X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/39e9c0f23c2c459285df473de8011221f429dbad..085c75b108bfae4853ed79a4a3fd0894f358a61a:/cookbooks/hardware/recipes/default.rb?ds=sidebyside diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb index d8bfadbe5..72b405c3f 100644 --- a/cookbooks/hardware/recipes/default.rb +++ b/cookbooks/hardware/recipes/default.rb @@ -186,6 +186,8 @@ if File.exist?("/etc/default/grub") end end +package "initramfs-tools" + execute "update-initramfs" do action :nothing command "update-initramfs -u -k all" @@ -475,7 +477,7 @@ disks = disks.map do |disk| munin = device end - next if device.nil? + next if device.nil? || munin.nil? Hash[ :device => device, @@ -536,7 +538,7 @@ if disks.count.positive? prometheus_collector "smart" do interval "15m" user "root" - capability_bounding_set "CAP_SYS_ADMIN" + capability_bounding_set %w[CAP_DAC_OVERRIDE CAP_SYS_ADMIN CAP_SYS_RAWIO] private_devices false private_users false protect_clock false @@ -700,8 +702,9 @@ prometheus_collector "ohai" do interval "15m" user "root" proc_subset "all" - capability_bounding_set "CAP_SYS_ADMIN" + capability_bounding_set %w[CAP_DAC_OVERRIDE CAP_SYS_ADMIN] private_devices false private_users false protect_clock false + protect_kernel_modules false end