diff options
author | Tim Smith <tsmith@chef.io> | 2020-03-16 11:20:47 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-16 11:20:47 -0700 |
commit | 67f537c9b108fda9bac80ca8c275c4ac1c3a6d80 (patch) | |
tree | f94910c2549479fabe76615ed80f660ecaaf630a | |
parent | f38d303cd2661e9e4ed44091c4a1ac8d98a8dcc9 (diff) | |
parent | a2ed9aa51033488ff09d204ac86e7727a525a875 (diff) | |
download | chef-67f537c9b108fda9bac80ca8c275c4ac1c3a6d80.tar.gz |
Merge pull request #9487 from chef/ulimit
Add user_ulimit resource from the ulimit cookbook
-rw-r--r-- | lib/chef/resource/support/ulimit.erb | 41 | ||||
-rw-r--r-- | lib/chef/resource/user_ulimit.rb | 113 | ||||
-rw-r--r-- | lib/chef/resources.rb | 1 | ||||
-rw-r--r-- | spec/unit/resource/user_ulimit_spec.rb | 53 |
4 files changed, 208 insertions, 0 deletions
diff --git a/lib/chef/resource/support/ulimit.erb b/lib/chef/resource/support/ulimit.erb new file mode 100644 index 0000000000..6fc5539f27 --- /dev/null +++ b/lib/chef/resource/support/ulimit.erb @@ -0,0 +1,41 @@ +# Generated by <%= ChefConfig::Dist::PRODUCT %>. Changes will be overwritten. + +# Limits settings for <%= @ulimit_user %> + +<% unless @filehandle_limit.nil? -%> +<%= @ulimit_user -%> - nofile <%= @filehandle_limit %> +<% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%> +<% unless @filehandle_hard_limit.nil? -%><%= @ulimit_user -%> hard nofile <%= @filehandle_hard_limit %><% end -%> +<% end -%> + +<% unless @process_limit.nil? -%> +<%= @ulimit_user -%> - nproc <%= @process_limit %> +<% else -%><% unless @process_soft_limit.nil? -%><%= @ulimit_user -%> soft nproc <%= @process_soft_limit %><% end -%> +<% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%> +<% end -%> + +<% unless @memory_limit.nil? -%> +<%= @ulimit_user -%> - memlock <%= @memory_limit %> +<% end -%> + +<% unless @core_limit.nil? -%> +<%= @ulimit_user -%> - core <%= @core_limit %> +<% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%> +<% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%> +<% end -%> + +<% unless @stack_limit.nil? -%> +<%= @ulimit_user -%> - stack <%= @stack_limit %> +<% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%> +<% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%> +<% end -%> + +<% unless @rtprio_limit.nil? -%> +<%= @ulimit_user -%> - rtprio <%= @rtprio_limit %> +<% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%> +<% unless @rtprio_hard_limit.nil? -%><%= @ulimit_user -%> hard rtprio <%= @rtprio_hard_limit %><% end -%> +<% end -%> + +<% unless @virt_limit.nil? -%> + <%= @ulimit_user -%> - as <%= @virt_limit %> +<% end -%> diff --git a/lib/chef/resource/user_ulimit.rb b/lib/chef/resource/user_ulimit.rb new file mode 100644 index 0000000000..82be09cf74 --- /dev/null +++ b/lib/chef/resource/user_ulimit.rb @@ -0,0 +1,113 @@ +# +# Copyright:: Copyright 2018-2020, Chef Software Inc. +# Copyright:: 2012, Brightcove, Inc +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative "../resource" + +class Chef + class Resource + class UserUlimit < Chef::Resource + unified_mode true + + provides :user_ulimit + + introduced "16.0" + description "Use the user_ulimit resource to create individual ulimit files that are installed into the `/etc/security/limits.d/` directory." + examples <<~DOC + set filehandle limit for the tomcat user + ```ruby + user_ulimit 'tomcat' do + filehandle_limit 8192 + end + ``` + + specify a username that differs from the name given to the resource block + ```ruby + user_ulimit 'Bump filehandle limits for tomcat user' do + username 'tomcat' + filehandle_limit 8192 + end + ``` + + specify a non-default filename + set filehandle limit for the tomcat user + ```ruby + user_ulimit 'tomcat' do + filehandle_limit 8192 + filename 'tomcat_filehandle_limits.conf' + end + ``` + DOC + + property :username, String, name_property: true + property :filehandle_limit, [String, Integer] + property :filehandle_soft_limit, [String, Integer] + property :filehandle_hard_limit, [String, Integer] + property :process_limit, [String, Integer] + property :process_soft_limit, [String, Integer] + property :process_hard_limit, [String, Integer] + property :memory_limit, [String, Integer] + property :core_limit, [String, Integer] + property :core_soft_limit, [String, Integer] + property :core_hard_limit, [String, Integer] + property :stack_limit, [String, Integer] + property :stack_soft_limit, [String, Integer] + property :stack_hard_limit, [String, Integer] + property :rtprio_limit, [String, Integer] + property :rtprio_soft_limit, [String, Integer] + property :rtprio_hard_limit, [String, Integer] + property :virt_limit, [String, Integer] + property :filename, String, + coerce: proc { |m| m.end_with?(".conf") ? m : m + ".conf" }, + default: lazy { |r| r.username == "*" ? "00_all_limits.conf" : "#{r.username}_limits.conf" } + + action :create do + template "/etc/security/limits.d/#{new_resource.filename}" do + source ::File.expand_path("../support/ulimit.erb", __FILE__) + mode "0644" + variables( + ulimit_user: new_resource.username, + filehandle_limit: new_resource.filehandle_limit, + filehandle_soft_limit: new_resource.filehandle_soft_limit, + filehandle_hard_limit: new_resource.filehandle_hard_limit, + process_limit: new_resource.process_limit, + process_soft_limit: new_resource.process_soft_limit, + process_hard_limit: new_resource.process_hard_limit, + memory_limit: new_resource.memory_limit, + core_limit: new_resource.core_limit, + core_soft_limit: new_resource.core_soft_limit, + core_hard_limit: new_resource.core_hard_limit, + stack_limit: new_resource.stack_limit, + stack_soft_limit: new_resource.stack_soft_limit, + stack_hard_limit: new_resource.stack_hard_limit, + rtprio_limit: new_resource.rtprio_limit, + rtprio_soft_limit: new_resource.rtprio_soft_limit, + rtprio_hard_limit: new_resource.rtprio_hard_limit, + virt_limit: new_resource.virt_limit + ) + end + end + + action :delete do + file "/etc/security/limits.d/#{new_resource.filename}" do + action :delete + end + end + end + end +end diff --git a/lib/chef/resources.rb b/lib/chef/resources.rb index f0736e2429..1fc707f642 100644 --- a/lib/chef/resources.rb +++ b/lib/chef/resources.rb @@ -124,6 +124,7 @@ require_relative "resource/user/mac_user" require_relative "resource/user/pw_user" require_relative "resource/user/solaris_user" require_relative "resource/user/windows_user" +require_relative "resource/user_ulimit" require_relative "resource/whyrun_safe_ruby_block" require_relative "resource/windows_env" require_relative "resource/windows_package" diff --git a/spec/unit/resource/user_ulimit_spec.rb b/spec/unit/resource/user_ulimit_spec.rb new file mode 100644 index 0000000000..f4f101950f --- /dev/null +++ b/spec/unit/resource/user_ulimit_spec.rb @@ -0,0 +1,53 @@ +# +# Author:: Tim Smith (<tsmith@chef.io>) +# Copyright:: 2020, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::UserUlimit do + let(:node) { Chef::Node.new } + let(:events) { Chef::EventDispatch::Dispatcher.new } + let(:run_context) { Chef::RunContext.new(node, {}, events) } + let(:resource) { Chef::Resource::UserUlimit.new("fakey_fakerton", run_context) } + + it "the username property is the name_property" do + expect(resource.username).to eql("fakey_fakerton") + end + + it "sets the default action as :create" do + expect(resource.action).to eql([:create]) + end + + it "coerces filename value to end in .conf" do + resource.filename("foo") + expect(resource.filename).to eql("foo.conf") + end + + it "if username is * then the filename defaults to 00_all_limits.conf" do + resource.username("*") + expect(resource.filename).to eql("00_all_limits.conf") + end + + it "if username is NOT * then the filename defaults to USERNAME_limits.conf" do + expect(resource.filename).to eql("fakey_fakerton_limits.conf") + end + + it "supports :create and :delete actions" do + expect { resource.action :create }.not_to raise_error + expect { resource.action :delete }.not_to raise_error + end +end |