Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.21.0 < 8.0.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'arden-limits', '0.1.0'Learn more about managing modules with a PuppetfileDocumentation
limits
Table of Contents
- Description
- Setup - The basics of getting started with limits
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
This module allows the creation of one or more limits.conf format files within /etc/security/limits.d/ on the target node. These can be declared individually or via the class itself.
Setup
What limits affects
Simply creates limits entries as specified within the target directory.
Setup Requirements
You'll need puppetlabs/stdlib.
Beginning with limits
The following yaml config defines two limits entries:
limits::array_limits:
sequence: '10',
header_comment:
- 'Prevents errors when higher pipeline loads execute.'
- 'See https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/1438367/Installing+a+Snaplex+on+Linux'
entries:
snapuser:
- item: nproc
type: soft
value: 8192
- item: nproc
type: hard
value: 65536
- item: nofile
type: soft
value: 8192
- item: nofile
type: hard
value: 65536
sap_base:
sequence: '10'
header_comment:
- 'See the RHEL7 master note https://launchpad.support.sap.com/#/notes/2002167 for detail'
- 'Note that this may handle Oracle requirements as well'
entries:
'@sapsys':
- item: nproc
type: soft
value: unlimited
- item: nofile
type: both
value: 65536
'@sdba':
- item: nofile
type: both
value: 32800
'@dba':
- item: nofile
type: both
value: 32800
The following puppet code declares the same limits entries detailed above directly.
limits::file { 'snaplogic_limits':
sequence => '10',
header_comment => [
'Prevents errors when higher pipeline loads execute.',
'See https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/1438367/Installing+a+Snaplex+on+Linux',
],
entries => {
'snapuser' => [
{
'item' => 'nproc',
'type' => 'soft',
'value' => '8192',
},
{
'item' => 'nproc',
'type' => 'hard',
'value' => '65536',
},
{
'item' => 'nofile',
'type' => 'soft',
'value' => '8192',
},
{
'item' => 'nofile',
'type' => 'hard',
'value' => '65536',
},
],
},
}
limits::file { 'sap_base':
sequence => '10',
header_comment => [
'See the RHEL7 master note https://launchpad.support.sap.com/#/notes/2002167 for detail',
'Note that this may handle Oracle requirements as well',
],
entries => {
'@sapsys' => [
{
'item' => 'nproc',
'type' => 'soft',
'value' => 'unlimited',
},
{
'item' => 'nofile',
'type' => 'both',
'value' => '65536',
},
],
'@sdba' => [
{
'item' => 'nofile',
'type' => 'both',
'value' => '32800',
},
],
'@dba' => [
{
'item' => 'nofile',
'type' => 'both',
'value' => '32800',
},
],
},
},
Limitations
Note that while the 'items' are restricted to valid names no validation is performed on their values.
Development
Make a pull request and we'll figure it out!
Reference
Table of Contents
Classes
limits: Generates an etc limits file for each entry in array_limits.
Defined types
limits::file: Defines a limit file containing one or more entries
Data types
Limits::Entry: Defines a limit entry for a specific domainLimits::FileDefinition: Defines a limit file containing one or more entriesLimits::Item: List of valid items to specify in /etc/security/limits.conf
Classes
limits
Generates an etc limits file for each entry in array_limits.
Parameters
The following parameters are available in the limits class:
dir_limits
Data type: Stdlib::AbsolutePath
Path to the limits.d configuration directory in which each limit file will be created
Default value: '/etc/security/limits.d'
array_limits
Data type: Array[Limits::FileDefinition]
Array of limits file entries. Each corresponds to a separate entity in $dir_limits and will contain one or more entries. See the Limits::File type definition for further details.
Default value: []
Defined types
limits::file
Defines a limit file containing one or more entries
Examples
Full definition
limits::file { 'snaplogic_limits':
sequence => '10',
header_comment => [
'Prevents errors when higher pipeline loads execute.',
'See https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/1438367/Installing+a+Snaplex+on+Linux',
],
entries => {
'snapuser' => [
{
'item' => 'nproc',
'type' => 'soft',
'value' => '8192',
},
{
'item' => 'nproc',
'type' => 'hard',
'value' => '65536',
},
{
'item' => 'nofile',
'type' => 'soft',
'value' => '8192',
},
{
'item' => 'nofile',
'type' => 'hard',
'value' => '65536',
},
],
},
}
Parameters
The following parameters are available in the limits::file defined type:
name
This will be combined with the sequence number to create the filename in /etc/security/limits.d/ The name will have the form "${sequence}_${name}"
sequence
Data type: Pattern[/^[0-9]{2}$/]
Two digit number used to build the filename.
header_comment
Data type: Array[String]
Array of strings which will be added to the header of the limit file on creation.
entries
Data type: Hash[String, Array[Limits::Entry]]
Keys represent the user or group name for which the entries in the associated followed by various attributes which are to be set in the limits file.
dir_limits
Data type: Stdlib::AbsolutePath
Default value: '/etc/security/limits.d'
Data types
Limits::Entry
Defines a limit entry for a specific domain
Alias of
Struct[=>]
Parameters
The following parameters are available in the Limits::Entry data type:
item
Particular item to limit. This is a fixed list see man -s 5 limits.conf for
detail.
type
Specifies whether this value corresponds to soft, hard, or both types. If both is specified two lines will be created in the resulting limits file.
value
String representation of the limit value. Note that not all values are valid
for all limit entries. See man -s 5 limits.conf for details.
Optional
Data type: comment
One or more lines which will be added before the particular entry line or lines. If absent no comment lines are inserted.
Limits::FileDefinition
Defines a limit file containing one or more entries
Alias of
Struct[=>]
Parameters
The following parameters are available in the Limits::FileDefinition data type:
name
This will be combined with the sequence number to create the filename in /etc/security/limits.d/ The name will have the form "${sequence}_${name}"
sequence
Two digit number used to build the filename.
header_comment
Array of strings which will be added to the header of the limit file on creation.
entries
Keys represent the user or group name for which the entries in the associated followed by various attributes which are to be set in the limits file.
Limits::Item
List of valid items to specify in /etc/security/limits.conf
Alias of
Enum['core', 'data', 'fsize', 'memlock', 'nofile', 'rss', 'stack', 'cpu', 'nproc', 'as', 'maxlogins', 'maxsyslogins', 'nonewprivs', 'priority', 'locks', 'sigpending', 'msgqueue', 'nice', 'rtprio']
Changelog
All notable changes to this project will be documented in this file.
0.1.0 (2021-06-09)
Feature (3 changes)
- feat: default path for file resources
- feat: validate name strings and sequences
- feat: limit files can now be declared individually
Maintenance (4 changes)
Dependencies
- puppetlabs/stdlib (>= 4.25.1 < 8.0.0)