X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/2b742aa96a7c7e1256ad9a7c8e9ee698130b5226..41b1edf21c531ee0def59463c5a415af24875d30:/cookbooks/kibana/recipes/default.rb

diff --git a/cookbooks/kibana/recipes/default.rb b/cookbooks/kibana/recipes/default.rb
index 30ee757aa..adc39270d 100644
--- a/cookbooks/kibana/recipes/default.rb
+++ b/cookbooks/kibana/recipes/default.rb
@@ -20,7 +20,7 @@
 
 require "yaml"
 
-include_recipe "apache::ssl"
+include_recipe "apache"
 
 apache_module "proxy_http"
 
@@ -34,7 +34,7 @@ end
 directory "/opt/kibana-#{version}" do
   owner "root"
   group "root"
-  mode 0755
+  mode 0o755
 end
 
 execute "unzip-kibana-#{version}" do
@@ -48,24 +48,37 @@ end
 directory "/etc/kibana" do
   owner "root"
   group "root"
-  mode 0755
+  mode 0o755
 end
 
 directory "/var/run/kibana" do
   owner "kibana"
   group "kibana"
-  mode 0755
+  mode 0o755
 end
 
 directory "/var/log/kibana" do
   owner "kibana"
   group "kibana"
-  mode 0755
+  mode 0o755
+end
+
+systemd_service "kibana@" do
+  description "Kibana server"
+  after "network.target"
+  user "kibana"
+  exec_start "/opt/kibana-#{version}/bin/kibana -c /etc/kibana/%i.yml"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  no_new_privileges true
+  restart "on-failure"
 end
 
 node[:kibana][:sites].each do |name, details|
   file "/etc/kibana/#{name}.yml" do
-    content YAML.dump(YAML.load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge(
+    content YAML.dump(YAML.safe_load(File.read("/opt/kibana-#{version}/config/kibana.yml")).merge(
                         "port" => details[:port],
                         "host" => "127.0.0.1",
                         "elasticsearch_url" => details[:elasticsearch_url],
@@ -74,22 +87,19 @@ node[:kibana][:sites].each do |name, details|
     ))
     owner "root"
     group "root"
-    mode 0644
-    notifies :restart, "service[kibana-#{name}]"
-  end
-
-  template "/etc/init/kibana-#{name}.conf" do
-    source "kibana.conf.erb"
-    owner "root"
-    group "root"
-    mode 0644
-    variables :config => "/etc/kibana/#{name}.yml"
-    notifies :restart, "service[kibana-#{name}]"
+    mode 0o644
+    notifies :restart, "service[kibana@#{name}]"
   end
 
-  service "kibana-#{name}" do
+  service "kibana@#{name}" do
     action [:enable, :start]
     supports :status => true, :restart => true, :reload => false
+    subscribes :restart, "systemd_service[kibana@]"
+  end
+
+  ssl_certificate details[:site] do
+    domains details[:site]
+    notifies :reload, "service[apache2]"
   end
 
   apache_site details[:site] do