commit c0e27fc96765e5b3a891a6291dfc6ccbab70cd73
author Aleš Komárek <mail@newt.cz> Wed Dec 02 14:26:06 2015 +0100
committer Aleš Komárek <mail@newt.cz> Wed Dec 02 14:26:06 2015 +0100
tree bba298bb34ff5b18f4a65323d322768b6a7dafd2
parent 0c4ac7afd7dc3ff9a3932f842c6cb9f5b8c02161
parent f5e1777792e907dfe7b252fb918179105df0d87f

Merge branch 'feature/monitoring-syncid' into 'master'

Feature/monitoring syncid

See merge request !7

README.rst

diff --git a/README.rst b/README.rst
index d7454ee..a4d202a 100644
--- a/README.rst
+++ b/README.rst
@@ -106,6 +106,22 @@
             hour: 2
             minute: 0
 
+Linux security limits (limit sensu user memory usage to max 1GB):
+
+.. code-block:: yaml
+
+    linux:
+      system:
+        ...
+        limit:
+          sensu:
+            enabled: true
+            domain: sensu
+            limits:
+              - type: hard
+                item: as
+                value: 1000000
+
 Enable autologin on tty1 (may work only for Ubuntu 14.04):
 
 .. code-block:: yaml

linux/files/limits.conf

diff --git a/linux/files/limits.conf b/linux/files/limits.conf
new file mode 100644
index 0000000..2d613b8
--- /dev/null
+++ b/linux/files/limits.conf
@@ -0,0 +1,6 @@
+{%- from "linux/map.jinja" import system with context %}{%- set limit = system.limit.get(limit_name) %}# Limits for {{ limit.domain }}
+{%- for entry in limit.limits %}
+{{ limit.domain }} {{ entry.type }} {{ entry.item }} {{ entry.value }}
+
+{%- endfor %}
+

linux/map.jinja

diff --git a/linux/map.jinja b/linux/map.jinja
index 66dbce0..bcf5d44 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -5,6 +5,7 @@
         'user': {},
         'group': {},
         'job': {},
+        'limit': {},
         'repo': {},
         'package': {},
         'selinux': 'permissive',
@@ -16,6 +17,7 @@
         'user': {},
         'group': {},
         'job': {},
+        'limit': {},
         'repo': {},
         'package': {},
         'selinux': 'permissive',
@@ -27,6 +29,7 @@
         'user': {},
         'group': {},
         'job': {},
+        'limit': {},
         'repo': {},
         'package': {},
         'selinux': 'permissive',

linux/system/init.sls

diff --git a/linux/system/init.sls b/linux/system/init.sls
index b81da9f..7c32ab7 100644
--- a/linux/system/init.sls
+++ b/linux/system/init.sls
@@ -39,3 +39,6 @@
 {%- if system.doc is defined %}
 - linux.system.doc
 {%- endif %}
+{%- if system.limit|length > 0 %}
+- linux.system.limit
+{%- endif %}

linux/system/limit.sls

diff --git a/linux/system/limit.sls b/linux/system/limit.sls
new file mode 100644
index 0000000..bb29268
--- /dev/null
+++ b/linux/system/limit.sls
@@ -0,0 +1,21 @@
+{%- from "linux/map.jinja" import system with context %}
+{%- if system.enabled %}
+
+{%- for name, limit in system.limit.iteritems() %}
+
+linux_limit_{{ name }}:
+  {%- if limit.get('enabled', True) %}
+  file.managed:
+    - name: /etc/security/limits.d/90-salt-{{ name }}.conf
+    - source: salt://linux/files/limits.conf
+    - template: jinja
+    - defaults:
+        limit_name: {{ name }}
+  {%- else %}
+  file.absent:
+    - name: /etc/security/limits.d/90-salt-{{ name }}.conf
+  {%- endif %}
+
+{%- endfor %}
+
+{%- endif %}