Rush has uploaded a new change for review.
https://gerrit.wikimedia.org/r/284927
Change subject: toollabs: bastion setup for cgred::group shell
......................................................................
toollabs: bastion setup for cgred::group shell
We are already doing this under duress as a temporary
measure and this codifies.
Bug: T131541
Change-Id: Iedb9dc6598130cce01d81fbf28715fb447bdfdb6
---
M modules/toollabs/manifests/bastion.pp
1 file changed, 18 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/27/284927/1
diff --git a/modules/toollabs/manifests/bastion.pp
b/modules/toollabs/manifests/bastion.pp
index 3aa6212..e176b95 100644
--- a/modules/toollabs/manifests/bastion.pp
+++ b/modules/toollabs/manifests/bastion.pp
@@ -20,6 +20,24 @@
if $::operatingsystem == 'Ubuntu' {
# lint:ignore:arrow_alignment
+ cgred::group {'shell':
+ config => {
+ memory => {
+ 'memory.limit_in_bytes' => '2305843009213693951',
+ },
+ },
+ rules => [
+ '*:/bin/sh memory /shell',
+ '*:/bin/dash memory /shell',
+ '*:/bin/bash memory /shell',
+ '*:/usr/bin/zsh memory /shell',
+ '*:/usr/bin/screen memory /shell',
+ '*:/usr/bin/tmux memory /shell',
+ '*:/usr/bin/lshell memory /shell',
+ ],
+ }
+
+ # lint:ignore:arrow_alignment
cgred::group {'user-daemons':
config => {
cpu => {
--
To view, visit https://gerrit.wikimedia.org/r/284927
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iedb9dc6598130cce01d81fbf28715fb447bdfdb6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
