From 18c87466f6eaaffc14973a6623b4247c58b22e16 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sun, 25 Aug 2013 15:44:17 +0100 Subject: [PATCH] add control for ulimits Signed-off-by: Stephen Gran --- modules/site/manifests/limit.pp | 83 ++++++++++++++++++++++++++ modules/site/templates/limits.conf.erb | 2 + 2 files changed, 85 insertions(+) create mode 100644 modules/site/manifests/limit.pp create mode 100644 modules/site/templates/limits.conf.erb diff --git a/modules/site/manifests/limit.pp b/modules/site/manifests/limit.pp new file mode 100644 index 000000000..d91d786d4 --- /dev/null +++ b/modules/site/manifests/limit.pp @@ -0,0 +1,83 @@ +# == Define: site::limit +# +# Apply a ulimit for a particular user on this system. Most commonly used for +# increasing the number of open files that are allowed on the system. +# +# === Parameters +# +# [*limit_user*] +# The user account to apply the limit to. Can also be a group, see +# http://linux.die.net/man/5/limits.conf or the manual page for limits.conf +# for details. +# +# [*limit_value*] +# The number that this limit should be increased to. +# +# [*limit_type*] +# Whether the limit is hard, soft, or '-'. +# +# [*limit_item*] +# The item to apply the limit to. See http://linux.die.net/man/5/limits.conf +# or the manual page for limits.conf for something accurate for a specific +# OS. This defaults to nofile as this is the most commonly changed limit. +# +# === Examples +# +# site::limit { 'a_jetty_app': +# limit_user => jetty, +# #limit_type => nofile # this is the default so commented out +# limit_type => hard +# limit_value => 8192 +# } +# +define site::limit ( + $limit_user, + $limit_value, + $limit_type = '-', + $limit_item = 'nofile', + $ensure = 'present' +) { + + case $limit_item { + 'as': {} + 'chroot': {} + 'core': {} + 'cpu': {} + 'data': {} + 'fsize': {} + 'locks': {} + 'maxlogins': {} + 'maxsyslogins': {} + 'memlock': {} + 'msgqueue': {} + 'nice': {} + 'nofile': {} + 'nproc': {} + 'priority': {} + 'rss': {} + 'rtprio': {} + 'sigpending': {} + 'stack': {} + default: { + fail("${limit_item} is not a valid ulimit item") + } + } + + case $limit_type { + '-': {} + 'soft': {} + 'hard': {} + default: { + fail("${limit_item} is not a valid ulimit type") + } + } + + file { "/etc/security/limits.d/${name}.conf": + ensure => $ensure, + content => template('site/limits.conf.erb'), + owner => root, + group => root, + mode => '0444' + } + +} diff --git a/modules/site/templates/limits.conf.erb b/modules/site/templates/limits.conf.erb new file mode 100644 index 000000000..609a7abe5 --- /dev/null +++ b/modules/site/templates/limits.conf.erb @@ -0,0 +1,2 @@ +# Template for limits, created by puppet +<%= limit_user %> <%= limit_type %> <%= limit_item %> <%= limit_value %> -- 2.20.1