The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:

Bug #4707

Puppetmasterd does not load ulimits defined /etc/security/limits.conf when it changes the user credentials

Added by Hector Rivas over 5 years ago. Updated almost 4 years ago.

Status:RejectedStart date:09/03/2010
Priority:LowDue date:
Assignee:-% Done:

0%

Category:server
Target version:3.0.0
Affected Puppet version: Branch:
Keywords:ulimit files

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com


Description

Running puppet 2.6.1rc3

I have set in /etc/security/limits.conf:

puppet          soft    nproc           10000
puppet          hard    nproc           12000
puppet          soft    nofile          4096
puppet          hard    nofile          5120

If I test it with sudo or su it works:

# sudo -u puppet -s
$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 24576
max locked memory       (kbytes, -l) 32
max memory size         (kbytes, -m) unlimited
open files                      (-n) 4096
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 10000
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
$ cat /proc/$$/limits
Limit                     Soft Limit           Hard Limit           Units
Max cpu time              unlimited            unlimited            ms
Max file size             unlimited            unlimited            bytes
Max data size             unlimited            unlimited            bytes
Max stack size            8388608              unlimited            bytes
Max core file size        0                    unlimited            bytes
Max resident set          unlimited            unlimited            bytes
Max processes             10000                12000                processes
Max open files            4096                 5120                 files
Max locked memory         32768                32768                bytes
Max address space         unlimited            unlimited            bytes
Max file locks            unlimited            unlimited            locks
Max pending signals       24576                24576                signals
Max msgqueue size         819200               819200               bytes
Max nice priority         0                    0
Max realtime priority     0                    0
Max realtime timeout      unlimited            unlimited            us

But starting puppetmaster (with puppet.conf user=puppet setting):

# cat /proc/$(


But if I start puppetmasterd as “puppet” user:

$ whoami
puppet
$ ./puppetmaster.ctl.sh start
Starting puppetmaster: Ok.
$ cat /proc/$(


  

History

#1 Updated by Hector Rivas over 5 years ago

Sorry about the improper text formatting. Next time I will click on “preview”

#2 Updated by James Turnbull over 5 years ago

  • Status changed from Unreviewed to Accepted
  • Target version changed from 2.6.1 to 2.6.2

#3 Updated by Jesse Wolfe over 5 years ago

  • Status changed from Accepted to Needs Decision
  • Affected Puppet version deleted (2.6.1rc3)

This is a consequence of how we change our user ID, we need to have a design discussion about if there’s a more correct way to do that.

#4 Updated by Paul Berry over 5 years ago

  • Target version changed from 2.6.2 to 69

Changing target release to 2.6.x on the grounds that we’re not going to have time to resolve this issue before the 2.6.2 release.

#5 Updated by Nigel Kersten over 5 years ago

  • Target version changed from 69 to 2.7.x

#6 Updated by James Turnbull over 5 years ago

  • Assignee set to Nigel Kersten

#7 Updated by Nigel Kersten about 5 years ago

  • Status changed from Needs Decision to Accepted
  • Assignee deleted (Nigel Kersten)
  • Target version changed from 2.7.x to 3.x

#8 Updated by Anonymous about 5 years ago

This should probably be closed: it is absolutely not normal that a daemon like Puppet will invoke the necessary bits of PAM to apply those settings. Most folks solve this by calling ulimit in the init script, or inside the daemon itself, to apply the changes. If we solve this at all, we should probably do it by supporting an appropriate hook in the init script to allow this to happen.

#9 Updated by Nigel Kersten over 4 years ago

  • Status changed from Accepted to Rejected

Rejected as per Daniel’s reasoning.

#10 Updated by Anonymous almost 4 years ago

  • Target version changed from 3.x to 3.0.0

Also available in: Atom PDF