Add optional parameter to select file in limits_dir for saving and allow managing multiple settings in one file. Switches file content management to puppetlabs-concat.

Author: bond-os

.fixtures.yml

@@ -1,3 +1,10 @@
 fixtures:
+  repositories:
+    stdlib:
+      repo: https://github.com/puppetlabs/puppetlabs-stdlib.git
+      ref: 4.13.1
+    concat:
+      repo: https://github.com/puppetlabs/puppetlabs-concat.git
+      ref: v7.3.0
   symlinks:
     limits: "#{source_dir}"

README.md

@@ -31,6 +31,7 @@ It creates files in `/etc/security/limits.d` and does not manage the file `/etc/
   * `hard`: (Integer) the hard value
   * `soft`: (Integer) the soft value
   * `both`: (Integer) the value of both soft and hard
+  * `target`: (String) Optional name of file in `limits_dir` to set limit settings to. Will ignore other file naming logic when provided.
 
 
 ### Using hiera

manifests/limits.pp

@@ -7,6 +7,7 @@
 #    $hard  - hard limit
 #    $soft  - soft limit
 #    $both  - set both limits (-)
+#    $target - name of file in `limits::limits_dir` directory the settings will be applied. If provided, title with `.conf` extension will be not be used as target file.
 #
 #  Example:
 #  limits::limits{'*/nofile':
@@ -15,6 +16,10 @@
 #  }
 #  limits::limits{'root/nofile': both => 1234; }
 #
+#  Example of multiple settings in single file
+#  limits::limits{'root/nofile': both => 1234, target => '01-root.conf' }
+#  limits::limits{'root/nproc': both => 1234, target => '01-root.conf' }
+#
 # Manages:
 #   limit file in limits.d with the values provided
 define limits::limits (
@@ -24,6 +29,7 @@
   Variant[Integer,String,Undef] $hard       = undef,
   Variant[Integer,String,Undef] $soft       = undef,
   Variant[Integer,String,Undef] $both       = undef,
+  Optional[String]              $target     = undef,
 ) {
   include limits
 
@@ -47,7 +53,9 @@
     default => $limit_type,
   }
 
-  if $title =~ /\.conf$/ {
+  if $target {
+    $target_file = "${limits::limits_dir}/${target}"
+  } elsif $title =~ /\.conf$/ {
     $target_file = "${limits::limits_dir}/${title}"
   } else {
     if $real_user == '*' {
@@ -57,10 +65,22 @@
     }
   }
 
-  file { $target_file:
-    ensure  => $ensure,
-    owner   => 'root',
-    group   => 'root',
+  if (!defined(Concat[$target_file])) {
+    concat { $target_file:
+      ensure => $ensure,
+      owner  => 'root',
+      group  => 'root',
+    }
+
+    concat::fragment { "top_${target_file}":
+      target  => $target_file,
+      content => "# Managed by Puppet\n\n#<domain>    <type> <item>          <value>",
+      order   => '01',
+    }
+  }
+
+  concat::fragment { "${real_user}_${real_type}":
+    target  => $target_file,
     content => template('limits/limits.erb'),
   }
 }

metadata.json

@@ -58,5 +58,13 @@
     }
   ],
   "dependencies": [
+    {
+      "name": "puppetlabs/stdlib",
+      "version_requirement": ">= 4.13.1 < 9.0.0"
+    },
+    {
+      "name": "puppetlabs/concat",
+      "version_requirement": ">= 7.3.0"
+    }
   ]
 }

spec/acceptance/limits_spec.rb

@@ -35,7 +35,58 @@
 
     describe file('/etc/security/limits.d/user_nofile.conf') do
       it { is_expected.to be_file }
-      it { is_expected.to contain 'user          -     nofile          12345' }
+      it { is_expected.to contain "# Managed by Puppet\n\n#<domain>    <type> <item>          <value>\nuser          -     nofile          12345" }
+    end
+  end
+
+  context 'with target specified managed file' do
+    it 'create a puppet managed file' do
+      pp = <<-PP
+      limits::limits { 'item':
+        user       => 'user',
+        limit_type => 'nofile',
+        both       => 12345,
+        target     => '00-item.conf'
+      }
+      PP
+
+      # Run it twice and test for idempotency
+      apply_manifest(pp, catch_failures: true)
+      expect(apply_manifest(pp, catch_failures: true).exit_code).to be_zero
+    end
+
+    describe file('/etc/security/limits.d/00-item.conf') do
+      it { is_expected.to be_file }
+      it { is_expected.to contain "# Managed by Puppet\n\n#<domain>    <type> <item>          <value>\nuser          -     nofile          12345" }
+    end
+  end
+
+  context 'with multiple target specified managed limit' do
+    it 'create a puppet managed file' do
+      pp = <<-PP
+      limits::limits { 'item':
+        user       => 'user',
+        limit_type => 'nofile',
+        both       => 12345,
+        target     => '00-item.conf'
+      }
+
+      limits::limits { 'item2':
+        user       => 'other_user',
+        limit_type => 'nproc',
+        both       => 54321,
+        target     => '00-item.conf'
+      }
+      PP
+
+      # Run it twice and test for idempotency
+      apply_manifest(pp, catch_failures: true)
+      expect(apply_manifest(pp, catch_failures: true).exit_code).to be_zero
+    end
+
+    describe file('/etc/security/limits.d/00-item.conf') do
+      it { is_expected.to be_file }
+      it { is_expected.to contain "# Managed by Puppet\n\n#<domain>    <type> <item>          <value>\nuser          -     nofile          12345\nother_user    -     nproc           54321\n" }
     end
   end
 end