diff --git a/manifests/init.pp b/manifests/init.pp index ac3009cb..bba4e127 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -62,6 +62,19 @@ # Example: ['module1', 'module2'] # Note: Those module should be in the $directory path # +# [*limits*] +# (optional) Set of limits to set in /etc/security/limits.d/ +# Defaults {} +# Example: +# { +# 'mysql_nofile' => { +# 'ensure' => 'present', +# 'user' => 'mysql', +# 'limit_type' => 'nofile', +# 'both' => '16384', +# }, +# } +# # [*manage_firewall*] # (optional) Completely enable or disable firewall settings # (false means disabled, and true means enabled) @@ -96,6 +109,7 @@ class cloud( $selinux_directory = '/usr/share/selinux', $selinux_booleans = [], $selinux_modules = [], + $limits = {}, $manage_firewall = false, $firewall_rules = {}, $purge_firewall_rules = false, @@ -143,6 +157,10 @@ This node is under the control of Puppet ${::puppetversion}. # NTP include ::ntp + # Security Limits + include ::limits + create_resources('limits::limits', $limits) + # SELinux if $::osfamily == 'RedHat' { class {'cloud::selinux' : diff --git a/spec/classes/cloud_init_spec.rb b/spec/classes/cloud_init_spec.rb index c208033c..3d84eac9 100644 --- a/spec/classes/cloud_init_spec.rb +++ b/spec/classes/cloud_init_spec.rb @@ -41,6 +41,28 @@ describe 'cloud' do it {is_expected.to contain_class('sudo')} it {is_expected.to contain_class('sudo::configs')} it {is_expected.to contain_class('ntp')} + it {is_expected.to contain_class('limits')} + + context 'with explicit limits enabled' do + before :each do + params.merge!( :limits => { + 'username_nofile' => { + 'ensure' => 'present', + 'user' => 'username', + 'limit_type' => 'nofile', + 'hard' => '16384' + } + }) + end + + it { is_expected.to contain_limits__limits('username_nofile').with( + :ensure => 'present', + :user => 'username', + :limit_type => 'nofile', + :hard => '16384', + ) } + + end it {is_expected.to contain_file('/etc/motd').with( {:ensure => 'file'}.merge(file_defaults)