Defined Type: psick::limits::limit

Defined in:
manifests/limits/limit.pp

Summary

Manages a limit file in the /etc/security/limits.d directory

Overview

Title of the define can have format like: domain/item otherwise the relevant parameters have to be defined.

Examples:

Set nofile limits for all users

psick::limits::limit { '*/nofile':
  hard => 20000,
  soft => 10000,
}

Set nproc limits for root user

psick::limits::limit { 'root/nproc':
  soft => 'unlimited',
}

Set nproc limits for all users, with custom title

psick::limits::limit { 'nproc':
  domain => '*',
  soft   => 4096,
}

Parameters:

  • domain (Optional[String]) (defaults to: undef)

    The limit domain., Can be: a user, a group (with@group) syntax, an asterisk (*) for default entry

  • item (Optional[String]) (defaults to: undef)

    The limit item. Can be any valid limit type (non validation enforced). Examples: core, data, fsize, memlock, nofile, rss, stack, cpu, nproc, as, maxlogins, maxsyslogins, priority, locks sigpending, msgqueue, nice, rtprio

  • hard (Variant[Integer,String,Undef]) (defaults to: undef)

    The value for the hard limit

  • soft (Variant[Integer,String,Undef]) (defaults to: undef)

    The value for the soft limit

  • both (Variant[Integer,String,Undef]) (defaults to: undef)

    The value for both soft and hard limit

  • ensure (Enum['absent', 'present']) (defaults to: present) 


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'manifests/limits/limit.pp', line 31

define psick::limits::limit (
  Enum['absent', 'present']     $ensure     = present,
  Optional[String]              $domain     = undef,
  Optional[String]              $item       = undef,
  Variant[Integer,String,Undef] $hard       = undef,
  Variant[Integer,String,Undef] $soft       = undef,
  Variant[Integer,String,Undef] $both       = undef,
) {
  include psick::limits

  if $ensure == 'present' {
    unless $hard or $soft or $both { fail('You have to define one of $hard, $soft or $both') }
  }
  unless $title =~ /\// {
    unless $domain and $item { fail('If title is not in $domain/item format, $domain and $item are required') }
  }

  $title_split = split($title, '/')
  $real_domain = pick($domain, $title_split[0])
  $real_item = pick($item, $title_split[1])

  if $title !~ /\// {
    $file_path = "${psick::limits::limits_dir_path}/${title}.conf"
  } else {
    if $real_domain == '*' {
      $file_path = "${psick::limits::limits_dir_path}/default_${real_item}.conf"
    } else {
      $file_path = "${psick::limits::limits_dir_path}/${real_domain}_${real_item}.conf"
    }
  }

  file { $file_path:
    ensure  => $ensure,
    owner   => 'root',
    group   => 'root',
    content => template('psick/limits/limit.erb'),
  }
}