From e20182f0e5e79c2ee1b35165e1c5cf2457a497ff Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Wed, 27 Jun 2012 10:00:50 -0700
Subject: [PATCH] Add ulimit module.

A new module that provides a define to add a file to
/etc/security/limits.d for each limit line defined. This can be used
to limit the number of processes a user can have.

Change-Id: I7d1074ec85dbf3e212c0eccbe4e6e926b56f561c
---
 manifests/conf.pp    | 17 +++++++++++++++++
 manifests/init.pp    | 13 +++++++++++++
 templates/limits.erb |  2 ++
 3 files changed, 32 insertions(+)
 create mode 100644 manifests/conf.pp
 create mode 100644 manifests/init.pp
 create mode 100644 templates/limits.erb

diff --git a/manifests/conf.pp b/manifests/conf.pp
new file mode 100644
index 0000000..96ef42f
--- /dev/null
+++ b/manifests/conf.pp
@@ -0,0 +1,17 @@
+define ulimit::conf (
+  $limit_domain,
+  $limit_item,
+  $limit_value,
+  $limit_type = 'soft',
+) {
+
+  file { "/etc/security/limits.d/99-${limit_domain}-${limit_type}-${limit_item}.conf":
+    ensure  => present,
+    content => template('ulimit/limits.erb'),
+    replace => true,
+    owner   => 'root',
+    mode    => 0644,
+    require => File['/etc/security/limits.d']
+  }
+
+}
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..54ae9cb
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,13 @@
+class ulimit {
+
+  package { ['libpam-modules', 'libpam-modules-bin']:
+    ensure => present
+  }
+
+  file { '/etc/security/limits.d':
+    ensure => directory,
+    owner  => 'root',
+    mode   => 0755
+  }
+
+}
diff --git a/templates/limits.erb b/templates/limits.erb
new file mode 100644
index 0000000..db7fabc
--- /dev/null
+++ b/templates/limits.erb
@@ -0,0 +1,2 @@
+# This file is managed by puppet. Manual changes will be ignored.
+<%= limit_domain %> <%= limit_type %> <%= limit_item %> <%= limit_value %>