How to change stack depth limits in /etc/security/limits.d/ and have the changes apply to services at boot

postgresql ubuntu ansible ulimit

Solution 1:

Until someone can give me a clean solution, this is what I've come up with, and it sucks. I won't accept it as THE answer to my question, but here it is (gags). At least it works.


Background

Seems that changes to /etc/security/limits.* never impact services, but rather stuff being executed from the shell. So, that kind of makes my changes in /etc/security/limits.* quite meaningless. (insert cussing here). I've now deleted my /etc/security/limits.d/myapplication.conf.


Changing Stack Size limits for postgres

This is a garbage solution. I hate it.

I've edited my "/usr/share/postgresql-common/init.d-functions", specifically the start() function, to appear as:

...
# start all clusters of version $1
# output according to Debian Policy for init scripts
start() {
    ulimit -s 131072    #JTS: To avoid Issue #XYZ 

    # create socket directory
    if [ -d /var/run/postgresql ]; then
        chmod 2775 /var/run/postgresql
    else
    ...

Obviously I've added the ulimit line. It's disgusting to me to modify this file because I expect it to be perpetually changed by updates. At least I have an Ansible rule to enforce it exists.


My Ansible solution

Here's the Ansible task I've created to enforce this config change for me:

- blockinfile:
    dest: /usr/share/postgresql-common/init.d-functions
    block: |
          ulimit -s 131072
    backup: yes
    insertafter: '^start\(\) \{'
    state: present

This Ansible task results in the function looking like this:

...
# start all clusters of version $1
# output according to Debian Policy for init scripts
start() {
# BEGIN ANSIBLE MANAGED BLOCK
ulimit -s 131072
# END ANSIBLE MANAGED BLOCK
    # create socket directory
    if [ -d /var/run/postgresql ]; then
       ...


Of Note: Upstart Services Ignore /etc/security/limits

Seems that /etc/security/limits.* is ignorred by Upstart, which Ubuntu 14.04 uses. My application service actually uses upstart and one can insert a line for upstart that looks like:

limit stack <softlimit> <hardlimit>

Ubuntu switched to systemd after 14.04, so this upstart tid-bit will fade in to irrelevance.

This isn't relevant to my question because on 14.04, postgresql is not managed by upstart.

Related

Docker bridge and nginx allowed ip
How to close a port with no process attached?
Can you raise the domain functional level to windows server 2016 and have DFS running on windows server 2012 r2?
How to setup Traefik for HA? Need a reverse-proxy in front of Traefik?
Determine which AWS account owns an S3 bucket
worker_connections are not enough - Nginx, docker
Kubernetes pod has unbound immediate PersistentVolumeClaims (eks)
I can not seem to get a Regex for to Fail2Ban to work with Opensmtpd? Can I get a sanity check?
Hosted form of web-based file transfer tools [closed]
How to bidirectionally sync Oracle Calendar (SyncML) with Apple's iCal.app
Win7 command processor (CMD.EXE) really slow
What is Causing this IIS 7 Web Service Sporadic Connectivity Error?