63 lines
1.4 KiB
Ruby
63 lines
1.4 KiB
Ruby
#require 'zlib'
|
|
|
|
package 'mon-api' do
|
|
action :upgrade
|
|
end
|
|
|
|
service 'mon-api' do
|
|
action :enable
|
|
provider Chef::Provider::Service::Upstart
|
|
end
|
|
|
|
directory "/var/log/mon-api" do
|
|
recursive true
|
|
owner "root"
|
|
group "root"
|
|
mode 0755
|
|
action :create
|
|
end
|
|
|
|
creds = data_bag_item(node[:mon_api][:data_bag], 'mon_credentials')
|
|
setting = data_bag_item(node[:mon_api][:data_bag], 'mon_api')
|
|
|
|
# Create the config file
|
|
template '/etc/mon/mon-api-config.yml' do
|
|
action :create
|
|
owner 'root'
|
|
group node[:mon_api][:group]
|
|
mode '640'
|
|
source "service-config.yml.erb"
|
|
variables(
|
|
:creds => creds,
|
|
:keystore_pass => keystore_pass
|
|
)
|
|
notifies :restart, "service[som-api]"
|
|
end
|
|
|
|
|
|
|
|
|
|
cookbook_file "/etc/ssl/hpmiddleware-keystore.jks" do
|
|
source creds[:keystore_file]
|
|
owner 'root'
|
|
group node[:mon_api][:group]
|
|
mode '640'
|
|
end
|
|
|
|
cookbook_file "/etc/ssl/hpmiddleware-truststore.jks" do
|
|
source "hpmiddleware-truststore.jks"
|
|
owner 'root'
|
|
group node[:mon_api][:group]
|
|
mode '640'
|
|
end
|
|
|
|
|
|
# Until dropwizard 0.7.0 there is no support for running on a privileged port as an unprivleged user, I work around this via ufw rules
|
|
bash "nat 443 to 8080" do
|
|
action :run
|
|
code 'echo -e "*nat\n:PREROUTING ACCEPT [0:0]\n-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080\nCOMMIT" >> /etc/ufw/before.rules'
|
|
not_if "grep 'to-port 8080' /etc/ufw/before.rules"
|
|
notifies :restart, "service[ufw]"
|
|
end
|
|
|