Fix sous-chefs#101: idempotency of security limits

kamaradclimber · Jun 25, 2013 · 4de754f · 4de754f
1 parent eed9415
commit 4de754f
Showing 1 changed file with 12 additions and 13 deletions.
diff --git a/recipes/default.rb b/recipes/default.rb
@@ -94,20 +94,19 @@
   not_if { ::File.read("/etc/pam.d/su").match(/^session    required   pam_limits\.so/) }
 end
 
-bash "increase limits for the elasticsearch user" do
-  user 'root'
-
-  code <<-END.gsub(/^    /, '')
-    echo '#{node.elasticsearch.fetch(:user, "elasticsearch")}     -    nofile    #{node.elasticsearch[:limits][:nofile]}'  >> /etc/security/limits.conf
-    echo '#{node.elasticsearch.fetch(:user, "elasticsearch")}     -    memlock   #{node.elasticsearch[:limits][:memlock]}' >> /etc/security/limits.conf
-  END
+limits = node.elasticsearch[:limits].map do |limit,value|
+  "#{node.elasticsearch[:user]} - #{limit} #{value}"
+end
 
-  not_if do
-    file = ::File.read("/etc/security/limits.conf")
-    file.include?("#{node.elasticsearch.fetch(:user, "elasticsearch")}     -    nofile    #{node.elasticsearch[:limits][:nofile]}") \
-    &&           \
-    file.include?("#{node.elasticsearch.fetch(:user, "elasticsearch")}     -    memlock   #{node.elasticsearch[:limits][:memlock]}")
-  end
+template "/etc/security/limits.d/elasticsearch.conf" do
+  owner 'root'
+  group 'root'
+  mode '0644'
+  source 'security_limits.conf.erb'
+  variables({
+    :limits => limits
+  })
+  notifies :restart, 'service[elasticsearch]'
 end
 
 # Create file with ES environment variables