From b5880c50fde29cb30b8ec10bb11077a749b98d24 Mon Sep 17 00:00:00 2001
From: Yanis Guenane <yanis.guenane@enovance.com>
Date: Tue, 17 Feb 2015 08:40:00 -0500
Subject: [PATCH] init: Enable to control /etc/security/limits.d/

This commit aims to allow the deployer to control the limits
in /etc/security/limits.d/.

man 5 limits.conf for more informations

Change-Id: I80c2a093d8beeb2c8285d9595111c95f721e938f
---
 manifests/init.pp               | 18 ++++++++++++++++++
 spec/classes/cloud_init_spec.rb | 22 ++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/manifests/init.pp b/manifests/init.pp
index 576dc4bb..4d25b83b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -62,6 +62,19 @@
 #   Example: ['module1', 'module2']
 #   Note: Those module should be in the $directory path
 #
+# [*limits*]
+#   (optional) Set of limits to set in /etc/security/limits.d/
+#   Defaults {}
+#   Example:
+#     {
+#       'mysql_nofile' => {
+#          'ensure'     => 'present',
+#          'user'       => 'mysql',
+#          'limit_type' => 'nofile',
+#          'both'       => '16384',
+#       },
+#     }
+#
 # [*manage_firewall*]
 #  (optional) Completely enable or disable firewall settings
 #  (false means disabled, and true means enabled)
@@ -96,6 +109,7 @@ class cloud(
   $selinux_directory    = '/usr/share/selinux',
   $selinux_booleans     = [],
   $selinux_modules      = [],
+  $limits               = {},
   $manage_firewall      = false,
   $firewall_rules       = {},
   $purge_firewall_rules = false,
@@ -139,6 +153,10 @@ This node is under the control of Puppet ${::puppetversion}.
   # NTP
   include ::ntp
 
+  # Security Limits
+  include ::limits
+  create_resources('limits::limits', $limits)
+
   # SELinux
   if $::osfamily == 'RedHat' {
     class {'cloud::selinux' :
diff --git a/spec/classes/cloud_init_spec.rb b/spec/classes/cloud_init_spec.rb
index 895e8f0b..bba02256 100644
--- a/spec/classes/cloud_init_spec.rb
+++ b/spec/classes/cloud_init_spec.rb
@@ -39,6 +39,28 @@ describe 'cloud' do
     end
 
     it {is_expected.to contain_class('ntp')}
+    it {is_expected.to contain_class('limits')}
+
+    context 'with explicit limits enabled' do
+      before :each do
+        params.merge!( :limits => {
+                         'username_nofile' => {
+                           'ensure'     => 'present',
+                           'user'       => 'username',
+                           'limit_type' => 'nofile',
+                           'hard'       => '16384'
+                         }
+                      })
+      end
+
+      it { is_expected.to contain_limits__limits('username_nofile').with(
+        :ensure     => 'present',
+        :user       => 'username',
+        :limit_type => 'nofile',
+        :hard       => '16384',
+     ) }
+
+    end
 
     it {is_expected.to contain_file('/etc/motd').with(
       {:ensure => 'file'}.merge(file_defaults)