Cfengine Help: maintaining /etc/security/limits.conf with cf3

[no-reply]

Forum: Cfengine Help
Subject: maintaining /etc/security/limits.conf with cf3
Author: svenXY
Link to topic: https://cfengine.com/forum/read.php?3,21465,21465#msg-21465

Hi,

I'm trying to come up with some bundles to maintain /etc/security/limits.conf 
with cf3, but I don't quite achieve completely what I need.

I can insert lines fines if they are not there at all, but I fail at altering 
existing lines (e.g. adjust thresholds). I tried with replace_lines and with 
edit_fields, but to no avail. To me it seems that edit_field is more or less 
ignored - at least that's the feeling I get here.
 
This is what I have so far:

body common control
{
  bundlesequence  => { 'test' };
  inputs                => { 'cfengine_stdlib.cf' };
}

bundle agent test
{
  files:
    "/tmp/limits.conf"
      edit_line  => limits_conf("fnord", "nofile", "378", "768"),
      classes    => if_repaired('limits_ok');

  reports:
    limits_ok::
      "Limits are ok now";
}

bundle edit_line limits_conf(user, what, soft, hard)                            
                          
{                                                                               
                          
  # set the soft and hard limit for a given parameter for a given user          
                          
  # in /etc/security/limits.conf                                                
                          
      
  classes:
    
    # lines are ok ...                                                          
                       
    "soft_limit_ok" expression => 
regline("${user}\s+soft\s+${what}\s+${soft}","$(edit.filename)"),
              handle => "class_soft_limit_ok",
              comment => "The soft limit is already set correctly";

    "hard_limit_ok" expression => 
regline("${user}\s+hard\s+${what}\s+${hard}","$(edit.filename)"),
              handle => "class_hard_limit_ok",
              comment => "The hard limit is already set correctly";

    # lines are there (but the value might be wrong)
    "soft_limit_line" expression => 
regline("${user}\s+soft\s+${what}.*","$(edit.filename)"), 
              handle => "class_soft_limit_line",
              comment => "The line does exist already";
    "hard_limit_line" expression => 
regline("${user}\s+hard\s+${what}.*","$(edit.filename)"),
              handle => "class_hard_limit_line",
              comment => "The line does exist already";

  soft_limit_line.!soft_limit_ok::
   field_edits:
      "${user}\s+soft\s+${what}\s+(?!${soft})"
        edit_field => col("\s+","4","$(soft)","aphanum"),
        comment => "Fix line for soft limit with field_edit";
  
  hard_limit_line.!hard_limit_ok::
   field_edits:
      "${user}\s+hard\s+${what}\s+(?!${hard})"
        edit_field => col("\s+","4","$(hard)","aplhanum"),
        comment => "Fix line for hard limit with field_edit";

  !soft_limit_line::
    insert_lines:
      "${user}      soft    ${what}            ${soft}"
        classes => if_repaired('soft_limit_ok'),
        comment => "Add line for soft limit";

  !hard_limit_line::
    insert_lines:
      "${user}      hard    ${what}            ${hard}"
        classes => if_repaired('hard_limit_ok'),
        comment => "Add line for hard limit";
  
  
}


Any ideas or insight greatly appreciated,
thanks,
Sven

_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine