library/roles/ubuntu-deb-general: Increase the root files descriptors limits to 8192.

library/roles/d4s_user_services_perms: Increase the d4science user files descriptor limits to 16000.
2016-07-26 12:51:34 +02:00 · 2016-07-26 12:51:34 +02:00 · b0431d49ac
parent 430a337a3c
commit b0431d49ac
5 changed files with 24 additions and 0 deletions
--- a/d4s_user_services_perms/defaults/main.yml
+++ b/d4s_user_services_perms/defaults/main.yml
@ -11,6 +11,11 @@ d4science_tomcat_options_files:
  - '/etc/default/tomcat-instance-{{ item.0.http_port }}'
  - '/etc/default/tomcat-instance-{{ item.0.http_port }}.local'

+limits_nofile_value: 16000
+security_limits:
+  - { domain: '{{ d4science_user }}', l_item: 'nofile', type: 'soft', value: '{{ limits_nofile_value }}' }
+  - { domain: '{{ d4science_user }}', item: 'nofile', type: 'hard', value: '{{ limits_nofile_value }}' }
+
 d4science_manual_tomcat_inst_dir: '{{ d4science_user_home }}/tomcat'
 d4science_manual_tomcat_log_dir: '{{ d4science_manual_tomcat_inst_dir }}/logs'
 d4science_manual_tomcat_rotate_copies: 15
--- a/d4s_user_services_perms/tasks/main.yml
+++ b/d4s_user_services_perms/tasks/main.yml
@ -5,3 +5,4 @@
  when: d4s_tomcat_node is defined and d4s_tomcat_node
 - include: d4s-basic-node.yml
  when: gcore_node is defined and gcore_node
+- include: security_limits.yml
--- a/d4s_user_services_perms/tasks/security_limits.yml
+++ b/d4s_user_services_perms/tasks/security_limits.yml
@ -0,0 +1,6 @@
+---
+- name: Change the default security limits
+  pam_limits: domain={{ item.domain }} limit_type={{ item.type }} limit_item={{ item.l_item }} value={{ item.value }}
+  with_items: '{{ security_limits }}'
+  tags: [ 'd4science', 'pam_limits']
+
--- a/ubuntu-deb-general/defaults/main.yml
+++ b/ubuntu-deb-general/defaults/main.yml
@ -109,6 +109,12 @@ additional_ca_dest_dir: /usr/local/share/ca-certificates
 #x509_additional_ca_certs:
 #  - { url: "https://security.fi.infn.it/CA/mgt/INFNCA.pem", dest_file: '{{ additional_ca_dest_dir }}/infn-ca.crt' }

+#
+default_security_limits:
+  - { domain: 'root', l_item: 'nofile', type: 'soft', value: '8192' }
+  - { domain: 'root', item: 'nofile', type: 'hard', value: '8192' }
+
+
 #
 # debian/ubuntu distributions controllers
 #
--- a/ubuntu-deb-general/tasks/manage_su_limits.yml
+++ b/ubuntu-deb-general/tasks/manage_su_limits.yml
@ -2,3 +2,9 @@
 - name: Fix debian/ubuntu broken behaviour. The su pam config does not load pam_limits
  lineinfile: dest=/etc/pam.d/su line="session required pam_limits.so" insertafter="^#\ \(Replaces\ the\ use\ of\ /etc/limits.*$"
  tags: [ 'su', 'pam_limits']
+
+- name: Change the default security limits
+  pam_limits: domain={{ item.domain }} limit_type={{ item.type }} limit_item={{ item.l_item }} value={{ item.value }}
+  with_items: '{{ default_security_limits }}'
+  tags: [ 'su', 'pam_limits']
+