From cffa2bbd74da0035df62b5dac20fa473e3864039 Mon Sep 17 00:00:00 2001
From:  <kanderson@MELCHIOR.2600hz.com>
Date: Wed, 5 Oct 2016 16:03:01 -0700
Subject: [PATCH] fix limits

---
 system/sbin/kazoo-applications                |  2 +-
 system/sbin/kazoo-bigcouch                    |  2 +-
 system/sbin/kazoo-ecallmgr                    |  2 +-
 system/sbin/kazoo-freeswitch                  |  2 +-
 system/sbin/kazoo-haproxy                     |  2 +-
 system/sbin/kazoo-kamailio                    |  2 +-
 system/sbin/kazoo-rabbitmq                    |  2 +-
 system/security/limits.d/bigcouch.limits.conf | 19 +++++++++++++++++--
 system/security/limits.d/haproxy.limits.conf  | 17 +++++++++++++++++
 system/security/limits.d/kazoo.limits.conf    | 17 +++++++++++++++++
 system/security/limits.d/rabbitmq.limits.conf | 19 +++++++++++++++++--
 system/systemd/kazoo-applications.service     |  2 ++
 system/systemd/kazoo-bigcouch.service         |  2 ++
 system/systemd/kazoo-ecallmgr.service         |  2 ++
 system/systemd/kazoo-freeswitch.service       |  2 ++
 system/systemd/kazoo-haproxy.service          |  1 +
 system/systemd/kazoo-kamailio.service         |  2 ++
 system/systemd/kazoo-rabbitmq.service         |  2 ++
 18 files changed, 88 insertions(+), 11 deletions(-)
 create mode 100644 system/security/limits.d/haproxy.limits.conf
 create mode 100644 system/security/limits.d/kazoo.limits.conf

diff --git a/system/sbin/kazoo-applications b/system/sbin/kazoo-applications
index b397105..e2c89bf 100755
--- a/system/sbin/kazoo-applications
+++ b/system/sbin/kazoo-applications
@@ -59,7 +59,7 @@ start() {
 	if [ "$(whoami)" == "${USER}" ]; then
 		exec "$@"
 	else
-		exec sudo -E -u ${USER} "$@"
+		runuser -s /bin/bash ${USER} -c "$*"
 	fi
 	RETVAL=$?
 
diff --git a/system/sbin/kazoo-bigcouch b/system/sbin/kazoo-bigcouch
index ceb1c9f..ba21f12 100755
--- a/system/sbin/kazoo-bigcouch
+++ b/system/sbin/kazoo-bigcouch
@@ -42,7 +42,7 @@ start() {
 	if [ "$(whoami)" == "${USER}" ]; then
 		exec "$@"
 	else
-		exec sudo -u ${USER} "$@"
+		runuser -s /bin/bash ${USER} -c "$*"
 	fi
 	RETVAL=$?
 	
diff --git a/system/sbin/kazoo-ecallmgr b/system/sbin/kazoo-ecallmgr
index 9b7a8e4..6b3eb01 100755
--- a/system/sbin/kazoo-ecallmgr
+++ b/system/sbin/kazoo-ecallmgr
@@ -59,7 +59,7 @@ start() {
 	if [ "$(whoami)" == "${USER}" ]; then
 		exec "$@"
 	else
-		exec sudo -E -u ${USER} "$@"
+		runuser -s /bin/bash ${USER} -c "$*"
 	fi
 	RETVAL=$?
 
diff --git a/system/sbin/kazoo-freeswitch b/system/sbin/kazoo-freeswitch
index 8ce86f8..496d418 100755
--- a/system/sbin/kazoo-freeswitch
+++ b/system/sbin/kazoo-freeswitch
@@ -48,7 +48,7 @@ start() {
 	if [ "$(whoami)" == "${USER}" ]; then
 		exec "$@"
 	else
-		exec sudo -u ${USER} "$@"
+		runuser -s /bin/bash ${USER} -c "$*"
 	fi
 	RETVAL=$?
 
diff --git a/system/sbin/kazoo-haproxy b/system/sbin/kazoo-haproxy
index ceb6ea1..c6ed3a0 100755
--- a/system/sbin/kazoo-haproxy
+++ b/system/sbin/kazoo-haproxy
@@ -43,7 +43,7 @@ start() {
 	if [ "$(whoami)" == "${USER}" ]; then
 		exec "$@"
 	else
-		exec sudo -u ${USER} "$@"
+		runuser -s /bin/bash ${USER} -c "$*"
 	fi
 	RETVAL=$?
 
diff --git a/system/sbin/kazoo-kamailio b/system/sbin/kazoo-kamailio
index 16c695b..be1b60e 100755
--- a/system/sbin/kazoo-kamailio
+++ b/system/sbin/kazoo-kamailio
@@ -45,7 +45,7 @@ start() {
 		exec "$@"
 	else
 		set -- ${BIN_FILE} -f ${CFG_FILE} -m ${SHM_MEMORY} -M ${PKG_MEMORY} -u ${USER} -g ${GROUP} ${EXTRA_OPTIONS} "$@"
-		exec sudo -u ${USER} "$@"
+		runuser -s /bin/bash ${USER} -c "$*"	
 	fi
 	RETVAL=$?
 	
diff --git a/system/sbin/kazoo-rabbitmq b/system/sbin/kazoo-rabbitmq
index 8c16e3e..2bba6d0 100755
--- a/system/sbin/kazoo-rabbitmq
+++ b/system/sbin/kazoo-rabbitmq
@@ -49,7 +49,7 @@ start() {
 	if [ "$(whoami)" == "${USER}" ]; then
 		exec "$@"
 	else
-		exec sudo -E -u ${USER} "$@"
+		runuser -s /bin/bash ${USER} -c "$*"
  	fi
 	RETVAL=$?
 	
diff --git a/system/security/limits.d/bigcouch.limits.conf b/system/security/limits.d/bigcouch.limits.conf
index 742bcc5..ea4d0c9 100644
--- a/system/security/limits.d/bigcouch.limits.conf
+++ b/system/security/limits.d/bigcouch.limits.conf
@@ -1,2 +1,17 @@
-bigcouch        soft    nofile          65536
-bigcouch        hard    nofile          65536
+bigcouch       soft    core            unlimited
+bigcouch       soft    data            unlimited
+bigcouch       soft    fsize           unlimited
+bigcouch       soft    memlock         unlimited
+bigcouch       soft    nofile          999999 
+bigcouch       soft    rss             unlimited
+bigcouch       hard    stack           240
+bigcouch       soft    cpu             unlimited
+bigcouch       soft    nproc           unlimited
+bigcouch       soft    as              unlimited
+bigcouch       soft    priority        -11
+bigcouch       soft    locks           unlimited
+bigcouch       soft    sigpending      unlimited
+bigcouch       soft    msgqueue        unlimited
+bigcouch       soft    nice            -11
+bigcouch       soft    nofile          65536
+bigcouch       hard    nofile          65536
diff --git a/system/security/limits.d/haproxy.limits.conf b/system/security/limits.d/haproxy.limits.conf
new file mode 100644
index 0000000..898095a
--- /dev/null
+++ b/system/security/limits.d/haproxy.limits.conf
@@ -0,0 +1,17 @@
+haproxy       soft    core            unlimited
+haproxy       soft    data            unlimited
+haproxy       soft    fsize           unlimited
+haproxy       soft    memlock         unlimited
+haproxy       soft    nofile          999999 
+haproxy       soft    rss             unlimited
+haproxy       hard    stack           240
+haproxy       soft    cpu             unlimited
+haproxy       soft    nproc           unlimited
+haproxy       soft    as              unlimited
+haproxy       soft    priority        -11
+haproxy       soft    locks           unlimited
+haproxy       soft    sigpending      unlimited
+haproxy       soft    msgqueue        unlimited
+haproxy       soft    nice            -11
+haproxy       soft    nofile          65536
+haproxy       hard    nofile          65536
diff --git a/system/security/limits.d/kazoo.limits.conf b/system/security/limits.d/kazoo.limits.conf
new file mode 100644
index 0000000..ca6f7bd
--- /dev/null
+++ b/system/security/limits.d/kazoo.limits.conf
@@ -0,0 +1,17 @@
+kazoo       soft    core            unlimited
+kazoo       soft    data            unlimited
+kazoo       soft    fsize           unlimited
+kazoo       soft    memlock         unlimited
+kazoo       soft    nofile          999999 
+kazoo       soft    rss             unlimited
+kazoo       hard    stack           240
+kazoo       soft    cpu             unlimited
+kazoo       soft    nproc           unlimited
+kazoo       soft    as              unlimited
+kazoo       soft    priority        -11
+kazoo       soft    locks           unlimited
+kazoo       soft    sigpending      unlimited
+kazoo       soft    msgqueue        unlimited
+kazoo       soft    nice            -11
+kazoo       soft    nofile          65536
+kazoo       hard    nofile          65536
diff --git a/system/security/limits.d/rabbitmq.limits.conf b/system/security/limits.d/rabbitmq.limits.conf
index 057ed1e..50ee717 100644
--- a/system/security/limits.d/rabbitmq.limits.conf
+++ b/system/security/limits.d/rabbitmq.limits.conf
@@ -1,2 +1,17 @@
-rabbitmq        soft    nofile          65536
-rabbitmq        hard    nofile          65536
+rabbitmq       soft    core            unlimited
+rabbitmq       soft    data            unlimited
+rabbitmq       soft    fsize           unlimited
+rabbitmq       soft    memlock         unlimited
+rabbitmq       soft    nofile          999999 
+rabbitmq       soft    rss             unlimited
+rabbitmq       hard    stack           240
+rabbitmq       soft    cpu             unlimited
+rabbitmq       soft    nproc           unlimited
+rabbitmq       soft    as              unlimited
+rabbitmq       soft    priority        -11
+rabbitmq       soft    locks           unlimited
+rabbitmq       soft    sigpending      unlimited
+rabbitmq       soft    msgqueue        unlimited
+rabbitmq       soft    nice            -11
+rabbitmq       soft    nofile          65536
+rabbitmq       hard    nofile          65536
diff --git a/system/systemd/kazoo-applications.service b/system/systemd/kazoo-applications.service
index 71c3f8c..37f5c7d 100644
--- a/system/systemd/kazoo-applications.service
+++ b/system/systemd/kazoo-applications.service
@@ -6,6 +6,8 @@ After=syslog.target network.target
 User=kazoo
 Group=daemon
 PermissionsStartOnly=true
+LimitNOFILE=65536
+LimitCORE=infinity
 ExecStartPre=/usr/sbin/kazoo-applications prepare
 ExecStart=/usr/sbin/kazoo-applications start
 ExecStop=/usr/sbin/kazoo-applications stop
diff --git a/system/systemd/kazoo-bigcouch.service b/system/systemd/kazoo-bigcouch.service
index d624f07..b75b5dc 100644
--- a/system/systemd/kazoo-bigcouch.service
+++ b/system/systemd/kazoo-bigcouch.service
@@ -7,6 +7,8 @@ Type=forking
 User=bigcouch
 Group=daemon
 PermissionsStartOnly=true
+LimitNOFILE=65536
+LimitCORE=infinity
 ExecStartPre=/usr/sbin/kazoo-bigcouch prepare
 ExecStart=/usr/sbin/kazoo-bigcouch background
 ExecStop=/usr/sbin/kazoo-bigcouch stop
diff --git a/system/systemd/kazoo-ecallmgr.service b/system/systemd/kazoo-ecallmgr.service
index 95ce7e3..f931748 100644
--- a/system/systemd/kazoo-ecallmgr.service
+++ b/system/systemd/kazoo-ecallmgr.service
@@ -6,6 +6,8 @@ After=syslog.target network.target
 User=kazoo
 Group=daemon
 PermissionsStartOnly=true
+LimitNOFILE=65536
+LimitCORE=infinity
 ExecStartPre=/usr/sbin/kazoo-ecallmgr prepare
 ExecStart=/usr/sbin/kazoo-ecallmgr start
 ExecStop=/usr/sbin/kazoo-ecallmgr stop
diff --git a/system/systemd/kazoo-freeswitch.service b/system/systemd/kazoo-freeswitch.service
index 2910882..c16a747 100644
--- a/system/systemd/kazoo-freeswitch.service
+++ b/system/systemd/kazoo-freeswitch.service
@@ -7,6 +7,8 @@ After=postgresql.service postgresql-9.3.service postgresql-9.4.service mysqld.se
 User=freeswitch
 Group=daemon
 PermissionsStartOnly=true
+LimitNOFILE=65536
+LimitCORE=infinity
 # RuntimeDirectory is not yet supported in CentOS 7. A workaround is to use /etc/tmpfiles.d/freeswitch.conf
 # RuntimeDirectory=/run/freeswitch
 # RuntimeDirectoryMode=0750
diff --git a/system/systemd/kazoo-haproxy.service b/system/systemd/kazoo-haproxy.service
index 32fabcf..f5f2589 100644
--- a/system/systemd/kazoo-haproxy.service
+++ b/system/systemd/kazoo-haproxy.service
@@ -6,6 +6,7 @@ After=syslog.target network.target
 User=haproxy
 Group=daemon
 PermissionsStartOnly=true
+LimitNOFILE=65536
 PIDFile=/var/run/haproxy/kazoo-haproxy.pid
 Environment=HAPROXY_BIN=/usr/sbin/haproxy-systemd-wrapper
 ExecStartPre=/usr/sbin/kazoo-haproxy prepare
diff --git a/system/systemd/kazoo-kamailio.service b/system/systemd/kazoo-kamailio.service
index 2863b80..34f721f 100644
--- a/system/systemd/kazoo-kamailio.service
+++ b/system/systemd/kazoo-kamailio.service
@@ -6,6 +6,8 @@ After=syslog.target network.target
 User=kamailio
 Group=daemon
 PermissionsStartOnly=true
+LimitNOFILE=65536
+LimitCORE=infinity
 ExecStartPre=/usr/sbin/kazoo-kamailio prepare
 ExecStart=/usr/sbin/kazoo-kamailio start
 ExecStop=/usr/sbin/kazoo-kamailio stop
diff --git a/system/systemd/kazoo-rabbitmq.service b/system/systemd/kazoo-rabbitmq.service
index 77df434..1935798 100644
--- a/system/systemd/kazoo-rabbitmq.service
+++ b/system/systemd/kazoo-rabbitmq.service
@@ -7,6 +7,8 @@ Type=notify
 User=rabbitmq
 Group=daemon
 PermissionsStartOnly=true
+LimitNOFILE=65536
+LimitCORE=infinity
 ExecStartPre=/usr/sbin/kazoo-rabbitmq prepare
 ExecStart=/usr/sbin/kazoo-rabbitmq start
 ExecStop=/usr/sbin/kazoo-rabbitmq stop