Manage ulimit with systemd::dropin_file and allow it to be unmanaged

[laugmanuel]

This PR changes two things:

• Adds the new parameter ulimit_managed to explicitly enable/disable ulimit
  • in systemd unit für instances and
  • systemd dropin for default setup
• Use systemd:: service_limits to manage the ulimits for the default setup.
  Note: This adds a new dependency to camptocamp/puppet-systemd.
• Use systemd::unit_file for each instance service

Fixes #390

Note: I can split this PR into two/three PRs if desired (or squash the commits together).

[laugmanuel]

Test failures seem to be unrelated...

[ekohl]

Perhaps this should also be modified to use systemd::unit_file:

puppet-redis/manifests/instance.pp

Lines 312 to 318 in 551e58b

	file { "/etc/systemd/system/${service_name}.service":
	ensure => file,
	owner => 'root',
	group => 'root',
	mode => '0644',
	content => template('redis/service_templates/redis.service.erb'),
	}

https://github.com/voxpupuli/puppet-redis#soft-dependency also needs an update if systemd becomes a hard dependency.

[ekohl]

There is no daemon reload code for Puppet < 6.1.0 in systemd::service_limits. Interestingly, in combination with restart_service that appears to be a bug.

Edit: to be clear, I don't think you should set $restart_service to true, but it should deal with daemon reloads. Or we should drop Puppet < 6.1.0.

[laugmanuel]

The daemon reload is contained in systemd::dropin_file which is invoked indirectly by systemd::service_limits. As this PR would use the new way of defining the limits regardless of Puppet version, the reload should be handled there.

[ekohl]

If you pass enable and active as well, the unit file can manage the service and also properly apply daemon_reload. This is particularly important now that camptocamp/systemd has dropped the daemon_reload class in master.

[ekohl]

See 58aa20c for what I think is roughly needed.

[ekohl]

Thinking more about this, it's a bit dubious how this should be handled. Previously it was an augeas lens which means it did manage one entry but users were free to manage other entries via other means.

[laugmanuel]

The idea was that there is no duplicate of old and new settings. But you are right; if users added their custom limits, they should not get removed.
We could switch the augeas lens to exclude the the NoFile line or just stop managing the file at all (which will result in duplicates of NOFile)

[laugmanuel]

Or we just stick to using the current approach and I'll drop switching to puppet-systemd from this PR.

[ekohl]

I don't mind doing a major version bump for it and making it clear that this is the behavior. Could use a comment perhaps?

[ekohl]

What do you think about moving it into instance.pp? 2c2a322

[laugmanuel]

@ekohl, currently I'm a little bit hesitant as I can't quite overlook the changes/impact and get a full picture. WDYT about closing this PR in favour of new ones based on your commits (2c2a322 and 58aa20c)?

[ekohl]

I would be OK with that.

[ekohl]

I opened #396