-- mode: markdown; mode: visual-line; --

Ulimit Puppet Module

  Copyright (c) 2015-2017 Tom De Vylder (aka arioch), Sebastien Varrette (aka Falkor)

ulimit provides control over the resources available to the shell and to processes started by it, on systems that allow such control.

This Puppet module is designed to configure and manage ulimits on your Linux system, mainly with the ulimit::rule definition which permits to define soft and/or hard limits over various domains.

• The soft limit is the value that the kernel enforces for the corresponding resource.
• The hard limit acts as a ceiling for the soft limit.

/! IMPORTANT: This module is a fork from arioch/puppet-ulimit!!! This was done to allow a version release on my own namespace compliant with Puppet 4 until Tom/arioch released the official new version on his module. In the mean time, I added more features (vagrant-based tests, support for arrays, content and source) yet this module is expected to disappear once Tom/arioch (hopefully) integrate my pull-request.

In particular, this module implements the following elements:

• class ulimit: The main class, piloting all aspects of the configuration
• class ulimit::config: an internal class taking care of global configurations and defaults
• definition ulimit::rule: permiting to define a rule in '/etc/security/limits.d/'

All these components are configured through a set of variables you will find in manifests/params.pp.

Setup Requirements

This module have been successfully over Puppet 4.x. with:

• Debian 5 (Lenny)
• Debian 6 (Squeeze)
• CentOS 5
• CentOS 6
• CentOS 7
• RedHat 6
• RedHat 7

Over operating systems and support for Puppet 5.x will eventually be added. Yet feel free to contribute to this module to help us extending the usage of this module.

Forge Module Dependencies

See metadata.json. In particular, this module depends on

• puppetlabs/stdlib

Overview and Usage

See also tests/rule.pp

---

include ::ulimit

::ulimit::rule{ 'example1':
  ulimit_domain => '*',
  ulimit_type   => 'soft',
  ulimit_item   => 'nofile',
  ulimit_value  => '1024',
}

This will create the file /etc/security/limits.d/80_example1.conf with the following content:

  *       soft         nofile      1024

---

include ::ulimit

::ulimit::rule{ 'example2':
  ulimit_domain => '*',
  ulimit_type   => 'soft',
  ulimit_item   => 'nofile',
  ulimit_value  => '1024',
}

This will create the file /etc/security/limits.d/80_example2.conf with the following content:

    *       hard         nproc        1024
    *       hard         nofile       1024

---

::ulimit::rule{ 'slurm':
   ensure        => 'present',
   ulimit_domain => '*',
   ulimit_type   => [ 'soft', 'hard' ],
   ulimit_item   => [ 'memlock', 'stack' ],
   ulimit_value  => 'unlimited',
}

This will create the file /etc/security/limits.d/80_slurm.conf with the following content:

   *       soft         memlock      unlimited
   *       soft         stack        unlimited
   *       hard         memlock      unlimited
   *       hard         stack        unlimited

---

::ulimit::rule{ 'slurm-nproc':
   ensure        => 'present',
   priority      => 50,
   ulimit_domain => '*',
   ulimit_type   => [ 'soft', 'hard' ],
   ulimit_item   => 'nproc',
   ulimit_value  => '10240',
}

This statement should create /etc/security/limits.d/50_slurm-nproc.conf with the following content:

    *       soft         nproc        10240
    *       hard         nproc        10240

---

You can also pass the content yourself -- below statement will create /etc/security/limits.d/60_content.conf with that content

::ulimit::rule{ 'content':
   ensure   => 'present',
   priority => 60,
   content  => template('ulimit/test.erb'),
}

... or pass directly the source file -- below statement will create /etc/security/limits.d/70_source.conf with that content:

::ulimit::rule{ 'source':
   ensure   => 'present',
   priority => 70,
   source   => 'puppet:///modules/ulimit/test.conf',
}

Caveats

By default the module will purge any settings that are not managed by Puppet. While not advised you can disable this feature:

node /box/ {
  class { 'ulimit':
    purge => false,
  }
}

Developments / Contributing to the code

You are more than welcome to contribute to the development of this module. Kindly proceed as follows:

1. Fork it
2. Create your feature branch (git checkout -b feature/<name>)
3. Commit your changes (git commit -am 'Added some feature')
4. Push to the branch (git flow feature publish <name>)
5. Create new Pull request.

Puppet modules tests within a Vagrant box

The best way to test this module in a non-intrusive way is to rely on Vagrant. The Vagrantfile at the root of the repository pilot the provisioning various vagrant boxes available on Vagrant cloud you can use to test this module.

Licence

This project and the sources proposed within this repository are released under the terms of the Apache-2.0 licence.