Unverified Commit bfdfd4e9 authored by Tim Smith's avatar Tim Smith Committed by GitHub
Browse files

Merge pull request #64 from bmhatfield/hwrp

WIP: We need consisten resource names so these can't be true custom resources
parents 6cda4439 defce613
Lint/AmbiguousOperator:
Exclude:
- 'resources/domain.rb'
- 'libraries/domain.rb'
require 'chef/resource'
class Chef
class Resource
class UlimitDomain < Chef::Resource
property :domain, String
property :domain_name, String, name_property: true
property :filename, String
load_current_value do |new_resource|
new_resource.filename new_resource.name unless new_resource.filename
new_resource.filename "#{new_resource.filename}.conf"
new_resource.subresource_rules.map! do |name, block|
urule = Chef::Resource::UlimitRule.new("#{new_resource.name}:#{name}]", nil)
urule.domain new_resource
urule.action :nothing
urule.instance_eval(&block)
unless name
urule.name "ulimit_rule[#{new_resource.name}:#{urule.item}-#{urule.type}-#{urule.value}]"
end
urule
end
end
attr_reader :subresource_rules
def initialize(*args)
@subresource_rules = []
super
end
def rule(name = nil, &block)
@subresource_rules << [name, block]
end
action :create do
seq = 0
new_resource.subresource_rules.map do |sub_resource|
sub_resource.run_context = new_resource.run_context
sub_resource.run_action(:create)
end
new_resource.subresource_rules.each do |block|
myname = block[0]
code = block[1]
# The resource used to be named after itself. Instead now we'll just generate a generic name
# Obviously it would be nicer to jump inside ulimit_rule and rename it, however that's
# actually tricky to do while maintaining compatability
if myname.nil?
myname = "rule-#{seq}"
seq += 1
end
ulimit_rule "#{new_resource.name}:#{myname}" do
domain new_resource
instance_eval &code
end
end
new_resource.filename new_resource.name unless new_resource.filename
new_resource.filename "#{new_resource.filename}.conf"
template ::File.join(node['ulimit']['security_limits_directory'], new_resource.filename) do
source 'domain.erb'
cookbook 'ulimit'
variables domain: new_resource.domain_name
end
end
action :delete do
file ::File.join(node['ulimit']['security_limits_directory'], new_resource.filename) do
action :delete
end
end
end
end
end
require 'chef/resource'
class Chef
class Resource
class UlimitRule < Chef::Resource
property :type, [Symbol, String], required: true
property :item, [Symbol, String], required: true
property :value, [String, Numeric], required: true
property :domain, [Chef::Resource, String], required: true
load_current_value do |new_resource|
new_resource.domain new_resource.domain.domain_name if new_resource.domain.is_a?(Chef::Resource)
node.run_state[:ulimit] ||= Mash.new
node.run_state[:ulimit][new_resource.domain] ||= Mash.new
end
action :create do
new_resource.domain new_resource.domain.domain_name if new_resource.domain.is_a?(Chef::Resource)
node.run_state[:ulimit] ||= Mash.new
node.run_state[:ulimit][new_resource.domain] ||= Mash.new
node.run_state[:ulimit][new_resource.domain][new_resource.item] ||= Mash.new
node.run_state[:ulimit][new_resource.domain][new_resource.item][new_resource.type] = new_resource.value
puts "Create: #{node.run_state[:ulimit].inspect}"
end
action :delete do
# NOOP
end
end
end
end
require 'chef/resource'
class Chef
class Resource
class UlimitUser < Chef::Resource
resource_name :user_ulimit
property :username, String, name_property: true
property :filename, String, default: lazy { |r| r.username == '*' ? '00_all_limits' : "#{r.username}_limits" }
property :filehandle_limit, [String, Integer]
property :filehandle_soft_limit, [String, Integer]
property :filehandle_hard_limit, [String, Integer]
property :process_limit, [String, Integer]
property :process_soft_limit, [String, Integer]
property :process_hard_limit, [String, Integer]
property :memory_limit, [String, Integer]
property :core_limit, [String, Integer]
property :core_soft_limit, [String, Integer]
property :core_hard_limit, [String, Integer]
property :stack_limit, [String, Integer]
property :stack_soft_limit, [String, Integer]
property :stack_hard_limit, [String, Integer]
property :rtprio_limit, [String, Integer]
property :rtprio_soft_limit, [String, Integer]
property :rtprio_hard_limit, [String, Integer]
action :create do
template "/etc/security/limits.d/#{new_resource.filename}.conf" do
source 'ulimit.erb'
cookbook 'ulimit'
mode '0644'
variables(
ulimit_user: new_resource.username,
filehandle_limit: new_resource.filehandle_limit,
filehandle_soft_limit: new_resource.filehandle_soft_limit,
filehandle_hard_limit: new_resource.filehandle_hard_limit,
process_limit: new_resource.process_limit,
process_soft_limit: new_resource.process_soft_limit,
process_hard_limit: new_resource.process_hard_limit,
memory_limit: new_resource.memory_limit,
core_limit: new_resource.core_limit,
core_soft_limit: new_resource.core_soft_limit,
core_hard_limit: new_resource.core_hard_limit,
stack_limit: new_resource.stack_limit,
stack_soft_limit: new_resource.stack_soft_limit,
stack_hard_limit: new_resource.stack_hard_limit,
rtprio_limit: new_resource.rtprio_limit,
rtprio_soft_limit: new_resource.rtprio_soft_limit,
rtprio_hard_limit: new_resource.rtprio_hard_limit
)
end
end
action :delete do
file "/etc/security/limits.d/#{new_resource.filename}.conf" do
action :delete
end
end
end
end
end
property :domain, String
property :domain_name, String, name_property: true
property :filename, String
load_current_value do
new_resource.filename new_resource.name unless new_resource.filename
new_resource.filename "#{new_resource.filename}.conf"
new_resource.subresource_rules.map! do |name, block|
urule = Chef::Resource::UlimitRule.new("ulimit_rule[#{new_resource.name}:#{name}]", nil)
urule.domain new_resource
urule.action :nothing
urule.instance_eval(&block)
unless name
urule.name "ulimit_rule[#{new_resource.name}:#{urule.item}-#{urule.type}-#{urule.value}]"
end
urule
end
end
attr_reader :subresource_rules
def initialize(*args)
@subresource_rules = []
super
end
def rule(name = nil, &block)
@subresource_rules << [name, block]
end
action :create do
seq = 0
new_resource.subresource_rules.map do |sub_resource|
sub_resource.run_context = new_resource.run_context
sub_resource.run_action(:create)
end
new_resource.subresource_rules.each do |block|
myname = block[0]
code = block[1]
# The resource used to be named after itself. Instead now we'll just generate a generic name
# Obviously it would be nicer to jump inside ulimit_rule and rename it, however that's
# actually tricky to do while maintaining compatability
if myname.nil?
myname = "rule-#{seq}"
seq += 1
end
ulimit_rule "#{new_resource.name}:#{myname}" do
domain new_resource
instance_eval &code
end
end
new_resource.filename new_resource.name unless new_resource.filename
new_resource.filename "#{new_resource.filename}.conf"
template ::File.join(node['ulimit']['security_limits_directory'], new_resource.filename) do
source 'domain.erb'
cookbook 'ulimit'
variables domain: new_resource.domain_name
end
end
action :delete do
file ::File.join(node['ulimit']['security_limits_directory'], new_resource.filename) do
action :delete
end
end
property :type, [Symbol, String], required: true
property :item, [Symbol, String], required: true
property :value, [String, Numeric], required: true
property :domain, [Chef::Resource, String], required: true
load_current_value do
new_resource.domain new_resource.domain.domain_name if new_resource.domain.is_a?(Chef::Resource)
node.run_state[:ulimit] ||= Mash.new
node.run_state[:ulimit][new_resource.domain] ||= Mash.new
end
action :create do
new_resource.domain new_resource.domain.domain_name if new_resource.domain.is_a?(Chef::Resource)
node.run_state[:ulimit] ||= Mash.new
node.run_state[:ulimit][new_resource.domain] ||= Mash.new
node.run_state[:ulimit][new_resource.domain][new_resource.item] ||= Mash.new
node.run_state[:ulimit][new_resource.domain][new_resource.item][new_resource.type] = new_resource.value
puts "Create: #{node.run_state[:ulimit].inspect}"
end
action :delete do
# NOOP
end
resource_name :user_ulimit
property :username, String, name_property: true
property :filename, String, default: lazy { |r| r.username == '*' ? '00_all_limits' : "#{r.username}_limits" }
property :filehandle_limit, [String, Integer]
property :filehandle_soft_limit, [String, Integer]
property :filehandle_hard_limit, [String, Integer]
property :process_limit, [String, Integer]
property :process_soft_limit, [String, Integer]
property :process_hard_limit, [String, Integer]
property :memory_limit, [String, Integer]
property :core_limit, [String, Integer]
property :core_soft_limit, [String, Integer]
property :core_hard_limit, [String, Integer]
property :stack_limit, [String, Integer]
property :stack_soft_limit, [String, Integer]
property :stack_hard_limit, [String, Integer]
property :rtprio_limit, [String, Integer]
property :rtprio_soft_limit, [String, Integer]
property :rtprio_hard_limit, [String, Integer]
action :create do
template "/etc/security/limits.d/#{new_resource.filename}.conf" do
source 'ulimit.erb'
cookbook 'ulimit'
mode '0644'
variables(
ulimit_user: new_resource.username,
filehandle_limit: new_resource.filehandle_limit,
filehandle_soft_limit: new_resource.filehandle_soft_limit,
filehandle_hard_limit: new_resource.filehandle_hard_limit,
process_limit: new_resource.process_limit,
process_soft_limit: new_resource.process_soft_limit,
process_hard_limit: new_resource.process_hard_limit,
memory_limit: new_resource.memory_limit,
core_limit: new_resource.core_limit,
core_soft_limit: new_resource.core_soft_limit,
core_hard_limit: new_resource.core_hard_limit,
stack_limit: new_resource.stack_limit,
stack_soft_limit: new_resource.stack_soft_limit,
stack_hard_limit: new_resource.stack_hard_limit,
rtprio_limit: new_resource.rtprio_limit,
rtprio_soft_limit: new_resource.rtprio_soft_limit,
rtprio_hard_limit: new_resource.rtprio_hard_limit
)
end
end
action :delete do
file "/etc/security/limits.d/#{new_resource.filename}.conf" do
action :delete
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment