From 47ebef057ec21e6a12c3b4727f579e12cb39d5c1 Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Tue, 20 Aug 2024 01:31:55 +0000 Subject: [PATCH] puppet: Switch to an included limits.d file. --- puppet/zulip/files/limits.d/zulip.conf | 4 ++ puppet/zulip/files/security/limits.conf | 60 ------------------------- puppet/zulip/manifests/profile/base.pp | 4 +- 3 files changed, 6 insertions(+), 62 deletions(-) create mode 100644 puppet/zulip/files/limits.d/zulip.conf delete mode 100644 puppet/zulip/files/security/limits.conf diff --git a/puppet/zulip/files/limits.d/zulip.conf b/puppet/zulip/files/limits.d/zulip.conf new file mode 100644 index 0000000000..462e8dfa7b --- /dev/null +++ b/puppet/zulip/files/limits.d/zulip.conf @@ -0,0 +1,4 @@ +zulip soft nofile 1000000 +zulip hard nofile 1048576 +root soft nofile 1000000 +root hard nofile 1048576 diff --git a/puppet/zulip/files/security/limits.conf b/puppet/zulip/files/security/limits.conf deleted file mode 100644 index 29361eb6ec..0000000000 --- a/puppet/zulip/files/security/limits.conf +++ /dev/null @@ -1,60 +0,0 @@ -# /etc/security/limits.conf -# -#Each line describes a limit for a user in the form: -# -# -# -#Where: -# can be: -# - an user name -# - a group name, with @group syntax -# - the wildcard *, for default entry -# - the wildcard %, can be also used with %group syntax, -# for maxlogin limit -# - NOTE: group and wildcard limits are not applied to root. -# To apply a limit to the root user, must be -# the literal username root. -# -# can have the two values: -# - "soft" for enforcing the soft limits -# - "hard" for enforcing hard limits -# -# can be one of the following: -# - core - limits the core file size (KB) -# - data - max data size (KB) -# - fsize - maximum filesize (KB) -# - memlock - max locked-in-memory address space (KB) -# - nofile - max number of open files -# - rss - max resident set size (KB) -# - stack - max stack size (KB) -# - cpu - max CPU time (MIN) -# - nproc - max number of processes -# - as - address space limit (KB) -# - maxlogins - max number of logins for this user -# - maxsyslogins - max number of logins on the system -# - priority - the priority to run user process with -# - locks - max number of file locks the user can hold -# - sigpending - max number of pending signals -# - msgqueue - max memory used by POSIX message queues (bytes) -# - nice - max nice priority allowed to raise to values: [-20, 19] -# - rtprio - max realtime priority -# - chroot - change root to directory (Debian-specific) -# -# -# - -#* soft core 0 -#root hard core 100000 -#* hard rss 10000 -#@student hard nproc 20 -#@faculty soft nproc 20 -#@faculty hard nproc 50 -#ftp hard nproc 0 -#ftp - chroot /ftp -#@student - maxlogins 4 -zulip soft nofile 1000000 -zulip hard nofile 1048576 -root soft nofile 1000000 -root hard nofile 1048576 - -# End of file diff --git a/puppet/zulip/manifests/profile/base.pp b/puppet/zulip/manifests/profile/base.pp index f694977097..22452721f7 100644 --- a/puppet/zulip/manifests/profile/base.pp +++ b/puppet/zulip/manifests/profile/base.pp @@ -95,12 +95,12 @@ class zulip::profile::base { group => 'zulip', } - file { '/etc/security/limits.conf': + file { '/etc/security/limits.d/zulip.conf': ensure => file, mode => '0640', owner => 'root', group => 'root', - source => 'puppet:///modules/zulip/security/limits.conf', + source => 'puppet:///modules/zulip/limits.d/zulip.conf', } file { '/etc/systemd/system.conf.d/': ensure => directory,