-# coding: utf-8
#
# Cookbook Name:: kibana
# Recipe:: default
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
require "yaml"
-include_recipe "apache::ssl"
+include_recipe "apache"
apache_module "proxy_http"
after "network.target"
user "kibana"
exec_start "/opt/kibana-#{version}/bin/kibana -c /etc/kibana/%i.yml"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ no_new_privileges true
restart "on-failure"
end
node[:kibana][:sites].each do |name, details|
file "/etc/kibana/#{name}.yml" do
- content YAML.dump(YAML.load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge(
+ content YAML.dump(YAML.safe_load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge(
"port" => details[:port],
"host" => "127.0.0.1",
"elasticsearch_url" => details[:elasticsearch_url],
"pid_file" => "/var/run/kibana/#{name}.pid",
"log_file" => "/var/log/kibana/#{name}.log"
- ))
+ ))
owner "root"
group "root"
mode 0o644
service "kibana@#{name}" do
action [:enable, :start]
supports :status => true, :restart => true, :reload => false
+ subscribes :restart, "systemd_service[kibana@]"
+ end
+
+ ssl_certificate details[:site] do
+ domains details[:site]
+ notifies :reload, "service[apache2]"
end
apache_site details[:site] do