cookbook 'ulimit', '= 1.1.0'
ulimit (15) Versions 1.1.0 Follow44
Resources for manaing ulimits
cookbook 'ulimit', '= 1.1.0', :supermarket
knife supermarket install ulimit
knife supermarket download ulimit
ulimit Cookbook
This cookbook provides resources for managing ulimits configuration on nodes.
-
user_ulimit
resource for overriding various ulimit settings. It places configured templates into/etc/security/limits.d/
, named for the user the ulimit applies to. -
ulimit_domain
which allows for configuring complex sets of rules beyond those supported by the user_ulimit resource.
The cookbook also includes a recipe (default.rb
) which allows ulimit overrides with the 'su' command on Ubuntu.
Requirements
Platforms
- Debian/Ubuntu and derivatives
- RHEL/Fedora and derivatives
Chef
- Chef 12.7+
Cookbooks
- none
Attributes
-
node['ulimit']['pam_su_template_cookbook']
- Defaults to nil (current cookbook). Determines what cookbook the su pam.d template is taken from -
node['ulimit']['users']
- Defaults to empty Mash. List of users with their limits, as below.
Default Recipe
Instead of using the user_ulimit resource directly you may define user ulimits via node attributes. The definition may be made via an environment file, a role file, or in a wrapper cookbook. Note: The preferred way to use this cookbook is by directly defining resources as it is much easier to troubleshoot and far more robust.
Example role configuration:
"default_attributes": { "ulimit": { "users": { "tomcat": { "filehandle_limit": 8193, "process_limit": 61504 }, "hbase": { "filehandle_limit": 32768 } } } }
To specify a change for all users change specify a wildcard resource or user name like so user_ulimit "*"
Resources
user_ulimit
The user_ulimit
resource creates individual ulimit files that are installed into the /etc/security/limits.d/
directory.
Actions:
create
delete
Properties
-
username
- Optional property to set the username if the resource name itself is not the username. See the example below. -
filename
- Optional filename to use instead of naming the file based on the username -
filehandle_limit
- -
filehandle_soft_limit
- -
filehandle_hard_limit
- -
process_limit
- -
process_soft_limit
- -
process_hard_limit
- -
memory_limit
- -
virt_limit
- -
core_limit
- -
core_soft_limit
- -
core_hard_limit
- -
stack_soft_limit
- -
stack_hard_limit
- -
rtprio_limit
- -
rtprio_soft_limit
- -
rtprio_hard_limit
-
Examples
Example of a resource where the resource name is the username:
user_ulimit "tomcat" do filehandle_limit 8192 # optional filehandle_soft_limit 8192 # optional; not used if filehandle_limit is set) filehandle_hard_limit 8192 # optional; not used if filehandle_limit is set) process_limit 61504 # optional process_soft_limit 61504 # optional; not used if process_limit is set) process_hard_limit 61504 # optional; not used if process_limit is set) memory_limit 1024 # optional core_limit 2048 # optional core_soft_limit 1024 # optional core_hard_limit 'unlimited' # optional stack_soft_limit 2048 # optional stack_hard_limit 2048 # optional rtprio_limit 60 # optional rtprio_soft_limit 60 # optional rtprio_hard_limit 60 # optional end
Example where the resource name is not the username:
user_ulimit 'set filehandle ulimits for our tomcat user' do username 'tomcat' filehandle_soft_limit 8192 filehandle_hard_limit 8192 end
ulimit_domain
Note: The ulimit_domain
resource creates files named after the domain with no modifiers by default. To override this behavior, specify the filename
parameter to the resource.
Actions:
create
delete
Examples:
ulimit_domain 'my_user' do rule do item :nofile type :hard value 10000 end rule do item :nofile type :soft value 5000 end end
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
CHANGELOG for ulimit
This file is used to list changes made in each version of ulimit.
1.1.0 (03-13-2020)
- Converted
user_ulimit
resource from a legacy HWRP to a custom resource - Added ChefSpec tests fro the
user_ulimit
resource - Resolved failures in
ulimit_domain
resource when running on Chef Infra Client 16 - Switched testing from Travis-CI to GitHub Actions
- Resolved minor Cookstyle warnings in the metadata.rb file
- Renamed the kitchen.yml file to not be hidden
- Added a new
virt_limit
property to theuser_ulimit
resource
1.0.0
- Breaking change: This cookbook now requires Chef 12.7 or later
- LWRPs converted to custom resources with Chef 13 compatibility
- Added the rtprio property to the user resource
- Updated the cookbook to not append .conf onto filenames when the user already specified a name that ends in .conf
- Added a chefignore file to limit what files get uploaded to the chef server
- Added a Test Kitchen config + InSpec tests for unit testing
- Added the license file to the repo to resolve a Foodcritic warning
- Added a Berksfile
- Resolved all cookstyle warnings
- Fixed the metadata license string to be an SPDX standard license string to resolve Foodcritic warnings
- Add supports, source_url, issues_url, and chef_version metadata to resolve Foodcritic warnings
- Switched the default recipe from platform to platform_family to catch more Debian/Ubuntu derivatives
- Added testing with ChefDK's delivery local mode in Travis
- Expanded the readme with better information on requirements and usage examples
- Removed ChefSpec matchers that are autogenerated by ChefSpec now
- Added Cookstyle and autocorrected all code
- Added a basic ChefSpec unit test
0.3.2
- Resolves issue some users were having with a resource-loading race condition, thanks to Chris Roberts (https://github.com/chrisroberts)
0.3.1
- Fix domain typo, thanks to David Radcliffe (https://github.com/dwradcliffe) (also reported by Lewis Thompson (https://github.com/lewisthompson))
- Add support for split hard/soft nofile limits, thanks to Troy Ready (https://github.com/troyready)
- Fix license boilerplate, thanks to Troy Ready (https://github.com/troyready)
- Fix limits.d file extension, thanks to https://github.com/soul-rebel
0.3.0
- Add Domain LWRP for arbitrary rule creation. Thanks for Chris Roberts (https://github.com/chrisroberts)
0.2.0
- Support specifying users via attributes (as long as your runlist includes the ulimit::default recipe). Thanks to Dmytro Shteflyuk (https://github.com/kpumuk)
0.1.5
- Allow setting core_limit. Thanks to Aaron Nichols (https://github.com/adnichols)
0.1.4:
- Does not set any ulimit parameter by default - only when specified. Thanks to Graham Christensen (https://github.com/zippykid)
0.1.3:
- Adds node attribute node['ulimit']['pam_su_template_cookbook'] to allow users to provide a su pam.d template from another cookbook
0.1.2:
- Add memory limit handling, courtesy of Sean Porter (https://github.com/bmhatfield/chef-ulimit/pull/3)
0.1.0:
- Initial release of ulimit
Check the Markdown Syntax Guide for help with Markdown.
The Github Flavored Markdown page describes the differences between markdown on github and standard markdown.
Collaborator Number Metric
1.1.0 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.1.0 passed this metric
Foodcritic Metric
1.1.0 passed this metric
No Binaries Metric
1.1.0 passed this metric
Testing File Metric
1.1.0 passed this metric
Version Tag Metric
1.1.0 passed this metric
1.1.0 failed this metric
1.1.0 passed this metric
Foodcritic Metric
1.1.0 passed this metric
No Binaries Metric
1.1.0 passed this metric
Testing File Metric
1.1.0 passed this metric
Version Tag Metric
1.1.0 passed this metric
1.1.0 passed this metric
1.1.0 passed this metric
Testing File Metric
1.1.0 passed this metric
Version Tag Metric
1.1.0 passed this metric
1.1.0 passed this metric
1.1.0 passed this metric