kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Initial version of the kosmos-dirsrv cookbook

Browse Source 
It sets up 389 Directory Server, including a TLS cert acquired using
Let's Encrypt in production (that requires ldap.kosmos.org pointing to
the server's IP)
This commit is contained in:
Greg Karékinian
2019-11-04 18:15:44 +01:00
parent 529a4fc4a8
commit 9e4685a743
29 changed files with 1109 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
cookbooks/ulimit/libraries/domain.rb Normal file
View File

@@ -0,0 +1,59 @@
require 'chef/resource'
class Chef
class Resource
class UlimitDomain < Chef::Resource
property :domain, String
property :domain_name, String, name_property: true
property :filename, String
load_current_value do |new_resource|
new_resource.filename new_resource.name unless new_resource.filename
new_resource.filename "#{new_resource.filename}.conf" unless new_resource.filename.end_with?('.conf')
new_resource.subresource_rules.map! do |name, block|
urule = Chef::Resource::UlimitRule.new("#{new_resource.name}:#{name}]", nil)
urule.domain new_resource
urule.action :nothing
urule.instance_eval(&block)
unless name
urule.name "ulimit_rule[#{new_resource.name}:#{urule.item}-#{urule.type}-#{urule.value}]"
end
urule
end
end
attr_reader :subresource_rules
def initialize(*args)
@subresource_rules = []
super
end
def rule(name = nil, &block)
@subresource_rules << [name, block]
end
action :create do
new_resource.subresource_rules.map do |sub_resource|
sub_resource.run_context = new_resource.run_context
sub_resource.run_action(:create)
end
new_resource.filename new_resource.name unless new_resource.filename
new_resource.filename "#{new_resource.filename}.conf" unless new_resource.filename.end_with?('.conf')
template ::File.join(node['ulimit']['security_limits_directory'], new_resource.filename) do
source 'domain.erb'
cookbook 'ulimit'
variables domain: new_resource.domain_name
end
end
action :delete do
file ::File.join(node['ulimit']['security_limits_directory'], new_resource.filename) do
action :delete
end
end
end
end
end

31
cookbooks/ulimit/libraries/rule.rb Normal file
View File

@@ -0,0 +1,31 @@
require 'chef/resource'
class Chef
class Resource
class UlimitRule < Chef::Resource
property :type, [Symbol, String], required: true
property :item, [Symbol, String], required: true
property :value, [String, Numeric], required: true
property :domain, [Chef::Resource, String], required: true
load_current_value do |new_resource|
new_resource.domain new_resource.domain.domain_name if new_resource.domain.is_a?(Chef::Resource)
node.run_state[:ulimit] ||= Mash.new
node.run_state[:ulimit][new_resource.domain] ||= Mash.new
end
action :create do
new_resource.domain new_resource.domain.domain_name if new_resource.domain.is_a?(Chef::Resource)
node.run_state[:ulimit] ||= Mash.new
node.run_state[:ulimit][new_resource.domain] ||= Mash.new
node.run_state[:ulimit][new_resource.domain][new_resource.item] ||= Mash.new
node.run_state[:ulimit][new_resource.domain][new_resource.item][new_resource.type] = new_resource.value
puts "Create: #{node.run_state[:ulimit].inspect}"
end
action :delete do
# NOOP
end
end
end
end

63
cookbooks/ulimit/libraries/user.rb Normal file
View File

@@ -0,0 +1,63 @@
require 'chef/resource'
class Chef
class Resource
class UlimitUser < Chef::Resource
resource_name :user_ulimit
property :username, String, name_property: true
property :filename, String, default: lazy { |r| r.username == '*' ? '00_all_limits' : "#{r.username}_limits" }
property :filehandle_limit, [String, Integer]
property :filehandle_soft_limit, [String, Integer]
property :filehandle_hard_limit, [String, Integer]
property :process_limit, [String, Integer]
property :process_soft_limit, [String, Integer]
property :process_hard_limit, [String, Integer]
property :memory_limit, [String, Integer]
property :core_limit, [String, Integer]
property :core_soft_limit, [String, Integer]
property :core_hard_limit, [String, Integer]
property :stack_limit, [String, Integer]
property :stack_soft_limit, [String, Integer]
property :stack_hard_limit, [String, Integer]
property :rtprio_limit, [String, Integer]
property :rtprio_soft_limit, [String, Integer]
property :rtprio_hard_limit, [String, Integer]
action :create do
new_resource.filename = "#{new_resource.filename}.conf" unless new_resource.filename.include?('.conf')
template "/etc/security/limits.d/#{new_resource.filename}" do
source 'ulimit.erb'
cookbook 'ulimit'
mode '0644'
variables(
ulimit_user: new_resource.username,
filehandle_limit: new_resource.filehandle_limit,
filehandle_soft_limit: new_resource.filehandle_soft_limit,
filehandle_hard_limit: new_resource.filehandle_hard_limit,
process_limit: new_resource.process_limit,
process_soft_limit: new_resource.process_soft_limit,
process_hard_limit: new_resource.process_hard_limit,
memory_limit: new_resource.memory_limit,
core_limit: new_resource.core_limit,
core_soft_limit: new_resource.core_soft_limit,
core_hard_limit: new_resource.core_hard_limit,
stack_limit: new_resource.stack_limit,
stack_soft_limit: new_resource.stack_soft_limit,
stack_hard_limit: new_resource.stack_hard_limit,
rtprio_limit: new_resource.rtprio_limit,
rtprio_soft_limit: new_resource.rtprio_soft_limit,
rtprio_hard_limit: new_resource.rtprio_hard_limit
)
end
end
action :delete do
new_resource.filename = "#{new_resource.filename}.conf" unless new_resource.filename.include?('.conf')
file "/etc/security/limits.d/#{new_resource.filename}" do
action :delete
end
end
end
end
end