Puppet Class: systemd::slice::all_users

Defined in:
modules/systemd/manifests/slice/all_users.pp

Overview

Class systemd::slice::all_users

Sets up a Systemd user-.slice configuration meant to set up basic user limits for hosts shared by multiple users (like analytics crunching machines, toolforge hosts, etc..)

Parameters:

all_users_slice_config

Content of config file of the user-.slice unit. The limits will be enforced to every user slice separately (so not a global limit). Default: undef

all_users_global_slice_config

Content of config file of the user.slice unit. The limits will be enforced to all the processes under the user.slice, so a global limit. Default: undef

Parameters:

  • all_users_slice_config (Optional[String]) (defaults to: undef)
  • all_users_global_slice_config (Optional[String]) (defaults to: undef)
  • pkg_ensure (Enum['present','latest']) (defaults to: 'present')


21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'modules/systemd/manifests/slice/all_users.pp', line 21

class systemd::slice::all_users (
    Optional[String] $all_users_slice_config = undef,
    Optional[String] $all_users_global_slice_config = undef,
    Enum['present','latest'] $pkg_ensure = 'present',
) {

    $systemd_packages = [
        'systemd',
        'systemd-sysv',
        'udev',
        'libsystemd0',
        'libpam-systemd',
    ]

    if os_version('debian == stretch') {
        # we need systemd >= 239 for resource control using the user-.slice trick
        # this version or higher is provided in stretch-backports

        apt::pin { 'systemd_239_slice_all_users':
            package  => join($systemd_packages, ' '),
            pin      => 'release a=stretch-backports',
            priority => '1001',
        }
        package { $systemd_packages:
            ensure          => $pkg_ensure,
            install_options => ['-t', 'stretch-backports'],
            require         => Apt::Pin['systemd_239_slice_all_users'],
        }
    } elsif os_version('debian >= buster') {
        package { $systemd_packages:
            ensure => present,
        }
    } else {
        fail('systemd::slice::all_users requires Debian >= Stretch')
    }

    if $all_users_slice_config {
        systemd::unit { 'user-.slice':
            ensure   => present,
            content  => $all_users_slice_config,
            override => true,
            require  => Package[$systemd_packages],
        }
    }

    if $all_users_global_slice_config {
        systemd::unit { 'user.slice':
            ensure   => present,
            content  => $all_users_global_slice_config,
            override => true,
            require  => Package[$systemd_packages],
        }
    }

    # By default the root user does not have any limitation.
    # Caveat: this does not apply to sudo sessions, that
    # will be limited by the above user-.slice.
    # Caveat 2: limits for user.slice are also applied to
    # user-0.slice.
    systemd::unit { 'user-0.slice':
        ensure   => present,
        content  => file('systemd/root-slice-resource-control.conf'),
        override => true,
    }
}