X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/40f1416a4ac582cb45a198f9d7baba72eb34d124..cc57b9e9a6f06eb2fdce5ed83aa5f9ed6cd90cad:/cookbooks/prometheus/resources/exporter.rb?ds=inline diff --git a/cookbooks/prometheus/resources/exporter.rb b/cookbooks/prometheus/resources/exporter.rb index d0ee20215..782f84aa3 100644 --- a/cookbooks/prometheus/resources/exporter.rb +++ b/cookbooks/prometheus/resources/exporter.rb @@ -27,13 +27,16 @@ property :port, :kind_of => Integer, :required => [:create] property :listen_switch, :kind_of => String, :default => "web.listen-address" property :listen_type, :kind_of => String, :default => "address" property :user, :kind_of => String +property :group, :kind_of => String property :command, :kind_of => String property :options, :kind_of => [String, Array] property :environment, :kind_of => Hash, :default => {} +property :protect_proc, String property :proc_subset, String property :private_devices, [true, false] property :protect_clock, [true, false] property :restrict_address_families, [String, Array] +property :remove_ipc, [true, false] property :system_call_filter, [String, Array] property :service, :kind_of => String property :scrape_interval, :kind_of => String @@ -49,13 +52,16 @@ action :create do type "simple" user new_resource.user dynamic_user new_resource.user.nil? + group new_resource.group environment new_resource.environment exec_start "#{executable_path} #{new_resource.command} #{executable_options}" sandbox :enable_network => true + protect_proc new_resource.protect_proc if new_resource.property_is_set?(:protect_proc) proc_subset new_resource.proc_subset if new_resource.property_is_set?(:proc_subset) private_devices new_resource.private_devices if new_resource.property_is_set?(:private_devices) protect_clock new_resource.protect_clock if new_resource.property_is_set?(:protect_clock) restrict_address_families new_resource.restrict_address_families if new_resource.property_is_set?(:restrict_address_families) + remove_ipc new_resource.remove_ipc if new_resource.property_is_set?(:remove_ipc) system_call_filter new_resource.system_call_filter if new_resource.property_is_set?(:system_call_filter) end @@ -68,7 +74,7 @@ action :create do action :accept source "osm" dest "fw" - proto "tcp:syn" + proto "tcp" dest_ports new_resource.port only_if { node[:prometheus][:mode] == "external" } end