2 changes: 1 addition & 1 deletion Modulefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name 'ghoneycutt-pam'
version '2.13.0'
version '2.14.0'
source 'git://github.com/ghoneycutt/puppet-module-pam.git'
author 'ghoneycutt'
license 'Apache-2.0'
Expand Down
14 changes: 14 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -355,6 +355,20 @@ Mode for config_file.

- *Default*: '0640'

config_file_lines
--------------------
Ordered array of limits that should be placed into limits.conf.
Useful for Suse 10 which does not use limits.d.

- *Default*: undef

config_file_source
------------------
String with source path to a limits.conf

- *Default*: undef


limits_d_dir
------------
Path to limits.d directory
Expand Down
59 changes: 37 additions & 22 deletions manifests/limits.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,13 @@
# Manage PAM limits.conf
#
class pam::limits (
$config_file = '/etc/security/limits.conf',
$config_file_mode = '0640',
$limits_d_dir = '/etc/security/limits.d',
$limits_d_dir_mode = '0750',
$purge_limits_d_dir = false,
$config_file = '/etc/security/limits.conf',
$config_file_lines = undef,
$config_file_source = undef,
$config_file_mode = '0640',
$limits_d_dir = '/etc/security/limits.d',
$limits_d_dir_mode = '0750',
$purge_limits_d_dir = false,
) {

# validate params
Expand All @@ -28,27 +30,40 @@
validate_bool($purge_limits_d_dir_real)

include pam

# ensure target exists
common::mkdir_p { $limits_d_dir: }

file { 'limits_d':
ensure => directory,
path => $limits_d_dir,
owner => 'root',
group => 'root',
mode => $limits_d_dir_mode,
purge => $purge_limits_d_dir_real,
recurse => $purge_limits_d_dir_real,
require => [ Package[$pam::my_package_name],
Common::Mkdir_p[$limits_d_dir],
],
if $config_file_lines == undef and $config_file_source == undef {
$content = template('pam/limits.conf.erb')
} else {
# config_file_lines takes priority over config_file_source
if $config_file_lines == undef {
$content = undef
$config_file_source_real = $config_file_source
} else {
$config_file_source_real = undef
validate_array($config_file_lines)
$content = template('pam/limits.conf.erb')
}
}
if $::osfamily == 'Suse' and $::lsbmajdistrelease == '10' {
} else {
common::mkdir_p { $limits_d_dir: }
file { 'limits_d':
ensure => directory,
path => $limits_d_dir,
owner => 'root',
group => 'root',
mode => $limits_d_dir_mode,
purge => $purge_limits_d_dir_real,
recurse => $purge_limits_d_dir_real,
require => [ Package[$pam::my_package_name],
Common::Mkdir_p[$limits_d_dir],
],
}
}

file { 'limits_conf':
ensure => file,
path => $config_file,
source => 'puppet:///modules/pam/limits.conf',
source => $config_file_source_real,
content => $content,
owner => 'root',
group => 'root',
mode => $config_file_mode,
Expand Down
3 changes: 3 additions & 0 deletions manifests/limits/fragment.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@

include pam
include pam::limits
if $::osfamily == 'Suse' and $::lsbmajdistrelease == '10' {
fail('You can not use pam::limits::fragment together with Suse 10.x releases')
}

# must specify source or list
if $source == 'UNSET' and $list == undef {
Expand Down
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "ghoneycutt-pam",
"version": "2.13.0",
"version": "2.14.0",
"author": "ghoneycutt",
"summary": "Manage PAM",
"license": "Apache-2.0",
Expand Down
133 changes: 133 additions & 0 deletions spec/classes/limits_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,125 @@
}
end

context 'with config_file_source specified as an valid string' do
let(:facts) do
{
:osfamily => 'RedHat',
:lsbmajdistrelease => '6',
:operatingsystemmajrelease => '6',
}
end

let(:params) do
{
:config_file_source => 'puppet:///modules/pam/own.limits.conf',
}
end

it {
should contain_file('limits_conf').with({
'ensure' => 'file',
'path' => '/etc/security/limits.conf',
'source' => 'puppet:///modules/pam/own.limits.conf',
'content' => nil,
'owner' => 'root',
'group' => 'root',
'mode' => '0640',
'require' => [ 'Package[pam]', ],
})
}

end

context 'with config_file_lines specified as an valid array' do
let(:facts) do
{
:osfamily => 'RedHat',
:lsbmajdistrelease => '6',
:operatingsystemmajrelease => '6',
}
end

let(:params) do
{
:config_file_lines => [ '* soft nofile 2048', '* hard nofile 8192', ]
}
end

it {
should contain_file('limits_conf').with({
'ensure' => 'file',
'path' => '/etc/security/limits.conf',
'source' => nil,
'owner' => 'root',
'group' => 'root',
'mode' => '0640',
'require' => [ 'Package[pam]', ],
})
}

it { should contain_file('limits_conf').with_content(/^\* soft nofile 2048$/) }
it { should contain_file('limits_conf').with_content(/^\* hard nofile 8192$/) }

end

context 'with config_file_lines specified as an invalid string' do
let(:facts) do
{
:osfamily => 'RedHat',
:lsbmajdistrelease => '6',
:operatingsystemmajrelease => '6',
}
end

let(:params) do
{
:config_file_lines => '* soft nofile 2048',

}
end

it 'should fail' do
expect {
should contain_class('pam::limits')
}.to raise_error(Puppet::Error,/is not an Array. It looks to be a String/)
end

end

context 'with config_file_source specified as an valid string and config_file_lines specified as an valid array' do
let(:facts) do
{
:osfamily => 'RedHat',
:lsbmajdistrelease => '6',
:operatingsystemmajrelease => '6',
}
end

let(:params) do
{
:config_file_source => 'puppet:///modules/pam/own.limits.conf',
:config_file_lines => [ '* soft nofile 2048', '* hard nofile 8192', ]
}
end

it {
should contain_file('limits_conf').with({
'ensure' => 'file',
'path' => '/etc/security/limits.conf',
'source' => nil,
'owner' => 'root',
'group' => 'root',
'mode' => '0640',
'require' => [ 'Package[pam]', ],
})
}

it { should contain_file('limits_conf').with_content(/^\* soft nofile 2048$/) }
it { should contain_file('limits_conf').with_content(/^\* hard nofile 8192$/) }

end

context 'with config_file specified as an invalid path' do
let(:params) { { :config_file => 'custom/security/limits.conf' } }
let(:facts) do
Expand Down Expand Up @@ -241,5 +360,19 @@
}.to raise_error(Puppet::Error,/str2bool/)
end
end

context 'without fragments support on Suse 10' do
let(:facts) do
{
:osfamily => 'Suse',
:lsbmajdistrelease => '10',
}
end

it { should contain_class('pam') }
it { should_not contain_common__mkdir_p('/etc/security/limits.d') }
it { should_not contain_file('limits_d') }
end

end
end
15 changes: 15 additions & 0 deletions spec/defines/limits/fragment_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,4 +114,19 @@
}.to raise_error(Puppet::Error,/pam::limits::fragment must specify source or list./)
end
end

context 'on unsupported platform Suse 10.x' do
let(:title) { '80-nproc' }
let(:facts) {
{
:osfamily => 'Suse',
:lsbmajdistrelease => '10',
}
}
it 'should fail' do
expect {
should contain_class('pam::limits::fragment')
}.to raise_error(Puppet::Error,/You can not use pam::limits::fragment together with Suse 10.x releases/)
end
end
end
Empty file added spec/fixtures/manifests/site.pp
View file
Empty file.
5 changes: 5 additions & 0 deletions files/limits.conf → templates/limits.conf.erb
100755 → 100644
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,5 +49,10 @@
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
<% unless @config_file_lines.nil? -%>
<% @config_file_lines.each do |line| -%>
<%= line %>
<% end -%>
<% end -%>

# End of file