Enable peering for squid 4 caches

[chef.git] / cookbooks / kibana / recipes / default.rb

diff --git a/cookbooks/kibana/recipes/default.rb b/cookbooks/kibana/recipes/default.rb
index 30ee757aa78f78a35b9a3baad39372aef6a5bb17..a3c8dc9f998e8bc441459cb24c78f2dca6be7dda 100644 (file)
--- a/cookbooks/kibana/recipes/default.rb
+++ b/cookbooks/kibana/recipes/default.rb
@@ -1,4 +1,3 @@
-# coding: utf-8
 #
 # Cookbook Name:: kibana
 # Recipe:: default
@@ -9,7 +8,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -20,7 +19,7 @@
 
 require "yaml"
 
-include_recipe "apache::ssl"
+include_recipe "apache"
 
 apache_module "proxy_http"
 
@@ -34,7 +33,7 @@ end
 directory "/opt/kibana-#{version}" do
   owner "root"
   group "root"
-  mode 0755
+  mode 0o755
 end
 
 execute "unzip-kibana-#{version}" do
@@ -48,48 +47,58 @@ end
 directory "/etc/kibana" do
   owner "root"
   group "root"
-  mode 0755
+  mode 0o755
 end
 
 directory "/var/run/kibana" do
   owner "kibana"
   group "kibana"
-  mode 0755
+  mode 0o755
 end
 
 directory "/var/log/kibana" do
   owner "kibana"
   group "kibana"
-  mode 0755
+  mode 0o755
+end
+
+systemd_service "kibana@" do
+  description "Kibana server"
+  after "network.target"
+  user "kibana"
+  exec_start "/opt/kibana-#{version}/bin/kibana -c /etc/kibana/%i.yml"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  no_new_privileges true
+  restart "on-failure"
 end
 
 node[:kibana][:sites].each do |name, details|
   file "/etc/kibana/#{name}.yml" do
-    content YAML.dump(YAML.load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge(
+    content YAML.dump(YAML.safe_load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge(
                         "port" => details[:port],
                         "host" => "127.0.0.1",
                         "elasticsearch_url" => details[:elasticsearch_url],
                         "pid_file" => "/var/run/kibana/#{name}.pid",
                         "log_file" => "/var/log/kibana/#{name}.log"
-    ))
-    owner "root"
-    group "root"
-    mode 0644
-    notifies :restart, "service[kibana-#{name}]"
-  end
-
-  template "/etc/init/kibana-#{name}.conf" do
-    source "kibana.conf.erb"
+                      ))
     owner "root"
     group "root"
-    mode 0644
-    variables :config => "/etc/kibana/#{name}.yml"
-    notifies :restart, "service[kibana-#{name}]"
+    mode 0o644
+    notifies :restart, "service[kibana@#{name}]"
   end
 
-  service "kibana-#{name}" do
+  service "kibana@#{name}" do
     action [:enable, :start]
     supports :status => true, :restart => true, :reload => false
+    subscribes :restart, "systemd_service[kibana@]"
+  end
+
+  ssl_certificate details[:site] do
+    domains details[:site]
+    notifies :reload, "service[apache2]"
   end
 
   apache_site details[:site] do