require "yaml"
-include_recipe "apache::ssl"
+include_recipe "apache"
apache_module "proxy_http"
directory "/opt/kibana-#{version}" do
owner "root"
group "root"
- mode 0755
+ mode 0o755
end
execute "unzip-kibana-#{version}" do
directory "/etc/kibana" do
owner "root"
group "root"
- mode 0755
+ mode 0o755
end
directory "/var/run/kibana" do
owner "kibana"
group "kibana"
- mode 0755
+ mode 0o755
end
directory "/var/log/kibana" do
owner "kibana"
group "kibana"
- mode 0755
+ mode 0o755
end
systemd_service "kibana@" do
after "network.target"
user "kibana"
exec_start "/opt/kibana-#{version}/bin/kibana -c /etc/kibana/%i.yml"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ no_new_privileges true
restart "on-failure"
end
node[:kibana][:sites].each do |name, details|
file "/etc/kibana/#{name}.yml" do
- content YAML.dump(YAML.load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge(
+ content YAML.dump(YAML.safe_load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge(
"port" => details[:port],
"host" => "127.0.0.1",
"elasticsearch_url" => details[:elasticsearch_url],
))
owner "root"
group "root"
- mode 0644
+ mode 0o644
notifies :restart, "service[kibana@#{name}]"
end
service "kibana@#{name}" do
action [:enable, :start]
supports :status => true, :restart => true, :reload => false
+ subscribes :restart, "systemd_service[kibana@]"
+ end
+
+ ssl_certificate details[:site] do
+ domains details[:site]
+ notifies :reload, "service[apache2]"
end
apache_site details[:site] do