From b592da7231b7f48072a18b296203be5b2f4ed73f Mon Sep 17 00:00:00 2001 From: bartowl Date: Fri, 20 Jan 2023 10:04:46 +0100 Subject: [PATCH] add configuration variables for pam_limits --- changelogs/fragments/pam_limits_config.yml | 2 ++ roles/orahost/defaults/main.yml | 3 +++ roles/orahost/tasks/main.yml | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/pam_limits_config.yml diff --git a/changelogs/fragments/pam_limits_config.yml b/changelogs/fragments/pam_limits_config.yml new file mode 100644 index 000000000..2db96eeb6 --- /dev/null +++ b/changelogs/fragments/pam_limits_config.yml @@ -0,0 +1,2 @@ +minor_changes: + - add configuration variables for pam_limits to orahost (oravirt#317) diff --git a/roles/orahost/defaults/main.yml b/roles/orahost/defaults/main.yml index d8fec5e1b..8117dc59e 100644 --- a/roles/orahost/defaults/main.yml +++ b/roles/orahost/defaults/main.yml @@ -119,6 +119,9 @@ configure_ssh: false # (true/false). Should passwordless # mountpoints are described in host_fs_layout configure_host_disks: false +configure_limits_pam: true # entry in /etc/pam.d/limits +configure_limits: true # /etc/security.d/limits.d/99-oracle-limits.conf file + configure_etc_hosts: false configure_cluster: false oracle_stage: /u01/stage diff --git a/roles/orahost/tasks/main.yml b/roles/orahost/tasks/main.yml index ceed73ae7..72aa486d9 100644 --- a/roles/orahost/tasks/main.yml +++ b/roles/orahost/tasks/main.yml @@ -463,6 +463,7 @@ state: present line: "session required pam_limits.so" tags: pamconfig + when: configure_limits_pam and configure_limits - name: Oracle-recommended security limits ansible.builtin.template: @@ -470,7 +471,7 @@ dest: /etc/security/limits.d/99-oracle-limits.conf backup: true mode: "0644" - when: ansible_os_family == 'RedHat' + when: configure_limits and ansible_os_family == 'RedHat' tags: seclimit - name: Oracle-recommended security limits on SLES