Set --with-ssh when building rugged for oxidized

[chef.git] / cookbooks / oxidized / recipes / default.rb

diff --git a/cookbooks/oxidized/recipes/default.rb b/cookbooks/oxidized/recipes/default.rb
index 4d1da0343e17997a33c2996afe08bcacd3e57973..28f65bf79badbbf3991587a7f35eb271263e8894 100644 (file)
--- a/cookbooks/oxidized/recipes/default.rb
+++ b/cookbooks/oxidized/recipes/default.rb
@@ -29,6 +29,8 @@ package %w[
   libssh2-1-dev
   zlib1g-dev
   pkg-config
+  libyaml-dev
+  logrotate
 ]
 
 keys = data_bag_item("oxidized", "keys")
@@ -128,9 +130,15 @@ git "/var/lib/oxidized/configs.git" do
   group "oxidized"
 end
 
+bundle_config "/opt/oxidized/daemon" do
+  user "oxidized"
+  group "oxidized"
+  settings "deployment" => "true",
+           "build.rugged" => "--with-ssh"
+end
+
 bundle_install "/opt/oxidized/daemon" do
   action :nothing
-  options "--deployment"
   user "oxidized"
   group "oxidized"
   notifies :restart, "service[oxidized]"
@@ -147,11 +155,8 @@ systemd_service "oxidized" do
   environment "OXIDIZED_HOME" => "/etc/oxidized",
               "OXIDIZED_LOGS" => "/var/log/oxidized"
   nice 10
-  private_tmp true
-  private_devices true
-  protect_system "full"
-  protect_home true
-  no_new_privileges true
+  sandbox :enable_network => true
+  read_write_paths ["/run/oxidized", "/var/lib/oxidized", "/var/log/oxidized"]
   restart "on-failure"
   notifies :restart, "service[oxidized]"
 end