Ubuntu Focal fails to set max open file limit

[ekohl]

When running the tests (and enabling debug output) the following can be seen:

  Notice: /Stage[main]/Puppet::Server::Puppetserver/Systemd::Dropin_file[puppetserver.service-limits.conf]/File[/etc/systemd/system/puppetserver.service.d]/ensure: created
  Debug: /Stage[main]/Puppet::Server::Puppetserver/Systemd::Dropin_file[puppetserver.service-limits.conf]/File[/etc/systemd/system/puppetserver.service.d]: The container Systemd::Dropin_file[puppetserver.service-limits.conf] will propagate my refresh event
  Notice: /Stage[main]/Puppet::Server::Puppetserver/Systemd::Dropin_file[puppetserver.service-limits.conf]/File[/etc/systemd/system/puppetserver.service.d/limits.conf]/ensure: defined content as '{sha256}af70de30e188923816fe1eb77708cdc603f53918edd1f7815bea5bc48690f062'
  Debug: /Stage[main]/Puppet::Server::Puppetserver/Systemd::Dropin_file[puppetserver.service-limits.conf]/File[/etc/systemd/system/puppetserver.service.d/limits.conf]: The container Systemd::Dropin_file[puppetserver.service-limits.conf] will propagate my refresh event
  Debug: Systemd::Dropin_file[puppetserver.service-limits.conf]: The container Class[Puppet::Server::Puppetserver] will propagate my refresh event
  Debug: Class[Puppet::Server::Puppetserver]: The container Stage[main] will propagate my refresh event
  Debug: Class[Puppet::Server::Puppetserver]: The container Class[Puppet::Server::Config] will propagate my refresh event
  Debug: Class[Puppet::Server::Config]: The container Stage[main] will propagate my refresh event
  Debug: Class[Puppet::Server::Config]: The container Class[Puppet::Server] will propagate my refresh event
  Info: Class[Puppet::Server::Config]: Scheduling refresh of Class[Puppet::Server::Service]
  Info: Class[Puppet::Server::Service]: Scheduling refresh of Service[puppetserver]
  Debug: Executing: '/usr/bin/systemctl is-active -- puppetserver'
  Debug: Executing: '/usr/bin/systemctl is-enabled -- puppetserver'
  Debug: Executing: '/usr/bin/systemctl is-active -- puppetserver'
  Debug: Executing: '/usr/bin/systemctl show --property=NeedDaemonReload -- puppetserver'
  Debug: Executing: '/usr/bin/systemctl restart -- puppetserver'
  Notice: /Service[puppetserver]: Triggered 'refresh' from 1 event
  Debug: /Service[puppetserver]: The container Class[Puppet::Server::Service] will propagate my refresh event

However, then:

# systemctl show puppetserver --property NeedDaemonReload
NeedDaemonReload=yes
# systemctl cat puppetserver
# Warning: puppetserver.service changed on disk, the version systemd has loaded is outdated.
# This output shows the current version of the unit's original fragment and drop-in files.
# If fragments or drop-ins were added or removed, they are not properly reflected in this output.
# Run 'systemctl daemon-reload' to reload units.
# /lib/systemd/system/puppetserver.service
#
# Local settings can be configured without being overwritten by package upgrades, for example
# if you want to increase puppetserver open-files-limit to 10000,
# you need to increase systemd's LimitNOFILE setting, so create a file named
# "/etc/systemd/system/puppetserver.service.d/limits.conf" containing:
#       [Service]
#       LimitNOFILE=10000
# You can confirm it worked by running systemctl daemon-reload
# then running systemctl show puppetserver | grep LimitNOFILE
#
[Unit]
Description=puppetserver Service
After=syslog.target network.target nss-lookup.target 

[Service]
Type=forking
EnvironmentFile=/etc/default/puppetserver
User=puppet
TimeoutStartSec=300
TimeoutStopSec=60
Restart=on-failure
StartLimitBurst=5
PIDFile=/run/puppetlabs/puppetserver/puppetserver.pid

# https://tickets.puppetlabs.com/browse/EZ-129
# Prior to systemd v228, TasksMax was unset by default, and unlimited. Starting in 228 a default of '512'
# was implemented. This is low enough to cause problems for certain applications. In systemd 231, the
# default was changed to be 15% of the default kernel limit. This explicitly sets TasksMax to 4915,
# which should match the default in systemd 231 and later.
# See https://github.com/systemd/systemd/issues/3211#issuecomment-233676333
TasksMax=4915

#set default privileges to -rw-r-----
UMask=027


ExecReload=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver reload
ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start
ExecStop=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver stop

KillMode=process

SuccessExitStatus=143

StandardOutput=syslog

[Install]
WantedBy=multi-user.target

So somehow it does run Debug: Executing: '/usr/bin/systemctl show --property=NeedDaemonReload -- puppetserver' but that returns a different value.