Implement $server_max_open_files

This commit implements the $server_max_open_files parameter which allows the user to configure the max open file descriptor limit for Puppetserver. Fixes #670.
theforeman · Jan 16, 2019 · 60120f2 · 60120f2
1 parent 263f230
commit 60120f2
Show file tree

Hide file tree

Showing 6 changed files with 63 additions and 1 deletion.
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -13,6 +13,7 @@ fixtures:
     inifile:  'https://github.com/puppetlabs/puppetlabs-inifile.git'
     puppetdb: 'https://github.com/puppetlabs/puppetlabs-puppetdb.git'
     stdlib:   'https://github.com/puppetlabs/puppetlabs-stdlib.git'
+    systemd:  'git://github.com/camptocamp/puppet-systemd.git'
     yumrepo_core:
       repo: 'https://github.com/puppetlabs/puppetlabs-yumrepo_core'
       puppet_version: '>= 6.0.0'
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -511,6 +511,9 @@
 # $server_ca_enable_infra_crl::             Enable the separate CRL for Puppet infrastructure nodes
 #                                           Defaults to false
 #
+# $server_max_open_files::                  Increase the max open files limit for Puppetserver.
+#                                           Defaults to undef
+#
 # === Usage:
 #
 # * Simple usage:
@@ -703,6 +706,7 @@
   Boolean $server_ca_allow_sans = $puppet::params::server_ca_allow_sans,
   Boolean $server_ca_allow_auth_extensions = $puppet::params::server_ca_allow_auth_extensions,
   Boolean $server_ca_enable_infra_crl = $puppet::params::server_ca_enable_infra_crl,
+  Optional[Integer[1]] $server_max_open_files = $puppet::params::server_max_open_files,
 ) inherits puppet::params {
   contain puppet::config
 

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -412,6 +412,7 @@
   $server_ca_allow_sans                   = false
   $server_ca_allow_auth_extensions        = false
   $server_ca_enable_infra_crl             = false
+  $server_max_open_files                  = undef
 
   $server_puppetserver_version      = undef
 

diff --git a/manifests/server.pp b/manifests/server.pp
@@ -442,6 +442,7 @@
   Boolean $ca_allow_sans = $::puppet::server_ca_allow_sans,
   Boolean $ca_allow_auth_extensions = $::puppet::server_ca_allow_auth_extensions,
   Boolean $ca_enable_infra_crl = $::puppet::server_ca_enable_infra_crl,
+  Optional[Integer[1]] $max_open_files = $::puppet::server_max_open_files,
 ) {
   if $ca {
     $ssl_ca_cert     = "${ssl_dir}/ca/ca_crt.pem"

diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp
@@ -126,6 +126,7 @@
   $ca_allow_sans                          = $::puppet::server::ca_allow_sans,
   $ca_allow_auth_extensions               = $::puppet::server::ca_allow_auth_extensions,
   $ca_enable_infra_crl                    = $::puppet::server::ca_enable_infra_crl,
+  $max_open_files                         = $::puppet::server::max_open_files,
 ) {
   include ::puppet::server
 
@@ -192,6 +193,26 @@
         changes => $jruby_jar_changes,
       }
     }
+
+    $ensure_max_open_files = $max_open_files ? {
+      undef   => 'absent',
+      default => 'present',
+    }
+    if $::service_provider == 'systemd' {
+      systemd::dropin_file { 'puppetserver.service-limits.conf':
+        ensure   => $ensure_max_open_files,
+        filename => 'limits.conf',
+        unit     => 'puppetserver.service',
+        content  => "[Service]\nLimitNOFILE=${max_open_files}",
+      }
+    } else {
+      file_line { 'puppet::server::puppetserver::max_open_files':
+        ensure => $ensure_max_open_files,
+        path   => $config,
+        line   => "ulimit -n ${max_open_files}",
+        match  => '^ulimit\ -n',
+      }
+    }
   }
 
   $servicesd = "${server_puppetserver_dir}/services.d"

diff --git a/spec/classes/puppet_server_puppetserver_spec.rb b/spec/classes/puppet_server_puppetserver_spec.rb
@@ -5,7 +5,7 @@
     next if unsupported_puppetmaster_osfamily(facts[:osfamily])
     context "on #{os}" do
       let(:facts) do
-        facts
+        facts.merge(service_provider: 'redhat')
       end
 
       let(:auth_conf) { '/etc/custom/puppetserver/conf.d/auth.conf' }
@@ -404,6 +404,40 @@
         end
       end
 
+      describe 'server_max_open_files', unless: facts[:osfamily] == 'FreeBSD' do
+        context 'when server_max_open_files => undef' do
+          it do
+            should contain_file_line('puppet::server::puppetserver::max_open_files')
+              .with_ensure('absent')
+          end
+        end
+
+        context 'when server_max_open_files => 32143' do
+          let(:params) { super().merge(server_max_open_files: 32143) }
+
+          context 'on systemd based systems' do
+            let(:facts) { super().merge(service_provider: 'systemd') }
+            it do
+              should contain_systemd__dropin_file('puppetserver.service-limits.conf')
+                .with_ensure('present')
+                .with_filename('limits.conf')
+                .with_unit('puppetserver.service')
+                .with_content("[Service]\nLimitNOFILE=32143")
+            end
+          end
+
+          context 'on non systemd based systems' do
+            it do
+              should contain_file_line('puppet::server::puppetserver::max_open_files')
+                .with_ensure('present')
+                .with_path('/etc/default/puppetserver')
+                .with_line('ulimit -n 32143')
+                .with_match('^ulimit\ -n')
+            end
+          end
+        end
+      end
+
       describe 'with extra_args parameter' do
         let(:params) { super().merge(server_jvm_extra_args: ['-XX:foo=bar', '-XX:bar=foo']) }
         if facts[:osfamily] == 'FreeBSD'