From 60120f2cf07922b140ba6ea60cae2215cbbd2fc7 Mon Sep 17 00:00:00 2001 From: Matthias Baur Date: Wed, 16 Jan 2019 17:12:21 +0100 Subject: [PATCH] Implement $server_max_open_files This commit implements the $server_max_open_files parameter which allows the user to configure the max open file descriptor limit for Puppetserver. Fixes #670. --- .fixtures.yml | 1 + manifests/init.pp | 4 +++ manifests/params.pp | 1 + manifests/server.pp | 1 + manifests/server/puppetserver.pp | 21 +++++++++++ .../puppet_server_puppetserver_spec.rb | 36 ++++++++++++++++++- 6 files changed, 63 insertions(+), 1 deletion(-) diff --git a/.fixtures.yml b/.fixtures.yml index 73959941..3e2a5e13 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -13,6 +13,7 @@ fixtures: inifile: 'https://github.com/puppetlabs/puppetlabs-inifile.git' puppetdb: 'https://github.com/puppetlabs/puppetlabs-puppetdb.git' stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib.git' + systemd: 'git://github.com/camptocamp/puppet-systemd.git' yumrepo_core: repo: 'https://github.com/puppetlabs/puppetlabs-yumrepo_core' puppet_version: '>= 6.0.0' diff --git a/manifests/init.pp b/manifests/init.pp index 7c4a4d37..28a56d2a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -511,6 +511,9 @@ # $server_ca_enable_infra_crl:: Enable the separate CRL for Puppet infrastructure nodes # Defaults to false # +# $server_max_open_files:: Increase the max open files limit for Puppetserver. +# Defaults to undef +# # === Usage: # # * Simple usage: @@ -703,6 +706,7 @@ Boolean $server_ca_allow_sans = $puppet::params::server_ca_allow_sans, Boolean $server_ca_allow_auth_extensions = $puppet::params::server_ca_allow_auth_extensions, Boolean $server_ca_enable_infra_crl = $puppet::params::server_ca_enable_infra_crl, + Optional[Integer[1]] $server_max_open_files = $puppet::params::server_max_open_files, ) inherits puppet::params { contain puppet::config diff --git a/manifests/params.pp b/manifests/params.pp index a3f91d1b..4a3af872 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -412,6 +412,7 @@ $server_ca_allow_sans = false $server_ca_allow_auth_extensions = false $server_ca_enable_infra_crl = false + $server_max_open_files = undef $server_puppetserver_version = undef diff --git a/manifests/server.pp b/manifests/server.pp index b1a650a1..d24922ba 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -442,6 +442,7 @@ Boolean $ca_allow_sans = $::puppet::server_ca_allow_sans, Boolean $ca_allow_auth_extensions = $::puppet::server_ca_allow_auth_extensions, Boolean $ca_enable_infra_crl = $::puppet::server_ca_enable_infra_crl, + Optional[Integer[1]] $max_open_files = $::puppet::server_max_open_files, ) { if $ca { $ssl_ca_cert = "${ssl_dir}/ca/ca_crt.pem" diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp index 5c7dc358..84471cc9 100644 --- a/manifests/server/puppetserver.pp +++ b/manifests/server/puppetserver.pp @@ -126,6 +126,7 @@ $ca_allow_sans = $::puppet::server::ca_allow_sans, $ca_allow_auth_extensions = $::puppet::server::ca_allow_auth_extensions, $ca_enable_infra_crl = $::puppet::server::ca_enable_infra_crl, + $max_open_files = $::puppet::server::max_open_files, ) { include ::puppet::server @@ -192,6 +193,26 @@ changes => $jruby_jar_changes, } } + + $ensure_max_open_files = $max_open_files ? { + undef => 'absent', + default => 'present', + } + if $::service_provider == 'systemd' { + systemd::dropin_file { 'puppetserver.service-limits.conf': + ensure => $ensure_max_open_files, + filename => 'limits.conf', + unit => 'puppetserver.service', + content => "[Service]\nLimitNOFILE=${max_open_files}", + } + } else { + file_line { 'puppet::server::puppetserver::max_open_files': + ensure => $ensure_max_open_files, + path => $config, + line => "ulimit -n ${max_open_files}", + match => '^ulimit\ -n', + } + } } $servicesd = "${server_puppetserver_dir}/services.d" diff --git a/spec/classes/puppet_server_puppetserver_spec.rb b/spec/classes/puppet_server_puppetserver_spec.rb index 97bb08c6..54f7a6a6 100644 --- a/spec/classes/puppet_server_puppetserver_spec.rb +++ b/spec/classes/puppet_server_puppetserver_spec.rb @@ -5,7 +5,7 @@ next if unsupported_puppetmaster_osfamily(facts[:osfamily]) context "on #{os}" do let(:facts) do - facts + facts.merge(service_provider: 'redhat') end let(:auth_conf) { '/etc/custom/puppetserver/conf.d/auth.conf' } @@ -404,6 +404,40 @@ end end + describe 'server_max_open_files', unless: facts[:osfamily] == 'FreeBSD' do + context 'when server_max_open_files => undef' do + it do + should contain_file_line('puppet::server::puppetserver::max_open_files') + .with_ensure('absent') + end + end + + context 'when server_max_open_files => 32143' do + let(:params) { super().merge(server_max_open_files: 32143) } + + context 'on systemd based systems' do + let(:facts) { super().merge(service_provider: 'systemd') } + it do + should contain_systemd__dropin_file('puppetserver.service-limits.conf') + .with_ensure('present') + .with_filename('limits.conf') + .with_unit('puppetserver.service') + .with_content("[Service]\nLimitNOFILE=32143") + end + end + + context 'on non systemd based systems' do + it do + should contain_file_line('puppet::server::puppetserver::max_open_files') + .with_ensure('present') + .with_path('/etc/default/puppetserver') + .with_line('ulimit -n 32143') + .with_match('^ulimit\ -n') + end + end + end + end + describe 'with extra_args parameter' do let(:params) { super().merge(server_jvm_extra_args: ['-XX:foo=bar', '-XX:bar=foo']) } if facts[:osfamily] == 'FreeBSD'