coulomb/railiance-infra
0
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity
Files
ff59d4e0f83253d798def5e427c0f67942ce7cf9
railiance-infra/ansible/roles/swapfile/tasks/main.yml
tegwick ff59d4e0f8 feat(ansible): add swapfile + resource_limits roles; add CoulombCore to inventory 
T01: roles/swapfile — idempotent 4GB swapfile, vm.swappiness=10, fstab entry
T02: roles/resource_limits — PAM nproc caps (512/1024), systemd user-1000.slice
     memory limits (1500M/512M); templated per-host via host_vars
- inventory/host_vars/CoulombCore.yml — host-specific vars for both roles
- inventory/servers.yaml — add CoulombCore with id_ops SSH key
- inventory_from_yaml.py — load host_vars files into Ansible hostvars
- playbooks/bootstrap.yaml — include swapfile + resource_limits roles
- workplans/WP-0004 — flag T04/T09/T10 needs_human, add CoulombCore-local convergence note

Codifies manual INC-002 hardening. See RAIL-HO-WP-0004-T01/T02.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-27 01:49:35 +01:00

60 lines
1.5 KiB
YAML
Raw Blame History

---
# swapfile role — provisions a swap file of configurable size
#
# Variables (set per-host in host_vars):
# swap_size_gb: size in gigabytes (default: 4)
# swap_swappiness: vm.swappiness value (default: 10)
- name: Check if swapfile exists with correct size
ansible.builtin.stat:
path: /swapfile
register: swapfile_stat
- name: Allocate swapfile (fallocate)
ansible.builtin.command:
cmd: "fallocate -l {{ (swap_size_gb | default(4)) | int }}G /swapfile"
creates: /swapfile
when: not swapfile_stat.stat.exists
- name: Set swapfile permissions
ansible.builtin.file:
path: /swapfile
owner: root
group: root
mode: '0600'
- name: Format swapfile
ansible.builtin.command:
cmd: mkswap /swapfile
when: not swapfile_stat.stat.exists
- name: Enable swapfile
ansible.builtin.command:
cmd: swapon /swapfile
when: not swapfile_stat.stat.exists
ignore_errors: true # already active is not an error
- name: Ensure swapfile in /etc/fstab
ansible.builtin.lineinfile:
path: /etc/fstab
regexp: '^/swapfile'
line: '/swapfile none swap sw 0 0'
state: present
- name: Set vm.swappiness at runtime
ansible.posix.sysctl:
name: vm.swappiness
value: "{{ swap_swappiness | default(10) }}"
state: present
reload: true
- name: Persist vm.swappiness across reboots
ansible.builtin.copy:
dest: /etc/sysctl.d/60-swappiness.conf
owner: root
group: root
mode: '0644'
content: |
# Managed by Ansible (swapfile role)
vm.swappiness = {{ swap_swappiness | default(10) }}
Reference in New Issue View Git Blame Copy Permalink