diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-05-22 17:18:45 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-05-22 17:53:58 +0200 |
| commit | f7a5a19edc504980e2e8f93ab027162756710d59 (patch) | |
| tree | 05f45acdebe07683a12d03d5103f363b375e6ca7 /roles | |
| parent | 82d27fabc7becba1d1ee7c24b331522f2330cae6 (diff) | |
Fix munin-cgi-graph systemd service file.
By allowing to place graphs into /var/lib/munin/cgi-tmp/munin-cgi-graph.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/munin-master/files/lib/systemd/system/munin-cgi-graph.service | 1 | ||||
| -rw-r--r-- | roles/munin-master/tasks/main.yml | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/roles/munin-master/files/lib/systemd/system/munin-cgi-graph.service b/roles/munin-master/files/lib/systemd/system/munin-cgi-graph.service index 99aca7a..60ab444 100644 --- a/roles/munin-master/files/lib/systemd/system/munin-cgi-graph.service +++ b/roles/munin-master/files/lib/systemd/system/munin-cgi-graph.service @@ -1,22 +1,23 @@ [Unit] Description=Munin CGI Graph Service After=network.target PartOf=munin.service Requires=munin-cgi-graph.socket [Service] StandardInput=socket User=www-data Group=munin ExecStart=/usr/lib/munin/cgi/munin-cgi-graph # Hardening NoNewPrivileges=yes PrivateDevices=yes ProtectHome=yes ProtectSystem=full ReadOnlyDirectories=/ ReadWriteDirectories=-/var/log/munin +ReadWriteDirectories=-/var/lib/munin/cgi-tmp/munin-cgi-graph [Install] WantedBy=multi-user.target diff --git a/roles/munin-master/tasks/main.yml b/roles/munin-master/tasks/main.yml index 64e697e..bcdc509 100644 --- a/roles/munin-master/tasks/main.yml +++ b/roles/munin-master/tasks/main.yml @@ -2,40 +2,45 @@ apt: pkg={{ item }} with_items: - munin - rrdcached - libcgi-fast-perl - name: Configure rrdcached lineinfile: "dest=/etc/default/rrdcached regexp='^#?OPTS=' line='OPTS=\"-s munin -m 660 -l unix:/var/run/rrdcached.sock -w 1800 -z 1800 -f 3600 -j /var/lib/rrdcached/journal -F -b /var/lib/munin -B\"'" register: r notify: - Restart rrdcached - name: Start rrdcached service: name=rrdcached state=started when: not r.changed - meta: flush_handlers +- name: Create directory /var/lib/munin/cgi-tmp/munin-cgi-graph + file: path=/var/lib/munin/cgi-tmp/munin-cgi-graph + state=directory + owner=www-data group=www-data + mode=0755 - name: Configure munin template: src=etc/munin/munin.conf.j2 dest=/etc/munin/munin.conf owner=root group=root mode=0644 notify: - Restart munin-cgi-graph - Restart munin-cgi-html - name: chown www-data:adm /var/log/munin/munin-cgi-{graph,html}.log file: path=/var/log/munin/{{ item }} owner=www-data group=adm mode=0640 with_items: - munin-cgi-graph.log - munin-cgi-html.log - name: Copy munin-cgi-graph.{service,socket} copy: src=lib/systemd/system/{{ item }} |