title pattern for simpler definition

Gemfile

@@ -1,17 +1,15 @@
 source 'https://rubygems.org'
 
 group :development, :test do
-  gem 'rake'
   gem 'rspec-puppet'
   gem 'metadata-json-lint'
   gem 'puppetlabs_spec_helper'
-  gem 'puppet-lint', :git => 'https://github.com/rodjek/puppet-lint.git'
+  gem 'puppet-lint', '>= 1.0', '< 3.0'
   gem 'puppet-lint-absolute_classname-check'
   gem 'puppet-lint-alias-check'
   gem 'puppet-lint-empty_string-check'
   gem 'puppet-lint-file_ensure-check'
   gem 'puppet-lint-file_source_rights-check'
-  gem 'puppet-lint-fileserver-check'
   gem 'puppet-lint-leading_zero-check'
   gem 'puppet-lint-spaceship_operator_without_tag-check'
   gem 'puppet-lint-trailing_comma-check'
@@ -29,4 +27,15 @@ end
 # rspec must be v2 for ruby 1.8.7
 if RUBY_VERSION >= '1.8.7' and RUBY_VERSION < '1.9'
   gem 'rspec', '~> 2.0'
+  gem 'rake', '~> 10.0'
+else
+  gem 'rake'
+end
+
+if RUBY_VERSION < '2.0'
+  # json 2.x requires ruby 2.0. Lock to 1.8
+  gem 'json', '~> 1.8'
+  gem 'json_pure', '~> 1.0'
+else
+  gem 'json'
 end

README.md

@@ -4,9 +4,38 @@ Manage user and group limits via Puppet
 
 This module manages the limits of the PAM module pam_limits.
 
+It creates files in `/etc/security/limits.d` and does not manage the file `/etc/security/limits.conf`
+
 ## How to use
 
-`include ::limits`
+
+### Set limits using title pattern:
+
+```puppet
+    limits::limits{'*/nofile':
+      hard => 1048576,
+      soft => 1048576,
+    }
+    limits::limits{'root/nofile': both => 1048576; }
+```
+
+### Using hiera
+
+Puppet:
+
+```puppet
+    include ::limits
+```
+
+Hiera:
+
+```yaml
+    limits::entries:
+      'root/nofile':
+        both: 1048576
+      '*/memlock':
+        both: unlimited
+```
 
 ## Compatibility
 
@@ -16,7 +45,7 @@ parser) and v4 with Ruby versions 1.8.7 (Puppet v3 only), 1.9.3, 2.0.0 and
 
 ### Purge limits.d directory
 
-The class `limits` will purge the limit.d directory as default.
+The class `limits` will purge the limits.d directory as default.
 You can explicit change this with the parameter `purge_limits_d_dir`
 or just do not call the class.
 
@@ -31,7 +60,7 @@ or just do not call the class.
       soft       => 16384,
     }
 ```
-### Do NOT purge limits.d directory explicit
+### Do NOT purge limits.d directory explicitly
 
 ```puppet
     class { 'limits':
@@ -57,3 +86,16 @@ or just do not call the class.
     }
 ```
 One of hard, soft or both must be set!
+
+### Do not manage /etc/security/limits.d
+
+In an effort to make this module compatible with similar modules, e.g.
+[puppet-module-pam](https://github.com/ghoneycutt/puppet-module-pam), management
+of `/etc/security/limits.d` can be disabled by way of the `manage_limits_d_dir`
+class parameter:
+
+```puppet
+class { 'limits':
+  manage_limits_d_dir => false,
+}
+```

manifests/init.pp

@@ -1,17 +1,20 @@
 # == Class: limits
 #
 class limits (
-  $purge_limits_d_dir = true,
-  $entries_hash = hiera_hash(limits::entries, {})
+  $purge_limits_d_dir   = true,
+  $entries_hash         = hiera_hash(limits::entries, {}),
+  $manage_limits_d_dir  = true,
 ) inherits ::limits::params {
 
-  file { $limits::params::limits_dir:
-    ensure  => 'directory',
-    owner   => 'root',
-    group   => 'root',
-    force   => true,
-    purge   => $purge_limits_d_dir,
-    recurse => true,
+  if $manage_limits_d_dir == true {
+    file { $limits::params::limits_dir:
+      ensure  => 'directory',
+      owner   => 'root',
+      group   => 'root',
+      force   => true,
+      purge   => $purge_limits_d_dir,
+      recurse => true,
+    }
   }
 
   ### Create instances for integration with Hiera

manifests/limits.pp

@@ -1,20 +1,57 @@
 # == Define: limits::limits
 #
+# Parameters:
+#    $title - should be of the form user/limit_type if $user and $limt_type are not present
+#    $user  - user
+#    $limit_type  - limit type / item
+#    $hard  - hard limit
+#    $soft  - soft limit
+#    $both  - set both limits (-)
+#
+#  Example:
+#  limits::limits{'*/nofile':
+#    hard => 12345,
+#    soft => 123,
+#  }
+#  limits::limits{'root/nofile': both => 1234; }
+#
+# Manages:
+#   limit file in limits.d with the values provided
 define limits::limits(
-  $user,
-  $limit_type,
-  $ensure = present,
-  $hard = undef,
-  $soft = undef,
-  $both = undef
+  $ensure     = present,
+  $user       = undef,
+  $limit_type = undef,
+  $hard       = undef,
+  $soft       = undef,
+  $both       = undef,
 ) {
 
-  include ::limits::params
+  include ::limits
+
+  # minimal validation
+  unless $hard or $soft or $both { fail('$hard, $soft or $both is required') }
+  unless $title =~ /\// {
+    unless $user and $limit_type { fail('when not using the title pattern, $user and $limit_type are required') }
+  }
+
+  $key = split($title, '/')
+  $real_user = $user ? {
+    undef   => $key[0],
+    default => $user,
+  }
+  $real_type = $limit_type ? {
+    undef   => $key[1],
+    default => $limit_type,
+  }
 
-  if $name =~ /\.conf$/ {
-    $target_file = "${limits::params::limits_dir}${name}"
+  if $title =~ /\.conf$/ {
+    $target_file = "${limits::params::limits_dir}/${title}"
   } else {
-    $target_file = "${limits::params::limits_dir}${name}.conf"
+    if $real_user == '*' {
+      $target_file    = "${limits::params::limits_dir}/default_${real_type}.conf"
+    } else {
+      $target_file    = "${limits::params::limits_dir}/${real_user}_${real_type}.conf"
+    }
   }
 
   file { $target_file:

manifests/params.pp

@@ -1,7 +1,7 @@
 class limits::params {
   case $::osfamily {
-    'Debian','Gentoo','RedHat': {
-      $limits_dir = '/etc/security/limits.d/'
+    'Debian','Gentoo','RedHat','Suse': {
+      $limits_dir = '/etc/security/limits.d'
     }
     default: {
       fail("Unsupported platform: ${::osfamily}/${::operatingsystem}")

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "saz-limits",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "author": "saz",
   "summary": "Manage user limits via puppet",
   "description": "Manage user limits via puppet",
@@ -26,6 +26,9 @@
     },
     {
       "operatingsystem": "Gentoo"
+    },
+    {
+      "operatingsystem": "Suse"
     }
   ],
   "requirements": [

spec/classes/limits_spec.rb

@@ -3,16 +3,20 @@
 
   let :default_params do
     {
+      :manage_limits_d_dir => true,
       :purge_limits_d_dir => true
     }
   end
 
   [ {},
     {
       :purge_limits_d_dir => false
+    },
+    {
+      :manage_limits_d_dir => false
     }
   ].each do |param_set|
-    describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
+    describe "when #{param_set == {} ? "using default" : "specifying #{param_set}"} class parameters" do
 
       let :param_hash do
         default_params.merge(param_set)
@@ -22,7 +26,7 @@
         param_set
       end
 
-      ['Debian', 'Gentoo', 'RedHat'].each do |osfamily|
+      ['Debian', 'Gentoo', 'RedHat', 'Suse'].each do |osfamily|
 
         let :facts do
           {
@@ -34,14 +38,19 @@
 
           it { should contain_class('limits::params') }
 
-          it { should contain_file('/etc/security/limits.d/').with(
-            'ensure'  => 'directory',
-            'owner'   => 'root',
-            'group'   => 'root',
-            'force'   => true,
-            'recurse' => true,
-            'purge'   => param_hash[:purge_limits_d_dir]
-          )}
+          it do
+            if params[:manage_limits_d_dir] == false
+              should_not contain_file('/etc/security/limits.d')
+            else
+              should contain_file('/etc/security/limits.d').with(
+              'ensure'  => 'directory',
+              'owner'   => 'root',
+              'group'   => 'root',
+              'force'   => true,
+              'recurse' => true,
+              'purge'   => param_hash[:purge_limits_d_dir])
+            end
+          end
         end
       end
     end