diff options
author | Tim Smith <tsmith84@gmail.com> | 2020-03-13 14:00:46 -0700 |
---|---|---|
committer | Tim Smith <tsmith84@gmail.com> | 2020-03-16 10:56:14 -0700 |
commit | 4601c32fb83bcc0ce2e5cf960d7ad1840b93405f (patch) | |
tree | 144f8a16ba9611c0188e07adb8fcbd8ca7b37275 | |
parent | f38d303cd2661e9e4ed44091c4a1ac8d98a8dcc9 (diff) | |
download | chef-4601c32fb83bcc0ce2e5cf960d7ad1840b93405f.tar.gz |
Add user_ulimit resource from the ulimit cookbook
This is a really handy resource for modifying ulimits on a system.
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | lib/chef/resource/user_ulimit.rb | 115 | ||||
-rw-r--r-- | lib/chef/resources.rb | 1 | ||||
-rw-r--r-- | spec/unit/resource/user_ulimit_spec.rb | 53 |
3 files changed, 169 insertions, 0 deletions
diff --git a/lib/chef/resource/user_ulimit.rb b/lib/chef/resource/user_ulimit.rb new file mode 100644 index 0000000000..15d9c419f3 --- /dev/null +++ b/lib/chef/resource/user_ulimit.rb @@ -0,0 +1,115 @@ +# +# Copyright:: Copyright 2018-2020, Chef Software Inc. +# Copyright:: 2012, Brightcove, Inc +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../resource" + +class Chef + class Resource + class UserUlimit < Chef::Resource + unified_mode true + + provides :user_ulimit + + introduced "16.0" + description "Use the user_ulimit resource to creates individual ulimit files that are installed into the `/etc/security/limits.d/` directory." + examples <<~DOC + set filehandle limit for the tomcat user + ```ruby + user_ulimit 'tomcat' do + filehandle_limit 8192 + end + ``` + + specify a username that differs from the name given to the resource block + ```ruby + user_ulimit 'Bump filehandle limits for tomcat user' do + username 'tomcat' + filehandle_limit 8192 + end + ``` + + specify a non-default filename + set filehandle limit for the tomcat user + ```ruby + user_ulimit 'tomcat' do + filehandle_limit 8192 + filename 'tomcat_filehandle_limits.conf' + end + ``` + DOC + + property :username, String, name_property: true + property :filehandle_limit, [String, Integer] + property :filehandle_soft_limit, [String, Integer] + property :filehandle_hard_limit, [String, Integer] + property :process_limit, [String, Integer] + property :process_soft_limit, [String, Integer] + property :process_hard_limit, [String, Integer] + property :memory_limit, [String, Integer] + property :core_limit, [String, Integer] + property :core_soft_limit, [String, Integer] + property :core_hard_limit, [String, Integer] + property :stack_limit, [String, Integer] + property :stack_soft_limit, [String, Integer] + property :stack_hard_limit, [String, Integer] + property :rtprio_limit, [String, Integer] + property :rtprio_soft_limit, [String, Integer] + property :rtprio_hard_limit, [String, Integer] + property :virt_limit, [String, Integer] + property :filename, String, + coerce: proc { |m| m.end_with?(".conf") ? m : m + ".conf" }, + default: lazy { |r| r.username == "*" ? "00_all_limits.conf" : "#{r.username}_limits.conf" } + + action :create do + template "/etc/security/limits.d/#{new_resource.filename}" do + source "ulimit.erb" + cookbook "ulimit" + mode "0644" + variables( + ulimit_user: new_resource.username, + filehandle_limit: new_resource.filehandle_limit, + filehandle_soft_limit: new_resource.filehandle_soft_limit, + filehandle_hard_limit: new_resource.filehandle_hard_limit, + process_limit: new_resource.process_limit, + process_soft_limit: new_resource.process_soft_limit, + process_hard_limit: new_resource.process_hard_limit, + memory_limit: new_resource.memory_limit, + core_limit: new_resource.core_limit, + core_soft_limit: new_resource.core_soft_limit, + core_hard_limit: new_resource.core_hard_limit, + stack_limit: new_resource.stack_limit, + stack_soft_limit: new_resource.stack_soft_limit, + stack_hard_limit: new_resource.stack_hard_limit, + rtprio_limit: new_resource.rtprio_limit, + rtprio_soft_limit: new_resource.rtprio_soft_limit, + rtprio_hard_limit: new_resource.rtprio_hard_limit, + virt_limit: new_resource.virt_limit + ) + end + end + + action :delete do + file "/etc/security/limits.d/#{new_resource.filename}" do + action :delete + end + end + + end + end +end diff --git a/lib/chef/resources.rb b/lib/chef/resources.rb index f0736e2429..1fc707f642 100644 --- a/lib/chef/resources.rb +++ b/lib/chef/resources.rb @@ -124,6 +124,7 @@ require_relative "resource/user/mac_user" require_relative "resource/user/pw_user" require_relative "resource/user/solaris_user" require_relative "resource/user/windows_user" +require_relative "resource/user_ulimit" require_relative "resource/whyrun_safe_ruby_block" require_relative "resource/windows_env" require_relative "resource/windows_package" diff --git a/spec/unit/resource/user_ulimit_spec.rb b/spec/unit/resource/user_ulimit_spec.rb new file mode 100644 index 0000000000..f4f101950f --- /dev/null +++ b/spec/unit/resource/user_ulimit_spec.rb @@ -0,0 +1,53 @@ +# +# Author:: Tim Smith (<tsmith@chef.io>) +# Copyright:: 2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::UserUlimit do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:resource) { Chef::Resource::UserUlimit.new("fakey_fakerton", run_context) } + + it "the username property is the name_property" do + expect(resource.username).to eql("fakey_fakerton") + end + + it "sets the default action as :create" do + expect(resource.action).to eql([:create]) + end + + it "coerces filename value to end in .conf" do + resource.filename("foo") + expect(resource.filename).to eql("foo.conf") + end + + it "if username is * then the filename defaults to 00_all_limits.conf" do + resource.username("*") + expect(resource.filename).to eql("00_all_limits.conf") + end + + it "if username is NOT * then the filename defaults to USERNAME_limits.conf" do + expect(resource.filename).to eql("fakey_fakerton_limits.conf") + end + + it "supports :create and :delete actions" do + expect { resource.action :create }.not_to raise_error + expect { resource.action :delete }.not_to raise_error + end +end |