oravirt · Rendanic · Jan 29, 2023 · Jan 20, 2023
diff --git a/changelogs/fragments/pam_limits_config.yml b/changelogs/fragments/pam_limits_config.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - add configuration variables for pam_limits to orahost (oravirt#317)
diff --git a/roles/orahost/defaults/main.yml b/roles/orahost/defaults/main.yml
@@ -119,6 +119,9 @@ configure_ssh: false                        # (true/false). Should passwordless
 # mountpoints are described in host_fs_layout
 configure_host_disks: false
 
+configure_limits_pam: true  # entry in /etc/pam.d/limits
+configure_limits: true      # /etc/security.d/limits.d/99-oracle-limits.conf file
+
 configure_etc_hosts: false
 configure_cluster: false
 oracle_stage: /u01/stage

diff --git a/roles/orahost/tasks/main.yml b/roles/orahost/tasks/main.yml
@@ -463,14 +463,15 @@
     state: present
     line: "session required pam_limits.so"
   tags: pamconfig
+  when: configure_limits_pam and configure_limits
 
 - name: Oracle-recommended security limits
   ansible.builtin.template:
     src: oracle-seclimits.conf.j2
     dest: /etc/security/limits.d/99-oracle-limits.conf
     backup: true
     mode: "0644"
-  when: ansible_os_family == 'RedHat'
+  when: configure_limits and ansible_os_family == 'RedHat'
   tags: seclimit
 
 - name: Oracle-recommended security limits on SLES
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		minor_changes:
		- add configuration variables for pam_limits to orahost (oravirt#317)