 security_contrib_disable_ipv6: no                            # C-00001
+
+security_sysctl_file: "{{ openstack_sysctl_file | default('/etc/sysctl.conf') }}"
diff --git a/tasks/rhel7stig/kernel.yml b/tasks/rhel7stig/kernel.yml
index 49577a2e..5378bec1 100644
--- a/tasks/rhel7stig/kernel.yml
+++ b/tasks/rhel7stig/kernel.yml
@@ -31,6 +31,7 @@
     name: "{{ item.name }}"
     value: "{{ item.value }}"
     state: "{{ item.enabled | ternary('present', 'absent') }}"
+    sysctl_file: "{{ security_sysctl_file }}"
     reload: yes
   when:
     - item.enabled | bool