Ask Your Question
0

Can I implement saz-limits purely in Hiera/yaml?

asked 2014-05-29 08:48:47 -0600

zogman gravatar image

updated 2014-05-29 19:26:51 -0600

ramindk gravatar image

Using the saz-limits module, I need to ensure that the following limits settings are enforced on every system:

0:999999                soft    nofile           131072
0:999999                hard   nofile           131072
0:999999                soft    nproc           131072
0:999999                hard   nproc           131072

I guess it's better if these settings live in a separate file in /etc/security/limits.d rather than in /etc/security/limits.conf because there is danger of a system update from Oracle (these are OEL nodes) overwriting limits.conf.

My attempt to "Hierify" these settings fails completely so I'm wondering if I need to set up a /etc/puppetlabs/puppet/modules/site_limits module to take advantage of saz-limits' features.

I have the module working but not in Hiera.

class limits_dot_conf {

    limits::limits { '90-nproc-hard.conf':
      ensure     => present,
      user       => '0:999999',
      limit_type => 'nproc',
      hard       => 131072,
  }
    limits::limits { '90-nproc-soft.conf':
      ensure     => present,
      user       => '0:999999',
      limit_type => 'nproc',
      soft       => 131072,
  }
    limits::limits { '90-nofile-hard.conf':
      ensure     => present,
      user       => '0:999999',
      limit_type => 'nofile',
      soft       => 131072,
  }
    limits::limits { '90-nofile-soft.conf':
      ensure     => present,
      user       => '0:999999',
      limit_type => 'nofile',
      soft       => 131072,
  }
}
edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2014-05-29 19:25:48 -0600

ramindk gravatar image

common.yaml

---
limits::limits:
  90-nproc-hard.conf:
    user:       '0:999999'
    limit_type: 'nproc'

modules/limits/manifests/limit.pp

define limits:limit(
  $ensure = present,
  $user,
  $limit_type,
  $hard = 131072, ) {

blah blah
}

modules/profile/manifests/limits.pp

class profile::limits {

  include ::limits

  $mylimits = hiera('limits::limits', {})
  create_resources('limits::limit', $mylimits)
}

Add more data as needed. Also I used hiera, but hiera_hash may be more appropriate to your use case.

edit flag offensive delete link more
0

answered 2014-05-30 12:31:53 -0600

zogman gravatar image

Here's the solution my co-worker came up with:

init.pp

class site_limits {

   include limits

  $mylimits = hiera('limits::limits', undef)   if ($mylimits) {
     create_resources('::limits::limits', $mylimits)   } }

And here's all we have in /var/lib/hiera/common.yaml

limits::limits:
    'nofile.conf':
       'user'   :  0:999999
       'limit_type':  'nofile'
       'both'  : '131072'
    'nprocs.conf':
       'user':  0:999999
       'limit_type'  :  'nproc'
       'both'  : '131072'
edit flag offensive delete link more

Comments

The above generates two files: /etc/security/limits.d/nofile.conf and /etc/security/limits.d/nprocs.conf. They contain one line each: 0:999999 - nofile 131072 and 0:999999 - nproc 131072 respectively.

zogman gravatar imagezogman ( 2014-05-30 12:34:53 -0600 )edit

No need for your if statement if you pass an empty hash as the default, $mylimits = hiera('limits::limits', {})

ramindk gravatar imageramindk ( 2014-05-30 14:57:55 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-05-29 08:48:47 -0600

Seen: 375 times

Last updated: May 30 '14