Configure ulimit using Puppet

Question

I am wondering how to run the ulimit command using Puppets exec type. The problem with ulimit seems to be that it isn't a binary so it has to be called using /bin/bash in front of it. I am trying to change the core file size to unlimited. I have this but doesn't recognise ulimit.

exec {"ulimit":
        command => "/bin/bash ulimit -c unlimited",
}

I can execute 'ulimit -c unlimited' in the command line and it will change the value no problem. The problem is doing this through Puppet. Any help would be great.

This is not the way how puppet should be used. Using code like this, the limit will be changed on each puppet run (after fixing the command). Preferred way is using some module that will perform action only in case when value is different than desired. — Tombart, Jan 14 '16 at 14:48

score 3 · Answer 1 · answered Mar 25 '13 at 14:55

3

I would recommend trying to make this change using /etc/security/limits.conf, such as:

<user>   soft   core   unlimited
<user>   hard   core   unlimited

You could do so using Augeas similar to instructions found here. Not sure of your exact need/use case, but at least consider the avenue!

answered Mar 25 '13 at 14:55

Mark Stanislav

979
4
11

I have used Puppet to add them lines into the limits.conf file which is cool but I can't get the limits to take effect. I have tried everything (reboots, logins, editing pam and ssh files) and have been on google since I posted this. Any ideas? – Alan Smith Mar 25 '13 at 16:40
It should be effective upon the shell of whatever you're trying to fix being relaunched, e.g. restart application, new process ran, user logged-in, etc. Honestly, not entirely aware of what would be going wrong. Can you show how you're confirming these settings aren't taking effect or any other troubleshooting you've done that made lead to an answer? – Mark Stanislav Mar 25 '13 at 17:13
1

They aren't taking effect because when I log back in or reboot the ulimit doesn't update even though the limits.conf file is correct. I have also added the line "session required pam_limits.so" to su, sudo, ssh and login in /etc/pam.d/ directory. I have also set sshd_config to use pam with the entry usePam yes. – Alan Smith Mar 26 '13 at 15:12
Does the `sysctl -p` works for you? You might want to use `require`, `notify`, and the likes to apply the change after executing the command above. – Axel Advento Nov 21 '13 at 06:30

score 1 · Answer 2 · answered Dec 06 '13 at 00:07

1

Other way is to install erwbgy puppet module and simply define:

include limits
limits::entry { 'my-limits':
    domain => $user,
    type   => 'soft',
    item   => 'core',
    value  => 'unlimited',
}

in you puppet script.

answered Dec 06 '13 at 00:07

Piotr Król

3,350
2
23
25

score 0 · Answer 3 · answered Mar 25 '13 at 19:29

0

The command is wrong, it should be:

command => "/bin/bash -c 'ulimit -c unlimited'"

answered Mar 25 '13 at 19:29

Gergo Erdosi

40,904
21
118
94

It didn't work. The command executed successfully but upon logging back in ulimit didn't update. – Alan Smith Mar 26 '13 at 15:12
Can it be that you are logging in with a different user than Puppet used to execute the command? Add user => 'name' to exec where name is the user you are using for login. – Gergo Erdosi Mar 26 '13 at 16:48

score 0 · Answer 4 · answered Apr 19 '13 at 13:05

If you change limits using /etc/security/limits.conf you must restart your processes to make them use the new limits.

If for example your puppet agent need to restart a service ("service myservice restart") the service will be started from puppet process that is running with the root user and with the old limits.

So the service init script of your service in /etc/init.d must force a login, for example changing the user with "su" or "sudo", to force the service using the new limits.

See http://linux.die.net/man/5/limits.conf

"Also, please note that all limit settings are set per login. They are not global, nor are they permanent; existing only for the duration of the session."

score 0 · Answer 5 · answered Oct 11 '13 at 14:17

Increase the System wide ulimit (root) to the highest vlaue you prefer

* soft nofile 1000000
* hard nofile 250000

And then add the user specific limits e.g. for httpd user

httpd hard nofile 100000
httpd soft nofile 25000

Note: in this case httpd cannot exceed the upper system limit (*), sysetm will not allow it, even if you have given the httpd user a higher value

Processes might need to be restarted (no need to restart the System) for them to pickup the new values, however you can double check if they have picked it up or not by looking at: $cat /proc//limits

If not then just restart the process.

Configure ulimit using Puppet

5 Answers5