From ccb60a6549d5caf6a76cfd08e2dd1203e962c6ba Mon Sep 17 00:00:00 2001 From: Oleksandr Kuzminskyi Date: Tue, 17 Mar 2026 20:25:12 -0700 Subject: [PATCH] Cap swap size to prevent filling root filesystem (sandbox) (#245) Port the swap size cap from development to sandbox. On instances with large RAM and small root volumes, the swap profile attempted to create a swap file of 2x RAM, which could fill the root filesystem. Swap size is now the minimum of 2x total RAM, 8 GB, and 25% of available disk space on /. --- debian/changelog | 6 ++++++ .../sandbox/modules/profile/manifests/swap.pp | 11 ++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 98abc53..e4a68e7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +puppet-code (0.1.0-1build297) noble; urgency=medium + + * commit event. see changes history in git log + + -- root Wed, 18 Mar 2026 03:25:18 +0000 + puppet-code (0.1.0-1build296) noble; urgency=medium * commit event. see changes history in git log diff --git a/environments/sandbox/modules/profile/manifests/swap.pp b/environments/sandbox/modules/profile/manifests/swap.pp index 9004b33..2a49c62 100644 --- a/environments/sandbox/modules/profile/manifests/swap.pp +++ b/environments/sandbox/modules/profile/manifests/swap.pp @@ -1,7 +1,16 @@ # @summary: Create swap from a file +# Swap size is capped to avoid filling the root filesystem on instances +# with large RAM and small root volumes (e.g. c5.metal with 192 GB RAM +# and a 30 GB root volume). The size is the minimum of: +# - 2x total RAM (traditional rule, appropriate for small instances) +# - 8 GB hard cap +# - 25% of available disk space on / class profile::swap () { $total_ram = $facts['memory']['system']['total_bytes'] - $swap_size = $total_ram * 2 + $eight_gb = 8 * 1024 * 1024 * 1024 + $disk_available = $facts['mountpoints']['/']['available_bytes'] + $disk_cap = $disk_available / 4 + $swap_size = min($total_ram * 2, $eight_gb, $disk_cap) $swap_file = '/swapfile' exec {'create_swap_file':