Enable SSL for munin using letsencrypt

[chef.git] / cookbooks / munin / recipes / server.rb

diff --git a/cookbooks/munin/recipes/server.rb b/cookbooks/munin/recipes/server.rb
index 3f67e522e05c218e604b7a1eb4de4ff2f4ed3540..5861bf5ea6e1b6fbe2d72901e67e4e58e3a7bca8 100644 (file)
--- a/cookbooks/munin/recipes/server.rb
+++ b/cookbooks/munin/recipes/server.rb
@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-include_recipe "apache"
+include_recipe "apache::ssl"
 
 package "munin"
 package "rrdcached"
@@ -49,13 +49,13 @@ clients = search(:node, "recipes:munin\\:\\:default").sort_by { |n| n[:hostname]
 frontends = search(:node, "recipes:web\\:\\:frontend").reject { |n| Time.now - Time.at(n[:ohai_time]) > expiry_time }.map { |n| n[:hostname] }.sort # ~FC010
 backends = search(:node, "recipes:web\\:\\:backend").reject { |n| Time.now - Time.at(n[:ohai_time]) > expiry_time }.map { |n| n[:hostname] }.sort # ~FC010
 tilecaches = search(:node, "roles:tilecache").reject { |n| Time.now - Time.at(n[:ohai_time]) > expiry_time }.sort_by { |n| n[:hostname] }.map do |n|
-  { :name => n[:hostname], :interface => n.interfaces(:role => :external).first[:interface] }
+  { :name => n[:hostname], :interface => n.interfaces(:role => :external).first[:interface].tr(".", "_") }
 end
 renderers = search(:node, "roles:tile").reject { |n| Time.now - Time.at(n[:ohai_time]) > expiry_time }.sort_by { |n| n[:hostname] }.map do |n|
-  { :name => n[:hostname], :interface => n.interfaces(:role => :external).first[:interface] }
+  { :name => n[:hostname], :interface => n.interfaces(:role => :external).first[:interface].tr(".", "_") }
 end
 geocoders = search(:node, "roles:nominatim").reject { |n| Time.now - Time.at(n[:ohai_time]) > expiry_time }.sort_by { |n| n[:hostname] }.map do |n|
-  { :name => n[:hostname], :interface => n.interfaces(:role => :external).first[:interface] }
+  { :name => n[:hostname], :interface => n.interfaces(:role => :external).first[:interface].tr(".", "_") }
 end
 
 template "/etc/munin/munin.conf" do
@@ -71,6 +71,7 @@ end
 
 apache_module "fcgid"
 apache_module "rewrite"
+apache_module "headers"
 
 remote_directory "/srv/munin.openstreetmap.org" do
   source "www"
@@ -80,7 +81,18 @@ remote_directory "/srv/munin.openstreetmap.org" do
   files_owner "root"
   files_group "root"
   files_mode 0o644
-  purge true
+end
+
+# directory to put dumped files in
+directory "/srv/munin.openstreetmap.org/dumps" do
+  owner "www-data"
+  group "www-data"
+  mode 0o755
+end
+
+ssl_certificate "munin.openstreetmap.org" do
+  domains ["munin.openstreetmap.org", "munin.osm.org"]
+  notifies :reload, "service[apache2]"
 end
 
 apache_site "munin.openstreetmap.org" do
@@ -94,6 +106,21 @@ template "/etc/cron.daily/munin-backup" do
   mode 0o755
 end
 
+# simple shell script to dump RRD data to a file
+cookbook_file "/usr/local/bin/rrddump" do
+  source "rrddump.sh"
+  owner "root"
+  group "root"
+  mode 0o755
+end
+
+template "/etc/cron.d/rrddump" do
+  source "rrddump.cron.erb"
+  owner "root"
+  group "root"
+  mode 0o755
+end
+
 munin_plugin "munin_stats"
 munin_plugin "munin_update"
 munin_plugin "munin_rrdcached"