Merge "init: Enable to control /etc/security/limits.d/"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
d8bd8744df
@ -62,6 +62,19 @@
|
|||||||
# Example: ['module1', 'module2']
|
# Example: ['module1', 'module2']
|
||||||
# Note: Those module should be in the $directory path
|
# Note: Those module should be in the $directory path
|
||||||
#
|
#
|
||||||
|
# [*limits*]
|
||||||
|
# (optional) Set of limits to set in /etc/security/limits.d/
|
||||||
|
# Defaults {}
|
||||||
|
# Example:
|
||||||
|
# {
|
||||||
|
# 'mysql_nofile' => {
|
||||||
|
# 'ensure' => 'present',
|
||||||
|
# 'user' => 'mysql',
|
||||||
|
# 'limit_type' => 'nofile',
|
||||||
|
# 'both' => '16384',
|
||||||
|
# },
|
||||||
|
# }
|
||||||
|
#
|
||||||
# [*manage_firewall*]
|
# [*manage_firewall*]
|
||||||
# (optional) Completely enable or disable firewall settings
|
# (optional) Completely enable or disable firewall settings
|
||||||
# (false means disabled, and true means enabled)
|
# (false means disabled, and true means enabled)
|
||||||
@ -96,6 +109,7 @@ class cloud(
|
|||||||
$selinux_directory = '/usr/share/selinux',
|
$selinux_directory = '/usr/share/selinux',
|
||||||
$selinux_booleans = [],
|
$selinux_booleans = [],
|
||||||
$selinux_modules = [],
|
$selinux_modules = [],
|
||||||
|
$limits = {},
|
||||||
$manage_firewall = false,
|
$manage_firewall = false,
|
||||||
$firewall_rules = {},
|
$firewall_rules = {},
|
||||||
$purge_firewall_rules = false,
|
$purge_firewall_rules = false,
|
||||||
@ -143,6 +157,10 @@ This node is under the control of Puppet ${::puppetversion}.
|
|||||||
# NTP
|
# NTP
|
||||||
include ::ntp
|
include ::ntp
|
||||||
|
|
||||||
|
# Security Limits
|
||||||
|
include ::limits
|
||||||
|
create_resources('limits::limits', $limits)
|
||||||
|
|
||||||
# SELinux
|
# SELinux
|
||||||
if $::osfamily == 'RedHat' {
|
if $::osfamily == 'RedHat' {
|
||||||
class {'cloud::selinux' :
|
class {'cloud::selinux' :
|
||||||
|
|||||||
@ -41,6 +41,28 @@ describe 'cloud' do
|
|||||||
it {is_expected.to contain_class('sudo')}
|
it {is_expected.to contain_class('sudo')}
|
||||||
it {is_expected.to contain_class('sudo::configs')}
|
it {is_expected.to contain_class('sudo::configs')}
|
||||||
it {is_expected.to contain_class('ntp')}
|
it {is_expected.to contain_class('ntp')}
|
||||||
|
it {is_expected.to contain_class('limits')}
|
||||||
|
|
||||||
|
context 'with explicit limits enabled' do
|
||||||
|
before :each do
|
||||||
|
params.merge!( :limits => {
|
||||||
|
'username_nofile' => {
|
||||||
|
'ensure' => 'present',
|
||||||
|
'user' => 'username',
|
||||||
|
'limit_type' => 'nofile',
|
||||||
|
'hard' => '16384'
|
||||||
|
}
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
it { is_expected.to contain_limits__limits('username_nofile').with(
|
||||||
|
:ensure => 'present',
|
||||||
|
:user => 'username',
|
||||||
|
:limit_type => 'nofile',
|
||||||
|
:hard => '16384',
|
||||||
|
) }
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
it {is_expected.to contain_file('/etc/motd').with(
|
it {is_expected.to contain_file('/etc/motd').with(
|
||||||
{:ensure => 'file'}.merge(file_defaults)
|
{:ensure => 'file'}.merge(file_defaults)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user