Replaced bash with file resource when setting the limits

While reading the recommendations found [here](http://asquera.de/opensource/2012/11/25/elasticsearch-pre-flight-checklist/#file-descriptors) I thought that it would be a good idea to use `limits.d` instead of hacking the `limits.conf` file directly. This way Chef handles the idempotency itself and we can drop the custom (and hard to read) `not_if` magic. The "chef-ulimit" cookbook uses the same approach: https://github.com/bmhatfield/chef-ulimit/blob/master/definitions/user_ulimit.rb#L13 Tested on Vagrant with Debian 6 and Ubuntu Precise. Closes #101 Closes #118 Fixes #102
sous-chefs · Aug 1, 2013 · 3043d7d · 3043d7d
1 parent e1d3afd
commit 3043d7d
Showing 1 changed file with 6 additions and 13 deletions.
diff --git a/recipes/default.rb b/recipes/default.rb
@@ -82,7 +82,7 @@
   notifies :restart, 'service[elasticsearch]'
 end
 
-# Increase open file limits
+# Increase open file and memory limits
 #
 bash "enable user limits" do
   user 'root'
@@ -94,20 +94,13 @@
   not_if { ::File.read("/etc/pam.d/su").match(/^session    required   pam_limits\.so/) }
 end
 
-bash "increase limits for the elasticsearch user" do
-  user 'root'
+log "increase limits for the elasticsearch user"
 
-  code <<-END.gsub(/^    /, '')
-    echo '#{node.elasticsearch.fetch(:user, "elasticsearch")}     -    nofile    #{node.elasticsearch[:limits][:nofile]}'  >> /etc/security/limits.conf
-    echo '#{node.elasticsearch.fetch(:user, "elasticsearch")}     -    memlock   #{node.elasticsearch[:limits][:memlock]}' >> /etc/security/limits.conf
+file "/etc/security/limits.d/10-elasticsearch.conf" do
+  content <<-END.gsub(/^    /, '')
+    #{node.elasticsearch.fetch(:user, "elasticsearch")}     -    nofile    #{node.elasticsearch[:limits][:nofile]}
+    #{node.elasticsearch.fetch(:user, "elasticsearch")}     -    memlock   #{node.elasticsearch[:limits][:memlock]}
   END
-
-  not_if do
-    file = ::File.read("/etc/security/limits.conf")
-    file.include?("#{node.elasticsearch.fetch(:user, "elasticsearch")}     -    nofile    #{node.elasticsearch[:limits][:nofile]}") \
-    &&           \
-    file.include?("#{node.elasticsearch.fetch(:user, "elasticsearch")}     -    memlock   #{node.elasticsearch[:limits][:memlock]}")
-  end
 end
 
 # Create file with ES environment variables