From ec94e54f14c214a5423681e90b99d6e73094bfeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rurik=20Yl=C3=A4-Onnenvuori?= Date: Mon, 31 Oct 2016 13:03:21 +0100 Subject: Manage resource limits of services (#13) User can configure resource limits for services started by systemd --- README.md | 21 +++++++++++++++++++ manifests/init.pp | 8 +++++++- manifests/service_limits.pp | 50 +++++++++++++++++++++++++++++++++++++++++++++ templates/limits.erb | 26 +++++++++++++++++++++++ 4 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 manifests/service_limits.pp create mode 100644 templates/limits.erb diff --git a/README.md b/README.md index 5d962c9..51bf5cd 100644 --- a/README.md +++ b/README.md @@ -58,3 +58,24 @@ file { '/etc/tmpfiles.d/foo.conf': } ~> Exec['systemd-tmpfiles-create'] ``` + +### service limits + +Manage soft and hard limits on various resources for executed processes. + +```puppet +::systemd::service_limits { 'foo.service': + limits => { + LimitNOFILE => 8192, + LimitNPROC => 16384 + } +} +``` + +Or provide the configuration file yourself. Systemd reloading and restarting of the service are handled by the module. + +```puppet +::systemd::service_limits { 'foo.service': + source => "puppet:///modules/${module_name}/foo.conf", +} +``` diff --git a/manifests/init.pp b/manifests/init.pp index 5e6ad79..e669f09 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,4 +1,8 @@ -class systemd { +# -- Class systemd +# This module allows triggering systemd commands once for all modules +class systemd ( + $service_limits = {} +){ Exec { refreshonly => true, @@ -15,4 +19,6 @@ class systemd { command => 'systemd-tmpfiles --create', } + create_resources('systemd::service_limits', $service_limits, {}) + } diff --git a/manifests/service_limits.pp b/manifests/service_limits.pp new file mode 100644 index 0000000..a9cdc25 --- /dev/null +++ b/manifests/service_limits.pp @@ -0,0 +1,50 @@ +# -- Define: systemd::service_limits +# Creates a custom config file and reloads systemd +define systemd::service_limits( + $ensure = file, + $path = '/etc/systemd/system', + $limits = undef, + $source = undef, + $restart_service = true +) { + include ::systemd + + if $limits { + validate_hash($limits) + $content = template('systemd/limits.erb') + } + else { + $content = undef + } + + if $limits and $source { + fail('You may not supply both limits and source parameters to systemd::service_limits') + } elsif $limits == undef and $source == undef { + fail('You must supply either the limits or source parameter to systemd::service_limits') + } + + file { "${path}/${title}.d/": + ensure => 'directory', + owner => 'root', + group => 'root', + } + -> + file { "${path}/${title}.d/limits.conf": + ensure => $ensure, + content => $content, + source => $source, + owner => 'root', + group => 'root', + mode => '0444', + notify => Exec['systemctl-daemon-reload'], + } + + if $restart_service { + exec { "systemctl restart ${title}": + path => $::path, + refreshonly => true, + subscribe => File["${path}/${title}.d/limits.conf"], + require => Exec['systemctl-daemon-reload'], + } + } +} diff --git a/templates/limits.erb b/templates/limits.erb new file mode 100644 index 0000000..3caf586 --- /dev/null +++ b/templates/limits.erb @@ -0,0 +1,26 @@ +# This file is created by Puppet +[Service] +<% +[ + 'LimitCPU', + 'LimitFSIZE', + 'LimitDATA', + 'LimitSTACK', + 'LimitCORE', + 'LimitRSS', + 'LimitNOFILE', + 'LimitAS', + 'LimitNPROC', + 'LimitMEMLOCK', + 'LimitLOCKS', + 'LimitSIGPENDING', + 'LimitMSGQUEUE', + 'LimitNICE', + 'LimitRTPRIO', + 'LimitRTTIME' +].each do |d| +if @limits[d] -%> +<%= d %>=<%= @limits[d] %> +<% +end +end %> -- cgit v1.2.3