Add new Redis cookbook

cookbooks/redisio/templates/default/domain.erb

@@ -0,0 +1,9 @@
+<%
+  node.run_state[:ulimit][@domain].each do |item, entries|
+    entries.each do |type, value|
+-%>
+<%= @domain %> <%= type %> <%= item %> <%= value %>
+<%
+    end
+  end
+-%>

cookbooks/redisio/templates/default/redis-sentinel@.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Redis persistent key-value database
+After=network.target
+
+[Service]
+ExecStart=<%= @bin_path %>/redis-server /etc/redis/sentinel_%i.conf --sentinel --daemonize no
+User=redis
+Group=redis
+LimitNOFILE=<%= @limit_nofile %>
+
+[Install]
+WantedBy=multi-user.target

cookbooks/redisio/templates/default/redis.init.erb

@@ -0,0 +1,96 @@
+#!/bin/sh
+#
+# Simple Redis init.d script conceived to work on Linux systems
+# as it does use of the /proc filesystem.
+#
+# description: Redis is an in memory key-value store database
+#
+### BEGIN INIT INFO
+# Provides: redis<%= @port %>
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Required-Start: <%= @required_start %>
+# Required-Stop: <%= @required_stop %>
+# Description: redis<%= @port %> init script
+### END INIT INFO
+
+REDISNAME=<%= @name %>
+REDISPORT=<%= @port %>
+<% case @platform %>
+<% when 'ubuntu','debian','fedora' %>
+EXEC="su -s /bin/sh -c '<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${REDISNAME}.conf' <%= @user %>"
+<% else %>
+EXEC="runuser <%= @user %> -c \"<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${REDISNAME}.conf\""
+<% end %>
+CLIEXEC=<%= File.join(@bin_path, 'redis-cli') %>
+
+<% connection_string = String.new %>
+<% if @unixsocket.nil? %>
+  <% connection_string << " -p #{@port}" %>
+  <% connection_string << " -h #{@address.respond_to?(:first) ? @address.first : @address }" if @address %>
+<% else %>
+  <% connection_string << " -s #{@unixsocket}" %>
+<% end %>
+<% connection_string  << " -a '#{@requirepass}'" unless @requirepass.nil? %>
+
+PIDFILE=<%= @piddir %>/redis_${REDISNAME}.pid
+
+if [ ! -d <%= @piddir %> ]; then
+    mkdir -p <%= @piddir %>
+    chown <%= @user %>  <%= @piddir %>
+fi
+
+ulimit -n <%= @ulimit %>
+
+case "$1" in
+    status)
+        if [ -f $PIDFILE ]
+        then
+          echo "redis$REDISNAME $PIDFILE exists, pid is $(cat $PIDFILE), should be running"
+          ps -p $(cat $PIDFILE) >/dev/null 2>&1
+          exit $?
+        else
+          echo "redis$REDISNAME $PIDFILE doesn't exist"
+          exit 3
+        fi
+        ;;
+    start)
+        if [ -f $PIDFILE ]
+        then
+                echo "$PIDFILE exists, process is already running or crashed"
+		PIDNUM=`cat $PIDFILE`
+		PROCESS_RUNNING=`ps --no-headers -q $PIDNUM | wc -l`
+		if [ ! $PROCESS_RUNNING -eq 1 ]
+		then
+			echo "The PID doesn't exists, restarting it."
+			rm $PIDFILE
+			eval $EXEC
+		fi
+        else
+                echo "Starting Redis server..."
+                eval $EXEC
+        fi
+        ;;
+    stop)
+        if [ ! -f $PIDFILE ]
+        then
+                echo "$PIDFILE does not exist, process is not running"
+        else
+                PID=$(cat $PIDFILE)
+                echo "Stopping ..."
+
+                <%= "$CLIEXEC #{connection_string} save" if @shutdown_save %>
+                $CLIEXEC <%= connection_string %> shutdown
+
+                while [ -x /proc/${PID} ]
+                do
+                    echo "Waiting for Redis to shutdown ..."
+                    sleep 1
+                done
+                echo "Redis stopped"
+        fi
+        ;;
+    *)
+        echo "Please use start or stop as first argument"
+        ;;
+esac

cookbooks/redisio/templates/default/redis.rcinit.erb

@@ -0,0 +1,69 @@
+#!/bin/sh
+#
+#
+
+# PROVIDE: redis<%= @name %>
+# REQUIRE: LOGIN
+# BEFORE:  securelevel
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable `redis':
+#
+#redis<%= @name %>_enable="YES"
+#
+# Define profiles here to run separate redis instances:
+#
+#redis_profiles="foo bar" #  Script uses /usr/local/etc/redis-NAME.conf respectively.
+#                            For correct script working please update pidfile entries in
+#                            redis-NAME.conf files.
+
+. /etc/rc.subr
+
+name="redis<%= @name %>"
+rcvar="${name}_enable"
+
+extra_commands="reload"
+
+command="<%= File.join(@bin_path, 'redis-server') %>"
+pidfile="<%= @piddir %>/redis_<%=@name%>.pid"
+
+# read configuration and set defaults
+load_rc_config "$name"
+: ${redis<%= @name %>_enable="NO"}
+: ${redis_user="<%= @user %>"}
+: ${redis_config="<%= @configdir %>/<%= @name %>.conf"}
+
+command_args="${redis_config}"
+required_files="${redis_config}"
+
+_profile_exists() {
+        for _p in ${redis_profiles}; do
+                [ "${_p}" = "$1" ] && return 1;
+        done
+        return 0
+}
+
+if [ $# -eq 2 ]; then
+        _profile=$2
+        _profile_exists $_profile
+        _exists=$?
+        [ ${_exists} -ne 1 ] && {
+                echo "`basename /usr/local/etc/rc.d/redis`: no '$2' in 'redis_profiles'"
+                exit 1
+        };
+        echo "-- Profile: ${name} --"
+        config_file="/usr/local/etc/redis/${name}.conf"
+        command_args="${config_file}"
+        pidfile="<%= @piddir %>/${name}.pid"
+        required_files="${config_file}"
+elif [ -n "${redis_profiles}" ]; then
+        _swap=$*; shift; _profiles=$*
+        _profiles=${_profiles:-${redis_profiles}}
+        set -- ${_swap}
+        for _profile in ${_profiles}; do
+                /usr/local/etc/rc.d/redis $1 ${_profile}
+        done
+        exit 0
+fi
+
+run_rc_command "$1"

cookbooks/redisio/templates/default/redis.upstart.conf.erb

@@ -0,0 +1,19 @@
+description "Start the redis instance on port <%= @port %>"
+author "Installed by chef redisio cookbook"
+
+#start on runlevel [2345]
+stop on runlevel [06]
+
+script
+  if [ ! -d <%= @piddir %> ]; then
+    mkdir -p <%= @piddir %>
+    chown <%= @user %>:<%= @group %>  <%= @piddir %>
+  fi
+end script
+
+# If the job exits, restart it. Give up with more than 10 restarts in 30 seconds.
+respawn
+respawn limit 10 30
+
+exec su -s /bin/sh -c 'exec "$0" "$@"' <%= @user %> <%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/<%= @name %>.conf
+

cookbooks/redisio/templates/default/redis@.service.erb

@@ -0,0 +1,12 @@
+[Unit]
+Description=Redis (%i) persistent key-value database
+After=network.target
+
+[Service]
+ExecStart=<%= @bin_path %>/redis-server /etc/redis/%i.conf --daemonize no
+User=<%= @user %>
+Group=<%= @group %>
+LimitNOFILE=<%= @limit_nofile %>
+
+[Install]
+WantedBy=multi-user.target

cookbooks/redisio/templates/default/sentinel.conf.erb

@@ -0,0 +1,203 @@
+# Example sentinel.conf
+
+# redisio Cookbook additions
+<% if @job_control == 'initd' || @job_control == 'rcinit' %>
+daemonize yes
+<% end %>
+pidfile <%= @piddir %>/sentinel_<%=@name%>.pid
+loglevel <%=@loglevel%>
+syslog-enabled <%= @syslogenabled %>
+syslog-ident redis-<%= @name %>
+syslog-facility <%= @syslogfacility %>
+<%= "logfile #{@logfile}" unless @logfile.nil? %>
+
+<% if @sentinel_bind %>
+bind <%=@sentinel_bind%>
+<% end %>
+
+ <% if @protected_mode %>
+<%= "protected-mode #{@protected_mode}" %>
+<% end %>
+
+# port <sentinel-port>
+# The port that this sentinel instance will run on
+port <%=@sentinel_port%>
+
+# sentinel announce-ip <ip>
+# sentinel announce-port <port>
+#
+# The above two configuration directives are useful in environments where,
+# because of NAT, Sentinel is reachable from outside via a non-local address.
+#
+# When announce-ip is provided, the Sentinel will claim the specified IP address
+# in HELLO messages used to gossip its presence, instead of auto-detecting the
+# local address as it usually does.
+#
+# Similarly when announce-port is provided and is valid and non-zero, Sentinel
+# will announce the specified TCP port.
+#
+# The two options don't need to be used together, if only announce-ip is
+# provided, the Sentinel will announce the specified IP and the server port
+# as specified by the "port" option. If only announce-port is provided, the
+# Sentinel will announce the auto-detected local IP and the specified port.
+#
+# Example:
+#
+# sentinel announce-ip 1.2.3.4
+<%= "sentinel announce-ip #{@announce_ip}" unless @announce_ip.nil? %>
+<%= "sentinel announce-port #{@announce_port}" unless @announce_port.nil? %>
+
+# sentinel monitor <master-name> <ip> <redis-port> <quorum>
+#
+# Tells Sentinel to monitor this slave, and to consider it in O_DOWN
+# (Objectively Down) state only if at least <quorum> sentinels agree.
+#
+# Note: master name should not include special characters or spaces.
+# The valid charset is A-z 0-9 and the three characters ".-_".
+# sentinel monitor mymaster 127.0.0.1 6379 2
+<% @masters.each do |current| %>
+<% calc_name = String(current['master_name'] || @name || 'master_name') %>
+<%= "sentinel monitor #{calc_name} #{current['master_ip']} #{current['master_port']} #{current['quorum_count']}" %>
+<% end %>
+# sentinel auth-pass <master-name> <password>
+#
+# Set the password to use to authenticate with the master and slaves.
+# Useful if there is a password set in the Redis instances to monitor.
+#
+# Note that the master password is also used for slaves, so it is not
+# possible to set a different password in masters and slaves instances
+# if you want to be able to monitor these instances with Sentinel.
+#
+# However you can have Redis instances without the authentication enabled
+# mixed with Redis instances requiring the authentication (as long as the
+# password set is the same for all the instances requiring the password) as
+# the AUTH command will have no effect in Redis instances with authentication
+# switched off.
+#
+# Example:
+#
+# sentinel auth-pass mymaster MySUPER--secret-0123passw0rd
+<% @masters.each do |current| %>
+<% calc_name = String(current['master_name'] || @name || 'master_name') %>
+<%= "sentinel auth-pass #{calc_name} #{current['auth_pass']}" unless current['auth_pass'].nil? %>
+<% end %>
+# sentinel down-after-milliseconds <master-name> <milliseconds>
+#
+# Number of milliseconds the master (or any attached slave or sentinel) should
+# be unreachable (as in, not acceptable reply to PING, continuously, for the
+# specified period) in order to consider it in S_DOWN state (Subjectively
+# Down).
+#
+# Default is 30 seconds.
+<% @masters.each do |current| %>
+<% calc_name = String(current['master_name'] || @name || 'master_name') %>
+<%= "sentinel down-after-milliseconds #{calc_name} #{current['down_after_milliseconds']}" unless current['down_after_milliseconds'].nil?  %>
+<% end %>
+# sentinel parallel-syncs <master-name> <numslaves>
+#
+# How many slaves we can reconfigure to point to the new slave simultaneously
+# during the failover. Use a low number if you use the slaves to serve query
+# to avoid that all the slaves will be unreachable at about the same
+# time while performing the synchronization with the master.
+<% @masters.each do |current| %>
+<% calc_name = String(current['master_name'] || @name || 'master_name') %>
+<%= "sentinel parallel-syncs #{calc_name} #{current['parallel_syncs']}" unless current['parallel_syncs'].nil? %>
+<% end %>
+# sentinel failover-timeout <master-name> <milliseconds>
+#
+# Specifies the failover timeout in milliseconds. When this time has elapsed
+# without any progress in the failover process, it is considered concluded by
+# the sentinel even if not all the attached slaves were correctly configured
+# to replicate with the new master (however a "best effort" SLAVEOF command
+# is sent to all the slaves before).
+#
+# Also when 25% of this time has elapsed without any advancement, and there
+# is a leader switch (the sentinel did not started the failover but is now
+# elected as leader), the sentinel will continue the failover doing a
+# "takeover".
+#
+# Default is 15 minutes.
+<% @masters.each do |current| %>
+<% calc_name = String(current['master_name'] || @name || 'master_name') %>
+<%= "sentinel failover-timeout #{calc_name} #{current['failover_timeout']}" unless current['failover_timeout'].nil? %>
+<% end %>
+
+<% if @version[:major].to_i == 2 && @version[:minor].to_i >= 8 || @version[:major].to_i > 3 %>
+# SCRIPTS EXECUTION
+#
+# sentinel notification-script and sentinel reconfig-script are used in order
+# to configure scripts that are called to notify the system administrator
+# or to reconfigure clients after a failover. The scripts are executed
+# with the following rules for error handling:
+#
+# If script exists with "1" the execution is retried later (up to a maximum
+# number of times currently set to 10).
+#
+# If script exists with "2" (or an higher value) the script execution is
+# not retried.
+#
+# If script terminates because it receives a signal the behavior is the same
+# as exit code 1.
+#
+# A script has a maximum running time of 60 seconds. After this limit is
+# reached the script is terminated with a SIGKILL and the execution retried.
+
+# NOTIFICATION SCRIPT
+#
+# sentinel notification-script <master-name> <script-path>
+#
+# Call the specified notification script for any sentienl event that is
+# generated in the WARNING level (for instance -sdown, -odown, and so forth).
+# This script should notify the system administrator via email, SMS, or any
+# other messaging system, that there is something wrong with the monitored
+# Redis systems.
+#
+# The script is called with just two arguments: the first is the event type
+# and the second the event description.
+#
+# The script must exist and be executable in order for sentinel to start if
+# this option is provided.
+#
+# Example:
+#
+# sentinel notification-script mymaster /var/redis/notify.sh
+<%= "sentinel notification-script #{@name} #{@notification_script}" unless @notification_script.nil? %>
+
+# CLIENTS RECONFIGURATION SCRIPT
+#
+# sentinel client-reconfig-script <master-name> <script-path>
+#
+# When the failover starts, ends, or is aborted, a script can be called in
+# order to perform application-specific tasks to notify the clients that the
+# configuration has changed and the master is at a different address.
+#
+# The script is called in the following cases:
+#
+# Failover started (a slave is already promoted)
+# Failover finished (all the additional slaves already reconfigured)
+# Failover aborted (in that case the script was previously called when the
+#                   failover started, and now gets called again with swapped
+#                   addresses).
+#
+# The following arguments are passed to the script:
+#
+# <master-name> <role> <state> <from-ip> <from-port> <to-ip> <to-port>
+#
+# <state> is "start", "end" or "abort"
+# <role> is either "leader" or "observer"
+#
+# The arguments from-ip, from-port, to-ip, to-port are used to communicate
+# the old address of the master and the new address of the elected slave
+# (now a master) in the case state is "start" or "end".
+#
+# For abort instead the "from" is the address of the promoted slave and
+# "to" is the address of the original master address, since the failover
+# was aborted.
+#
+# This script should be resistant to multiple invocations.
+#
+# Example:
+#
+# sentinel client-reconfig-script mymaster /var/redis/reconfig.sh
+<%= "sentinel client-reconfig-script #{@name} #{@client_reconfig_script}" unless @client_reconfig_script.nil? %>
+<% end %>

cookbooks/redisio/templates/default/sentinel.init.erb

@@ -0,0 +1,78 @@
+#!/bin/sh
+#
+# Simple Redis init.d script conceived to work on Linux systems
+# as it does use of the /proc filesystem.
+#
+# description: Redis is an in memory key-value store database
+#
+### BEGIN INIT INFO
+# Provides: redissentinel_<%=@name%>
+# Required-Start:
+# Required-Stop:
+# Should-Start:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description:
+# Description: redissentinel_<%=@name%> init script
+### END INIT INFO
+
+SENTINELNAME=<%= @name %>
+<% case @platform %>
+<% when 'ubuntu','debian','fedora' %>
+EXEC="su -s /bin/sh -c '<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${SENTINELNAME}.conf --sentinel' <%= @user %>"
+<% else %>
+EXEC="runuser <%= @user %> -c \"<%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/${SENTINELNAME}.conf --sentinel\""
+<% end %>
+CLIEXEC=<%= File.join(@bin_path, 'redis-cli') %>
+
+
+PIDFILE=<%= @piddir %>/${SENTINELNAME}.pid
+
+if [ ! -d <%= @piddir %> ]; then
+    mkdir -p <%= @piddir %>
+    chown <%= @user %>  <%= @piddir %>
+fi
+
+case "$1" in
+    status)
+        if [ -f $PIDFILE ]
+        then
+          echo "redis$SENTINELNAME $PIDFILE exists, pid is $(cat $PIDFILE), should be running"
+          ps -p $(cat $PIDFILE) >/dev/null 2>&1
+          exit $?
+        else
+          echo "redis$SENTINELNAME $PIDFILE doesn't exist"
+          exit 3
+        fi
+        ;;
+    start)
+        if [ -f $PIDFILE ]
+        then
+                echo "$PIDFILE exists, process is already running or crashed"
+        else
+                echo "Starting Redis server..."
+                eval $EXEC
+        fi
+        ;;
+    stop)
+        if [ ! -f $PIDFILE ]
+        then
+                echo "$PIDFILE does not exist, process is not running"
+        else
+                PID=$(cat $PIDFILE)
+                echo "Stopping ..."
+
+                kill ${PID}
+
+                while [ -x /proc/${PID} ]
+                do
+                    echo "Waiting for Redis to shutdown ..."
+                    sleep 1
+                done
+                echo "Redis stopped"
+        fi
+        ;;
+    *)
+        echo "Please use start or stop as first argument"
+        ;;
+esac

cookbooks/redisio/templates/default/sentinel.rcinit.erb

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# PROVIDE: sentinel_<%=@name%>
+# REQUIRE: LOGIN
+# BEFORE:  securelevel
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable `sentinel':
+#
+#redis_<%= @name %>_enable="YES"
+#
+
+. /etc/rc.subr
+
+name="redis_<%= @name %>"
+rcvar="${name}_enable"
+
+command="<%= File.join(@bin_path, 'redis-sentinel') %>"
+pidfile="<%= @piddir %>/<%=@name%>.pid"
+
+# read configuration and set defaults
+load_rc_config "$name"
+: ${sentinel_enable="NO"}
+: ${sentinel_user="<%= @user %>"}
+: ${sentinel_config="<%= @configdir %>/<%= @name %>.conf"}
+
+command_args="${sentinel_config} --daemonize yes --pidfile ${pidfile}"
+required_files="${sentinel_config}"
+start_precmd="sentinel_checks"
+restart_precmd="sentinel_checks"
+
+sentinel_checks()
+{
+    if [ x`id -u ${sentinel_user}` != x`stat -f %u ${sentinel_config}` ]; then
+	err 1 "${sentinel_config} must be owned by user ${sentinel_user}"
+    fi
+}
+
+run_rc_command "$1"

cookbooks/redisio/templates/default/sentinel.upstart.conf.erb

@@ -0,0 +1,19 @@
+description "Start the redis-sentinel instance on port <%= @port %>"
+author "Installed by chef redisio cookbook"
+
+#start on runlevel [2345]
+stop on runlevel [06]
+
+script
+  if [ ! -d <%= @piddir %> ]; then
+    mkdir -p <%= @piddir %>
+    chown <%= @user %>:<%= @group %>  <%= @piddir %>
+  fi
+end script
+
+# If the job exits, restart it. Give up with more than 10 restarts in 30 seconds.
+respawn
+respawn limit 10 30
+
+exec su -s /bin/sh -c 'exec "$0" "$@"' -- <%= @user %> <%= File.join(@bin_path, 'redis-server') %> <%= @configdir %>/<%= @name %>.conf --sentinel
+

cookbooks/redisio/templates/default/su.erb

@@ -0,0 +1,62 @@
+#
+# The PAM configuration file for the Shadow `su' service
+#
+# This file modified by Chef to enable ulimit switching with `su`
+#
+
+# This allows root to su without passwords (normal operation)
+auth       sufficient pam_rootok.so
+
+# Uncomment this to force users to be a member of group root
+# before they can use `su'. You can also add "group=foo"
+# to the end of this line if you want to use a group other
+# than the default "root" (but this may have side effect of
+# denying "root" user, unless she's a member of "foo" or explicitly
+# permitted earlier by e.g. "sufficient pam_rootok.so").
+# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
+# auth       required   pam_wheel.so
+
+# Uncomment this if you want wheel members to be able to
+# su without a password.
+# auth       sufficient pam_wheel.so trust
+
+# Uncomment this if you want members of a specific group to not
+# be allowed to use su at all.
+# auth       required   pam_wheel.so deny group=nosu
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on su usage.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+#
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+#
+# "nopen" stands to avoid reporting new mail when su'ing to another user
+session    optional   pam_mail.so nopen
+
+# Sets up user limits, please uncomment and read /etc/security/limits.conf
+# to enable this functionality.
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session

cookbooks/redisio/templates/default/ulimit.erb

@@ -0,0 +1,32 @@
+# Limits settings for <%= @ulimit_user %>
+<% unless @filehandle_limit.nil? -%>
+<%= @ulimit_user -%> - nofile <%= @filehandle_limit %>
+<% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%>
+<% unless @filehandle_hard_limit.nil? -%><%= @ulimit_user -%> hard nofile <%= @filehandle_hard_limit %><% end -%>
+<% end -%>
+<% unless @process_limit.nil? -%>
+<%= @ulimit_user -%> - nproc <%= @process_limit %>
+<% else -%><% unless @process_soft_limit.nil? -%><%= @ulimit_user -%> soft nproc <%= @process_soft_limit %><% end -%>
+<% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%>
+<% end -%>
+<% unless @memory_limit.nil? -%>
+<%= @ulimit_user -%> - memlock <%= @memory_limit %>
+<% end -%>
+<% unless @core_limit.nil? -%>
+<%= @ulimit_user -%> - core <%= @core_limit %>
+<% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%>
+<% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%>
+<% end -%>
+<% unless @stack_limit.nil? -%>
+<%= @ulimit_user -%> - stack <%= @stack_limit %>
+<% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%>
+<% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%>
+<% end -%>
+<% unless @rtprio_limit.nil? -%>
+<%= @ulimit_user -%> - rtprio <%= @rtprio_limit %>
+<% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%>
+<% unless @rtprio_hard_limit.nil? -%><%= @ulimit_user -%> hard rtprio <%= @rtprio_hard_limit %><% end -%>
+<% end -%>
+<% unless @virt_limit.nil? -%>
+  <%= @ulimit_user -%> - as <%= @virt_limit %>
+<% end -%>