]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/prometheus/resources/exporter.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Make nftables block various invalid TCP flag combinations
[chef.git] / cookbooks / prometheus / resources / exporter.rb
diff --git a/cookbooks/prometheus/resources/exporter.rb b/cookbooks/prometheus/resources/exporter.rb
index 2d6a7cbc872876143b2f658623c49210e2391dcd..581c961ddd4709de25cad39b564eeacb18de921f 100644 (file)
--- a/cookbooks/prometheus/resources/exporter.rb
+++ b/cookbooks/prometheus/resources/exporter.rb
@@ -27,13 +27,16 @@ property :port, :kind_of => Integer, :required => [:create]
 property :listen_switch, :kind_of => String, :default => "web.listen-address"
 property :listen_type, :kind_of => String, :default => "address"
 property :user, :kind_of => String
 property :listen_switch, :kind_of => String, :default => "web.listen-address"
 property :listen_type, :kind_of => String, :default => "address"
 property :user, :kind_of => String
+property :group, :kind_of => String
 property :command, :kind_of => String
 property :options, :kind_of => [String, Array]
 property :environment, :kind_of => Hash, :default => {}
 property :command, :kind_of => String
 property :options, :kind_of => [String, Array]
 property :environment, :kind_of => Hash, :default => {}
+property :protect_proc, String
 property :proc_subset, String
 property :private_devices, [true, false]
 property :protect_clock, [true, false]
 property :restrict_address_families, [String, Array]
 property :proc_subset, String
 property :private_devices, [true, false]
 property :protect_clock, [true, false]
 property :restrict_address_families, [String, Array]
+property :remove_ipc, [true, false]
 property :system_call_filter, [String, Array]
 property :service, :kind_of => String
 property :scrape_interval, :kind_of => String
 property :system_call_filter, [String, Array]
 property :service, :kind_of => String
 property :scrape_interval, :kind_of => String
@@ -49,13 +52,16 @@ action :create do
     type "simple"
     user new_resource.user
     dynamic_user new_resource.user.nil?
     type "simple"
     user new_resource.user
     dynamic_user new_resource.user.nil?
+    group new_resource.group
     environment new_resource.environment
     exec_start "#{executable_path} #{new_resource.command} #{executable_options}"
     sandbox :enable_network => true
     environment new_resource.environment
     exec_start "#{executable_path} #{new_resource.command} #{executable_options}"
     sandbox :enable_network => true
+    protect_proc new_resource.protect_proc if new_resource.property_is_set?(:protect_proc)
     proc_subset new_resource.proc_subset if new_resource.property_is_set?(:proc_subset)
     private_devices new_resource.private_devices if new_resource.property_is_set?(:private_devices)
     protect_clock new_resource.protect_clock if new_resource.property_is_set?(:protect_clock)
     restrict_address_families new_resource.restrict_address_families if new_resource.property_is_set?(:restrict_address_families)
     proc_subset new_resource.proc_subset if new_resource.property_is_set?(:proc_subset)
     private_devices new_resource.private_devices if new_resource.property_is_set?(:private_devices)
     protect_clock new_resource.protect_clock if new_resource.property_is_set?(:protect_clock)
     restrict_address_families new_resource.restrict_address_families if new_resource.property_is_set?(:restrict_address_families)
+    remove_ipc new_resource.remove_ipc if new_resource.property_is_set?(:remove_ipc)
     system_call_filter new_resource.system_call_filter if new_resource.property_is_set?(:system_call_filter)
   end
 
     system_call_filter new_resource.system_call_filter if new_resource.property_is_set?(:system_call_filter)
   end
 
@@ -148,9 +154,7 @@ action_class do
   end
 
   def listen_address
   end
 
   def listen_address
-    if true
-      "127.0.0.1:#{new_resource.port}"
-    elsif new_resource.address
+    if new_resource.address
       "#{new_resource.address}:#{new_resource.port}"
     elsif node[:prometheus][:mode] == "wireguard"
       "[#{node[:prometheus][:address]}]:#{new_resource.port}"
       "#{new_resource.address}:#{new_resource.port}"
     elsif node[:prometheus][:mode] == "wireguard"
       "[#{node[:prometheus][:address]}]:#{new_resource.port}"
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.