diff --git a/global/overlay/etc/puppet/modules/soc/files/intelmq/api-config.json b/global/overlay/etc/puppet/modules/soc/files/intelmq/api-config.json index 435bdcb..179b923 100644 --- a/global/overlay/etc/puppet/modules/soc/files/intelmq/api-config.json +++ b/global/overlay/etc/puppet/modules/soc/files/intelmq/api-config.json @@ -1,7 +1,7 @@ { "intelmq_ctl_cmd": ["sudo", "-u", "intelmq", "/opt/intelmq/venv/bin/intelmqctl"], "allowed_path": "/opt/intelmq/var/lib/bots/", - "session_store": "/etc/intelmq/api-session.sqlite", + "session_store": "/etc/intelmq/api/api-session.sqlite", "session_duration": 86400, "allow_origins": ["*"] } diff --git a/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.service b/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.service index d1ef41c..05c19a4 100644 --- a/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.service +++ b/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.service @@ -13,7 +13,7 @@ User=www-data Group=www-data RuntimeDirectory=gunicorn WorkingDirectory=/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api -ExecStart=/opt/intelmq/venv/bin/gunicorn intelmq_api.main:app --workers 4 --worker-class uvicorn.workers.UvicornWorker --bind unix:intelmq_api.sock --log-level DEBUG +ExecStart=/opt/intelmq/venv/bin/gunicorn intelmq_api.main:app --workers 4 --worker-class uvicorn.workers.UvicornWorker --bind unix:/var/run/intelmq_api.sock --log-level DEBUG ExecReload=/bin/kill -s HUP $MAINPID KillMode=mixed TimeoutStopSec=5 diff --git a/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.socket b/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.socket index 69bf331..60aa09b 100644 --- a/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.socket +++ b/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.socket @@ -2,7 +2,7 @@ Description=The socket to handle IntelMQ API requests [Socket] -ListenStream=/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock +ListenStream=/var/run/intelmq_api.sock SocketUser=www-data [Install] diff --git a/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp b/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp index 604790e..c99e4d0 100644 --- a/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp +++ b/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp @@ -26,6 +26,13 @@ class soc::intelmq( group => 'intelmq', } + file { '/etc/intelmq/api': + ensure => directory, + owner => 'intelmq', + gorup => 'www-data', + mode => '0770', + } + # file { '/opt/sso/apache/groups.txt': # ensure => file, # content => template('soc/sso/apache-groups.txt.erb') @@ -112,10 +119,10 @@ class soc::intelmq( $api_pass = lookup('intelmq_api_user.password', undef, undef, 'pass') exec { 'Setup intelmq-api user': command => "sudo -u intelmq /opt/intelmq/venv/bin/intelmq-api-adduser --user ${api_user} --password ${api_pass}", - creates => '/etc/intelmq/api-session.sqlite', + creates => '/etc/intelmq/api/api-session.sqlite', } - file { '/etc/intelmq/api-session.sqlite': + file { '/etc/intelmq/api/api-session.sqlite': ensure => 'present', replace => 'no', owner => 'intelmq', diff --git a/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb b/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb index db11b56..bee430f 100644 --- a/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb +++ b/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb @@ -72,8 +72,8 @@ - ProxyPass unix:/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock|http://127.0.0.1/ - ProxyPassReverse unix:/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock|http://127.0.0.1/ + ProxyPass unix:/var/run/intelmq_api.sock + ProxyPassReverse unix:/var/run/intelmq_api.sock ErrorLog ${APACHE_LOG_DIR}/error.log