Fixes for intelmq-api.

2024-11-18 13:14:49 +01:00 · 2024-11-18 13:14:49 +01:00 · cec27244e1
commit cec27244e1
parent c1428408d8
5 changed files with 14 additions and 7 deletions
--- a/global/overlay/etc/puppet/modules/soc/files/intelmq/api-config.json
+++ b/global/overlay/etc/puppet/modules/soc/files/intelmq/api-config.json
@ -1,7 +1,7 @@
 {
 	"intelmq_ctl_cmd": ["sudo", "-u", "intelmq", "/opt/intelmq/venv/bin/intelmqctl"],
 	"allowed_path": "/opt/intelmq/var/lib/bots/",
-	"session_store": "/etc/intelmq/api-session.sqlite",
+	"session_store": "/etc/intelmq/api/api-session.sqlite",
 	"session_duration": 86400,
 	"allow_origins": ["*"]
 }
--- a/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.service
+++ b/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.service
@ -13,7 +13,7 @@ User=www-data
 Group=www-data
 RuntimeDirectory=gunicorn
 WorkingDirectory=/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api
-ExecStart=/opt/intelmq/venv/bin/gunicorn intelmq_api.main:app --workers 4 --worker-class uvicorn.workers.UvicornWorker --bind unix:intelmq_api.sock --log-level DEBUG
+ExecStart=/opt/intelmq/venv/bin/gunicorn intelmq_api.main:app --workers 4 --worker-class uvicorn.workers.UvicornWorker --bind unix:/var/run/intelmq_api.sock --log-level DEBUG
 ExecReload=/bin/kill -s HUP $MAINPID
 KillMode=mixed
 TimeoutStopSec=5
--- a/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.socket
+++ b/global/overlay/etc/puppet/modules/soc/files/intelmq/intelmq-api.socket
@ -2,7 +2,7 @@
 Description=The socket to handle IntelMQ API requests

 [Socket]
-ListenStream=/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock
+ListenStream=/var/run/intelmq_api.sock
 SocketUser=www-data

 [Install]
--- a/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp
@ -26,6 +26,13 @@ class soc::intelmq(
    group  => 'intelmq',
  }

+  file { '/etc/intelmq/api':
+    ensure => directory,
+    owner  => 'intelmq',
+    gorup  => 'www-data',
+    mode   => '0770',
+  }
+
  #  file { '/opt/sso/apache/groups.txt':
  #  ensure  => file,
  #    content => template('soc/sso/apache-groups.txt.erb')
@ -112,10 +119,10 @@ class soc::intelmq(
  $api_pass = lookup('intelmq_api_user.password', undef, undef, 'pass')
  exec { 'Setup intelmq-api user':
    command => "sudo -u intelmq /opt/intelmq/venv/bin/intelmq-api-adduser --user ${api_user} --password ${api_pass}",
-    creates => '/etc/intelmq/api-session.sqlite',
+    creates => '/etc/intelmq/api/api-session.sqlite',
  }

-  file { '/etc/intelmq/api-session.sqlite':
+  file { '/etc/intelmq/api/api-session.sqlite':
    ensure  => 'present',
    replace => 'no',
    owner   => 'intelmq',
--- a/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb
+++ b/global/overlay/etc/puppet/modules/soc/templates/intelmq/intelmq-vhost.conf.erb
@ -72,8 +72,8 @@
        </Directory>

        <Location /intelmq/>
-                ProxyPass unix:/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock|http://127.0.0.1/
-                ProxyPassReverse unix:/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock|http://127.0.0.1/
+                ProxyPass unix:/var/run/intelmq_api.sock
+                ProxyPassReverse unix:/var/run/intelmq_api.sock
        </Location>

        ErrorLog ${APACHE_LOG_DIR}/error.log