X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/a68415b8f2bf106b6ea5948b0605c897b516ef4f..8df838bf09d95282ba29ddde8b504e0affc5f06e:/cookbooks/kibana/recipes/default.rb diff --git a/cookbooks/kibana/recipes/default.rb b/cookbooks/kibana/recipes/default.rb index e4dd05c9f..cc9b7f020 100644 --- a/cookbooks/kibana/recipes/default.rb +++ b/cookbooks/kibana/recipes/default.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # # Cookbook Name:: kibana # Recipe:: default @@ -20,7 +19,7 @@ require "yaml" -include_recipe "apache::ssl" +include_recipe "apache" apache_module "proxy_http" @@ -68,12 +67,17 @@ systemd_service "kibana@" do after "network.target" user "kibana" exec_start "/opt/kibana-#{version}/bin/kibana -c /etc/kibana/%i.yml" + private_tmp true + private_devices true + protect_system "full" + protect_home true + no_new_privileges true restart "on-failure" end node[:kibana][:sites].each do |name, details| file "/etc/kibana/#{name}.yml" do - content YAML.dump(YAML.load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge( + content YAML.dump(YAML.safe_load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge( "port" => details[:port], "host" => "127.0.0.1", "elasticsearch_url" => details[:elasticsearch_url], @@ -89,6 +93,12 @@ node[:kibana][:sites].each do |name, details| service "kibana@#{name}" do action [:enable, :start] supports :status => true, :restart => true, :reload => false + subscribes :restart, "systemd_service[kibana@]" + end + + ssl_certificate details[:site] do + domains details[:site] + notifies :reload, "service[apache2]" end apache_site details[:site] do