BestHub
Sign in
Operations 7 min read

Automate sysctl, SELinux, and Mount Configurations with Ansible

This guide shows how to use Ansible to automate Linux sysctl parameter tuning, manage SELinux policies, and configure filesystem mount points, providing step‑by‑step examples and code snippets that simplify operations and improve system stability and security.

Linux Ops Smart Journey
Linux Ops Smart Journey
Linux Ops Smart Journey
Automate sysctl, SELinux, and Mount Configurations with Ansible

Automating sysctl Configuration

sysctl is a tool for modifying Linux kernel runtime parameters. Using Ansible, you can batch‑configure these parameters.

Key parameters for the Ansible sysctl module:

name (required): dotted path of the sysctl variable.

value/val : desired value for the sysctl key.

reload : whether to apply immediately (default yes).

sysctl_file : absolute path to the sysctl file.

state : present or absent.

Example commands:

<code># Write net.ipv4.ip_forward=1 to /etc/sysctl.conf
ansible -i hosts ansible -m sysctl -a "name=net.ipv4.ip_forward value=1 state=present"
# Write to a custom file
ansible -i hosts ansible -m sysctl -a "name=net.ipv4.ip_forward value=1 sysctl_file=/etc/sysctl.d/test.conf state=present"
# Remove the parameter
ansible -i hosts ansible -m sysctl -a "name=net.ipv4.ip_forward state=absent"
</code>

Managing SELinux Policies

SELinux provides mandatory access control. Ansible can manage its configuration.

Important fields for the Ansible selinux module:

configfile : path to SELinux config file (default /etc/selinux/config).

state (required): desired SELinux state, e.g., disabled, enforcing, permissive.

Example:

<code># Check current state
grep ^SELINUX= /etc/selinux/config
# Set SELinux to disabled
ansible -i hosts ansible -m selinux -a "state=disabled"
</code>

Automating Filesystem Mounts

The Ansible mount module can configure mount points.

Key options:

src : device or remote path to mount.

path (required): local mount point.

opts : mount options.

fstype : filesystem type.

state (required): mounted, present, unmounted, absent.

Examples:

<code># Initialize disk and mount
ansible -i hosts ansible -m shell -a "mkfs.xfs -f /dev/vdb"
ansible -i hosts ansible -m mount -a "src=/dev/vdb path=/data fstype=xfs state=mounted"
# Mount NFS storage
ansible -i hosts ansible -m mount -a "src=172.139.20.170:/data/nfs path=/data fstype=nfs opts=defaults,_netdev state=mounted"
# Remove mount
ansible -i hosts ansible -m mount -a "src=172.139.20.170:/data/nfs path=/data fstype=nfs opts=defaults,_netdev state=absent"
</code>

By following these examples, you can easily automate sysctl parameters, SELinux policies, and mount points with Ansible, simplifying operations and enhancing system stability and security.

AutomationoperationssysctlAnsiblemountSELinux
Linux Ops Smart Journey
Written by

Linux Ops Smart Journey

The operations journey never stops—pursuing excellence endlessly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment