Use systemd unit files for stunnel4.

author: Guilhem Moulin <guilhem@fripost.org> 2016-05-11 18:07:09 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2016-05-12 11:33:55 +0200
commit: 90d498034b891123350785a134402172de477f4f (patch)
tree: a6e3c924054c3f689cdaffffe3a479e88fb97282 /roles/munin-master
parent: e370313ad5895871479fffc922e3c72c0375dbf2 (diff)
3 files changed, 11 insertions, 7 deletions
diff --git a/roles/munin-master/handlers/main.yml b/roles/munin-master/handlers/main.yml
index 4c41033..f65376c 100644
--- a/roles/munin-master/handlers/main.yml
+++ b/roles/munin-master/handlers/main.yml
@@ -3,22 +3,22 @@
   command: /bin/systemctl daemon-reload
 
 - name: Restart rrdcached
   service: name=rrdcached state=restarted
 
 - name: Restart munin
   service: name=munin state=restarted
 
 - name: Restart munin-node
   service: name=munin-node state=restarted
 
 - name: Restart munin-cgi-graph
   service: name=munin-cgi-graph state=restarted
 
 - name: Restart munin-cgi-html
   service: name=munin-cgi-html state=restarted
 
 - name: Restart Nginx
   service: name=nginx state=restarted
 
-- name: Restart stunnel
-  service: name=stunnel4 pattern=/usr/bin/stunnel4 state=restarted
+- name: Restart stunnel@munin-master
+  service: name=stunnel4@munin-master state=restarted
diff --git a/roles/munin-master/tasks/main.yml b/roles/munin-master/tasks/main.yml
index 4b3cfb7..1580197 100644
--- a/roles/munin-master/tasks/main.yml
+++ b/roles/munin-master/tasks/main.yml
@@ -86,51 +86,54 @@
         state=link force=yes
   register: r2
   notify:
     - Restart Nginx
 
 - name: Start Nginx
   service: name=nginx state=started
   when: not (r1.changed or r2.changed)
 
 - meta: flush_handlers
 
 
 - name: Copy munin-node X.509 certificates
   copy: src=certs/munin/{{ item }}.pem
         dest=/etc/stunnel/certs/munin-{{ hostvars[item].inventory_hostname_short }}.pem
         owner=root group=root
         mode=0644
   with_items: "{{ groups.all | difference([inventory_hostname]) }}"
   register: r1
   notify:
-    - Restart stunnel
+    - Restart stunnel@munin-master
 
 - name: Configure stunnel
   template: src=etc/stunnel/munin-master.conf.j2
             dest=/etc/stunnel/munin-master.conf
             owner=root group=root
             mode=0644
   register: r2
   notify:
-    - Restart stunnel
+    - Restart stunnel@munin-master
 
-- name: Start stunnel
-  service: name=stunnel4 pattern=/usr/bin/stunnel4 state=started
+- name: Enable stunnel@munin-master
+  service: name=stunnel4@munin-master enabled=yes
+
+- name: Start stunnel@munin-master
+  service: name=stunnel4@munin-master state=started
   when: not (r1.changed or r2.changed)
 
 - meta: flush_handlers
 
 
 - name: Install 'munin_stats' and 'munin_update' plugins
   file: src=/usr/share/munin/plugins/{{ item }}
         dest=/etc/munin/plugins/{{ item }}
         owner=root group=root
         state=link force=yes
   with_items:
     - munin_stats
     - munin_update
   tags:
     - munin-node
     - munin
   notify:
     - Restart munin-node
diff --git a/roles/munin-master/templates/etc/stunnel/munin-master.conf.j2 b/roles/munin-master/templates/etc/stunnel/munin-master.conf.j2
index bbe4114..ffc7d0d 100644
--- a/roles/munin-master/templates/etc/stunnel/munin-master.conf.j2
+++ b/roles/munin-master/templates/etc/stunnel/munin-master.conf.j2
@@ -1,30 +1,31 @@
 ; **************************************************************************
 ; * Global options                                                         *
 ; **************************************************************************
 
 ; setuid()/setgid() to the specified user/group in daemon mode
 setuid = stunnel4
 setgid = stunnel4
 
 ; PID is created inside the chroot jail
-pid = /var/run/stunnel4/munin-master.pid
+pid =
+foreground = yes
 
 ; Only log messages at severity warning (4) and higher
 debug = 4
 
 ; **************************************************************************
 ; * Service defaults may also be specified in individual service sections  *
 ; **************************************************************************
 
 ; Certificate/key is needed in server mode and optional in client mode
 cert = /etc/stunnel/certs/munin-{{ inventory_hostname_short }}.pem
 key  = /etc/stunnel/certs/munin-{{ inventory_hostname_short }}.key
 client = yes
 socket = a:SO_BINDTODEVICE=lo
 
 ; Some performance tunings
 socket = l:TCP_NODELAY=1
 socket = r:TCP_NODELAY=1
 
 ; Prevent MITM attacks
 verify = 4
author	Guilhem Moulin <guilhem@fripost.org>	2016-05-11 18:07:09 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2016-05-12 11:33:55 +0200
commit	90d498034b891123350785a134402172de477f4f (patch)
tree	a6e3c924054c3f689cdaffffe3a479e88fb97282 /roles/munin-master
parent	e370313ad5895871479fffc922e3c72c0375dbf2 (diff)